Computer Hope
Software => Computer viruses and spyware => Topic started by: MtlHab39 on January 26, 2012, 07:50:33 PM
-
Hi everyone
I have Lenovo laptop with Vista OS.
Wife and sons have been on line this evening and since then, it has been under attack as I have tried logging on.
Have a Vista icon popping up labeled Vista Antispyware 2012 - Unregistred Version telling me that 29 critical system objects have been found; the catch I guess is to get me to register which I have not. I have tried opening programs including spybot & malware but another Vista alert popps up telling me that Trojan-BNK.Win32.Keylogger.gen has infected the program...again, it asks me to register. I click on No, continue unprotected (dangerous) but the program will not run.
I do have CC cleaner, SysProt, SuperAntispyware and malware by Anti-Malware from last year's 'infection'.
Even as i type, pop-ups appears telling me that a Internet connection alert is present.
Please help as i have read the ground rules at the top of this section but I am unsure what to do next.
Also please specify how i can access the net (open with safe mode?).
Thank you
-
I didn't see any mention of an anti virus application installed. Anyway,
Please follow the instructions in the following link and post your logs:
http://www.computerhope.com/forum/index.php/topic,46313.0.html
-
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.
1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
SUPERAntiSpyware
If you already have SUPERAntiSpyware be sure to check for updates before scanning!
Download SuperAntispyware Free Edition (SAS) (http://www.superantispyware.com/download.html)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here (http://www.softpedia.com/get/Others/Signatures-Updates/SUPERAntiSpyware-Database-Definitions-Updates.shtml)
* Next click the Preferences button.
•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:
•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked
•Click the Close button to leave the control center screen.
* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes
•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.
•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...
* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
***********************************************
(http://i424.photobucket.com/albums/pp322/digistar/mbamicontw5.gif) Please download Malwarebytes Anti-Malware from here. (http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe)
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Full Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
- Please save the log to a location you will remember.
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy and paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
**************************************************
Download DDS from HERE (http://download.bleepingcomputer.com/sUBs/dds.scr) or HERE (http://www.forospyware.com/sUBs/dds) and save it to your desktop.
Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)
* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
* Save both reports to your desktop.
* The instructions here ask you to attach the Attach.txt.
(http://i424.photobucket.com/albums/pp322/digistar/DDS.jpg)
1) DDS.txt
2) Attach.txt
Instead of attaching, please copy/past both logs into your Thread
Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.
•Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE (http://www.bleepingcomputer.com/forums/topic114351.html).Then post your DDS logs. (DDS.txt and Attach.txt )
-
Good morning
Tried booting in safe mode but Vista Alert bug pops up as soon as I open Explorer or even my Super AntiSpyware I am blocked.
I guess I need to do this...........
"If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line."
Just need to be clear...I transfer SuperAntiSpyware and Malware onto this computer and then onto a stick (don't even know how to burn info on to CD???sorry). Will this not affect security on this PC?
Shift key down for 10 sec: I do this upon USB entry and removal from both laptop and PC?
Apologize about the level of knowledge but am waiting for children to get older so they could handle this
-
Will this not affect security on this PC?
Shift key down for 10 sec: I do this upon USB entry and removal from both laptop and PC?
Just use the 10 sec. rule and your computer will be safe.
-
Did as you said and used a USB to load and import Super AntiSpyware and malware and DDS.
Held shift button after loading with Safe mode; virus popped blocking SAS but allowed Malware to be installed and updated; asked me to reboot to finish for Malware.
Did this (was not sure what to do with USB during reboot time) so left it in place.
Upon reboot, was able to uninstall old SAS and load updates for new SAS; so far so good.
Update: started the SAS scan.
Will let you know...
-
Here is SAS
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 02/01/2012 at 10:55 PM
Application Version : 5.0.1142
Core Rules Database Version : 8191
Trace Rules Database Version: 6003
Scan type : Complete Scan
Total Scan Time : 01:25:53
Operating System Information
Windows Vista Home Basic 32-bit, Service Pack 2 (Build 6.00.6002)
UAC Off - Administrator
Memory items scanned : 345
Memory threats detected : 3
Registry items scanned : 37957
Registry threats detected : 5
File items scanned : 164078
File threats detected : 53
Malware.Trace
HKU\S-1-5-21-2953296840-3789730768-1391761679-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON#SHELL
Adware.Tracking Cookie
C:\USERS\COSTA\AppData\Roaming\Microsoft\Windows\Cookies\Low\5AUJ5IRS.txt [ Cookie:[email protected]/accounts ]
C:\USERS\COSTA\AppData\Roaming\Microsoft\Windows\Cookies\Low\XKCF6KNM.txt [ Cookie:[email protected]/adserving ]
C:\USERS\COSTA\AppData\Roaming\Microsoft\Windows\Cookies\Low\GME1A6YG.txt [ Cookie:[email protected]/ ]
C:\USERS\COSTA\AppData\Roaming\Microsoft\Windows\Cookies\Low\HAX3EHSQ.txt [ Cookie:[email protected]/accounts/ ]
C:\USERS\COSTA\AppData\Roaming\Microsoft\Windows\Cookies\Low\9JJK9FZR.txt [ Cookie:[email protected]/ ]
C:\USERS\COSTA\AppData\Roaming\Microsoft\Windows\Cookies\Low\QH39A6IL.txt [ Cookie:[email protected]/ ]
C:\USERS\COSTA\AppData\Roaming\Microsoft\Windows\Cookies\Low\5BNZVZI8.txt [ Cookie:[email protected]/ ]
C:\USERS\COSTA\AppData\Roaming\Microsoft\Windows\Cookies\Low\CF1QQXER.txt [ Cookie:[email protected]/accounts ]
C:\USERS\COSTA\AppData\Roaming\Microsoft\Windows\Cookies\Low\PWA45YBW.txt [ Cookie:[email protected]/ ]
C:\USERS\COSTA\AppData\Roaming\Microsoft\Windows\Cookies\Low\TZ112SZC.txt [ Cookie:[email protected]/ads/ ]
C:\USERS\COSTA\AppData\Roaming\Microsoft\Windows\Cookies\Low\IKOR3Y1K.txt [ Cookie:[email protected]/ ]
C:\USERS\COSTA\AppData\Roaming\Microsoft\Windows\Cookies\Low\0TIA0YRS.txt [ Cookie:[email protected]/cgi-bin ]
C:\USERS\COSTA\AppData\Roaming\Microsoft\Windows\Cookies\Low\EENEGICA.txt [ Cookie:[email protected]/accounts ]
C:\USERS\COSTA\AppData\Roaming\Microsoft\Windows\Cookies\Low\S5EXYI06.txt [ Cookie:[email protected]/ ]
C:\$RECYCLE.BIN\S-1-5-21-2953296840-3789730768-1391761679-1003\$RNRK2WB\DOCUMENTS AND SETTINGS\TEMP\COOKIES\[email protected][2].TXT [ /AD.WSOD ]
secure-us.imrworldwide.com [ C:\USERS\COSTA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7JEYPD8L ]
.imrworldwide.com [ C:\USERS\COSTA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GYI7I6ZF.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\COSTA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GYI7I6ZF.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\USERS\COSTA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GYI7I6ZF.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\COSTA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GYI7I6ZF.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\COSTA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GYI7I6ZF.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\COSTA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GYI7I6ZF.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\COSTA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GYI7I6ZF.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\USERS\COSTA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GYI7I6ZF.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\COSTA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GYI7I6ZF.DEFAULT\COOKIES.SQLITE ]
.ar.atwola.com [ C:\USERS\COSTA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GYI7I6ZF.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\COSTA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GYI7I6ZF.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\COSTA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GYI7I6ZF.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\COSTA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GYI7I6ZF.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\COSTA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GYI7I6ZF.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\COSTA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GYI7I6ZF.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\COSTA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GYI7I6ZF.DEFAULT\COOKIES.SQLITE ]
video.baronsmedia.com [ C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\SEJGYGW7 ]
vitamine.networldmedia.net [ C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\SEJGYGW7 ]
Trojan.Agent/Gen-Kazy
[48C.exe] C:\PROGRAM FILES\LP\1199\48C.EXE
C:\PROGRAM FILES\LP\1199\48C.EXE
[48C.exe] C:\USERS\COSTA\APPDATA\ROAMING\MICROSOFT\1199\48C.EXE
C:\USERS\COSTA\APPDATA\ROAMING\MICROSOFT\1199\48C.EXE
[Load] C:\USERS\COSTA\APPDATA\ROAMING\0A1FD\LVVM.EXE
C:\USERS\COSTA\APPDATA\ROAMING\0A1FD\LVVM.EXE
C:\USERS\COSTA\APPDATA\ROAMING\9EB0A\B3B11.EXE
C:\USERS\COSTA\APPDATA\ROAMING\9EB0A\B3B11.EXE
C:\PROGRAM FILES\LP\1199\48C.EXE
C:\PROGRAM FILES\0A1FD\LVVM.EXE
C:\PROGRAM FILES\0A1FD\LVVM.EXE
Trojan.Agent/Gen-Kryptik
[{AD82FCD2-11F7-AD7E-C49A-DA9B163BA1B6}] C:\USERS\COSTA\APPDATA\ROAMING\XIYPYC\QYFA.EXE
C:\USERS\COSTA\APPDATA\ROAMING\XIYPYC\QYFA.EXE
Trojan.Agent/Gen
C:\PROGRAMDATA\0LIK14T3.EXE
C:\WINDOWS\SYSTEM32\8LKYO1UK.COM
C:\WINDOWS\SYSTEM32\8LKYO1UK.COM_
C:\WINDOWS\TEMP\HKI3485.EXE
C:\WINDOWS\TEMP\VGMRHE\SETUP.EXE
Trojan.Agent/Gen-Rimecud
C:\SWTOOLS\APPS\DDNI\DIBS\PROGRAMFILES\DDNISERVICE.EXE
Trojan.Agent/Gen-Kazy[EX]
C:\USERS\COSTA\APPDATA\LOCAL\TEMP\ARSNOMXEWC.EXE
C:\USERS\COSTA\APPDATA\ROAMING\WINWORD.EXE
Trojan.Agent/Gen-MSFake
C:\USERS\COSTA\APPDATA\LOCAL\TEMP\CWSAEXORNM.EXE
Trojan.Agent/Gen-FraudScan[Prod]
C:\USERS\COSTA\APPDATA\LOCAL\TEMP\MSIMG32.DLL
C:\USERS\COSTA\APPDATA\LOCAL\TEMP\WOSMCXENRA.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\TDX.SYS
C:\WINDOWS\WINSXS\X86_MICROSOFT-WINDOWS-TDI-OVER-TCPIP_31BF3856AD364E35_6.0.6002.18005_NONE_EC294157D9377403\TDX.SYS
Here is Malware
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
Database version: v2012.01.13.04
Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Costa :: COSTA-PC [administrator]
2012-02-01 11:12:18 PM
mbam-log-2012-02-01 (23-12-18).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 355337
Time elapsed: 57 minute(s), 59 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smad (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Smad (Trojan.Agent) -> Data: "C:\Users\Costa\AppData\Local\SanctionedMedia\Smad\Smad.exe" -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
C:\Users\Costa\AppData\Local\SanctionedMedia\Smad\Smad.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Costa\Local Settings\Application Data\SanctionedMedia\Smad\Smad.exe (Trojan.Agent) -> Quarantined and deleted successfully.
(end)
Here is the DDS
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Costa at 0:32:59.30 on 2012-02-02
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.2.1033.18.2013.816 [GMT -5:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Lenovo\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe
C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Lenovo\ATK Hotkey\LCONTROL.exe
C:\Program Files\Lenovo\ATK Hotkey\LFKA.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\DDNI\DIBS\DDNIService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\IoctlSvc.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Windows\System32\TPHDEXLG.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe
C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE
C:\Program Files\Lenovo\LenovoCare\LPMLCHK.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe
C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\PC Tools Security\BDT\FGuard.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Brother\BPRSP\resources\BrSupSsp.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Browny02\BrYNSvc.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k wdisvc
C:\PROGRA~1\ThinkPad\UTILIT~1\PWMUIAux.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Costa\Desktop\dds.scr
C:\Windows\system32\conime.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:52162
uSearchURL,(Default) = hxxp://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
uURLSearchHooks: Softonic English Toolbar: {930f1200-f5f1-4870-bac6-e233ec8e7023} - c:\program files\softonic_english\tbSoft.dll
uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
uURLSearchHooks: H - No File
mURLSearchHooks: Softonic English Toolbar: {930f1200-f5f1-4870-bac6-e233ec8e7023} - c:\program files\softonic_english\tbSoft.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Softonic English Toolbar: {930f1200-f5f1-4870-bac6-e233ec8e7023} - c:\program files\softonic_english\tbSoft.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Softonic English Toolbar: {930f1200-f5f1-4870-bac6-e233ec8e7023} - c:\program files\softonic_english\tbSoft.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TpShocks] TpShocks.exe
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\LVOSDSVC.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatchTray10.exe"
mRun: [RoxioDragToDisc] "c:\program files\lenovo\drag-to-disc\DrgToDsc.exe"
mRun: [AMSG] c:\program files\thinkvantage\amsg\Amsg.exe /startup
mRun: [LPManager] c:\progra~1\lenovo\lenovo~2\LPMGR.exe
mRun: [LPMailChecker] c:\progra~1\lenovo\lenovo~2\LPMLCHK.exe
mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BTVLogEx.DLL,StartBattLog
mRun: [CreateLMBCShortCut] "c:\program files\lenovo\mobile broadband connect\UserShortcutCreator.exe"
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [ACWlIcon] c:\program files\thinkpad\connectutilities\ACWlIcon.exe
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [IdeaNotesUser] c:\program files\ddni\lenovo idea notes\DDNIMSGUser.exe
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PCTools FGuard] c:\program files\pc tools security\bdt\FGuard.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [BrStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\brothe~1.lnk - c:\windows\installer\{8040527f-dd74-4b45-8a06-c4bf145b6c76}\BrSupSsp.exe_44686FC076524EF5975EF92EE48E2958.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
LSP: mswsock.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\costa\appdata\roaming\mozilla\firefox\profiles\gyi7i6zf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2786678&SearchSource=13
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 52162
FF - prefs.js: network.proxy.type - 1
FF - component: c:\program files\pc tools security\bdt\firefox\platform\winnt_x86-msvc\components\libheuristic.dll
FF - component: c:\users\costa\appdata\roaming\mozilla\firefox\profiles\gyi7i6zf.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCore.dll
FF - component: c:\users\costa\appdata\roaming\mozilla\firefox\profiles\gyi7i6zf.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\costa\appdata\roaming\mozilla\firefox\profiles\gyi7i6zf.default\extensions\[email protected]\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Browser Defender Toolbar: {cb84136f-9c44-433a-9048-c5cd9df1dc16} - c:\program files\pc tools security\bdt\Firefox
FF - Ext: Conduit Engine : [email protected] - %profile%\extensions\[email protected]
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-3-13 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-3-13 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-3-13 656320]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2008-5-14 19496]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2008-5-19 13480]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools security\bdt\BDTUpdateService.exe [2011-3-13 247760]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 DDNIMSGService;DDNIMSGService;c:\program files\ddni\lenovo idea notes\DDNIMSGService.exe [2009-6-23 171872]
R2 DDNIService;DDNIService;c:\program files\ddni\dibs\DDNIService.exe [2010-4-18 163680]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 LFKAS;Service of LFKA;c:\program files\lenovo\atk hotkey\LFKAS.exe [2009-5-19 208896]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2009-5-19 66848]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2008-9-23 53325]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2008-5-24 520192]
R3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2011-5-9 245760]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-5-19 112128]
S1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2009-5-19 48192]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-8 136176]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\roxio\digital home 10\RoxioUpnpService10.exe [2008-4-25 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2008-4-25 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2008-4-25 166384]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-9-8 1153368]
S2 SessionLauncher;SessionLauncher;c:\users\admini~1\appdata\local\temp\dx9\sessionlauncher.exe --> c:\users\admini~1\appdata\local\temp\dx9\SessionLauncher.exe [?]
S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\lenovo\rescue and recovery\UpdateMonitor.exe [2008-5-24 360448]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-10-8 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\roxio\digital home 10\RoxioUPnPRenderer10.exe [2008-4-25 313840]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-4-25 1120752]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2011-3-13 366840]
S3 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2011-3-13 1150936]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2011-12-5 92592]
.
=============== Created Last 30 ================
.
2012-02-02 00:16:17 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-02-02 00:16:17 278528 ----a-w- c:\windows\system32\schannel.dll
2012-02-02 00:16:17 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-02-02 00:16:16 9728 ----a-w- c:\windows\system32\lsass.exe
2012-02-02 00:16:16 72704 ----a-w- c:\windows\system32\secur32.dll
2012-02-02 00:16:16 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-01-28 13:34:40 -------- d-----w- c:\program files\0A1FD
2012-01-28 13:34:30 -------- d-----w- c:\program files\LP
2012-01-27 01:56:21 -------- d-----w- c:\users\costa\appdata\roaming\Xiypyc
2012-01-27 01:56:21 -------- d-----w- c:\users\costa\appdata\roaming\Bavu
2012-01-27 01:52:45 -------- d-----w- c:\users\costa\appdata\roaming\0A1FD
2012-01-27 01:52:33 98816 ----a-w- c:\users\costa\appdata\roaming\microsoft\1199\E85F.tmp
2012-01-27 01:52:23 -------- d-----w- c:\users\costa\appdata\roaming\9EB0A
2012-01-27 01:51:49 -------- d-----w- c:\users\costa\appdata\local\SanctionedMedia
2012-01-24 13:39:27 6557240 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{13b9286a-88e7-4de5-8347-ee27386ae36b}\mpengine.dll
2012-01-11 18:55:15 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-01-11 18:55:08 189952 ----a-w- c:\windows\system32\winmm.dll
2012-01-11 18:55:07 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-01-11 18:55:01 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 18:54:39 66560 ----a-w- c:\windows\system32\packager.dll
2012-01-11 18:54:32 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-01-11 18:54:19 497152 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 18:54:19 1314816 ----a-w- c:\windows\system32\quartz.dll
2012-01-05 21:22:23 -------- d-----w- c:\program files\TomTom HOME 2
2012-01-05 21:09:28 -------- d-----w- c:\program files\MyTomTom 3
2012-01-05 16:20:26 -------- d-----w- c:\progra~2\TomTom
2012-01-05 16:18:04 -------- d-----w- c:\users\costa\appdata\roaming\TomTom
2012-01-05 16:18:04 -------- d-----w- c:\users\costa\appdata\local\TomTom
2012-01-05 16:18:01 -------- d-----w- c:\program files\TomTom International B.V
.
==================== Find3M ====================
.
2012-01-27 01:52:36 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 13:37:27 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-11-15 19:29:56 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-11-08 14:42:19 2048 ----a-w- c:\windows\system32\tzres.dll
.
============= FINISH: 0:34:28.55 ===============
Here is the attachtxt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume1
Install Date: 2009-05-19 2:13:34 PM
System Uptime: 2012-02-02 12:24:28 AM (0 hours ago)
.
Motherboard: LENOVO | | 2743CTO
Processor: Intel(R) Core(TM)2 Duo CPU T6570 @ 2.10GHz | Socket 478 | 1200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 138 GiB total, 78.607 GiB free.
D: is CDROM ()
E: is Removable
Q: is FIXED (NTFS) - 10 GiB total, 4.1 GiB free.
S: is FIXED (NTFS) - 1 GiB total, 0.686 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0001
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter
PNP Device ID: ROOT\*ISATAP\0001
Service: tunnel
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
.
Update for Microsoft Office 2007 (KB2508958)
ABBYY PDF Transformer 2.0
Access Help
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.1)
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
Bonjour
Brother Product Research and Support Program
Browser Defender 3.0
CCleaner
CCScore
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Client Security - Password Manager
Comical 0.8
Conduit Engine
Conexant HD Audio
D3DX10
DIBS
DirectXInstallService
DivX Web Player
Drag-to-Disc
ESET Online Scanner v3
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
ExamView Player
ExamView Pro
fflink
Foxit Reader
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
HDAUDIO Soft Data Fax Modem with SmartCP
Help Center
HiJackThis
HL-2240
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
InterVideo Register Manager
InterVideo WinDVD
iTunes
Java Auto Updater
Java(TM) 6 Update 24
Kodak EasyShare software
Lenovo Care
Lenovo Care Supplement
Lenovo Central
Lenovo Idea Notes
Lenovo Registration
Lenovo System Interface Driver
Lenovo System Toolbox
Lenovo Welcome v1.0.24.3
Lenovo_ATK_Package
Malwarebytes Anti-Malware version 1.60.1.1000
McAfee Security Scan Plus
Message Center
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mobile Broadband Connect
Mozilla Firefox (3.0.19)
MP3 Rocket
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML4SP2
MyTomTom 3.1.0.530
Nero 8
neroxml
netbrdg
OfotoXMI
On Screen Display
Presentation Director
Product Recovery Disc Burning Utility
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
Registry patch for Windows Vista USB S3 PM Enablement
Registry patch of Changing Timing of IDLE IRP by Finger Print Driver for Windows Vista
Registry Patch of Enabling Device Initiated Power Management(DIPM) on SATA for Windows Vista
Registry patch to improve USB device detection on resume from sleep for Windows Vista
Rescue and Recovery
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01
Roxio Activation Module
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Creator Small Business Edition
Roxio Express Labeler 3
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Groove 2007 (KB2552997)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Segoe UI
SFR
SHASTA
skin0001
SKINXSDK
Soap 3.0 Toolkit
Softonic_English Toolbar
Sonic CinePlayer Decoder Pack
Sonic Icons for Lenovo
Spybot - Search & Destroy
Spyware Doctor 8.0
staticcr
SUPERAntiSpyware
System Update
ThinkPad EasyEject Utility
ThinkPad FullScreen Magnifier
ThinkPad Hotkey Features Setup
ThinkPad Mobility Center Customization
ThinkPad Power Management Driver for SL Series
ThinkPad Power Manager
ThinkPad UltraNav Driver
ThinkPad UltraNav Utility
Thinkpad Wireless LAN Adapters Software (11a/b/g/n)
ThinkVantage Access Connections
ThinkVantage Active Protection System
ThinkVantage Status Gadget
ThinkVantage Technologies Welcome Message
TomTom HOME 2.8.3.2458
TomTom HOME Visual Studio Merge Modules
UFile 2009
UFile 2010
UFile Updater 2009
UFile Updater 2010
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.762
Verizon Wireless BroadbandAccess Self Activation
Visual Studio C++ 10.0 Runtime
VPRINTOL
Wallpapers
Windows Driver Package - Lenovo 1.44 (05/14/2008 1.44)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player Firefox Plugin
WinRAR archiver
WIRELESS
WOT for Internet Explorer
.
==== End Of File ===========================
Thnaks for the help.
-
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.
:OTL
uURLSearchHooks: H - No File
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 52162
:COMMANDS
[resethosts]
[purity]
[start explorer]
* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
**************************************************************
Download Combofix from any of the links below, and save it to your desktop.
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)
To prevent your anti-virus application interfering with ComboFix we need to disable it. See here (http://"http://www.pchelpforum.com/anti-virus/110194-how-disable-your-security-applications.html") for a tutorial regarding how to do so if you are unsure.
- Close any open windows and double click ComboFix.exe to run it.
You will see the following image:
(http://i424.photobucket.com/albums/pp322/digistar/NSIS_disclaimer_ENG.png)
Click I Agree to start the program.
ComboFix will then extract the necessary files and you will see this:
(http://i424.photobucket.com/albums/pp322/digistar/NSIS_extraction.png)
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7
It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
If you did not have it installed, you will see the prompt below. Choose YES.
(http://i424.photobucket.com/albums/pp322/digistar/RcAuto1.gif)
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
(http://i424.photobucket.com/albums/pp322/digistar/whatnext.png)
Click on Yes, to continue scanning for malware.
When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.
Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.
-
Hi SuperDave
Since last we spoke, have not been able to get online even in safe mode.
Via USB, have ran OTL without any problem; will post results soon but seemed to be clear.
Combofix has run for ~30 minutes and seemed to get stuck when a pop up window said that the PC has been 'infected with Rootkit'; this was a couple of minutes after it had another window saying that it 'failed to get data for Enable LUA or LVA'.
It asked me to rerun Combofix again so I have; same result except it seems to have done something to rootkit; window now says that
'Combofix has detected the presence of rootkit activity and needs to reboot the machine'
Do I press OK or will combofix continue itself?
-
Pressed OK and the whole process has went faster than first 2 times but......still finds rootkit and same windows telling me to close and reboot.
I will look for created file for combofix and post next.
-
Please download aswMBR.exe (http://public.avast.com/%7Egmerek/aswMBR.exe) ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
(http://i424.photobucket.com/albums/pp322/digistar/aswMBR_Scan.jpg)
Click the "Scan" button to start scan
Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives
(http://i424.photobucket.com/albums/pp322/digistar/aswMBR_SaveLog.png)
On completion of the scan click save log, save it to your desktop and post in your next reply
-
Here is the OTL report.
========== OTL ==========
Prefs.js: network.proxy.http - 127.0.0.1 removed from refs.js
Prefs.js: network.proxy.http_port - 52162 removed from refs.js
========== COMMANDS ==========
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.31.0 log created on 02052012_164956
I will post the asw once complete.
-
Here is the ASW report
aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-06 10:15:34
-----------------------------
10:15:34.583 OS Version: Windows 6.0.6002 Service Pack 2
10:15:34.583 Number of processors: 2 586 0x170A
10:15:34.583 ComputerName: COSTA-PC UserName: Costa
10:15:35.582 Initialize success
10:15:56.969 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
10:15:56.969 Disk 0 Vendor: HITACHI_ FB2Z Size: 152627MB BusType: 3
10:15:56.985 Disk 0 MBR read successfully
10:15:56.985 Disk 0 MBR scan
10:15:56.985 Disk 0 unknown MBR code
10:15:57.001 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1500 MB offset 2048
10:15:57.016 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 141124 MB offset 3074048
10:15:57.047 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 10000 MB offset 292098048
10:15:57.047 Disk 0 scanning sectors +312578048
10:15:57.125 Disk 0 scanning C:\Windows\system32\drivers
10:16:05.534 Service scanning
10:16:09.574 Modules scanning
10:16:21.695 Disk 0 trace - called modules:
10:16:21.727 ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys acpi.sys hal.dll iastor.sys
10:16:21.727 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d055f0]
10:16:21.758 3 CLASSPNP.SYS[897d08b3] -> nt!IofCallDriver -> [0x86d05df0]
10:16:21.758 5 PCTCore.sys[83704099] -> nt!IofCallDriver -> [0x85842118]
10:16:21.773 7 acpi.sys[806d06bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x861f9028]
10:16:21.773 Scan finished successfully
10:16:37.249 Disk 0 MBR has been saved successfully to "C:\Users\Costa\Desktop\MBR.dat"
10:16:37.249 The log file has been saved successfully to "C:\Users\Costa\Desktop\aswMBR.txt"
10:17:14.720 Disk 0 MBR has been saved successfully to "E:\ASW\MBR.dat"
10:17:14.735 The log file has been saved successfully to "E:\ASW\aswMBR.txt"
-
Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.
Link 1 (http://download.bleepingcomputer.com/rootrepeal/MBRCheck.exe)
Link 2 (http://ad13.geekstogo.com/MBRCheck.exe)
Link 3 (http://www.kernelmode.info/MBRCheck.exe)
•Double-click on MBRCheck.exe to run it.
•It will open a black window...please do not fix anything (if it gives you an option).
•When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
•A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
•Please copy and paste the contents of that log in your next reply.
-
Black box opens with this message after 5 seconds
Found non-standard or infected MBR.
Enter 'Y' and hit enter for more options, or 'N' to exit:
what should I do next?
-
Run the Vista Recovery Console.
1. Eject and remove any discs or memory cards from your computer.
2. Click the "Start" button on the desktop to open the Start menu, click the small arrow icon to the right of the lock icon and select "Restart".
3. Hold the "F8" key on your computer's keyboard as Windows Vista reboots.
4. Highlight and select "Repair your computer" choose your keyboard type and click "Next".
5. Choose your user name, type your password if prompted and click "OK" to access the System Recovery Options menu.
6. Next type bootrec /fixmbr
7. If it ask if you're sure you want to write a new MBR, answer 'Y'
8. Then type EXIT to reboot the machine.
9.With that done, please post back and let me know how things are now.
-
I finally got through to the System Recovery Options Window
Went into command prompt
Typed in bootrec/fixmbr
Told me the operation completed successfully.
Seems to have worked since I retried MBR check and ran without any issues; here is the log
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Home Basic Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: LENOVO
BIOS Manufacturer: LENOVO
System Manufacturer: LENOVO
System Product Name: 2743CTO
Logical Drives Mask: 0x0005001c
Kernel Drivers (total 173):
0x83052000 \SystemRoot\system32\ntkrnlpa.exe
0x8301F000 \SystemRoot\system32\hal.dll
0x80401000 \SystemRoot\system32\kdcom.dll
0x80408000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80478000 \SystemRoot\system32\PSHED.dll
0x80489000 \SystemRoot\system32\BOOTVID.dll
0x80491000 \SystemRoot\system32\CLFS.SYS
0x804D2000 \SystemRoot\system32\CI.dll
0x80608000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80684000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80691000 \SystemRoot\system32\drivers\fltmgr.sys
0x806C3000 \SystemRoot\system32\drivers\acpi.sys
0x80709000 \SystemRoot\system32\drivers\WMILIB.SYS
0x80712000 \SystemRoot\system32\drivers\msisadrv.sys
0x8071A000 \SystemRoot\system32\drivers\pci.sys
0x80741000 \SystemRoot\System32\drivers\partmgr.sys
0x80750000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80753000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8075D000 \SystemRoot\system32\drivers\volmgr.sys
0x8076C000 \SystemRoot\System32\drivers\volmgrx.sys
0x807B6000 \SystemRoot\System32\drivers\mountmgr.sys
0x83605000 \SystemRoot\system32\drivers\iastor.sys
0x836DF000 \SystemRoot\system32\drivers\fileinfo.sys
0x836EF000 \SystemRoot\system32\drivers\PCTCore.sys
0x8372C000 \SystemRoot\system32\drivers\pctDS.sys
0x89007000 \SystemRoot\system32\drivers\pctEFA.sys
0x890AC000 \SystemRoot\System32\Drivers\DRVMCDB.SYS
0x890C3000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x890CD000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8920D000 \SystemRoot\system32\drivers\ndis.sys
0x89318000 \SystemRoot\system32\drivers\msrpc.sys
0x89343000 \SystemRoot\system32\drivers\NETIO.SYS
0x89401000 \SystemRoot\System32\drivers\tcpip.sys
0x894EB000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x89605000 \SystemRoot\System32\Drivers\Ntfs.sys
0x89715000 \SystemRoot\system32\drivers\volsnap.sys
0x8974E000 \SystemRoot\System32\DRIVERS\ApsHM86.sys
0x89756000 \SystemRoot\System32\Drivers\spldr.sys
0x8975E000 \SystemRoot\System32\DRIVERS\Apsx86.sys
0x8977C000 \SystemRoot\System32\Drivers\mup.sys
0x8978B000 \SystemRoot\System32\drivers\ecache.sys
0x897B2000 \SystemRoot\system32\drivers\disk.sys
0x897C3000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x897E4000 \SystemRoot\system32\drivers\crcdisk.sys
0x895E0000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x895EB000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8937E000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8DC0E000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8E52B000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8E5CB000 \SystemRoot\System32\drivers\watchdog.sys
0x8E5D7000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8938D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8E5E2000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8913F000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8E802000 \SystemRoot\system32\DRIVERS\athr.sys
0x8E8E6000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8E907000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8E917000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8E925000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8E93F000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x8E950000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x8E964000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8E9B6000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8E9C9000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x893CB000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8E9D4000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8E9D6000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8E9E1000 \SystemRoot\system32\DRIVERS\ibmpmdrv.sys
0x8E9E5000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0x8E9E7000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8E5F1000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8E5F7000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8DC00000 \SystemRoot\system32\DRIVERS\A0101V32.sys
0x891CC000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x83783000 \SystemRoot\system32\DRIVERS\storport.sys
0x895F4000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x837C4000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x89200000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x837DB000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x807C6000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x807D5000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x807E9000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x805B2000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8DC08000 \SystemRoot\system32\DRIVERS\psadd.sys
0x8E800000 \SystemRoot\system32\DRIVERS\swenum.sys
0x805C2000 \SystemRoot\system32\DRIVERS\ks.sys
0x805EC000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8F40B000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8F418000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8F44D000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8F45E000 \SystemRoot\system32\drivers\CHDRT32.sys
0x8F49F000 \SystemRoot\system32\drivers\portcls.sys
0x8F4CC000 \SystemRoot\system32\drivers\drmk.sys
0x8F4F1000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x91005000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x91107000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x911BC000 \SystemRoot\system32\drivers\modem.sys
0x911C9000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x8F52E000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x911EA000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8F545000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x911F3000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8F555000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8F55E000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8F575000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8F57E000 \SystemRoot\System32\Drivers\Null.SYS
0x8F585000 \SystemRoot\System32\Drivers\Beep.SYS
0x911FA000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
0x8F58C000 \SystemRoot\System32\drivers\vga.sys
0x8F598000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8F5B9000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8F5C1000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8F5C9000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8F5D4000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8F5E2000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8F5EB000 \SystemRoot\system32\DRIVERS\smb.sys
0x9120C000 \SystemRoot\system32\drivers\afd.sys
0x91254000 \SystemRoot\System32\DRIVERS\netbt.sys
0x91286000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x9128F000 \SystemRoot\system32\DRIVERS\pacer.sys
0x912A5000 \SystemRoot\system32\DRIVERS\netbios.sys
0x912B3000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x912C6000 \SystemRoot\System32\drivers\Tppwr32v.sys
0x912CC000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x912EE000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x912F4000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x91330000 \SystemRoot\system32\drivers\nsiproxy.sys
0x9133A000 \SystemRoot\system32\DRIVERS\smiif32.sys
0x9133C000 \SystemRoot\System32\Drivers\dfsc.sys
0x91353000 \SystemRoot\System32\Drivers\crashdmp.sys
0x89506000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x9BA90000 \SystemRoot\System32\win32k.sys
0x91360000 \SystemRoot\System32\drivers\Dxapi.sys
0x9136A000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9BCB0000 \SystemRoot\System32\TSDDD.dll
0x9BCD0000 \SystemRoot\System32\cdd.dll
0x91379000 \SystemRoot\system32\drivers\luafv.sys
0x91394000 \SystemRoot\system32\DRIVERS\tvtfilter.sys
0x9139D000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0x913A8000 \SystemRoot\System32\DLA\DLADResM.SYS
0x913A9000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0x913C1000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0x913C6000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0x913C8000 \SystemRoot\System32\DLA\DLABMFSM.SYS
0x913CF000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0x913D6000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0x8240F000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0x82426000 \SystemRoot\system32\drivers\spsys.sys
0x824D6000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x824E6000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x82510000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8251A000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x8252D000 \??\C:\Program Files\Lenovo\ATK Hotkey\ASMMAP.sys
0x82534000 \SystemRoot\system32\drivers\HTTP.sys
0x825A1000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x825BE000 \SystemRoot\system32\DRIVERS\bowser.sys
0x825D7000 \SystemRoot\system32\drivers\mrxdav.sys
0xADA00000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xADA1F000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xADA58000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xADA70000 \SystemRoot\System32\DRIVERS\srv2.sys
0xADA98000 \SystemRoot\System32\DRIVERS\srv.sys
0xADAE7000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xADAFD000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xADB12000 \SystemRoot\System32\Drivers\fastfat.SYS
0xADB3A000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xB7E00000 \SystemRoot\system32\drivers\peauth.sys
0xB7EDE000 \SystemRoot\System32\Drivers\secdrv.SYS
0xB7EE8000 \SystemRoot\System32\drivers\tcpipreg.sys
0xB7EF4000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xB7F09000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0xB7F1B000 \SystemRoot\system32\DRIVERS\xaudio.sys
0x771D0000 \Windows\System32\ntdll.dll
Processes (total 110):
0 System Idle Process
4 System
528 C:\Windows\System32\smss.exe
660 csrss.exe
704 C:\Windows\System32\wininit.exe
716 csrss.exe
748 C:\Windows\System32\services.exe
760 C:\Windows\System32\lsass.exe
768 C:\Windows\System32\lsm.exe
848 C:\Windows\System32\winlogon.exe
968 C:\Windows\System32\svchost.exe
1032 C:\Windows\System32\ibmpmsvc.exe
1084 C:\Windows\System32\svchost.exe
1144 C:\Windows\System32\svchost.exe
1252 C:\Windows\System32\svchost.exe
1264 C:\Windows\System32\svchost.exe
1344 C:\Windows\System32\audiodg.exe
1364 C:\Windows\System32\svchost.exe
1380 C:\Windows\System32\SLsvc.exe
1408 C:\Windows\System32\svchost.exe
1624 C:\Program Files\Lenovo\ATK Hotkey\ASLDRSrv.exe
1636 C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe
1664 C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe
1672 C:\Windows\System32\wlanext.exe
1796 C:\Windows\System32\spoolsv.exe
1996 C:\Windows\System32\dwm.exe
2020 C:\Windows\System32\taskeng.exe
376 C:\Windows\System32\taskeng.exe
412 C:\Windows\System32\taskeng.exe
444 C:\Windows\explorer.exe
1184 C:\Program Files\Lenovo\ATK Hotkey\LControl.exe
1428 C:\Program Files\Lenovo\ATK Hotkey\LFKA.exe
816 C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
1936 C:\Windows\System32\igfxsrvc.exe
1080 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
744 C:\Windows\System32\TpShocks.exe
1208 C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe
944 C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
860 C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
1404 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
1596 C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
1708 C:\Program Files\Lenovo\ZOOM\TpScrex.exe
2068 C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe
2084 C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE
2092 C:\Program Files\Lenovo\LenovoCare\LPMLCHK.EXE
2104 C:\Windows\System32\rundll32.exe
2196 C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
2204 C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
2212 C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
2220 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
2232 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2248 C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe
2268 C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
2280 C:\Windows\System32\igfxtray.exe
2288 C:\Windows\System32\hkcmd.exe
2296 C:\Windows\System32\igfxpers.exe
2304 C:\Program Files\PC Tools Security\BDT\FGuard.exe
2324 C:\Program Files\Browny02\Brother\BrStMonW.exe
2348 C:\Program Files\iTunes\iTunesHelper.exe
2356 C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
2364 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
2376 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
2392 C:\Brother\BPRSP\resources\BrSupSsp.exe
2404 C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
2416 C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
3308 C:\Program Files\SUPERAntiSpyware\SASCore.exe
3320 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
3332 C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
3352 C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
3392 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
3420 C:\Program Files\Bonjour\mDNSResponder.exe
3432 C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
3484 C:\Windows\System32\svchost.exe
3496 C:\Program Files\DDNI\DIBS\DDNIService.exe
3516 C:\Windows\System32\svchost.exe
3540 C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
3572 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
3780 C:\Windows\System32\IoctlSvc.exe
3796 C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
4016 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
4076 C:\Windows\System32\svchost.exe
2124 C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
2320 C:\Windows\System32\TPHDEXLG.exe
1976 C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
2336 C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
2432 C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
2624 C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
2756 C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
1480 C:\Windows\System32\svchost.exe
2440 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2968 C:\Windows\System32\SearchIndexer.exe
3100 WUDFHost.exe
3184 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
2540 C:\Windows\System32\drivers\XAudio.exe
2536 C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
3752 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
3108 C:\Program Files\Lenovo\System Update\SUService.exe
2692 WmiPrvSE.exe
4100 C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
4108 C:\Windows\System32\mobsync.exe
4232 C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
4268 WmiPrvSE.exe
4344 C:\Program Files\Browny02\BrYNSvc.exe
4436 C:\Program Files\iPod\bin\iPodService.exe
4660 C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
4896 dllhost.exe
4952 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
5188 dllhost.exe
5236 E:\MBRCheck.exe
5260 C:\Windows\System32\conime.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 (NTFS)
\\.\Q: --> \\.\PhysicalDrive0 at offset 0x00000022`d2200000 (NTFS)
\\.\S: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
PhysicalDrive0 Model Number: HITACHIHTS543216L9SA00, Rev: FB2ZC4EC
Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: D46C623DC978C47D5224D9183DF5CF1370A53AA 5
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
-
It's still showing a non-standard or infected MBR. Please try it again and then run the MBR Check again.
-
Here it goes again..think it passed.
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Home Basic Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: LENOVO
BIOS Manufacturer: LENOVO
System Manufacturer: LENOVO
System Product Name: 2743CTO
Logical Drives Mask: 0x0005001c
Kernel Drivers (total 125):
0x83042000 \SystemRoot\system32\ntkrnlpa.exe
0x8300F000 \SystemRoot\system32\hal.dll
0x8040D000 \SystemRoot\system32\kdcom.dll
0x80414000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80484000 \SystemRoot\system32\PSHED.dll
0x80495000 \SystemRoot\system32\BOOTVID.dll
0x8049D000 \SystemRoot\system32\CLFS.SYS
0x804DE000 \SystemRoot\system32\CI.dll
0x80609000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80685000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80692000 \SystemRoot\system32\drivers\fltmgr.sys
0x806C4000 \SystemRoot\system32\drivers\acpi.sys
0x8070A000 \SystemRoot\system32\drivers\WMILIB.SYS
0x80713000 \SystemRoot\system32\drivers\msisadrv.sys
0x8071B000 \SystemRoot\system32\drivers\pci.sys
0x80742000 \SystemRoot\System32\drivers\partmgr.sys
0x80751000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80754000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8075E000 \SystemRoot\system32\drivers\volmgr.sys
0x8076D000 \SystemRoot\System32\drivers\volmgrx.sys
0x807B7000 \SystemRoot\System32\drivers\mountmgr.sys
0x83604000 \SystemRoot\system32\drivers\iastor.sys
0x836DE000 \SystemRoot\system32\drivers\fileinfo.sys
0x836EE000 \SystemRoot\system32\drivers\PCTCore.sys
0x8372B000 \SystemRoot\system32\drivers\pctDS.sys
0x8900D000 \SystemRoot\system32\drivers\pctEFA.sys
0x890B2000 \SystemRoot\System32\Drivers\DRVMCDB.SYS
0x890C9000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x890D3000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8920F000 \SystemRoot\system32\drivers\ndis.sys
0x8931A000 \SystemRoot\system32\drivers\msrpc.sys
0x89345000 \SystemRoot\system32\drivers\NETIO.SYS
0x89400000 \SystemRoot\System32\drivers\tcpip.sys
0x894EA000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x89608000 \SystemRoot\System32\Drivers\Ntfs.sys
0x89718000 \SystemRoot\system32\drivers\volsnap.sys
0x89751000 \SystemRoot\System32\DRIVERS\ApsHM86.sys
0x89761000 \SystemRoot\System32\DRIVERS\Apsx86.sys
0x8977F000 \SystemRoot\System32\Drivers\mup.sys
0x8978E000 \SystemRoot\System32\drivers\ecache.sys
0x897B5000 \SystemRoot\system32\drivers\disk.sys
0x897C6000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x897E7000 \SystemRoot\system32\drivers\crcdisk.sys
0x895DF000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x895EA000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x895F3000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x89380000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x893BE000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x89145000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8CC01000 \SystemRoot\system32\DRIVERS\athr.sys
0x8CCE5000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8CD06000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8CD16000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8CD24000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x8CD35000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x8CD49000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8CD9B000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8CDAE000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8CDB9000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8CDE9000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8CDEB000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8CDF6000 \SystemRoot\system32\DRIVERS\ibmpmdrv.sys
0x8CDFA000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0x893CD000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x89600000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x89759000 \SystemRoot\system32\DRIVERS\A0101V32.sys
0x83782000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x837B1000 \SystemRoot\system32\DRIVERS\storport.sys
0x893E5000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x891D2000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x893F0000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x807C7000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x89200000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x891E9000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x807EA000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x805BE000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8CDFC000 \SystemRoot\system32\DRIVERS\swenum.sys
0x805CE000 \SystemRoot\system32\DRIVERS\ks.sys
0x89000000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x837F2000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8D80F000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8D844000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8D855000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8D85E000 \SystemRoot\System32\Drivers\Null.SYS
0x8D865000 \SystemRoot\System32\Drivers\Beep.SYS
0x8D86C000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
0x8D872000 \SystemRoot\System32\drivers\vga.sys
0x8D87E000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8D89F000 \SystemRoot\System32\drivers\watchdog.sys
0x8D8AB000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8D8B3000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8D8BE000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8D8CC000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8D8D5000 \SystemRoot\system32\DRIVERS\smb.sys
0x8D8E9000 \SystemRoot\system32\drivers\afd.sys
0x8D931000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8D963000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x8D96C000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8D982000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8D990000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8D9CC000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8D9D6000 \SystemRoot\System32\Drivers\dfsc.sys
0x8DC04000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8DC1B000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8DC24000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8DC34000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8DC3B000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8DC44000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8DC4C000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8DC59000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x95C30000 \SystemRoot\System32\win32k.sys
0x8DD33000 \SystemRoot\System32\drivers\Dxapi.sys
0x95E40000 \SystemRoot\System32\drivers\dxg.sys
0x95E70000 \SystemRoot\System32\TSDDD.dll
0x95EF0000 \SystemRoot\System32\framebuf.dll
0x8DD3D000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8DD67000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8DD71000 \SystemRoot\system32\DRIVERS\bowser.sys
0x8DD8A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x8DDA9000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x8DDE2000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x89505000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x8951B000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x89530000 \SystemRoot\System32\Drivers\fastfat.SYS
0x77A20000 \Windows\System32\ntdll.dll
Processes (total 23):
0 System Idle Process
4 System
496 C:\Windows\System32\smss.exe
604 csrss.exe
640 csrss.exe
648 C:\Windows\System32\wininit.exe
692 C:\Windows\System32\winlogon.exe
724 C:\Windows\System32\services.exe
736 C:\Windows\System32\lsass.exe
744 C:\Windows\System32\lsm.exe
892 C:\Windows\System32\svchost.exe
948 C:\Windows\System32\svchost.exe
1044 C:\Windows\System32\svchost.exe
1068 C:\Windows\System32\svchost.exe
1108 C:\Windows\System32\svchost.exe
1252 C:\Windows\System32\svchost.exe
1412 C:\Windows\explorer.exe
1536 C:\Program Files\SUPERAntiSpyware\SASCore.exe
1548 C:\Windows\System32\svchost.exe
2032 C:\Windows\System32\wbem\unsecapp.exe
248 WmiPrvSE.exe
1792 E:\MBRCheck.exe
1768 C:\Windows\System32\conime.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 (NTFS)
\\.\Q: --> \\.\PhysicalDrive0 at offset 0x00000022`d2200000 (NTFS)
\\.\S: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
PhysicalDrive0 Model Number: HITACHIHTS543216L9SA00, Rev: FB2ZC4EC
Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A797 9
Done!
-
Could you please try running ComboFix again?
-
Didn't catch it but a window popped up and said that it was infected with some rootkit ...particularly bad infection ...
Combofix has run twice for ~5 minutes and seemed to get stuck when a pop up window said that the PC has been 'infected with Rootkit'; this was a couple of minutes after it had another window saying that it 'failed to get data for Enable LUA or LVA'.
It asked me to rerun Combofix again so I have;
'Combofix has detected the presence of rootkit activity and needs to reboot the machine'
Do I press OK or will combofix continue itself? I have left the laptop as is for now..
-
Do I press OK or will combofix continue itself? I have left the laptop as is for now..
Let's try these first.
AVENGER
- Download The Avenger by Swandog46 from here (http://swandog46.geekstogo.com/avenger2/download.php).
- Unzip/extract it to a folder on your desktop.
- Double click on avenger.exe to run The Avenger.
- Click OK.
- Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
- Click the Execute button.
- You will be asked No script has been entered. Do you want to execute a rootkit scan only?.
- Click Yes.
- You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
- Click Yes.
- Your PC will now be rebooted.
- After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).
- Please post this log in your next reply.
**************************************************
- Download TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) and save it to your Desktop.
- Extract its contents to your desktop.
- Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
- If an infected file is detected, the default action will be Cure, click on Continue.
- If a suspicious file is detected, the default action will be Skip, click on Continue.
- It may ask you to reboot the computer to complete the process. Click on Reboot Now.
- Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory..
-
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows Vista
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
Completed script processing.
*******************
Finished! Terminate.
That was Avenger
Here is Killer; never stopped; was complete within 5 minutes.
16:45:36.0638 1256 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
16:45:36.0716 1256 ============================================================
16:45:36.0716 1256 Current date / time: 2012/02/09 16:45:36.0716
16:45:36.0716 1256 SystemInfo:
16:45:36.0716 1256
16:45:36.0716 1256 OS Version: 6.0.6002 ServicePack: 2.0
16:45:36.0716 1256 Product type: Workstation
16:45:36.0716 1256 ComputerName: COSTA-PC
16:45:36.0731 1256 UserName: Costa
16:45:36.0731 1256 Windows directory: C:\Windows
16:45:36.0731 1256 System windows directory: C:\Windows
16:45:36.0731 1256 Processor architecture: Intel x86
16:45:36.0731 1256 Number of processors: 2
16:45:36.0731 1256 Page size: 0x1000
16:45:36.0731 1256 Boot type: Normal boot
16:45:36.0731 1256 ============================================================
16:45:38.0057 1256 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:45:38.0088 1256 Drive \Device\Harddisk1\DR1 - Size: 0x1DD180000 (7.45 Gb), SectorSize: 0x200, Cylinders: 0x3CD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:45:38.0088 1256 \Device\Harddisk0\DR0:
16:45:38.0088 1256 MBR used
16:45:38.0088 1256 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2EE000
16:45:38.0088 1256 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x113A27F8
16:45:38.0088 1256 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x11691000, BlocksNum 0x1388000
16:45:38.0088 1256 \Device\Harddisk1\DR1:
16:45:38.0088 1256 MBR used
16:45:38.0088 1256 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0xEE8BE0
16:45:38.0510 1256 Initialize success
16:45:38.0510 1256 ============================================================
16:45:41.0505 2876 ============================================================
16:45:41.0505 2876 Scan started
16:45:41.0505 2876 Mode: Manual;
16:45:41.0505 2876 ============================================================
16:45:49.0164 2876 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
16:45:49.0492 2876 ACPI - ok
16:45:50.0709 2876 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
16:45:50.0724 2876 adp94xx - ok
16:45:51.0785 2876 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
16:45:51.0801 2876 adpahci - ok
16:45:52.0768 2876 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
16:45:52.0815 2876 adpu160m - ok
16:45:53.0891 2876 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
16:45:53.0907 2876 adpu320 - ok
16:45:54.0656 2876 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
16:45:54.0656 2876 AFD - ok
16:45:55.0685 2876 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
16:45:55.0716 2876 agp440 - ok
16:45:56.0824 2876 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
16:45:56.0933 2876 aic78xx - ok
16:45:57.0773 2876 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
16:45:57.0835 2876 aliide - ok
16:45:58.0974 2876 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
16:45:58.0990 2876 amdagp - ok
16:45:59.0910 2876 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
16:45:59.0926 2876 amdide - ok
16:46:00.0706 2876 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
16:46:00.0737 2876 AmdK7 - ok
16:46:01.0735 2876 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
16:46:01.0782 2876 AmdK8 - ok
16:46:02.0843 2876 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
16:46:02.0890 2876 arc - ok
16:46:04.0013 2876 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
16:46:04.0028 2876 arcsas - ok
16:46:04.0325 2876 ASMMAP (7b4d08d2017ac06689d422e06c43f0aa) C:\Program Files\Lenovo\ATK Hotkey\ASMMAP.sys
16:46:04.0340 2876 ASMMAP - ok
16:46:05.0744 2876 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
16:46:05.0776 2876 AsyncMac - ok
16:46:06.0836 2876 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
16:46:06.0868 2876 atapi - ok
16:46:08.0209 2876 athr (4df523f49694b2884f8e5d870bf3e253) C:\Windows\system32\DRIVERS\athr.sys
16:46:08.0818 2876 athr - ok
16:46:11.0220 2876 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
16:46:11.0251 2876 Beep - ok
16:46:12.0125 2876 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
16:46:12.0172 2876 blbdrive - ok
16:46:12.0967 2876 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
16:46:12.0998 2876 bowser - ok
16:46:14.0090 2876 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
16:46:14.0106 2876 BrFiltLo - ok
16:46:14.0995 2876 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
16:46:15.0026 2876 BrFiltUp - ok
16:46:15.0916 2876 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
16:46:15.0947 2876 Brserid - ok
16:46:16.0680 2876 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
16:46:16.0696 2876 BrSerWdm - ok
16:46:17.0632 2876 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
16:46:17.0647 2876 BrUsbMdm - ok
16:46:18.0458 2876 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
16:46:18.0474 2876 BrUsbSer - ok
16:46:19.0348 2876 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
16:46:19.0363 2876 BTHMODEM - ok
16:46:19.0675 2876 catchme - ok
16:46:20.0596 2876 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
16:46:20.0642 2876 cdfs - ok
16:46:21.0781 2876 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
16:46:21.0812 2876 cdrom - ok
16:46:22.0390 2876 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
16:46:22.0405 2876 circlass - ok
16:46:23.0404 2876 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
16:46:23.0435 2876 CLFS - ok
16:46:24.0418 2876 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
16:46:24.0418 2876 CmBatt - ok
16:46:25.0010 2876 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
16:46:25.0010 2876 cmdide - ok
16:46:26.0165 2876 CnxtHdAudService (2e3e4579b4299c528de109b3ce4294ac) C:\Windows\system32\drivers\CHDRT32.sys
16:46:26.0165 2876 CnxtHdAudService - ok
16:46:26.0945 2876 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
16:46:26.0945 2876 Compbatt - ok
16:46:28.0130 2876 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
16:46:28.0146 2876 crcdisk - ok
16:46:29.0347 2876 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
16:46:29.0347 2876 Crusoe - ok
16:46:30.0065 2876 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
16:46:30.0080 2876 DfsC - ok
16:46:31.0282 2876 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
16:46:31.0328 2876 disk - ok
16:46:32.0405 2876 DLABMFSM (5b149ccfe275f4de0b4b8ec6b9f6821e) C:\Windows\system32\DLA\DLABMFSM.SYS
16:46:32.0405 2876 DLABMFSM - ok
16:46:33.0122 2876 DLABOIOM (ad4cb3d783634c90a9d0ce360933a63c) C:\Windows\system32\DLA\DLABOIOM.SYS
16:46:33.0138 2876 DLABOIOM - ok
16:46:34.0090 2876 DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\Windows\system32\Drivers\DLACDBHM.SYS
16:46:34.0105 2876 DLACDBHM - ok
16:46:34.0838 2876 DLADResM (93d03238cc3f0ee3c0b3985d110ec575) C:\Windows\system32\DLA\DLADResM.SYS
16:46:34.0854 2876 DLADResM - ok
16:46:35.0384 2876 DLAIFS_M (6a82f77c4a6f5235bf352f0028e2ef52) C:\Windows\system32\DLA\DLAIFS_M.SYS
16:46:35.0400 2876 DLAIFS_M - ok
16:46:36.0164 2876 DLAOPIOM (0e6052c0ada37504896a847231a3907d) C:\Windows\system32\DLA\DLAOPIOM.SYS
16:46:36.0180 2876 DLAOPIOM - ok
16:46:37.0334 2876 DLAPoolM (29670bb4e2b973c5b55a76107d4910b2) C:\Windows\system32\DLA\DLAPoolM.SYS
16:46:37.0350 2876 DLAPoolM - ok
16:46:37.0943 2876 DLARTL_M (77fe51f0f8d86804cb81f6ef6bfb86dd) C:\Windows\system32\Drivers\DLARTL_M.SYS
16:46:37.0943 2876 DLARTL_M - ok
16:46:38.0660 2876 DLAUDFAM (6b087732b86c1d866d69dbbe463ea90a) C:\Windows\system32\DLA\DLAUDFAM.SYS
16:46:38.0692 2876 DLAUDFAM - ok
16:46:39.0175 2876 DLAUDF_M (bbeecb95f2841ae4a3e3690d46d7153d) C:\Windows\system32\DLA\DLAUDF_M.SYS
16:46:39.0222 2876 DLAUDF_M - ok
16:46:40.0033 2876 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
16:46:40.0064 2876 drmkaud - ok
16:46:41.0016 2876 DRVMCDB (83106585494d5eb96f59187200c144bd) C:\Windows\system32\Drivers\DRVMCDB.SYS
16:46:41.0032 2876 DRVMCDB - ok
16:46:41.0437 2876 DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\Windows\system32\Drivers\DRVNDDM.SYS
16:46:41.0437 2876 DRVNDDM - ok
16:46:42.0295 2876 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
16:46:42.0436 2876 DXGKrnl - ok
16:46:43.0325 2876 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
16:46:43.0387 2876 e1express - ok
16:46:44.0308 2876 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
16:46:44.0354 2876 E1G60 - ok
16:46:45.0025 2876 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
16:46:45.0025 2876 Ecache - ok
16:46:46.0086 2876 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
16:46:46.0180 2876 elxstor - ok
16:46:46.0960 2876 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
16:46:46.0960 2876 ErrDev - ok
16:46:48.0442 2876 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
16:46:48.0504 2876 exfat - ok
16:46:49.0549 2876 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
16:46:49.0596 2876 fastfat - ok
16:46:50.0875 2876 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
16:46:50.0891 2876 fdc - ok
16:46:51.0780 2876 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
16:46:51.0811 2876 FileInfo - ok
16:46:52.0482 2876 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
16:46:52.0498 2876 Filetrace - ok
16:46:53.0137 2876 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
16:46:53.0137 2876 flpydisk - ok
16:46:53.0824 2876 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
16:46:53.0886 2876 FltMgr - ok
16:46:54.0635 2876 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
16:46:54.0650 2876 Fs_Rec - ok
16:46:55.0399 2876 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
16:46:55.0430 2876 gagp30kx - ok
16:46:56.0195 2876 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:46:56.0195 2876 GEARAspiWDM - ok
16:46:57.0022 2876 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
16:46:57.0068 2876 HdAudAddService - ok
16:46:58.0363 2876 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:46:58.0441 2876 HDAudBus - ok
16:46:59.0330 2876 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
16:46:59.0408 2876 HidBth - ok
16:47:00.0251 2876 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
16:47:00.0282 2876 HidIr - ok
16:47:01.0156 2876 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
16:47:01.0171 2876 HidUsb - ok
16:47:02.0060 2876 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
16:47:02.0092 2876 HpCISSs - ok
16:47:02.0965 2876 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
16:47:03.0028 2876 HSFHWAZL - ok
16:47:04.0385 2876 HSF_DPV (fadd7095163cb3cb4073793ebb50fe75) C:\Windows\system32\DRIVERS\HSX_DPV.sys
16:47:04.0510 2876 HSF_DPV - ok
16:47:05.0212 2876 HSXHWAZL (058783bedd17615d1fece09f77960436) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
16:47:05.0274 2876 HSXHWAZL - ok
16:47:05.0882 2876 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
16:47:05.0882 2876 HTTP - ok
16:47:06.0382 2876 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
16:47:06.0413 2876 i2omp - ok
16:47:07.0302 2876 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
16:47:07.0333 2876 i8042prt - ok
16:47:08.0238 2876 iaStor (baabb0301949774a66b955c65319635a) C:\Windows\system32\drivers\iastor.sys
16:47:08.0254 2876 iaStor - ok
16:47:09.0205 2876 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
16:47:09.0252 2876 iaStorV - ok
16:47:10.0235 2876 IBMPMDRV (4a8ab38fdf3649c1fe3e9d16bf79927d) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
16:47:10.0250 2876 IBMPMDRV - ok
16:47:12.0216 2876 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
16:47:14.0774 2876 igfx - ok
16:47:15.0695 2876 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
16:47:15.0710 2876 iirsp - ok
16:47:16.0288 2876 IntcHdmiAddService (092a78e9c6f71bf0e22379503b90e800) C:\Windows\system32\drivers\IntcHdmi.sys
16:47:16.0303 2876 IntcHdmiAddService - ok
16:47:16.0756 2876 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
16:47:16.0756 2876 intelide - ok
16:47:17.0614 2876 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
16:47:17.0614 2876 intelppm - ok
16:47:18.0456 2876 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:47:18.0472 2876 IpFilterDriver - ok
16:47:18.0846 2876 IpInIp - ok
16:47:19.0423 2876 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
16:47:19.0423 2876 IPMIDRV - ok
16:47:19.0829 2876 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
16:47:19.0860 2876 IPNAT - ok
16:47:20.0624 2876 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
16:47:20.0687 2876 IRENUM - ok
16:47:21.0623 2876 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
16:47:21.0654 2876 isapnp - ok
16:47:22.0450 2876 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
16:47:22.0481 2876 iScsiPrt - ok
16:47:23.0089 2876 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
16:47:23.0105 2876 iteatapi - ok
16:47:23.0994 2876 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
16:47:24.0010 2876 iteraid - ok
16:47:24.0852 2876 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
16:47:24.0852 2876 kbdclass - ok
16:47:25.0694 2876 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
16:47:25.0710 2876 kbdhid - ok
16:47:26.0521 2876 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
16:47:26.0584 2876 KSecDD - ok
16:47:27.0863 2876 lenovo.smi (3c3f7f424e324c6971632c5de5ff458f) C:\Windows\system32\DRIVERS\smiif32.sys
16:47:27.0878 2876 lenovo.smi - ok
16:47:28.0549 2876 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
16:47:28.0565 2876 lltdio - ok
16:47:29.0345 2876 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
16:47:29.0392 2876 LSI_FC - ok
16:47:30.0234 2876 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
16:47:30.0265 2876 LSI_SAS - ok
16:47:31.0342 2876 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
16:47:31.0373 2876 LSI_SCSI - ok
16:47:32.0168 2876 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
16:47:32.0200 2876 luafv - ok
16:47:33.0011 2876 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
16:47:33.0026 2876 mdmxsdk - ok
16:47:33.0822 2876 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
16:47:34.0118 2876 megasas - ok
16:47:35.0054 2876 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
16:47:35.0070 2876 MegaSR - ok
16:47:35.0912 2876 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
16:47:35.0912 2876 Modem - ok
16:47:36.0630 2876 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
16:47:36.0630 2876 monitor - ok
16:47:37.0238 2876 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
16:47:37.0254 2876 mouclass - ok
16:47:38.0018 2876 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
16:47:38.0050 2876 mouhid - ok
16:47:38.0689 2876 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
16:47:38.0705 2876 MountMgr - ok
16:47:39.0578 2876 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
16:47:39.0625 2876 mpio - ok
16:47:40.0358 2876 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
16:47:40.0390 2876 mpsdrv - ok
16:47:41.0154 2876 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
16:47:41.0185 2876 Mraid35x - ok
16:47:41.0622 2876 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
16:47:41.0638 2876 MRxDAV - ok
16:47:42.0480 2876 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:47:42.0496 2876 mrxsmb - ok
16:47:43.0666 2876 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:47:43.0744 2876 mrxsmb10 - ok
16:47:44.0540 2876 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:47:44.0556 2876 mrxsmb20 - ok
16:47:45.0071 2876 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
16:47:45.0117 2876 msahci - ok
16:47:45.0741 2876 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
16:47:45.0773 2876 msdsm - ok
16:47:46.0584 2876 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
16:47:46.0615 2876 Msfs - ok
16:47:47.0489 2876 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
16:47:47.0520 2876 msisadrv - ok
16:47:48.0456 2876 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
16:47:48.0487 2876 MSKSSRV - ok
16:47:49.0298 2876 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
16:47:49.0345 2876 MSPCLOCK - ok
16:47:50.0297 2876 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
16:47:50.0328 2876 MSPQM - ok
16:47:51.0279 2876 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
16:47:51.0326 2876 MsRPC - ok
16:47:52.0215 2876 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
16:47:52.0215 2876 mssmbios - ok
16:47:53.0292 2876 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
16:47:53.0339 2876 MSTEE - ok
16:47:54.0119 2876 MTsensor (97affa9d95ffe20eee6229bc6be166cf) C:\Windows\system32\DRIVERS\A0101V32.sys
16:47:54.0134 2876 MTsensor - ok
16:47:54.0524 2876 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
16:47:54.0524 2876 Mup - ok
16:47:54.0930 2876 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
16:47:54.0945 2876 NativeWifiP - ok
16:47:55.0757 2876 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
16:47:55.0866 2876 NDIS - ok
16:47:57.0036 2876 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
16:47:57.0067 2876 NdisTapi - ok
16:47:57.0566 2876 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
16:47:57.0566 2876 Ndisuio - ok
16:47:58.0362 2876 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
16:47:58.0377 2876 NdisWan - ok
16:47:59.0142 2876 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
16:47:59.0157 2876 NDProxy - ok
16:48:00.0218 2876 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
16:48:00.0234 2876 NetBIOS - ok
16:48:02.0153 2876 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
16:48:02.0168 2876 netbt - ok
16:48:03.0011 2876 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
16:48:03.0042 2876 nfrd960 - ok
16:48:03.0791 2876 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
16:48:03.0791 2876 Npfs - ok
16:48:04.0742 2876 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
16:48:04.0789 2876 nsiproxy - ok
16:48:05.0585 2876 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
16:48:05.0959 2876 Ntfs - ok
16:48:06.0614 2876 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
16:48:06.0630 2876 ntrigdigi - ok
16:48:07.0332 2876 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
16:48:07.0363 2876 Null - ok
16:48:08.0112 2876 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
16:48:08.0159 2876 nvraid - ok
16:48:09.0126 2876 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
16:48:09.0173 2876 nvstor - ok
16:48:09.0937 2876 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
16:48:09.0984 2876 nv_agp - ok
16:48:10.0764 2876 NwlnkFlt - ok
16:48:11.0637 2876 NwlnkFwd - ok
16:48:12.0417 2876 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
16:48:12.0417 2876 ohci1394 - ok
16:48:13.0369 2876 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
16:48:13.0431 2876 Parport - ok
16:48:14.0321 2876 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
16:48:14.0336 2876 partmgr - ok
16:48:15.0225 2876 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
16:48:15.0241 2876 Parvdm - ok
16:48:16.0193 2876 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
16:48:16.0239 2876 pci - ok
16:48:17.0097 2876 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
16:48:17.0129 2876 pciide - ok
16:48:18.0143 2876 pcmcia (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys
16:48:18.0236 2876 pcmcia - ok
16:48:19.0235 2876 PCTCore (995e6bc3bb92bb4a9eb49a663c43b6cb) C:\Windows\system32\drivers\PCTCore.sys
16:48:19.0281 2876 PCTCore - ok
16:48:20.0108 2876 pctDS (f820b4c61d1e591325b679d479d4eea4) C:\Windows\system32\drivers\pctDS.sys
16:48:20.0171 2876 pctDS - ok
16:48:21.0185 2876 pctEFA (acc8c15f3d59f17c5d903ff1de3b43d3) C:\Windows\system32\drivers\pctEFA.sys
16:48:21.0278 2876 pctEFA - ok
16:48:22.0433 2876 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
16:48:22.0698 2876 PEAUTH - ok
16:48:23.0634 2876 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
16:48:23.0649 2876 PptpMiniport - ok
16:48:24.0461 2876 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
16:48:24.0507 2876 Processor - ok
16:48:25.0428 2876 psadd (f8a25f1dd8b2c332cbc663e3579566e7) C:\Windows\system32\DRIVERS\psadd.sys
16:48:25.0537 2876 psadd - ok
16:48:25.0989 2876 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
16:48:26.0021 2876 PSched - ok
16:48:26.0801 2876 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
16:48:26.0832 2876 PxHelp20 - ok
16:48:27.0939 2876 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
16:48:28.0127 2876 ql2300 - ok
16:48:28.0922 2876 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
16:48:28.0953 2876 ql40xx - ok
16:48:30.0030 2876 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
16:48:30.0061 2876 QWAVEdrv - ok
16:48:30.0950 2876 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
16:48:30.0981 2876 RasAcd - ok
16:48:31.0902 2876 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:48:31.0964 2876 Rasl2tp - ok
16:48:32.0822 2876 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
16:48:32.0853 2876 RasPppoe - ok
16:48:33.0477 2876 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
16:48:33.0493 2876 RasSstp - ok
16:48:34.0289 2876 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
16:48:34.0367 2876 rdbss - ok
16:48:35.0287 2876 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:48:35.0287 2876 RDPCDD - ok
16:48:36.0192 2876 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
16:48:36.0254 2876 rdpdr - ok
16:48:37.0190 2876 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
16:48:37.0206 2876 RDPENCDD - ok
16:48:38.0095 2876 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
16:48:38.0126 2876 RDPWD - ok
16:48:39.0000 2876 rimmptsk (a5b12a4b3b774432db9b9fa221190e59) C:\Windows\system32\DRIVERS\rimmptsk.sys
16:48:39.0000 2876 rimmptsk - ok
16:48:39.0749 2876 rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys
16:48:39.0764 2876 rimsptsk - ok
16:48:40.0529 2876 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
16:48:40.0544 2876 rismxdp - ok
16:48:41.0324 2876 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
16:48:41.0355 2876 rspndr - ok
16:48:42.0120 2876 RTL8169 (7157e70a90cce49deb8885d23a073a39) C:\Windows\system32\DRIVERS\Rtlh86.sys
16:48:42.0135 2876 RTL8169 - ok
16:48:42.0369 2876 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
16:48:42.0385 2876 SASDIFSV - ok
16:48:42.0510 2876 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
16:48:42.0525 2876 SASKUTIL - ok
16:48:42.0915 2876 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
16:48:42.0915 2876 sbp2port - ok
16:48:43.0399 2876 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
16:48:43.0415 2876 sdbus - ok
16:48:44.0132 2876 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
16:48:44.0132 2876 secdrv - ok
16:48:44.0585 2876 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
16:48:44.0585 2876 Serenum - ok
16:48:44.0975 2876 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
16:48:44.0975 2876 Serial - ok
16:48:45.0443 2876 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
16:48:45.0443 2876 sermouse - ok
16:48:45.0926 2876 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
16:48:45.0957 2876 sffdisk - ok
16:48:46.0457 2876 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
16:48:46.0457 2876 sffp_mmc - ok
16:48:46.0831 2876 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
16:48:46.0831 2876 sffp_sd - ok
16:48:47.0408 2876 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
16:48:47.0408 2876 sfloppy - ok
16:48:47.0845 2876 Shockprf (1310c5e81966e86b2ced7ae8ce3d74f1) C:\Windows\system32\DRIVERS\Apsx86.sys
16:48:47.0845 2876 Shockprf - ok
16:48:48.0266 2876 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
16:48:48.0266 2876 sisagp - ok
16:48:48.0703 2876 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
16:48:48.0719 2876 SiSRaid2 - ok
16:48:49.0062 2876 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
16:48:49.0062 2876 SiSRaid4 - ok
16:48:49.0514 2876 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
16:48:49.0530 2876 Smb - ok
16:48:50.0029 2876 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
16:48:50.0045 2876 spldr - ok
16:48:50.0497 2876 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
16:48:50.0497 2876 srv - ok
16:48:51.0137 2876 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
16:48:51.0152 2876 srv2 - ok
16:48:51.0589 2876 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
16:48:51.0589 2876 srvnet - ok
16:48:52.0041 2876 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
16:48:52.0041 2876 swenum - ok
16:48:52.0447 2876 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
16:48:52.0447 2876 Symc8xx - ok
16:48:52.0931 2876 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
16:48:52.0931 2876 Sym_hi - ok
16:48:53.0367 2876 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
16:48:53.0383 2876 Sym_u3 - ok
16:48:53.0960 2876 SynTP (f92350e343b056a83093bc0d8f750f05) C:\Windows\system32\DRIVERS\SynTP.sys
16:48:53.0960 2876 SynTP - ok
16:48:54.0569 2876 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
16:48:54.0600 2876 Tcpip - ok
16:48:55.0099 2876 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
16:48:55.0115 2876 Tcpip6 - ok
16:48:55.0583 2876 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
16:48:55.0583 2876 tcpipreg - ok
16:48:56.0144 2876 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
16:48:56.0175 2876 TDPIPE - ok
16:48:56.0534 2876 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
16:48:56.0534 2876 TDTCP - ok
16:48:56.0877 2876 tdx - ok
16:48:57.0314 2876 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
16:48:57.0330 2876 TermDD - ok
16:48:57.0813 2876 TPDIGIMN (d7a29e343632e2fc5f7ebfc886f12675) C:\Windows\system32\DRIVERS\ApsHM86.sys
16:48:57.0813 2876 TPDIGIMN - ok
16:48:58.0328 2876 TPM (cb258c2f726f1be73c507022be33ebb3) C:\Windows\system32\drivers\tpm.sys
16:48:58.0328 2876 TPM - ok
16:48:58.0781 2876 TPPWRIF (1bd5719ef160e0ab739cd0ff3ba5e298) C:\Windows\system32\drivers\Tppwr32v.sys
16:48:58.0781 2876 TPPWRIF - ok
16:48:59.0264 2876 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:48:59.0264 2876 tssecsrv - ok
16:48:59.0654 2876 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
16:48:59.0654 2876 tunmp - ok
16:49:00.0060 2876 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
16:49:00.0075 2876 tunnel - ok
16:49:00.0512 2876 tvtfilter (49258a02a1e8d304ed88b0f1c56b1738) C:\Windows\system32\DRIVERS\tvtfilter.sys
16:49:00.0512 2876 tvtfilter - ok
16:49:01.0121 2876 tvtumon (fc4d5a1ea9d736907cb547085248199f) C:\Windows\system32\DRIVERS\tvtumon.sys
16:49:01.0121 2876 tvtumon - ok
16:49:01.0542 2876 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
16:49:01.0542 2876 uagp35 - ok
16:49:02.0025 2876 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
16:49:02.0041 2876 udfs - ok
16:49:02.0509 2876 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
16:49:02.0509 2876 uliagpkx - ok
16:49:02.0993 2876 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
16:49:02.0993 2876 uliahci - ok
16:49:03.0461 2876 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
16:49:03.0476 2876 UlSata - ok
16:49:03.0944 2876 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
16:49:03.0944 2876 ulsata2 - ok
16:49:04.0412 2876 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
16:49:04.0428 2876 umbus - ok
16:49:04.0833 2876 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
16:49:04.0865 2876 USBAAPL - ok
16:49:05.0239 2876 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
16:49:05.0239 2876 usbccgp - ok
16:49:05.0645 2876 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
16:49:05.0645 2876 usbcir - ok
16:49:06.0175 2876 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
16:49:06.0175 2876 usbehci - ok
16:49:06.0799 2876 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
16:49:06.0799 2876 usbhub - ok
16:49:07.0220 2876 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
16:49:07.0220 2876 usbohci - ok
16:49:07.0704 2876 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
16:49:07.0719 2876 usbprint - ok
16:49:08.0343 2876 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
16:49:08.0359 2876 usbscan - ok
16:49:09.0155 2876 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:49:09.0155 2876 USBSTOR - ok
16:49:09.0638 2876 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
16:49:09.0638 2876 usbuhci - ok
16:49:10.0122 2876 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
16:49:10.0137 2876 usbvideo - ok
16:49:10.0621 2876 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
16:49:10.0621 2876 vga - ok
16:49:11.0073 2876 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
16:49:11.0089 2876 VgaSave - ok
16:49:11.0557 2876 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
16:49:11.0557 2876 viaagp - ok
16:49:12.0103 2876 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
16:49:12.0103 2876 ViaC7 - ok
16:49:12.0680 2876 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
16:49:12.0680 2876 viaide - ok
16:49:13.0133 2876 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
16:49:13.0148 2876 volmgr - ok
16:49:13.0601 2876 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
16:49:13.0616 2876 volmgrx - ok
16:49:14.0022 2876 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
16:49:14.0022 2876 volsnap - ok
16:49:14.0537 2876 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
16:49:14.0552 2876 vsmraid - ok
16:49:15.0051 2876 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
16:49:15.0067 2876 WacomPen - ok
16:49:15.0488 2876 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:49:15.0488 2876 Wanarp - ok
16:49:15.0535 2876 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:49:15.0535 2876 Wanarpv6 - ok
16:49:15.0925 2876 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
16:49:15.0941 2876 Wd - ok
16:49:16.0393 2876 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
16:49:16.0440 2876 Wdf01000 - ok
16:49:17.0251 2876 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
16:49:17.0282 2876 WimFltr - ok
16:49:17.0984 2876 winachsf (bb9cbaf6ac20452b245c324f1f50ee81) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
16:49:18.0000 2876 winachsf - ok
16:49:18.0827 2876 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:49:18.0858 2876 WmiAcpi - ok
16:49:19.0685 2876 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
16:49:19.0700 2876 WpdUsb - ok
16:49:20.0137 2876 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
16:49:20.0137 2876 ws2ifsl - ok
16:49:20.0589 2876 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:49:20.0589 2876 WUDFRd - ok
16:49:21.0042 2876 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
16:49:21.0042 2876 XAudio - ok
16:49:21.0104 2876 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
16:49:21.0182 2876 \Device\Harddisk0\DR0 - ok
16:49:21.0182 2876 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
16:49:21.0198 2876 \Device\Harddisk1\DR1 - ok
16:49:21.0198 2876 Boot (0x1200) (db22cc3cf933e4bbdc879e17b323bf87) \Device\Harddisk0\DR0\Partition0
16:49:21.0198 2876 \Device\Harddisk0\DR0\Partition0 - ok
16:49:21.0245 2876 Boot (0x1200) (2e8e2d73dfe7b63ffe913ceae517bade) \Device\Harddisk0\DR0\Partition1
16:49:21.0245 2876 \Device\Harddisk0\DR0\Partition1 - ok
16:49:21.0291 2876 Boot (0x1200) (01aec9517935ec23d2e9c0dd7359e4ed) \Device\Harddisk0\DR0\Partition2
16:49:21.0291 2876 \Device\Harddisk0\DR0\Partition2 - ok
16:49:21.0291 2876 Boot (0x1200) (b8f1d9319df78927e391e24460fdfb2a) \Device\Harddisk1\DR1\Partition0
16:49:21.0291 2876 \Device\Harddisk1\DR1\Partition0 - ok
16:49:21.0291 2876 ============================================================
16:49:21.0291 2876 Scan finished
16:49:21.0291 2876 ============================================================
16:49:21.0307 6032 Detected object count: 0
16:49:21.0323 6032 Actual detected object count: 0
16:49:49.0574 5636 ============================================================
16:49:49.0574 5636 Scan started
16:49:49.0574 5636 Mode: Manual;
16:49:49.0574 5636 ============================================================
16:49:51.0462 5636 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
16:49:51.0462 5636 ACPI - ok
16:49:52.0351 5636 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
16:49:52.0367 5636 adp94xx - ok
16:49:53.0209 5636 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
16:49:53.0209 5636 adpahci - ok
16:49:54.0020 5636 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
16:49:54.0020 5636 adpu160m - ok
16:49:54.0379 5636 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
16:49:54.0379 5636 adpu320 - ok
16:49:54.0925 5636 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
16:49:54.0925 5636 AFD - ok
16:49:55.0627 5636 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
16:49:55.0627 5636 agp440 - ok
16:49:56.0251 5636 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
16:49:56.0251 5636 aic78xx - ok
16:49:56.0875 5636 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
16:49:56.0875 5636 aliide - ok
16:49:57.0265 5636 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
16:49:57.0265 5636 amdagp - ok
16:49:57.0733 5636 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
16:49:57.0733 5636 amdide - ok
16:49:58.0154 5636 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
16:49:58.0154 5636 AmdK7 - ok
16:49:58.0856 5636 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
16:49:58.0856 5636 AmdK8 - ok
16:49:59.0901 5636 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
16:49:59.0901 5636 arc - ok
16:50:00.0432 5636 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
16:50:00.0432 5636 arcsas - ok
16:50:00.0635 5636 ASMMAP (7b4d08d2017ac06689d422e06c43f0aa) C:\Program Files\Lenovo\ATK Hotkey\ASMMAP.sys
16:50:00.0635 5636 ASMMAP - ok
16:50:01.0415 5636 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
16:50:01.0415 5636 AsyncMac - ok
16:50:02.0257 5636 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
16:50:02.0273 5636 atapi - ok
16:50:03.0255 5636 athr (4df523f49694b2884f8e5d870bf3e253) C:\Windows\system32\DRIVERS\athr.sys
16:50:03.0271 5636 athr - ok
16:50:03.0817 5636 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
16:50:03.0817 5636 Beep - ok
16:50:04.0675 5636 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
16:50:04.0675 5636 blbdrive - ok
16:50:05.0486 5636 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
16:50:05.0486 5636 bowser - ok
16:50:06.0235 5636 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
16:50:06.0235 5636 BrFiltLo - ok
16:50:06.0937 5636 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
16:50:06.0937 5636 BrFiltUp - ok
16:50:07.0811 5636 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
16:50:07.0811 5636 Brserid - ok
16:50:08.0450 5636 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
16:50:08.0450 5636 BrSerWdm - ok
16:50:08.0903 5636 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
16:50:08.0918 5636 BrUsbMdm - ok
16:50:09.0308 5636 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
16:50:09.0308 5636 BrUsbSer - ok
16:50:09.0792 5636 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
16:50:09.0792 5636 BTHMODEM - ok
16:50:09.0963 5636 catchme - ok
16:50:10.0541 5636 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
16:50:10.0556 5636 cdfs - ok
16:50:11.0149 5636 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
16:50:11.0149 5636 cdrom - ok
16:50:11.0711 5636 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
16:50:11.0726 5636 circlass - ok
16:50:12.0085 5636 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
16:50:12.0101 5636 CLFS - ok
16:50:12.0756 5636 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
16:50:12.0756 5636 CmBatt - ok
16:50:13.0146 5636 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
16:50:13.0146 5636 cmdide - ok
16:50:13.0567 5636 CnxtHdAudService (2e3e4579b4299c528de109b3ce4294ac) C:\Windows\system32\drivers\CHDRT32.sys
16:50:13.0567 5636 CnxtHdAudService - ok
16:50:14.0113 5636 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
16:50:14.0113 5636 Compbatt - ok
16:50:14.0690 5636 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
16:50:14.0690 5636 crcdisk - ok
16:50:15.0174 5636 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
16:50:15.0174 5636 Crusoe - ok
16:50:15.0642 5636 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
16:50:15.0642 5636 DfsC - ok
16:50:16.0266 5636 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
16:50:16.0266 5636 disk - ok
16:50:16.0812 5636 DLABMFSM (5b149ccfe275f4de0b4b8ec6b9f6821e) C:\Windows\system32\DLA\DLABMFSM.SYS
16:50:16.0812 5636 DLABMFSM - ok
16:50:17.0171 5636 DLABOIOM (ad4cb3d783634c90a9d0ce360933a63c) C:\Windows\system32\DLA\DLABOIOM.SYS
16:50:17.0171 5636 DLABOIOM - ok
16:50:17.0763 5636 DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\Windows\system32\Drivers\DLACDBHM.SYS
16:50:17.0763 5636 DLACDBHM - ok
16:50:18.0216 5636 DLADResM (93d03238cc3f0ee3c0b3985d110ec575) C:\Windows\system32\DLA\DLADResM.SYS
16:50:18.0216 5636 DLADResM - ok
16:50:18.0621 5636 DLAIFS_M (6a82f77c4a6f5235bf352f0028e2ef52) C:\Windows\system32\DLA\DLAIFS_M.SYS
16:50:18.0621 5636 DLAIFS_M - ok
16:50:19.0152 5636 DLAOPIOM (0e6052c0ada37504896a847231a3907d) C:\Windows\system32\DLA\DLAOPIOM.SYS
16:50:19.0152 5636 DLAOPIOM - ok
16:50:19.0713 5636 DLAPoolM (29670bb4e2b973c5b55a76107d4910b2) C:\Windows\system32\DLA\DLAPoolM.SYS
16:50:19.0713 5636 DLAPoolM - ok
16:50:20.0197 5636 DLARTL_M (77fe51f0f8d86804cb81f6ef6bfb86dd) C:\Windows\system32\Drivers\DLARTL_M.SYS
16:50:20.0197 5636 DLARTL_M - ok
16:50:20.0759 5636 DLAUDFAM (6b087732b86c1d866d69dbbe463ea90a) C:\Windows\system32\DLA\DLAUDFAM.SYS
16:50:20.0774 5636 DLAUDFAM - ok
16:50:21.0492 5636 DLAUDF_M (bbeecb95f2841ae4a3e3690d46d7153d) C:\Windows\system32\DLA\DLAUDF_M.SYS
16:50:21.0492 5636 DLAUDF_M - ok
16:50:21.0960 5636 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
16:50:21.0960 5636 drmkaud - ok
16:50:22.0443 5636 DRVMCDB (83106585494d5eb96f59187200c144bd) C:\Windows\system32\Drivers\DRVMCDB.SYS
16:50:22.0443 5636 DRVMCDB - ok
16:50:22.0974 5636 DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\Windows\system32\Drivers\DRVNDDM.SYS
16:50:22.0974 5636 DRVNDDM - ok
16:50:23.0504 5636 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
16:50:23.0504 5636 DXGKrnl - ok
16:50:24.0206 5636 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
16:50:24.0206 5636 e1express - ok
16:50:24.0627 5636 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
16:50:24.0627 5636 E1G60 - ok
16:50:25.0127 5636 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
16:50:25.0142 5636 Ecache - ok
16:50:25.0688 5636 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
16:50:25.0704 5636 elxstor - ok
16:50:26.0219 5636 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
16:50:26.0219 5636 ErrDev - ok
16:50:26.0843 5636 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
16:50:26.0843 5636 exfat - ok
16:50:27.0373 5636 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
16:50:27.0373 5636 fastfat - ok
16:50:27.0919 5636 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
16:50:27.0919 5636 fdc - ok
16:50:28.0496 5636 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
16:50:28.0496 5636 FileInfo - ok
16:50:28.0995 5636 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
16:50:28.0995 5636 Filetrace - ok
16:50:29.0463 5636 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
16:50:29.0463 5636 flpydisk - ok
16:50:29.0963 5636 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
16:50:29.0963 5636 FltMgr - ok
16:50:30.0571 5636 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
16:50:30.0571 5636 Fs_Rec - ok
16:50:31.0023 5636 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
16:50:31.0023 5636 gagp30kx - ok
16:50:31.0679 5636 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:50:31.0679 5636 GEARAspiWDM - ok
16:50:32.0131 5636 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
16:50:32.0131 5636 HdAudAddService - ok
16:50:32.0661 5636 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:50:32.0661 5636 HDAudBus - ok
16:50:33.0207 5636 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
16:50:33.0207 5636 HidBth - ok
16:50:33.0847 5636 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
16:50:33.0847 5636 HidIr - ok
16:50:34.0299 5636 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
16:50:34.0299 5636 HidUsb - ok
16:50:34.0908 5636 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
16:50:34.0908 5636 HpCISSs - ok
16:50:35.0501 5636 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
16:50:35.0501 5636 HSFHWAZL - ok
16:50:36.0047 5636 HSF_DPV (fadd7095163cb3cb4073793ebb50fe75) C:\Windows\system32\DRIVERS\HSX_DPV.sys
16:50:36.0047 5636 HSF_DPV - ok
16:50:36.0577 5636 HSXHWAZL (058783bedd17615d1fece09f77960436) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
16:50:36.0577 5636 HSXHWAZL - ok
16:50:37.0185 5636 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
16:50:37.0185 5636 HTTP - ok
16:50:37.0607 5636 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
16:50:37.0607 5636 i2omp - ok
16:50:38.0012 5636 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
16:50:38.0012 5636 i8042prt - ok
16:50:38.0543 5636 iaStor (baabb0301949774a66b955c65319635a) C:\Windows\system32\drivers\iastor.sys
16:50:38.0558 5636 iaStor - ok
16:50:39.0198 5636 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
16:50:39.0213 5636 iaStorV - ok
16:50:39.0635 5636 IBMPMDRV (4a8ab38fdf3649c1fe3e9d16bf79927d) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
16:50:39.0635 5636 IBMPMDRV - ok
16:50:40.0929 5636 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
16:50:41.0054 5636 igfx - ok
16:50:41.0616 5636 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
16:50:41.0616 5636 iirsp - ok
16:50:42.0084 5636 IntcHdmiAddService (092a78e9c6f71bf0e22379503b90e800) C:\Windows\system32\drivers\IntcHdmi.sys
-
Did not attach the complete killer scan; here it is
6:45:36.0638 1256 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
16:45:36.0716 1256 ============================================================
16:45:36.0716 1256 Current date / time: 2012/02/09 16:45:36.0716
16:45:36.0716 1256 SystemInfo:
16:45:36.0716 1256
16:45:36.0716 1256 OS Version: 6.0.6002 ServicePack: 2.0
16:45:36.0716 1256 Product type: Workstation
16:45:36.0716 1256 ComputerName: COSTA-PC
16:45:36.0731 1256 UserName: Costa
16:45:36.0731 1256 Windows directory: C:\Windows
16:45:36.0731 1256 System windows directory: C:\Windows
16:45:36.0731 1256 Processor architecture: Intel x86
16:45:36.0731 1256 Number of processors: 2
16:45:36.0731 1256 Page size: 0x1000
16:45:36.0731 1256 Boot type: Normal boot
16:45:36.0731 1256 ============================================================
16:45:38.0057 1256 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:45:38.0088 1256 Drive \Device\Harddisk1\DR1 - Size: 0x1DD180000 (7.45 Gb), SectorSize: 0x200, Cylinders: 0x3CD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:45:38.0088 1256 \Device\Harddisk0\DR0:
16:45:38.0088 1256 MBR used
16:45:38.0088 1256 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2EE000
16:45:38.0088 1256 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x113A27F8
16:45:38.0088 1256 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x11691000, BlocksNum 0x1388000
16:45:38.0088 1256 \Device\Harddisk1\DR1:
16:45:38.0088 1256 MBR used
16:45:38.0088 1256 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0xEE8BE0
16:45:38.0510 1256 Initialize success
16:45:38.0510 1256 ============================================================
16:45:41.0505 2876 ============================================================
16:45:41.0505 2876 Scan started
16:45:41.0505 2876 Mode: Manual;
16:45:41.0505 2876 ============================================================
16:45:49.0164 2876 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
16:45:49.0492 2876 ACPI - ok
16:45:50.0709 2876 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
16:45:50.0724 2876 adp94xx - ok
16:45:51.0785 2876 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
16:45:51.0801 2876 adpahci - ok
16:45:52.0768 2876 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
16:45:52.0815 2876 adpu160m - ok
16:45:53.0891 2876 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
16:45:53.0907 2876 adpu320 - ok
16:45:54.0656 2876 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
16:45:54.0656 2876 AFD - ok
16:45:55.0685 2876 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
16:45:55.0716 2876 agp440 - ok
16:45:56.0824 2876 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
16:45:56.0933 2876 aic78xx - ok
16:45:57.0773 2876 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
16:45:57.0835 2876 aliide - ok
16:45:58.0974 2876 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
16:45:58.0990 2876 amdagp - ok
16:45:59.0910 2876 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
16:45:59.0926 2876 amdide - ok
16:46:00.0706 2876 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
16:46:00.0737 2876 AmdK7 - ok
16:46:01.0735 2876 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
16:46:01.0782 2876 AmdK8 - ok
16:46:02.0843 2876 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
16:46:02.0890 2876 arc - ok
16:46:04.0013 2876 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
16:46:04.0028 2876 arcsas - ok
16:46:04.0325 2876 ASMMAP (7b4d08d2017ac06689d422e06c43f0aa) C:\Program Files\Lenovo\ATK Hotkey\ASMMAP.sys
16:46:04.0340 2876 ASMMAP - ok
16:46:05.0744 2876 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
16:46:05.0776 2876 AsyncMac - ok
16:46:06.0836 2876 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
16:46:06.0868 2876 atapi - ok
16:46:08.0209 2876 athr (4df523f49694b2884f8e5d870bf3e253) C:\Windows\system32\DRIVERS\athr.sys
16:46:08.0818 2876 athr - ok
16:46:11.0220 2876 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
16:46:11.0251 2876 Beep - ok
16:46:12.0125 2876 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
16:46:12.0172 2876 blbdrive - ok
16:46:12.0967 2876 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
16:46:12.0998 2876 bowser - ok
16:46:14.0090 2876 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
16:46:14.0106 2876 BrFiltLo - ok
16:46:14.0995 2876 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
16:46:15.0026 2876 BrFiltUp - ok
16:46:15.0916 2876 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
16:46:15.0947 2876 Brserid - ok
16:46:16.0680 2876 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
16:46:16.0696 2876 BrSerWdm - ok
16:46:17.0632 2876 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
16:46:17.0647 2876 BrUsbMdm - ok
16:46:18.0458 2876 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
16:46:18.0474 2876 BrUsbSer - ok
16:46:19.0348 2876 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
16:46:19.0363 2876 BTHMODEM - ok
16:46:19.0675 2876 catchme - ok
16:46:20.0596 2876 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
16:46:20.0642 2876 cdfs - ok
16:46:21.0781 2876 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
16:46:21.0812 2876 cdrom - ok
16:46:22.0390 2876 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
16:46:22.0405 2876 circlass - ok
16:46:23.0404 2876 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
16:46:23.0435 2876 CLFS - ok
16:46:24.0418 2876 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
16:46:24.0418 2876 CmBatt - ok
16:46:25.0010 2876 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
16:46:25.0010 2876 cmdide - ok
16:46:26.0165 2876 CnxtHdAudService (2e3e4579b4299c528de109b3ce4294ac) C:\Windows\system32\drivers\CHDRT32.sys
16:46:26.0165 2876 CnxtHdAudService - ok
16:46:26.0945 2876 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
16:46:26.0945 2876 Compbatt - ok
16:46:28.0130 2876 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
16:46:28.0146 2876 crcdisk - ok
16:46:29.0347 2876 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
16:46:29.0347 2876 Crusoe - ok
16:46:30.0065 2876 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
16:46:30.0080 2876 DfsC - ok
16:46:31.0282 2876 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
16:46:31.0328 2876 disk - ok
16:46:32.0405 2876 DLABMFSM (5b149ccfe275f4de0b4b8ec6b9f6821e) C:\Windows\system32\DLA\DLABMFSM.SYS
16:46:32.0405 2876 DLABMFSM - ok
16:46:33.0122 2876 DLABOIOM (ad4cb3d783634c90a9d0ce360933a63c) C:\Windows\system32\DLA\DLABOIOM.SYS
16:46:33.0138 2876 DLABOIOM - ok
16:46:34.0090 2876 DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\Windows\system32\Drivers\DLACDBHM.SYS
16:46:34.0105 2876 DLACDBHM - ok
16:46:34.0838 2876 DLADResM (93d03238cc3f0ee3c0b3985d110ec575) C:\Windows\system32\DLA\DLADResM.SYS
16:46:34.0854 2876 DLADResM - ok
16:46:35.0384 2876 DLAIFS_M (6a82f77c4a6f5235bf352f0028e2ef52) C:\Windows\system32\DLA\DLAIFS_M.SYS
16:46:35.0400 2876 DLAIFS_M - ok
16:46:36.0164 2876 DLAOPIOM (0e6052c0ada37504896a847231a3907d) C:\Windows\system32\DLA\DLAOPIOM.SYS
16:46:36.0180 2876 DLAOPIOM - ok
16:46:37.0334 2876 DLAPoolM (29670bb4e2b973c5b55a76107d4910b2) C:\Windows\system32\DLA\DLAPoolM.SYS
16:46:37.0350 2876 DLAPoolM - ok
16:46:37.0943 2876 DLARTL_M (77fe51f0f8d86804cb81f6ef6bfb86dd) C:\Windows\system32\Drivers\DLARTL_M.SYS
16:46:37.0943 2876 DLARTL_M - ok
16:46:38.0660 2876 DLAUDFAM (6b087732b86c1d866d69dbbe463ea90a) C:\Windows\system32\DLA\DLAUDFAM.SYS
16:46:38.0692 2876 DLAUDFAM - ok
16:46:39.0175 2876 DLAUDF_M (bbeecb95f2841ae4a3e3690d46d7153d) C:\Windows\system32\DLA\DLAUDF_M.SYS
16:46:39.0222 2876 DLAUDF_M - ok
16:46:40.0033 2876 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
16:46:40.0064 2876 drmkaud - ok
16:46:41.0016 2876 DRVMCDB (83106585494d5eb96f59187200c144bd) C:\Windows\system32\Drivers\DRVMCDB.SYS
16:46:41.0032 2876 DRVMCDB - ok
16:46:41.0437 2876 DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\Windows\system32\Drivers\DRVNDDM.SYS
16:46:41.0437 2876 DRVNDDM - ok
16:46:42.0295 2876 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
16:46:42.0436 2876 DXGKrnl - ok
16:46:43.0325 2876 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
16:46:43.0387 2876 e1express - ok
16:46:44.0308 2876 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
16:46:44.0354 2876 E1G60 - ok
16:46:45.0025 2876 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
16:46:45.0025 2876 Ecache - ok
16:46:46.0086 2876 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
16:46:46.0180 2876 elxstor - ok
16:46:46.0960 2876 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
16:46:46.0960 2876 ErrDev - ok
16:46:48.0442 2876 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
16:46:48.0504 2876 exfat - ok
16:46:49.0549 2876 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
16:46:49.0596 2876 fastfat - ok
16:46:50.0875 2876 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
16:46:50.0891 2876 fdc - ok
16:46:51.0780 2876 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
16:46:51.0811 2876 FileInfo - ok
16:46:52.0482 2876 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
16:46:52.0498 2876 Filetrace - ok
16:46:53.0137 2876 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
16:46:53.0137 2876 flpydisk - ok
16:46:53.0824 2876 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
16:46:53.0886 2876 FltMgr - ok
16:46:54.0635 2876 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
16:46:54.0650 2876 Fs_Rec - ok
16:46:55.0399 2876 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
16:46:55.0430 2876 gagp30kx - ok
16:46:56.0195 2876 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:46:56.0195 2876 GEARAspiWDM - ok
16:46:57.0022 2876 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
16:46:57.0068 2876 HdAudAddService - ok
16:46:58.0363 2876 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:46:58.0441 2876 HDAudBus - ok
16:46:59.0330 2876 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
16:46:59.0408 2876 HidBth - ok
16:47:00.0251 2876 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
16:47:00.0282 2876 HidIr - ok
16:47:01.0156 2876 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
16:47:01.0171 2876 HidUsb - ok
16:47:02.0060 2876 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
16:47:02.0092 2876 HpCISSs - ok
16:47:02.0965 2876 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
16:47:03.0028 2876 HSFHWAZL - ok
16:47:04.0385 2876 HSF_DPV (fadd7095163cb3cb4073793ebb50fe75) C:\Windows\system32\DRIVERS\HSX_DPV.sys
16:47:04.0510 2876 HSF_DPV - ok
16:47:05.0212 2876 HSXHWAZL (058783bedd17615d1fece09f77960436) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
16:47:05.0274 2876 HSXHWAZL - ok
16:47:05.0882 2876 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
16:47:05.0882 2876 HTTP - ok
16:47:06.0382 2876 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
16:47:06.0413 2876 i2omp - ok
16:47:07.0302 2876 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
16:47:07.0333 2876 i8042prt - ok
16:47:08.0238 2876 iaStor (baabb0301949774a66b955c65319635a) C:\Windows\system32\drivers\iastor.sys
16:47:08.0254 2876 iaStor - ok
16:47:09.0205 2876 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
16:47:09.0252 2876 iaStorV - ok
16:47:10.0235 2876 IBMPMDRV (4a8ab38fdf3649c1fe3e9d16bf79927d) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
16:47:10.0250 2876 IBMPMDRV - ok
16:47:12.0216 2876 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
16:47:14.0774 2876 igfx - ok
16:47:15.0695 2876 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
16:47:15.0710 2876 iirsp - ok
16:47:16.0288 2876 IntcHdmiAddService (092a78e9c6f71bf0e22379503b90e800) C:\Windows\system32\drivers\IntcHdmi.sys
16:47:16.0303 2876 IntcHdmiAddService - ok
16:47:16.0756 2876 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
16:47:16.0756 2876 intelide - ok
16:47:17.0614 2876 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
16:47:17.0614 2876 intelppm - ok
16:47:18.0456 2876 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:47:18.0472 2876 IpFilterDriver - ok
16:47:18.0846 2876 IpInIp - ok
16:47:19.0423 2876 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
16:47:19.0423 2876 IPMIDRV - ok
16:47:19.0829 2876 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
16:47:19.0860 2876 IPNAT - ok
16:47:20.0624 2876 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
16:47:20.0687 2876 IRENUM - ok
16:47:21.0623 2876 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
16:47:21.0654 2876 isapnp - ok
16:47:22.0450 2876 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
16:47:22.0481 2876 iScsiPrt - ok
16:47:23.0089 2876 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
16:47:23.0105 2876 iteatapi - ok
16:47:23.0994 2876 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
16:47:24.0010 2876 iteraid - ok
16:47:24.0852 2876 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
16:47:24.0852 2876 kbdclass - ok
16:47:25.0694 2876 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
16:47:25.0710 2876 kbdhid - ok
16:47:26.0521 2876 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
16:47:26.0584 2876 KSecDD - ok
16:47:27.0863 2876 lenovo.smi (3c3f7f424e324c6971632c5de5ff458f) C:\Windows\system32\DRIVERS\smiif32.sys
16:47:27.0878 2876 lenovo.smi - ok
16:47:28.0549 2876 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
16:47:28.0565 2876 lltdio - ok
16:47:29.0345 2876 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
16:47:29.0392 2876 LSI_FC - ok
16:47:30.0234 2876 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
16:47:30.0265 2876 LSI_SAS - ok
16:47:31.0342 2876 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
16:47:31.0373 2876 LSI_SCSI - ok
16:47:32.0168 2876 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
16:47:32.0200 2876 luafv - ok
16:47:33.0011 2876 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
16:47:33.0026 2876 mdmxsdk - ok
16:47:33.0822 2876 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
16:47:34.0118 2876 megasas - ok
16:47:35.0054 2876 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
16:47:35.0070 2876 MegaSR - ok
16:47:35.0912 2876 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
16:47:35.0912 2876 Modem - ok
16:47:36.0630 2876 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
16:47:36.0630 2876 monitor - ok
16:47:37.0238 2876 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
16:47:37.0254 2876 mouclass - ok
16:47:38.0018 2876 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
16:47:38.0050 2876 mouhid - ok
16:47:38.0689 2876 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
16:47:38.0705 2876 MountMgr - ok
16:47:39.0578 2876 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
16:47:39.0625 2876 mpio - ok
16:47:40.0358 2876 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
16:47:40.0390 2876 mpsdrv - ok
16:47:41.0154 2876 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
16:47:41.0185 2876 Mraid35x - ok
16:47:41.0622 2876 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
16:47:41.0638 2876 MRxDAV - ok
16:47:42.0480 2876 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:47:42.0496 2876 mrxsmb - ok
16:47:43.0666 2876 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:47:43.0744 2876 mrxsmb10 - ok
16:47:44.0540 2876 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:47:44.0556 2876 mrxsmb20 - ok
16:47:45.0071 2876 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
16:47:45.0117 2876 msahci - ok
16:47:45.0741 2876 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
16:47:45.0773 2876 msdsm - ok
16:47:46.0584 2876 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
16:47:46.0615 2876 Msfs - ok
16:47:47.0489 2876 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
16:47:47.0520 2876 msisadrv - ok
16:47:48.0456 2876 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
16:47:48.0487 2876 MSKSSRV - ok
16:47:49.0298 2876 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
16:47:49.0345 2876 MSPCLOCK - ok
16:47:50.0297 2876 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
16:47:50.0328 2876 MSPQM - ok
16:47:51.0279 2876 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
16:47:51.0326 2876 MsRPC - ok
16:47:52.0215 2876 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
16:47:52.0215 2876 mssmbios - ok
16:47:53.0292 2876 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
16:47:53.0339 2876 MSTEE - ok
16:47:54.0119 2876 MTsensor (97affa9d95ffe20eee6229bc6be166cf) C:\Windows\system32\DRIVERS\A0101V32.sys
16:47:54.0134 2876 MTsensor - ok
16:47:54.0524 2876 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
16:47:54.0524 2876 Mup - ok
16:47:54.0930 2876 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
16:47:54.0945 2876 NativeWifiP - ok
16:47:55.0757 2876 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
16:47:55.0866 2876 NDIS - ok
16:47:57.0036 2876 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
16:47:57.0067 2876 NdisTapi - ok
16:47:57.0566 2876 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
16:47:57.0566 2876 Ndisuio - ok
16:47:58.0362 2876 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
16:47:58.0377 2876 NdisWan - ok
16:47:59.0142 2876 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
16:47:59.0157 2876 NDProxy - ok
16:48:00.0218 2876 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
16:48:00.0234 2876 NetBIOS - ok
16:48:02.0153 2876 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
16:48:02.0168 2876 netbt - ok
16:48:03.0011 2876 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
16:48:03.0042 2876 nfrd960 - ok
16:48:03.0791 2876 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
16:48:03.0791 2876 Npfs - ok
16:48:04.0742 2876 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
16:48:04.0789 2876 nsiproxy - ok
16:48:05.0585 2876 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
16:48:05.0959 2876 Ntfs - ok
16:48:06.0614 2876 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
16:48:06.0630 2876 ntrigdigi - ok
16:48:07.0332 2876 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
16:48:07.0363 2876 Null - ok
16:48:08.0112 2876 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
16:48:08.0159 2876 nvraid - ok
16:48:09.0126 2876 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
16:48:09.0173 2876 nvstor - ok
16:48:09.0937 2876 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
16:48:09.0984 2876 nv_agp - ok
16:48:10.0764 2876 NwlnkFlt - ok
16:48:11.0637 2876 NwlnkFwd - ok
16:48:12.0417 2876 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
16:48:12.0417 2876 ohci1394 - ok
16:48:13.0369 2876 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
16:48:13.0431 2876 Parport - ok
16:48:14.0321 2876 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
16:48:14.0336 2876 partmgr - ok
16:48:15.0225 2876 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
16:48:15.0241 2876 Parvdm - ok
16:48:16.0193 2876 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
16:48:16.0239 2876 pci - ok
16:48:17.0097 2876 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
16:48:17.0129 2876 pciide - ok
16:48:18.0143 2876 pcmcia (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys
16:48:18.0236 2876 pcmcia - ok
16:48:19.0235 2876 PCTCore (995e6bc3bb92bb4a9eb49a663c43b6cb) C:\Windows\system32\drivers\PCTCore.sys
16:48:19.0281 2876 PCTCore - ok
16:48:20.0108 2876 pctDS (f820b4c61d1e591325b679d479d4eea4) C:\Windows\system32\drivers\pctDS.sys
16:48:20.0171 2876 pctDS - ok
16:48:21.0185 2876 pctEFA (acc8c15f3d59f17c5d903ff1de3b43d3) C:\Windows\system32\drivers\pctEFA.sys
16:48:21.0278 2876 pctEFA - ok
16:48:22.0433 2876 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
16:48:22.0698 2876 PEAUTH - ok
16:48:23.0634 2876 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
16:48:23.0649 2876 PptpMiniport - ok
16:48:24.0461 2876 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
16:48:24.0507 2876 Processor - ok
16:48:25.0428 2876 psadd (f8a25f1dd8b2c332cbc663e3579566e7) C:\Windows\system32\DRIVERS\psadd.sys
16:48:25.0537 2876 psadd - ok
16:48:25.0989 2876 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
16:48:26.0021 2876 PSched - ok
16:48:26.0801 2876 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
16:48:26.0832 2876 PxHelp20 - ok
16:48:27.0939 2876 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
16:48:28.0127 2876 ql2300 - ok
16:48:28.0922 2876 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
16:48:28.0953 2876 ql40xx - ok
16:48:30.0030 2876 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
16:48:30.0061 2876 QWAVEdrv - ok
16:48:30.0950 2876 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
16:48:30.0981 2876 RasAcd - ok
16:48:31.0902 2876 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:48:31.0964 2876 Rasl2tp - ok
16:48:32.0822 2876 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
16:48:32.0853 2876 RasPppoe - ok
16:48:33.0477 2876 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
16:48:33.0493 2876 RasSstp - ok
16:48:34.0289 2876 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
16:48:34.0367 2876 rdbss - ok
16:48:35.0287 2876 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:48:35.0287 2876 RDPCDD - ok
16:48:36.0192 2876 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
16:48:36.0254 2876 rdpdr - ok
16:48:37.0190 2876 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
16:48:37.0206 2876 RDPENCDD - ok
16:48:38.0095 2876 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
16:48:38.0126 2876 RDPWD - ok
16:48:39.0000 2876 rimmptsk (a5b12a4b3b774432db9b9fa221190e59) C:\Windows\system32\DRIVERS\rimmptsk.sys
16:48:39.0000 2876 rimmptsk - ok
16:48:39.0749 2876 rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys
16:48:39.0764 2876 rimsptsk - ok
16:48:40.0529 2876 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
16:48:40.0544 2876 rismxdp - ok
16:48:41.0324 2876 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
16:48:41.0355 2876 rspndr - ok
16:48:42.0120 2876 RTL8169 (7157e70a90cce49deb8885d23a073a39) C:\Windows\system32\DRIVERS\Rtlh86.sys
16:48:42.0135 2876 RTL8169 - ok
16:48:42.0369 2876 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
16:48:42.0385 2876 SASDIFSV - ok
16:48:42.0510 2876 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
16:48:42.0525 2876 SASKUTIL - ok
16:48:42.0915 2876 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
16:48:42.0915 2876 sbp2port - ok
16:48:43.0399 2876 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
16:48:43.0415 2876 sdbus - ok
16:48:44.0132 2876 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
16:48:44.0132 2876 secdrv - ok
16:48:44.0585 2876 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
16:48:44.0585 2876 Serenum - ok
16:48:44.0975 2876 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
16:48:44.0975 2876 Serial - ok
16:48:45.0443 2876 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
16:48:45.0443 2876 sermouse - ok
16:48:45.0926 2876 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
16:48:45.0957 2876 sffdisk - ok
16:48:46.0457 2876 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
16:48:46.0457 2876 sffp_mmc - ok
16:48:46.0831 2876 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
16:48:46.0831 2876 sffp_sd - ok
16:48:47.0408 2876 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
16:48:47.0408 2876 sfloppy - ok
16:48:47.0845 2876 Shockprf (1310c5e81966e86b2ced7ae8ce3d74f1) C:\Windows\system32\DRIVERS\Apsx86.sys
16:48:47.0845 2876 Shockprf - ok
16:48:48.0266 2876 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
16:48:48.0266 2876 sisagp - ok
16:48:48.0703 2876 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
16:48:48.0719 2876 SiSRaid2 - ok
16:48:49.0062 2876 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
16:48:49.0062 2876 SiSRaid4 - ok
16:48:49.0514 2876 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
16:48:49.0530 2876 Smb - ok
16:48:50.0029 2876 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
16:48:50.0045 2876 spldr - ok
16:48:50.0497 2876 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
16:48:50.0497 2876 srv - ok
16:48:51.0137 2876 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
16:48:51.0152 2876 srv2 - ok
16:48:51.0589 2876 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
16:48:51.0589 2876 srvnet - ok
16:48:52.0041 2876 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
16:48:52.0041 2876 swenum - ok
16:48:52.0447 2876 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
16:48:52.0447 2876 Symc8xx - ok
16:48:52.0931 2876 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
16:48:52.0931 2876 Sym_hi - ok
16:48:53.0367 2876 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
16:48:53.0383 2876 Sym_u3 - ok
16:48:53.0960 2876 SynTP (f92350e343b056a83093bc0d8f750f05) C:\Windows\system32\DRIVERS\SynTP.sys
16:48:53.0960 2876 SynTP - ok
16:48:54.0569 2876 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
16:48:54.0600 2876 Tcpip - ok
16:48:55.0099 2876 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
16:48:55.0115 2876 Tcpip6 - ok
16:48:55.0583 2876 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
16:48:55.0583 2876 tcpipreg - ok
16:48:56.0144 2876 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
16:48:56.0175 2876 TDPIPE - ok
16:48:56.0534 2876 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
16:48:56.0534 2876 TDTCP - ok
16:48:56.0877 2876 tdx - ok
16:48:57.0314 2876 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
16:48:57.0330 2876 TermDD - ok
16:48:57.0813 2876 TPDIGIMN (d7a29e343632e2fc5f7ebfc886f12675) C:\Windows\system32\DRIVERS\ApsHM86.sys
16:48:57.0813 2876 TPDIGIMN - ok
16:48:58.0328 2876 TPM (cb258c2f726f1be73c507022be33ebb3) C:\Windows\system32\drivers\tpm.sys
16:48:58.0328 2876 TPM - ok
16:48:58.0781 2876 TPPWRIF (1bd5719ef160e0ab739cd0ff3ba5e298) C:\Windows\system32\drivers\Tppwr32v.sys
16:48:58.0781 2876 TPPWRIF - ok
16:48:59.0264 2876 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:48:59.0264 2876 tssecsrv - ok
16:48:59.0654 2876 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
16:48:59.0654 2876 tunmp - ok
16:49:00.0060 2876 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
16:49:00.0075 2876 tunnel - ok
16:49:00.0512 2876 tvtfilter (49258a02a1e8d304ed88b0f1c56b1738) C:\Windows\system32\DRIVERS\tvtfilter.sys
16:49:00.0512 2876 tvtfilter - ok
16:49:01.0121 2876 tvtumon (fc4d5a1ea9d736907cb547085248199f) C:\Windows\system32\DRIVERS\tvtumon.sys
16:49:01.0121 2876 tvtumon - ok
16:49:01.0542 2876 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
16:49:01.0542 2876 uagp35 - ok
16:49:02.0025 2876 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
16:49:02.0041 2876 udfs - ok
16:49:02.0509 2876 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
16:49:02.0509 2876 uliagpkx - ok
16:49:02.0993 2876 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
16:49:02.0993 2876 uliahci - ok
16:49:03.0461 2876 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
16:49:03.0476 2876 UlSata - ok
16:49:03.0944 2876 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
16:49:03.0944 2876 ulsata2 - ok
16:49:04.0412 2876 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
16:49:04.0428 2876 umbus - ok
16:49:04.0833 2876 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
16:49:04.0865 2876 USBAAPL - ok
16:49:05.0239 2876 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
16:49:05.0239 2876 usbccgp - ok
16:49:05.0645 2876 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
16:49:05.0645 2876 usbcir - ok
16:49:06.0175 2876 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
16:49:06.0175 2876 usbehci - ok
16:49:06.0799 2876 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
16:49:06.0799 2876 usbhub - ok
16:49:07.0220 2876 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
16:49:07.0220 2876 usbohci - ok
16:49:07.0704 2876 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
16:49:07.0719 2876 usbprint - ok
16:49:08.0343 2876 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
16:49:08.0359 2876 usbscan - ok
16:49:09.0155 2876 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:49:09.0155 2876 USBSTOR - ok
16:49:09.0638 2876 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
16:49:09.0638 2876 usbuhci - ok
16:49:10.0122 2876 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
16:49:10.0137 2876 usbvideo - ok
16:49:10.0621 2876 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
16:49:10.0621 2876 vga - ok
16:49:11.0073 2876 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
16:49:11.0089 2876 VgaSave - ok
16:49:11.0557 2876 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
16:49:11.0557 2876 viaagp - ok
16:49:12.0103 2876 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
16:49:12.0103 2876 ViaC7 - ok
16:49:12.0680 2876 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
16:49:12.0680 2876 viaide - ok
16:49:13.0133 2876 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
16:49:13.0148 2876 volmgr - ok
16:49:13.0601 2876 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
16:49:13.0616 2876 volmgrx - ok
16:49:14.0022 2876 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
16:49:14.0022 2876 volsnap - ok
16:49:14.0537 2876 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
16:49:14.0552 2876 vsmraid - ok
16:49:15.0051 2876 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
16:49:15.0067 2876 WacomPen - ok
16:49:15.0488 2876 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:49:15.0488 2876 Wanarp - ok
16:49:15.0535 2876 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:49:15.0535 2876 Wanarpv6 - ok
16:49:15.0925 2876 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
16:49:15.0941 2876 Wd - ok
16:49:16.0393 2876 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
16:49:16.0440 2876 Wdf01000 - ok
16:49:17.0251 2876 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
16:49:17.0282 2876 WimFltr - ok
16:49:17.0984 2876 winachsf (bb9cbaf6ac20452b245c324f1f50ee81) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
16:49:18.0000 2876 winachsf - ok
16:49:18.0827 2876 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:49:18.0858 2876 WmiAcpi - ok
16:49:19.0685 2876 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
16:49:19.0700 2876 WpdUsb - ok
16:49:20.0137 2876 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
16:49:20.0137 2876 ws2ifsl - ok
16:49:20.0589 2876 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:49:20.0589 2876 WUDFRd - ok
16:49:21.0042 2876 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
16:49:21.0042 2876 XAudio - ok
16:49:21.0104 2876 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
16:49:21.0182 2876 \Device\Harddisk0\DR0 - ok
16:49:21.0182 2876 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
16:49:21.0198 2876 \Device\Harddisk1\DR1 - ok
16:49:21.0198 2876 Boot (0x1200) (db22cc3cf933e4bbdc879e17b323bf87) \Device\Harddisk0\DR0\Partition0
16:49:21.0198 2876 \Device\Harddisk0\DR0\Partition0 - ok
16:49:21.0245 2876 Boot (0x1200) (2e8e2d73dfe7b63ffe913ceae517bade) \Device\Harddisk0\DR0\Partition1
16:49:21.0245 2876 \Device\Harddisk0\DR0\Partition1 - ok
16:49:21.0291 2876 Boot (0x1200) (01aec9517935ec23d2e9c0dd7359e4ed) \Device\Harddisk0\DR0\Partition2
16:49:21.0291 2876 \Device\Harddisk0\DR0\Partition2 - ok
16:49:21.0291 2876 Boot (0x1200) (b8f1d9319df78927e391e24460fdfb2a) \Device\Harddisk1\DR1\Partition0
16:49:21.0291 2876 \Device\Harddisk1\DR1\Partition0 - ok
16:49:21.0291 2876 ============================================================
16:49:21.0291 2876 Scan finished
16:49:21.0291 2876 ============================================================
16:49:21.0307 6032 Detected object count: 0
16:49:21.0323 6032 Actual detected object count: 0
16:49:49.0574 5636 ============================================================
16:49:49.0574 5636 Scan started
16:49:49.0574 5636 Mode: Manual;
16:49:49.0574 5636 ============================================================
16:49:51.0462 5636 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
16:49:51.0462 5636 ACPI - ok
16:49:52.0351 5636 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
16:49:52.0367 5636 adp94xx - ok
16:49:53.0209 5636 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
16:49:53.0209 5636 adpahci - ok
16:49:54.0020 5636 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
16:49:54.0020 5636 adpu160m - ok
16:49:54.0379 5636 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
16:49:54.0379 5636 adpu320 - ok
16:49:54.0925 5636 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
16:49:54.0925 5636 AFD - ok
16:49:55.0627 5636 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
16:49:55.0627 5636 agp440 - ok
16:49:56.0251 5636 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
16:49:56.0251 5636 aic78xx - ok
16:49:56.0875 5636 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
16:49:56.0875 5636 aliide - ok
16:49:57.0265 5636 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
16:49:57.0265 5636 amdagp - ok
16:49:57.0733 5636 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
16:49:57.0733 5636 amdide - ok
16:49:58.0154 5636 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
16:49:58.0154 5636 AmdK7 - ok
16:49:58.0856 5636 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
16:49:58.0856 5636 AmdK8 - ok
16:49:59.0901 5636 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
16:49:59.0901 5636 arc - ok
16:50:00.0432 5636 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
16:50:00.0432 5636 arcsas - ok
16:50:00.0635 5636 ASMMAP (7b4d08d2017ac06689d422e06c43f0aa) C:\Program Files\Lenovo\ATK Hotkey\ASMMAP.sys
16:50:00.0635 5636 ASMMAP - ok
16:50:01.0415 5636 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
16:50:01.0415 5636 AsyncMac - ok
16:50:02.0257 5636 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
16:50:02.0273 5636 atapi - ok
16:50:03.0255 5636 athr (4df523f49694b2884f8e5d870bf3e253) C:\Windows\system32\DRIVERS\athr.sys
16:50:03.0271 5636 athr - ok
16:50:03.0817 5636 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
16:50:03.0817 5636 Beep - ok
16:50:04.0675 5636 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
16:50:04.0675 5636 blbdrive - ok
16:50:05.0486 5636 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
16:50:05.0486 5636 bowser - ok
16:50:06.0235 5636 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
16:50:06.0235 5636 BrFiltLo - ok
16:50:06.0937 5636 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
16:50:06.0937 5636 BrFiltUp - ok
16:50:07.0811 5636 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
16:50:07.0811 5636 Brserid - ok
16:50:08.0450 5636 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
16:50:08.0450 5636 BrSerWdm - ok
16:50:08.0903 5636 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
16:50:08.0918 5636 BrUsbMdm - ok
16:50:09.0308 5636 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
16:50:09.0308 5636 BrUsbSer - ok
16:50:09.0792 5636 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
16:50:09.0792 5636 BTHMODEM - ok
16:50:09.0963 5636 catchme - ok
16:50:10.0541 5636 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
16:50:10.0556 5636 cdfs - ok
16:50:11.0149 5636 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
16:50:11.0149 5636 cdrom - ok
16:50:11.0711 5636 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
16:50:11.0726 5636 circlass - ok
16:50:12.0085 5636 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
16:50:12.0101 5636 CLFS - ok
16:50:12.0756 5636 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
16:50:12.0756 5636 CmBatt - ok
16:50:13.0146 5636 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
16:50:13.0146 5636 cmdide - ok
16:50:13.0567 5636 CnxtHdAudService (2e3e4579b4299c528de109b3ce4294ac) C:\Windows\system32\drivers\CHDRT32.sys
16:50:13.0567 5636 CnxtHdAudService - ok
16:50:14.0113 5636 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
16:50:14.0113 5636 Compbatt - ok
16:50:14.0690 5636 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
16:50:14.0690 5636 crcdisk - ok
16:50:15.0174 5636 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
16:50:15.0174 5636 Crusoe - ok
16:50:15.0642 5636 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
16:50:15.0642 5636 DfsC - ok
16:50:16.0266 5636 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
16:50:16.0266 5636 disk - ok
16:50:16.0812 5636 DLABMFSM (5b149ccfe275f4de0b4b8ec6b9f6821e) C:\Windows\system32\DLA\DLABMFSM.SYS
16:50:16.0812 5636 DLABMFSM - ok
16:50:17.0171 5636 DLABOIOM (ad4cb3d783634c90a9d0ce360933a63c) C:\Windows\system32\DLA\DLABOIOM.SYS
16:50:17.0171 5636 DLABOIOM - ok
16:50:17.0763 5636 DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\Windows\system32\Drivers\DLACDBHM.SYS
16:50:17.0763 5636 DLACDBHM - ok
16:50:18.0216 5636 DLADResM (93d03238cc3f0ee3c0b3985d110ec575) C:\Windows\system32\DLA\DLADResM.SYS
16:50:18.0216 5636 DLADResM - ok
16:50:18.0621 5636 DLAIFS_M (6a82f77c4a6f5235bf352f0028e2ef52) C:\Windows\system32\DLA\DLAIFS_M.SYS
16:50:18.0621 5636 DLAIFS_M - ok
16:50:19.0152 5636 DLAOPIOM (0e6052c0ada37504896a847231a3907d) C:\Windows\system32\DLA\DLAOPIOM.SYS
16:50:19.0152 5636 DLAOPIOM - ok
16:50:19.0713 5636 DLAPoolM (29670bb4e2b973c5b55a76107d4910b2) C:\Windows\system32\DLA\DLAPoolM.SYS
16:50:19.0713 5636 DLAPoolM - ok
16:50:20.0197 5636 DLARTL_M (77fe51f0f8d86804cb81f6ef6bfb86dd) C:\Windows\system32\Drivers\DLARTL_M.SYS
16:50:20.0197 5636 DLARTL_M - ok
16:50:20.0759 5636 DLAUDFAM (6b087732b86c1d866d69dbbe463ea90a) C:\Windows\system32\DLA\DLAUDFAM.SYS
16:50:20.0774 5636 DLAUDFAM - ok
16:50:21.0492 5636 DLAUDF_M (bbeecb95f2841ae4a3e3690d46d7153d) C:\Windows\system32\DLA\DLAUDF_M.SYS
16:50:21.0492 5636 DLAUDF_M - ok
16:50:21.0960 5636 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
16:50:21.0960 5636 drmkaud - ok
16:50:22.0443 5636 DRVMCDB (83106585494d5eb96f59187200c144bd) C:\Windows\system32\Drivers\DRVMCDB.SYS
16:50:22.0443 5636 DRVMCDB - ok
16:50:22.0974 5636 DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\Windows\system32\Drivers\DRVNDDM.SYS
16:50:22.0974 5636 DRVNDDM - ok
16:50:23.0504 5636 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
16:50:23.0504 5636 DXGKrnl - ok
16:50:24.0206 5636 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
16:50:24.0206 5636 e1express - ok
16:50:24.0627 5636 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
16:50:24.0627 5636 E1G60 - ok
16:50:25.0127 5636 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
16:50:25.0142 5636 Ecache - ok
16:50:25.0688 5636 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
16:50:25.0704 5636 elxstor - ok
16:50:26.0219 5636 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
16:50:26.0219 5636 ErrDev - ok
16:50:26.0843 5636 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
16:50:26.0843 5636 exfat - ok
16:50:27.0373 5636 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
16:50:27.0373 5636 fastfat - ok
16:50:27.0919 5636 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
16:50:27.0919 5636 fdc - ok
16:50:28.0496 5636 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
16:50:28.0496 5636 FileInfo - ok
16:50:28.0995 5636 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
16:50:28.0995 5636 Filetrace - ok
16:50:29.0463 5636 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
16:50:29.0463 5636 flpydisk - ok
16:50:29.0963 5636 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
16:50:29.0963 5636 FltMgr - ok
16:50:30.0571 5636 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
16:50:30.0571 5636 Fs_Rec - ok
16:50:31.0023 5636 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
16:50:31.0023 5636 gagp30kx - ok
16:50:31.0679 5636 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:50:31.0679 5636 GEARAspiWDM - ok
16:50:32.0131 5636 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
16:50:32.0131 5636 HdAudAddService - ok
16:50:32.0661 5636 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:50:32.0661 5636 HDAudBus - ok
16:50:33.0207 5636 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
16:50:33.0207 5636 HidBth - ok
16:50:33.0847 5636 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
16:50:33.0847 5636 HidIr - ok
16:50:34.0299 5636 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
16:50:34.0299 5636 HidUsb - ok
16:50:34.0908 5636 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
16:50:34.0908 5636 HpCISSs - ok
16:50:35.0501 5636 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
16:50:35.0501 5636 HSFHWAZL - ok
16:50:36.0047 5636 HSF_DPV (fadd7095163cb3cb4073793ebb50fe75) C:\Windows\system32\DRIVERS\HSX_DPV.sys
16:50:36.0047 5636 HSF_DPV - ok
16:50:36.0577 5636 HSXHWAZL (058783bedd17615d1fece09f77960436) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
16:50:36.0577 5636 HSXHWAZL - ok
16:50:37.0185 5636 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
16:50:37.0185 5636 HTTP - ok
16:50:37.0607 5636 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
16:50:37.0607 5636 i2omp - ok
16:50:38.0012 5636 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
16:50:38.0012 5636 i8042prt - ok
16:50:38.0543 5636 iaStor (baabb0301949774a66b955c65319635a) C:\Windows\system32\drivers\iastor.sys
16:50:38.0558 5636 iaStor - ok
16:50:39.0198 5636 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
16:50:39.0213 5636 iaStorV - ok
16:50:39.0635 5636 IBMPMDRV (4a8ab38fdf3649c1fe3e9d16bf79927d) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
16:50:39.0635 5636 IBMPMDRV - ok
16:50:40.0929 5636 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
16:50:41.0054 5636 igfx - ok
16:50:41.0616 5636 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
16:50:41.0616 5636 iirsp - ok
16:50:42.0084 5636 IntcHdmiAddService (092a78e9c6f71bf0e22379503b90e800) C:\Windows\system32\drivers\IntcHdmi.sys
16:50:42.0084 5636 IntcHdmiAddService - ok
16:50:42.0552 5636 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
16:50:42.0552 5636 intelide - ok
16:50:43.0098 5636 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
16:50:43.0098 5636 intelppm - ok
16:50:43.0628 5636 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:50:43.0628 5636 IpFilterDriver - ok
16:50:44.0143 5636 IpInIp - ok
16:50:44.0611 56
-
The log seems to be cut off. Are you sure you got it all?
-
Sorry about that; thought I had it all. Here it is and in case you were wondering.....THANKS FOR THE HELP!!!
16:45:36.0638 1256 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
16:45:36.0716 1256 ============================================================
16:45:36.0716 1256 Current date / time: 2012/02/09 16:45:36.0716
16:45:36.0716 1256 SystemInfo:
16:45:36.0716 1256
16:45:36.0716 1256 OS Version: 6.0.6002 ServicePack: 2.0
16:45:36.0716 1256 Product type: Workstation
16:45:36.0716 1256 ComputerName: COSTA-PC
16:45:36.0731 1256 UserName: Costa
16:45:36.0731 1256 Windows directory: C:\Windows
16:45:36.0731 1256 System windows directory: C:\Windows
16:45:36.0731 1256 Processor architecture: Intel x86
16:45:36.0731 1256 Number of processors: 2
16:45:36.0731 1256 Page size: 0x1000
16:45:36.0731 1256 Boot type: Normal boot
16:45:36.0731 1256 ============================================================
16:45:38.0057 1256 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:45:38.0088 1256 Drive \Device\Harddisk1\DR1 - Size: 0x1DD180000 (7.45 Gb), SectorSize: 0x200, Cylinders: 0x3CD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:45:38.0088 1256 \Device\Harddisk0\DR0:
16:45:38.0088 1256 MBR used
16:45:38.0088 1256 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2EE000
16:45:38.0088 1256 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x113A27F8
16:45:38.0088 1256 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x11691000, BlocksNum 0x1388000
16:45:38.0088 1256 \Device\Harddisk1\DR1:
16:45:38.0088 1256 MBR used
16:45:38.0088 1256 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0xEE8BE0
16:45:38.0510 1256 Initialize success
16:45:38.0510 1256 ============================================================
16:45:41.0505 2876 ============================================================
16:45:41.0505 2876 Scan started
16:45:41.0505 2876 Mode: Manual;
16:45:41.0505 2876 ============================================================
16:45:49.0164 2876 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
16:45:49.0492 2876 ACPI - ok
16:45:50.0709 2876 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
16:45:50.0724 2876 adp94xx - ok
16:45:51.0785 2876 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
16:45:51.0801 2876 adpahci - ok
16:45:52.0768 2876 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
16:45:52.0815 2876 adpu160m - ok
16:45:53.0891 2876 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
16:45:53.0907 2876 adpu320 - ok
16:45:54.0656 2876 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
16:45:54.0656 2876 AFD - ok
16:45:55.0685 2876 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
16:45:55.0716 2876 agp440 - ok
16:45:56.0824 2876 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
16:45:56.0933 2876 aic78xx - ok
16:45:57.0773 2876 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
16:45:57.0835 2876 aliide - ok
16:45:58.0974 2876 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
16:45:58.0990 2876 amdagp - ok
16:45:59.0910 2876 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
16:45:59.0926 2876 amdide - ok
16:46:00.0706 2876 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
16:46:00.0737 2876 AmdK7 - ok
16:46:01.0735 2876 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
16:46:01.0782 2876 AmdK8 - ok
16:46:02.0843 2876 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
16:46:02.0890 2876 arc - ok
16:46:04.0013 2876 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
16:46:04.0028 2876 arcsas - ok
16:46:04.0325 2876 ASMMAP (7b4d08d2017ac06689d422e06c43f0aa) C:\Program Files\Lenovo\ATK Hotkey\ASMMAP.sys
16:46:04.0340 2876 ASMMAP - ok
16:46:05.0744 2876 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
16:46:05.0776 2876 AsyncMac - ok
16:46:06.0836 2876 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
16:46:06.0868 2876 atapi - ok
16:46:08.0209 2876 athr (4df523f49694b2884f8e5d870bf3e253) C:\Windows\system32\DRIVERS\athr.sys
16:46:08.0818 2876 athr - ok
16:46:11.0220 2876 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
16:46:11.0251 2876 Beep - ok
16:46:12.0125 2876 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
16:46:12.0172 2876 blbdrive - ok
16:46:12.0967 2876 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
16:46:12.0998 2876 bowser - ok
16:46:14.0090 2876 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
16:46:14.0106 2876 BrFiltLo - ok
16:46:14.0995 2876 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
16:46:15.0026 2876 BrFiltUp - ok
16:46:15.0916 2876 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
16:46:15.0947 2876 Brserid - ok
16:46:16.0680 2876 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
16:46:16.0696 2876 BrSerWdm - ok
16:46:17.0632 2876 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
16:46:17.0647 2876 BrUsbMdm - ok
16:46:18.0458 2876 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
16:46:18.0474 2876 BrUsbSer - ok
16:46:19.0348 2876 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
16:46:19.0363 2876 BTHMODEM - ok
16:46:19.0675 2876 catchme - ok
16:46:20.0596 2876 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
16:46:20.0642 2876 cdfs - ok
16:46:21.0781 2876 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
16:46:21.0812 2876 cdrom - ok
16:46:22.0390 2876 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
16:46:22.0405 2876 circlass - ok
16:46:23.0404 2876 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
16:46:23.0435 2876 CLFS - ok
16:46:24.0418 2876 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
16:46:24.0418 2876 CmBatt - ok
16:46:25.0010 2876 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
16:46:25.0010 2876 cmdide - ok
16:46:26.0165 2876 CnxtHdAudService (2e3e4579b4299c528de109b3ce4294ac) C:\Windows\system32\drivers\CHDRT32.sys
16:46:26.0165 2876 CnxtHdAudService - ok
16:46:26.0945 2876 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
16:46:26.0945 2876 Compbatt - ok
16:46:28.0130 2876 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
16:46:28.0146 2876 crcdisk - ok
16:46:29.0347 2876 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
16:46:29.0347 2876 Crusoe - ok
16:46:30.0065 2876 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
16:46:30.0080 2876 DfsC - ok
16:46:31.0282 2876 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
16:46:31.0328 2876 disk - ok
16:46:32.0405 2876 DLABMFSM (5b149ccfe275f4de0b4b8ec6b9f6821e) C:\Windows\system32\DLA\DLABMFSM.SYS
16:46:32.0405 2876 DLABMFSM - ok
16:46:33.0122 2876 DLABOIOM (ad4cb3d783634c90a9d0ce360933a63c) C:\Windows\system32\DLA\DLABOIOM.SYS
16:46:33.0138 2876 DLABOIOM - ok
16:46:34.0090 2876 DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\Windows\system32\Drivers\DLACDBHM.SYS
16:46:34.0105 2876 DLACDBHM - ok
16:46:34.0838 2876 DLADResM (93d03238cc3f0ee3c0b3985d110ec575) C:\Windows\system32\DLA\DLADResM.SYS
16:46:34.0854 2876 DLADResM - ok
16:46:35.0384 2876 DLAIFS_M (6a82f77c4a6f5235bf352f0028e2ef52) C:\Windows\system32\DLA\DLAIFS_M.SYS
16:46:35.0400 2876 DLAIFS_M - ok
16:46:36.0164 2876 DLAOPIOM (0e6052c0ada37504896a847231a3907d) C:\Windows\system32\DLA\DLAOPIOM.SYS
16:46:36.0180 2876 DLAOPIOM - ok
16:46:37.0334 2876 DLAPoolM (29670bb4e2b973c5b55a76107d4910b2) C:\Windows\system32\DLA\DLAPoolM.SYS
16:46:37.0350 2876 DLAPoolM - ok
16:46:37.0943 2876 DLARTL_M (77fe51f0f8d86804cb81f6ef6bfb86dd) C:\Windows\system32\Drivers\DLARTL_M.SYS
16:46:37.0943 2876 DLARTL_M - ok
16:46:38.0660 2876 DLAUDFAM (6b087732b86c1d866d69dbbe463ea90a) C:\Windows\system32\DLA\DLAUDFAM.SYS
16:46:38.0692 2876 DLAUDFAM - ok
16:46:39.0175 2876 DLAUDF_M (bbeecb95f2841ae4a3e3690d46d7153d) C:\Windows\system32\DLA\DLAUDF_M.SYS
16:46:39.0222 2876 DLAUDF_M - ok
16:46:40.0033 2876 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
16:46:40.0064 2876 drmkaud - ok
16:46:41.0016 2876 DRVMCDB (83106585494d5eb96f59187200c144bd) C:\Windows\system32\Drivers\DRVMCDB.SYS
16:46:41.0032 2876 DRVMCDB - ok
16:46:41.0437 2876 DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\Windows\system32\Drivers\DRVNDDM.SYS
16:46:41.0437 2876 DRVNDDM - ok
16:46:42.0295 2876 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
16:46:42.0436 2876 DXGKrnl - ok
16:46:43.0325 2876 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
16:46:43.0387 2876 e1express - ok
16:46:44.0308 2876 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
16:46:44.0354 2876 E1G60 - ok
16:46:45.0025 2876 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
16:46:45.0025 2876 Ecache - ok
16:46:46.0086 2876 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
16:46:46.0180 2876 elxstor - ok
16:46:46.0960 2876 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
16:46:46.0960 2876 ErrDev - ok
16:46:48.0442 2876 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
16:46:48.0504 2876 exfat - ok
16:46:49.0549 2876 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
16:46:49.0596 2876 fastfat - ok
16:46:50.0875 2876 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
16:46:50.0891 2876 fdc - ok
16:46:51.0780 2876 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
16:46:51.0811 2876 FileInfo - ok
16:46:52.0482 2876 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
16:46:52.0498 2876 Filetrace - ok
16:46:53.0137 2876 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
16:46:53.0137 2876 flpydisk - ok
16:46:53.0824 2876 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
16:46:53.0886 2876 FltMgr - ok
16:46:54.0635 2876 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
16:46:54.0650 2876 Fs_Rec - ok
16:46:55.0399 2876 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
16:46:55.0430 2876 gagp30kx - ok
16:46:56.0195 2876 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:46:56.0195 2876 GEARAspiWDM - ok
16:46:57.0022 2876 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
16:46:57.0068 2876 HdAudAddService - ok
16:46:58.0363 2876 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:46:58.0441 2876 HDAudBus - ok
16:46:59.0330 2876 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
16:46:59.0408 2876 HidBth - ok
16:47:00.0251 2876 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
16:47:00.0282 2876 HidIr - ok
16:47:01.0156 2876 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
16:47:01.0171 2876 HidUsb - ok
16:47:02.0060 2876 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
16:47:02.0092 2876 HpCISSs - ok
16:47:02.0965 2876 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
16:47:03.0028 2876 HSFHWAZL - ok
16:47:04.0385 2876 HSF_DPV (fadd7095163cb3cb4073793ebb50fe75) C:\Windows\system32\DRIVERS\HSX_DPV.sys
16:47:04.0510 2876 HSF_DPV - ok
16:47:05.0212 2876 HSXHWAZL (058783bedd17615d1fece09f77960436) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
16:47:05.0274 2876 HSXHWAZL - ok
16:47:05.0882 2876 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
16:47:05.0882 2876 HTTP - ok
16:47:06.0382 2876 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
16:47:06.0413 2876 i2omp - ok
16:47:07.0302 2876 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
16:47:07.0333 2876 i8042prt - ok
16:47:08.0238 2876 iaStor (baabb0301949774a66b955c65319635a) C:\Windows\system32\drivers\iastor.sys
16:47:08.0254 2876 iaStor - ok
16:47:09.0205 2876 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
16:47:09.0252 2876 iaStorV - ok
16:47:10.0235 2876 IBMPMDRV (4a8ab38fdf3649c1fe3e9d16bf79927d) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
16:47:10.0250 2876 IBMPMDRV - ok
16:47:12.0216 2876 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
16:47:14.0774 2876 igfx - ok
16:47:15.0695 2876 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
16:47:15.0710 2876 iirsp - ok
16:47:16.0288 2876 IntcHdmiAddService (092a78e9c6f71bf0e22379503b90e800) C:\Windows\system32\drivers\IntcHdmi.sys
16:47:16.0303 2876 IntcHdmiAddService - ok
16:47:16.0756 2876 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
16:47:16.0756 2876 intelide - ok
16:47:17.0614 2876 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
16:47:17.0614 2876 intelppm - ok
16:47:18.0456 2876 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:47:18.0472 2876 IpFilterDriver - ok
16:47:18.0846 2876 IpInIp - ok
16:47:19.0423 2876 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
16:47:19.0423 2876 IPMIDRV - ok
16:47:19.0829 2876 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
16:47:19.0860 2876 IPNAT - ok
16:47:20.0624 2876 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
16:47:20.0687 2876 IRENUM - ok
16:47:21.0623 2876 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
16:47:21.0654 2876 isapnp - ok
16:47:22.0450 2876 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
16:47:22.0481 2876 iScsiPrt - ok
16:47:23.0089 2876 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
16:47:23.0105 2876 iteatapi - ok
16:47:23.0994 2876 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
16:47:24.0010 2876 iteraid - ok
16:47:24.0852 2876 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
16:47:24.0852 2876 kbdclass - ok
16:47:25.0694 2876 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
16:47:25.0710 2876 kbdhid - ok
16:47:26.0521 2876 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
16:47:26.0584 2876 KSecDD - ok
16:47:27.0863 2876 lenovo.smi (3c3f7f424e324c6971632c5de5ff458f) C:\Windows\system32\DRIVERS\smiif32.sys
16:47:27.0878 2876 lenovo.smi - ok
16:47:28.0549 2876 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
16:47:28.0565 2876 lltdio - ok
16:47:29.0345 2876 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
16:47:29.0392 2876 LSI_FC - ok
16:47:30.0234 2876 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
16:47:30.0265 2876 LSI_SAS - ok
16:47:31.0342 2876 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
16:47:31.0373 2876 LSI_SCSI - ok
16:47:32.0168 2876 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
16:47:32.0200 2876 luafv - ok
16:47:33.0011 2876 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
16:47:33.0026 2876 mdmxsdk - ok
16:47:33.0822 2876 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
16:47:34.0118 2876 megasas - ok
16:47:35.0054 2876 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
16:47:35.0070 2876 MegaSR - ok
16:47:35.0912 2876 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
16:47:35.0912 2876 Modem - ok
16:47:36.0630 2876 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
16:47:36.0630 2876 monitor - ok
16:47:37.0238 2876 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
16:47:37.0254 2876 mouclass - ok
16:47:38.0018 2876 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
16:47:38.0050 2876 mouhid - ok
16:47:38.0689 2876 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
16:47:38.0705 2876 MountMgr - ok
16:47:39.0578 2876 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
16:47:39.0625 2876 mpio - ok
16:47:40.0358 2876 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
16:47:40.0390 2876 mpsdrv - ok
16:47:41.0154 2876 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
16:47:41.0185 2876 Mraid35x - ok
16:47:41.0622 2876 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
16:47:41.0638 2876 MRxDAV - ok
16:47:42.0480 2876 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:47:42.0496 2876 mrxsmb - ok
16:47:43.0666 2876 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:47:43.0744 2876 mrxsmb10 - ok
16:47:44.0540 2876 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:47:44.0556 2876 mrxsmb20 - ok
16:47:45.0071 2876 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
16:47:45.0117 2876 msahci - ok
16:47:45.0741 2876 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
16:47:45.0773 2876 msdsm - ok
16:47:46.0584 2876 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
16:47:46.0615 2876 Msfs - ok
16:47:47.0489 2876 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
16:47:47.0520 2876 msisadrv - ok
16:47:48.0456 2876 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
16:47:48.0487 2876 MSKSSRV - ok
16:47:49.0298 2876 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
16:47:49.0345 2876 MSPCLOCK - ok
16:47:50.0297 2876 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
16:47:50.0328 2876 MSPQM - ok
16:47:51.0279 2876 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
16:47:51.0326 2876 MsRPC - ok
16:47:52.0215 2876 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
16:47:52.0215 2876 mssmbios - ok
16:47:53.0292 2876 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
16:47:53.0339 2876 MSTEE - ok
16:47:54.0119 2876 MTsensor (97affa9d95ffe20eee6229bc6be166cf) C:\Windows\system32\DRIVERS\A0101V32.sys
16:47:54.0134 2876 MTsensor - ok
16:47:54.0524 2876 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
16:47:54.0524 2876 Mup - ok
16:47:54.0930 2876 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
16:47:54.0945 2876 NativeWifiP - ok
16:47:55.0757 2876 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
16:47:55.0866 2876 NDIS - ok
16:47:57.0036 2876 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
16:47:57.0067 2876 NdisTapi - ok
16:47:57.0566 2876 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
16:47:57.0566 2876 Ndisuio - ok
16:47:58.0362 2876 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
16:47:58.0377 2876 NdisWan - ok
16:47:59.0142 2876 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
16:47:59.0157 2876 NDProxy - ok
16:48:00.0218 2876 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
16:48:00.0234 2876 NetBIOS - ok
16:48:02.0153 2876 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
16:48:02.0168 2876 netbt - ok
16:48:03.0011 2876 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
16:48:03.0042 2876 nfrd960 - ok
16:48:03.0791 2876 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
16:48:03.0791 2876 Npfs - ok
16:48:04.0742 2876 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
16:48:04.0789 2876 nsiproxy - ok
16:48:05.0585 2876 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
16:48:05.0959 2876 Ntfs - ok
16:48:06.0614 2876 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
16:48:06.0630 2876 ntrigdigi - ok
16:48:07.0332 2876 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
16:48:07.0363 2876 Null - ok
16:48:08.0112 2876 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
16:48:08.0159 2876 nvraid - ok
16:48:09.0126 2876 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
16:48:09.0173 2876 nvstor - ok
16:48:09.0937 2876 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
16:48:09.0984 2876 nv_agp - ok
16:48:10.0764 2876 NwlnkFlt - ok
16:48:11.0637 2876 NwlnkFwd - ok
16:48:12.0417 2876 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
16:48:12.0417 2876 ohci1394 - ok
16:48:13.0369 2876 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
16:48:13.0431 2876 Parport - ok
16:48:14.0321 2876 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
16:48:14.0336 2876 partmgr - ok
16:48:15.0225 2876 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
16:48:15.0241 2876 Parvdm - ok
16:48:16.0193 2876 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
16:48:16.0239 2876 pci - ok
16:48:17.0097 2876 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
16:48:17.0129 2876 pciide - ok
16:48:18.0143 2876 pcmcia (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys
16:48:18.0236 2876 pcmcia - ok
16:48:19.0235 2876 PCTCore (995e6bc3bb92bb4a9eb49a663c43b6cb) C:\Windows\system32\drivers\PCTCore.sys
16:48:19.0281 2876 PCTCore - ok
16:48:20.0108 2876 pctDS (f820b4c61d1e591325b679d479d4eea4) C:\Windows\system32\drivers\pctDS.sys
16:48:20.0171 2876 pctDS - ok
16:48:21.0185 2876 pctEFA (acc8c15f3d59f17c5d903ff1de3b43d3) C:\Windows\system32\drivers\pctEFA.sys
16:48:21.0278 2876 pctEFA - ok
16:48:22.0433 2876 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
16:48:22.0698 2876 PEAUTH - ok
16:48:23.0634 2876 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
16:48:23.0649 2876 PptpMiniport - ok
16:48:24.0461 2876 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
16:48:24.0507 2876 Processor - ok
16:48:25.0428 2876 psadd (f8a25f1dd8b2c332cbc663e3579566e7) C:\Windows\system32\DRIVERS\psadd.sys
16:48:25.0537 2876 psadd - ok
16:48:25.0989 2876 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
16:48:26.0021 2876 PSched - ok
16:48:26.0801 2876 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
16:48:26.0832 2876 PxHelp20 - ok
16:48:27.0939 2876 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
16:48:28.0127 2876 ql2300 - ok
16:48:28.0922 2876 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
16:48:28.0953 2876 ql40xx - ok
16:48:30.0030 2876 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
16:48:30.0061 2876 QWAVEdrv - ok
16:48:30.0950 2876 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
16:48:30.0981 2876 RasAcd - ok
16:48:31.0902 2876 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:48:31.0964 2876 Rasl2tp - ok
16:48:32.0822 2876 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
16:48:32.0853 2876 RasPppoe - ok
16:48:33.0477 2876 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
16:48:33.0493 2876 RasSstp - ok
16:48:34.0289 2876 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
16:48:34.0367 2876 rdbss - ok
16:48:35.0287 2876 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:48:35.0287 2876 RDPCDD - ok
16:48:36.0192 2876 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
16:48:36.0254 2876 rdpdr - ok
16:48:37.0190 2876 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
16:48:37.0206 2876 RDPENCDD - ok
16:48:38.0095 2876 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
16:48:38.0126 2876 RDPWD - ok
16:48:39.0000 2876 rimmptsk (a5b12a4b3b774432db9b9fa221190e59) C:\Windows\system32\DRIVERS\rimmptsk.sys
16:48:39.0000 2876 rimmptsk - ok
16:48:39.0749 2876 rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys
16:48:39.0764 2876 rimsptsk - ok
16:48:40.0529 2876 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
16:48:40.0544 2876 rismxdp - ok
16:48:41.0324 2876 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
16:48:41.0355 2876 rspndr - ok
16:48:42.0120 2876 RTL8169 (7157e70a90cce49deb8885d23a073a39) C:\Windows\system32\DRIVERS\Rtlh86.sys
16:48:42.0135 2876 RTL8169 - ok
16:48:42.0369 2876 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
16:48:42.0385 2876 SASDIFSV - ok
16:48:42.0510 2876 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
16:48:42.0525 2876 SASKUTIL - ok
16:48:42.0915 2876 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
16:48:42.0915 2876 sbp2port - ok
16:48:43.0399 2876 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
16:48:43.0415 2876 sdbus - ok
16:48:44.0132 2876 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
16:48:44.0132 2876 secdrv - ok
16:48:44.0585 2876 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
16:48:44.0585 2876 Serenum - ok
16:48:44.0975 2876 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
16:48:44.0975 2876 Serial - ok
16:48:45.0443 2876 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
16:48:45.0443 2876 sermouse - ok
16:48:45.0926 2876 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
16:48:45.0957 2876 sffdisk - ok
16:48:46.0457 2876 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
16:48:46.0457 2876 sffp_mmc - ok
16:48:46.0831 2876 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
16:48:46.0831 2876 sffp_sd - ok
16:48:47.0408 2876 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
16:48:47.0408 2876 sfloppy - ok
16:48:47.0845 2876 Shockprf (1310c5e81966e86b2ced7ae8ce3d74f1) C:\Windows\system32\DRIVERS\Apsx86.sys
16:48:47.0845 2876 Shockprf - ok
16:48:48.0266 2876 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
16:48:48.0266 2876 sisagp - ok
16:48:48.0703 2876 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
16:48:48.0719 2876 SiSRaid2 - ok
16:48:49.0062 2876 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
16:48:49.0062 2876 SiSRaid4 - ok
16:48:49.0514 2876 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
16:48:49.0530 2876 Smb - ok
16:48:50.0029 2876 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
16:48:50.0045 2876 spldr - ok
16:48:50.0497 2876 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
16:48:50.0497 2876 srv - ok
16:48:51.0137 2876 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
16:48:51.0152 2876 srv2 - ok
16:48:51.0589 2876 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
16:48:51.0589 2876 srvnet - ok
16:48:52.0041 2876 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
16:48:52.0041 2876 swenum - ok
16:48:52.0447 2876 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
16:48:52.0447 2876 Symc8xx - ok
16:48:52.0931 2876 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
16:48:52.0931 2876 Sym_hi - ok
16:48:53.0367 2876 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
16:48:53.0383 2876 Sym_u3 - ok
16:48:53.0960 2876 SynTP (f92350e343b056a83093bc0d8f750f05) C:\Windows\system32\DRIVERS\SynTP.sys
16:48:53.0960 2876 SynTP - ok
16:48:54.0569 2876 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
16:48:54.0600 2876 Tcpip - ok
16:48:55.0099 2876 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
16:48:55.0115 2876 Tcpip6 - ok
16:48:55.0583 2876 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
16:48:55.0583 2876 tcpipreg - ok
16:48:56.0144 2876 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
16:48:56.0175 2876 TDPIPE - ok
16:48:56.0534 2876 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
16:48:56.0534 2876 TDTCP - ok
16:48:56.0877 2876 tdx - ok
16:48:57.0314 2876 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
16:48:57.0330 2876 TermDD - ok
16:48:57.0813 2876 TPDIGIMN (d7a29e343632e2fc5f7ebfc886f12675) C:\Windows\system32\DRIVERS\ApsHM86.sys
16:48:57.0813 2876 TPDIGIMN - ok
16:48:58.0328 2876 TPM (cb258c2f726f1be73c507022be33ebb3) C:\Windows\system32\drivers\tpm.sys
16:48:58.0328 2876 TPM - ok
16:48:58.0781 2876 TPPWRIF (1bd5719ef160e0ab739cd0ff3ba5e298) C:\Windows\system32\drivers\Tppwr32v.sys
16:48:58.0781 2876 TPPWRIF - ok
16:48:59.0264 2876 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:48:59.0264 2876 tssecsrv - ok
16:48:59.0654 2876 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
16:48:59.0654 2876 tunmp - ok
16:49:00.0060 2876 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
16:49:00.0075 2876 tunnel - ok
16:49:00.0512 2876 tvtfilter (49258a02a1e8d304ed88b0f1c56b1738) C:\Windows\system32\DRIVERS\tvtfilter.sys
16:49:00.0512 2876 tvtfilter - ok
16:49:01.0121 2876 tvtumon (fc4d5a1ea9d736907cb547085248199f) C:\Windows\system32\DRIVERS\tvtumon.sys
16:49:01.0121 2876 tvtumon - ok
16:49:01.0542 2876 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
16:49:01.0542 2876 uagp35 - ok
16:49:02.0025 2876 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
16:49:02.0041 2876 udfs - ok
16:49:02.0509 2876 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
16:49:02.0509 2876 uliagpkx - ok
16:49:02.0993 2876 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
16:49:02.0993 2876 uliahci - ok
16:49:03.0461 2876 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
16:49:03.0476 2876 UlSata - ok
16:49:03.0944 2876 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
16:49:03.0944 2876 ulsata2 - ok
16:49:04.0412 2876 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
16:49:04.0428 2876 umbus - ok
16:49:04.0833 2876 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
16:49:04.0865 2876 USBAAPL - ok
16:49:05.0239 2876 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
16:49:05.0239 2876 usbccgp - ok
16:49:05.0645 2876 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
16:49:05.0645 2876 usbcir - ok
16:49:06.0175 2876 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
16:49:06.0175 2876 usbehci - ok
16:49:06.0799 2876 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
16:49:06.0799 2876 usbhub - ok
16:49:07.0220 2876 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
16:49:07.0220 2876 usbohci - ok
16:49:07.0704 2876 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
16:49:07.0719 2876 usbprint - ok
16:49:08.0343 2876 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
16:49:08.0359 2876 usbscan - ok
16:49:09.0155 2876 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:49:09.0155 2876 USBSTOR - ok
16:49:09.0638 2876 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
16:49:09.0638 2876 usbuhci - ok
16:49:10.0122 2876 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
16:49:10.0137 2876 usbvideo - ok
16:49:10.0621 2876 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
16:49:10.0621 2876 vga - ok
16:49:11.0073 2876 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
16:49:11.0089 2876 VgaSave - ok
16:49:11.0557 2876 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
16:49:11.0557 2876 viaagp - ok
16:49:12.0103 2876 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
16:49:12.0103 2876 ViaC7 - ok
16:49:12.0680 2876 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
16:49:12.0680 2876 viaide - ok
16:49:13.0133 2876 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
16:49:13.0148 2876 volmgr - ok
16:49:13.0601 2876 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
16:49:13.0616 2876 volmgrx - ok
16:49:14.0022 2876 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
16:49:14.0022 2876 volsnap - ok
16:49:14.0537 2876 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
16:49:14.0552 2876 vsmraid - ok
16:49:15.0051 2876 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
16:49:15.0067 2876 WacomPen - ok
16:49:15.0488 2876 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:49:15.0488 2876 Wanarp - ok
16:49:15.0535 2876 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:49:15.0535 2876 Wanarpv6 - ok
16:49:15.0925 2876 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
16:49:15.0941 2876 Wd - ok
16:49:16.0393 2876 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
16:49:16.0440 2876 Wdf01000 - ok
16:49:17.0251 2876 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
16:49:17.0282 2876 WimFltr - ok
16:49:17.0984 2876 winachsf (bb9cbaf6ac20452b245c324f1f50ee81) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
16:49:18.0000 2876 winachsf - ok
16:49:18.0827 2876 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:49:18.0858 2876 WmiAcpi - ok
16:49:19.0685 2876 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
16:49:19.0700 2876 WpdUsb - ok
16:49:20.0137 2876 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
16:49:20.0137 2876 ws2ifsl - ok
16:49:20.0589 2876 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:49:20.0589 2876 WUDFRd - ok
16:49:21.0042 2876 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
16:49:21.0042 2876 XAudio - ok
16:49:21.0104 2876 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
16:49:21.0182 2876 \Device\Harddisk0\DR0 - ok
16:49:21.0182 2876 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
16:49:21.0198 2876 \Device\Harddisk1\DR1 - ok
16:49:21.0198 2876 Boot (0x1200) (db22cc3cf933e4bbdc879e17b323bf87) \Device\Harddisk0\DR0\Partition0
16:49:21.0198 2876 \Device\Harddisk0\DR0\Partition0 - ok
16:49:21.0245 2876 Boot (0x1200) (2e8e2d73dfe7b63ffe913ceae517bade) \Device\Harddisk0\DR0\Partition1
16:49:21.0245 2876 \Device\Harddisk0\DR0\Partition1 - ok
16:49:21.0291 2876 Boot (0x1200) (01aec9517935ec23d2e9c0dd7359e4ed) \Device\Harddisk0\DR0\Partition2
16:49:21.0291 2876 \Device\Harddisk0\DR0\Partition2 - ok
16:49:21.0291 2876 Boot (0x1200) (b8f1d9319df78927e391e24460fdfb2a) \Device\Harddisk1\DR1\Partition0
16:49:21.0291 2876 \Device\Harddisk1\DR1\Partition0 - ok
16:49:21.0291 2876 ============================================================
16:49:21.0291 2876 Scan finished
16:49:21.0291 2876 ============================================================
16:49:21.0307 6032 Detected object count: 0
16:49:21.0323 6032 Actual detected object count: 0
16:49:49.0574 5636 ============================================================
16:49:49.0574 5636 Scan started
16:49:49.0574 5636 Mode: Manual;
16:49:49.0574 5636 ============================================================
16:49:51.0462 5636 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
16:49:51.0462 5636 ACPI - ok
16:49:52.0351 5636 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
16:49:52.0367 5636 adp94xx - ok
16:49:53.0209 5636 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
16:49:53.0209 5636 adpahci - ok
16:49:54.0020 5636 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
16:49:54.0020 5636 adpu160m - ok
16:49:54.0379 5636 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
16:49:54.0379 5636 adpu320 - ok
16:49:54.0925 5636 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
16:49:54.0925 5636 AFD - ok
16:49:55.0627 5636 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
16:49:55.0627 5636 agp440 - ok
16:49:56.0251 5636 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
16:49:56.0251 5636 aic78xx - ok
16:49:56.0875 5636 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
16:49:56.0875 5636 aliide - ok
16:49:57.0265 5636 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
16:49:57.0265 5636 amdagp - ok
16:49:57.0733 5636 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
16:49:57.0733 5636 amdide - ok
16:49:58.0154 5636 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
16:49:58.0154 5636 AmdK7 - ok
16:49:58.0856 5636 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
16:49:58.0856 5636 AmdK8 - ok
16:49:59.0901 5636 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
16:49:59.0901 5636 arc - ok
16:50:00.0432 5636 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
16:50:00.0432 5636 arcsas - ok
16:50:00.0635 5636 ASMMAP (7b4d08d2017ac06689d422e06c43f0aa) C:\Program Files\Lenovo\ATK Hotkey\ASMMAP.sys
16:50:00.0635 5636 ASMMAP - ok
16:50:01.0415 5636 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
16:50:01.0415 5636 AsyncMac - ok
16:50:02.0257 5636 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
16:50:02.0273 5636 atapi - ok
16:50:03.0255 5636 athr (4df523f49694b2884f8e5d870bf3e253) C:\Windows\system32\DRIVERS\athr.sys
16:50:03.0271 5636 athr - ok
16:50:03.0817 5636 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
16:50:03.0817 5636 Beep - ok
16:50:04.0675 5636 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
16:50:04.0675 5636 blbdrive - ok
16:50:05.0486 5636 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
16:50:05.0486 5636 bowser - ok
16:50:06.0235 5636 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
16:50:06.0235 5636 BrFiltLo - ok
16:50:06.0937 5636 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
16:50:06.0937 5636 BrFiltUp - ok
16:50:07.0811 5636 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
16:50:07.0811 5636 Brserid - ok
16:50:08.0450 5636 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
16:50:08.0450 5636 BrSerWdm - ok
16:50:08.0903 5636 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
16:50:08.0918 5636 BrUsbMdm - ok
16:50:09.0308 5636 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
16:50:09.0308 5636 BrUsbSer - ok
16:50:09.0792 5636 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
16:50:09.0792 5636 BTHMODEM - ok
16:50:09.0963 5636 catchme - ok
16:50:10.0541 5636 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
16:50:10.0556 5636 cdfs - ok
16:50:11.0149 5636 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
16:50:11.0149 5636 cdrom - ok
16:50:11.0711 5636 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
16:50:11.0726 5636 circlass - ok
16:50:12.0085 5636 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
16:50:12.0101 5636 CLFS - ok
16:50:12.0756 5636 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
16:50:12.0756 5636 CmBatt - ok
16:50:13.0146 5636 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
16:50:13.0146 5636 cmdide - ok
16:50:13.0567 5636 CnxtHdAudService (2e3e4579b4299c528de109b3ce4294ac) C:\Windows\system32\drivers\CHDRT32.sys
16:50:13.0567 5636 CnxtHdAudService - ok
16:50:14.0113 5636 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
16:50:14.0113 5636 Compbatt - ok
16:50:14.0690 5636 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
16:50:14.0690 5636 crcdisk - ok
16:50:15.0174 5636 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
16:50:15.0174 5636 Crusoe - ok
16:50:15.0642 5636 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
16:50:15.0642 5636 DfsC - ok
16:50:16.0266 5636 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
16:50:16.0266 5636 disk - ok
16:50:16.0812 5636 DLABMFSM (5b149ccfe275f4de0b4b8ec6b9f6821e) C:\Windows\system32\DLA\DLABMFSM.SYS
16:50:16.0812 5636 DLABMFSM - ok
16:50:17.0171 5636 DLABOIOM (ad4cb3d783634c90a9d0ce360933a63c) C:\Windows\system32\DLA\DLABOIOM.SYS
16:50:17.0171 5636 DLABOIOM - ok
16:50:17.0763 5636 DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\Windows\system32\Drivers\DLACDBHM.SYS
16:50:17.0763 5636 DLACDBHM - ok
16:50:18.0216 5636 DLADResM (93d03238cc3f0ee3c0b3985d110ec575) C:\Windows\system32\DLA\DLADResM.SYS
16:50:18.0216 5636 DLADResM - ok
16:50:18.0621 5636 DLAIFS_M (6a82f77c4a6f5235bf352f0028e2ef52) C:\Windows\system32\DLA\DLAIFS_M.SYS
16:50:18.0621 5636 DLAIFS_M - ok
16:50:19.0152 5636 DLAOPIOM (0e6052c0ada37504896a847231a3907d) C:\Windows\system32\DLA\DLAOPIOM.SYS
16:50:19.0152 5636 DLAOPIOM - ok
16:50:19.0713 5636 DLAPoolM (29670bb4e2b973c5b55a76107d4910b2) C:\Windows\system32\DLA\DLAPoolM.SYS
16:50:19.0713 5636 DLAPoolM - ok
16:50:20.0197 5636 DLARTL_M (77fe51f0f8d86804cb81f6ef6bfb86dd) C:\Windows\system32\Drivers\DLARTL_M.SYS
16:50:20.0197 5636 DLARTL_M - ok
16:50:20.0759 5636 DLAUDFAM (6b087732b86c1d866d69dbbe463ea90a) C:\Windows\system32\DLA\DLAUDFAM.SYS
16:50:20.0774 5636 DLAUDFAM - ok
16:50:21.0492 5636 DLAUDF_M (bbeecb95f2841ae4a3e3690d46d7153d) C:\Windows\system32\DLA\DLAUDF_M.SYS
16:50:21.0492 5636 DLAUDF_M - ok
16:50:21.0960 5636 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
16:50:21.0960 5636 drmkaud - ok
16:50:22.0443 5636 DRVMCDB (83106585494d5eb96f59187200c144bd) C:\Windows\system32\Drivers\DRVMCDB.SYS
16:50:22.0443 5636 DRVMCDB - ok
16:50:22.0974 5636 DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\Windows\system32\Drivers\DRVNDDM.SYS
16:50:22.0974 5636 DRVNDDM - ok
16:50:23.0504 5636 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
16:50:23.0504 5636 DXGKrnl - ok
16:50:24.0206 5636 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
16:50:24.0206 5636 e1express - ok
16:50:24.0627 5636 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
16:50:24.0627 5636 E1G60 - ok
16:50:25.0127 5636 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
16:50:25.0142 5636 Ecache - ok
16:50:25.0688 5636 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
16:50:25.0704 5636 elxstor - ok
16:50:26.0219 5636 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
16:50:26.0219 5636 ErrDev - ok
16:50:26.0843 5636 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
16:50:26.0843 5636 exfat - ok
16:50:27.0373 5636 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
16:50:27.0373 5636 fastfat - ok
16:50:27.0919 5636 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
16:50:27.0919 5636 fdc - ok
16:50:28.0496 5636 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
16:50:28.0496 5636 FileInfo - ok
16:50:28.0995 5636 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
16:50:28.0995 5636 Filetrace - ok
16:50:29.0463 5636 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
16:50:29.0463 5636 flpydisk - ok
16:50:29.0963 5636 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
16:50:29.0963 5636 FltMgr - ok
16:50:30.0571 5636 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
16:50:30.0571 5636 Fs_Rec - ok
16:50:31.0023 5636 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
16:50:31.0023 5636 gagp30kx - ok
16:50:31.0679 5636 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:50:31.0679 5636 GEARAspiWDM - ok
16:50:32.0131 5636 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
16:50:32.0131 5636 HdAudAddService - ok
16:50:32.0661 5636 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:50:32.0661 5636 HDAudBus - ok
16:50:33.0207 5636 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
16:50:33.0207 5636 HidBth - ok
16:50:33.0847 5636 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
16:50:33.0847 5636 HidIr - ok
16:50:34.0299 5636 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
16:50:34.0299 5636 HidUsb - ok
16:50:34.0908 5636 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
16:50:34.0908 5636 HpCISSs - ok
16:50:35.0501 5636 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
16:50:35.0501 5636 HSFHWAZL - ok
16:50:36.0047 5636 HSF_DPV (fadd7095163cb3cb4073793ebb50fe75) C:\Windows\system32\DRIVERS\HSX_DPV.sys
16:50:36.0047 5636 HSF_DPV - ok
16:50:36.0577 5636 HSXHWAZL (058783bedd17615d1fece09f77960436) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
16:50:36.0577 5636 HSXHWAZL - ok
16:50:37.0185 5636 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
16:50:37.0185 5636 HTTP - ok
16:50:37.0607 5636 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
16:50:37.0607 5636 i2omp - ok
16:50:38.0012 5636 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
16:50:38.0012 5636 i8042prt - ok
16:50:38.0543 5636 iaStor (baabb0301949774a66b955c65319635a) C:\Windows\system32\drivers\iastor.sys
16:50:38.0558 5636 iaStor - ok
16:50:39.0198 5636 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
16:50:39.0213 5636 iaStorV - ok
16:50:39.0635 5636 IBMPMDRV (4a8ab38fdf3649c1fe3e9d16bf79927d) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
16:50:39.0635 5636 IBMPMDRV - ok
16:50:40.0929 5636 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
16:50:41.0054 5636 igfx - ok
16:50:41.0616 5636 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
16:50:41.0616 5636 iirsp - ok
16:50:42.0084 5636 IntcHdmiAddService (092a78e9c6f71bf0e22379503b90e800) C:\Windows\system32\drivers\IntcHdmi.sys
16:50:42.0084 5636 IntcHdmiAddService - ok
16:50:42.0552 5636 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
16:50:42.0552 5636 intelide - ok
16:50:43.0098 5636 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
16:50:43.0098 5636 intelppm - ok
16:50:43.0628 5636 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:50:43.0628 5636 IpFilt
-
AVENGER
- Download The Avenger by Swandog46 from here (http://swandog46.geekstogo.com/avenger2/download.php).
- Unzip/extract it to a folder on your desktop.
- Double click on avenger.exe to run The Avenger.
- Click OK.
- Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
- Click the Execute button.
- You will be asked No script has been entered. Do you want to execute a rootkit scan only?.
- Click Yes.
- You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
- Click Yes.
- Your PC will now be rebooted.
- After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).
- Please post this log in your next reply.
Now, please try to run ComboFix again. If it still doesn't run, please try to run it in Safe Mode.
-
16:45:36.0638 1256 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
16:45:36.0716 1256 ============================================================
16:45:36.0716 1256 Current date / time: 2012/02/09 16:45:36.0716
16:45:36.0716 1256 SystemInfo:
16:45:36.0716 1256
16:45:36.0716 1256 OS Version: 6.0.6002 ServicePack: 2.0
16:45:36.0716 1256 Product type: Workstation
16:45:36.0716 1256 ComputerName: COSTA-PC
16:45:36.0731 1256 UserName: Costa
16:45:36.0731 1256 Windows directory: C:\Windows
16:45:36.0731 1256 System windows directory: C:\Windows
16:45:36.0731 1256 Processor architecture: Intel x86
16:45:36.0731 1256 Number of processors: 2
16:45:36.0731 1256 Page size: 0x1000
16:45:36.0731 1256 Boot type: Normal boot
16:45:36.0731 1256 ============================================================
16:45:38.0057 1256 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:45:38.0088 1256 Drive \Device\Harddisk1\DR1 - Size: 0x1DD180000 (7.45 Gb), SectorSize: 0x200, Cylinders: 0x3CD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:45:38.0088 1256 \Device\Harddisk0\DR0:
16:45:38.0088 1256 MBR used
16:45:38.0088 1256 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2EE000
16:45:38.0088 1256 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x113A27F8
16:45:38.0088 1256 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x11691000, BlocksNum 0x1388000
16:45:38.0088 1256 \Device\Harddisk1\DR1:
16:45:38.0088 1256 MBR used
16:45:38.0088 1256 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0xEE8BE0
16:45:38.0510 1256 Initialize success
16:45:38.0510 1256 ============================================================
16:45:41.0505 2876 ============================================================
16:45:41.0505 2876 Scan started
16:45:41.0505 2876 Mode: Manual;
16:45:41.0505 2876 ============================================================
16:45:49.0164 2876 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
16:45:49.0492 2876 ACPI - ok
16:45:50.0709 2876 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
16:45:50.0724 2876 adp94xx - ok
16:45:51.0785 2876 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
16:45:51.0801 2876 adpahci - ok
16:45:52.0768 2876 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
16:45:52.0815 2876 adpu160m - ok
16:45:53.0891 2876 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
16:45:53.0907 2876 adpu320 - ok
16:45:54.0656 2876 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
16:45:54.0656 2876 AFD - ok
16:45:55.0685 2876 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
16:45:55.0716 2876 agp440 - ok
16:45:56.0824 2876 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
16:45:56.0933 2876 aic78xx - ok
16:45:57.0773 2876 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
16:45:57.0835 2876 aliide - ok
16:45:58.0974 2876 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
16:45:58.0990 2876 amdagp - ok
16:45:59.0910 2876 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
16:45:59.0926 2876 amdide - ok
16:46:00.0706 2876 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
16:46:00.0737 2876 AmdK7 - ok
16:46:01.0735 2876 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
16:46:01.0782 2876 AmdK8 - ok
16:46:02.0843 2876 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
16:46:02.0890 2876 arc - ok
16:46:04.0013 2876 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
16:46:04.0028 2876 arcsas - ok
16:46:04.0325 2876 ASMMAP (7b4d08d2017ac06689d422e06c43f0aa) C:\Program Files\Lenovo\ATK Hotkey\ASMMAP.sys
16:46:04.0340 2876 ASMMAP - ok
16:46:05.0744 2876 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
16:46:05.0776 2876 AsyncMac - ok
16:46:06.0836 2876 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
16:46:06.0868 2876 atapi - ok
16:46:08.0209 2876 athr (4df523f49694b2884f8e5d870bf3e253) C:\Windows\system32\DRIVERS\athr.sys
16:46:08.0818 2876 athr - ok
16:46:11.0220 2876 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
16:46:11.0251 2876 Beep - ok
16:46:12.0125 2876 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
16:46:12.0172 2876 blbdrive - ok
16:46:12.0967 2876 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
16:46:12.0998 2876 bowser - ok
16:46:14.0090 2876 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
16:46:14.0106 2876 BrFiltLo - ok
16:46:14.0995 2876 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
16:46:15.0026 2876 BrFiltUp - ok
16:46:15.0916 2876 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
16:46:15.0947 2876 Brserid - ok
16:46:16.0680 2876 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
16:46:16.0696 2876 BrSerWdm - ok
16:46:17.0632 2876 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
16:46:17.0647 2876 BrUsbMdm - ok
16:46:18.0458 2876 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
16:46:18.0474 2876 BrUsbSer - ok
16:46:19.0348 2876 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
16:46:19.0363 2876 BTHMODEM - ok
16:46:19.0675 2876 catchme - ok
16:46:20.0596 2876 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
16:46:20.0642 2876 cdfs - ok
16:46:21.0781 2876 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
16:46:21.0812 2876 cdrom - ok
16:46:22.0390 2876 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
16:46:22.0405 2876 circlass - ok
16:46:23.0404 2876 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
16:46:23.0435 2876 CLFS - ok
16:46:24.0418 2876 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
16:46:24.0418 2876 CmBatt - ok
16:46:25.0010 2876 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
16:46:25.0010 2876 cmdide - ok
16:46:26.0165 2876 CnxtHdAudService (2e3e4579b4299c528de109b3ce4294ac) C:\Windows\system32\drivers\CHDRT32.sys
16:46:26.0165 2876 CnxtHdAudService - ok
16:46:26.0945 2876 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
16:46:26.0945 2876 Compbatt - ok
16:46:28.0130 2876 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
16:46:28.0146 2876 crcdisk - ok
16:46:29.0347 2876 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
16:46:29.0347 2876 Crusoe - ok
16:46:30.0065 2876 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
16:46:30.0080 2876 DfsC - ok
16:46:31.0282 2876 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
16:46:31.0328 2876 disk - ok
16:46:32.0405 2876 DLABMFSM (5b149ccfe275f4de0b4b8ec6b9f6821e) C:\Windows\system32\DLA\DLABMFSM.SYS
16:46:32.0405 2876 DLABMFSM - ok
16:46:33.0122 2876 DLABOIOM (ad4cb3d783634c90a9d0ce360933a63c) C:\Windows\system32\DLA\DLABOIOM.SYS
16:46:33.0138 2876 DLABOIOM - ok
16:46:34.0090 2876 DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\Windows\system32\Drivers\DLACDBHM.SYS
16:46:34.0105 2876 DLACDBHM - ok
16:46:34.0838 2876 DLADResM (93d03238cc3f0ee3c0b3985d110ec575) C:\Windows\system32\DLA\DLADResM.SYS
16:46:34.0854 2876 DLADResM - ok
16:46:35.0384 2876 DLAIFS_M (6a82f77c4a6f5235bf352f0028e2ef52) C:\Windows\system32\DLA\DLAIFS_M.SYS
16:46:35.0400 2876 DLAIFS_M - ok
16:46:36.0164 2876 DLAOPIOM (0e6052c0ada37504896a847231a3907d) C:\Windows\system32\DLA\DLAOPIOM.SYS
16:46:36.0180 2876 DLAOPIOM - ok
16:46:37.0334 2876 DLAPoolM (29670bb4e2b973c5b55a76107d4910b2) C:\Windows\system32\DLA\DLAPoolM.SYS
16:46:37.0350 2876 DLAPoolM - ok
16:46:37.0943 2876 DLARTL_M (77fe51f0f8d86804cb81f6ef6bfb86dd) C:\Windows\system32\Drivers\DLARTL_M.SYS
16:46:37.0943 2876 DLARTL_M - ok
16:46:38.0660 2876 DLAUDFAM (6b087732b86c1d866d69dbbe463ea90a) C:\Windows\system32\DLA\DLAUDFAM.SYS
16:46:38.0692 2876 DLAUDFAM - ok
16:46:39.0175 2876 DLAUDF_M (bbeecb95f2841ae4a3e3690d46d7153d) C:\Windows\system32\DLA\DLAUDF_M.SYS
16:46:39.0222 2876 DLAUDF_M - ok
16:46:40.0033 2876 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
16:46:40.0064 2876 drmkaud - ok
16:46:41.0016 2876 DRVMCDB (83106585494d5eb96f59187200c144bd) C:\Windows\system32\Drivers\DRVMCDB.SYS
16:46:41.0032 2876 DRVMCDB - ok
16:46:41.0437 2876 DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\Windows\system32\Drivers\DRVNDDM.SYS
16:46:41.0437 2876 DRVNDDM - ok
16:46:42.0295 2876 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
16:46:42.0436 2876 DXGKrnl - ok
16:46:43.0325 2876 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
16:46:43.0387 2876 e1express - ok
16:46:44.0308 2876 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
16:46:44.0354 2876 E1G60 - ok
16:46:45.0025 2876 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
16:46:45.0025 2876 Ecache - ok
16:46:46.0086 2876 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
16:46:46.0180 2876 elxstor - ok
16:46:46.0960 2876 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
16:46:46.0960 2876 ErrDev - ok
16:46:48.0442 2876 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
16:46:48.0504 2876 exfat - ok
16:46:49.0549 2876 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
16:46:49.0596 2876 fastfat - ok
16:46:50.0875 2876 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
16:46:50.0891 2876 fdc - ok
16:46:51.0780 2876 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
16:46:51.0811 2876 FileInfo - ok
16:46:52.0482 2876 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
16:46:52.0498 2876 Filetrace - ok
16:46:53.0137 2876 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
16:46:53.0137 2876 flpydisk - ok
16:46:53.0824 2876 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
16:46:53.0886 2876 FltMgr - ok
16:46:54.0635 2876 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
16:46:54.0650 2876 Fs_Rec - ok
16:46:55.0399 2876 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
16:46:55.0430 2876 gagp30kx - ok
16:46:56.0195 2876 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:46:56.0195 2876 GEARAspiWDM - ok
16:46:57.0022 2876 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
16:46:57.0068 2876 HdAudAddService - ok
16:46:58.0363 2876 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:46:58.0441 2876 HDAudBus - ok
16:46:59.0330 2876 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
16:46:59.0408 2876 HidBth - ok
16:47:00.0251 2876 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
16:47:00.0282 2876 HidIr - ok
16:47:01.0156 2876 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
16:47:01.0171 2876 HidUsb - ok
16:47:02.0060 2876 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
16:47:02.0092 2876 HpCISSs - ok
16:47:02.0965 2876 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
16:47:03.0028 2876 HSFHWAZL - ok
16:47:04.0385 2876 HSF_DPV (fadd7095163cb3cb4073793ebb50fe75) C:\Windows\system32\DRIVERS\HSX_DPV.sys
16:47:04.0510 2876 HSF_DPV - ok
16:47:05.0212 2876 HSXHWAZL (058783bedd17615d1fece09f77960436) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
16:47:05.0274 2876 HSXHWAZL - ok
16:47:05.0882 2876 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
16:47:05.0882 2876 HTTP - ok
16:47:06.0382 2876 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
16:47:06.0413 2876 i2omp - ok
16:47:07.0302 2876 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
16:47:07.0333 2876 i8042prt - ok
16:47:08.0238 2876 iaStor (baabb0301949774a66b955c65319635a) C:\Windows\system32\drivers\iastor.sys
16:47:08.0254 2876 iaStor - ok
16:47:09.0205 2876 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
16:47:09.0252 2876 iaStorV - ok
16:47:10.0235 2876 IBMPMDRV (4a8ab38fdf3649c1fe3e9d16bf79927d) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
16:47:10.0250 2876 IBMPMDRV - ok
16:47:12.0216 2876 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
16:47:14.0774 2876 igfx - ok
16:47:15.0695 2876 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
16:47:15.0710 2876 iirsp - ok
16:47:16.0288 2876 IntcHdmiAddService (092a78e9c6f71bf0e22379503b90e800) C:\Windows\system32\drivers\IntcHdmi.sys
16:47:16.0303 2876 IntcHdmiAddService - ok
16:47:16.0756 2876 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
16:47:16.0756 2876 intelide - ok
16:47:17.0614 2876 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
16:47:17.0614 2876 intelppm - ok
16:47:18.0456 2876 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:47:18.0472 2876 IpFilterDriver - ok
16:47:18.0846 2876 IpInIp - ok
16:47:19.0423 2876 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
16:47:19.0423 2876 IPMIDRV - ok
16:47:19.0829 2876 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
16:47:19.0860 2876 IPNAT - ok
16:47:20.0624 2876 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
16:47:20.0687 2876 IRENUM - ok
16:47:21.0623 2876 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
16:47:21.0654 2876 isapnp - ok
16:47:22.0450 2876 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
16:47:22.0481 2876 iScsiPrt - ok
16:47:23.0089 2876 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
16:47:23.0105 2876 iteatapi - ok
16:47:23.0994 2876 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
16:47:24.0010 2876 iteraid - ok
16:47:24.0852 2876 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
16:47:24.0852 2876 kbdclass - ok
16:47:25.0694 2876 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
16:47:25.0710 2876 kbdhid - ok
16:47:26.0521 2876 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
16:47:26.0584 2876 KSecDD - ok
16:47:27.0863 2876 lenovo.smi (3c3f7f424e324c6971632c5de5ff458f) C:\Windows\system32\DRIVERS\smiif32.sys
16:47:27.0878 2876 lenovo.smi - ok
16:47:28.0549 2876 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
16:47:28.0565 2876 lltdio - ok
16:47:29.0345 2876 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
16:47:29.0392 2876 LSI_FC - ok
16:47:30.0234 2876 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
16:47:30.0265 2876 LSI_SAS - ok
16:47:31.0342 2876 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
16:47:31.0373 2876 LSI_SCSI - ok
16:47:32.0168 2876 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
16:47:32.0200 2876 luafv - ok
16:47:33.0011 2876 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
16:47:33.0026 2876 mdmxsdk - ok
16:47:33.0822 2876 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
16:47:34.0118 2876 megasas - ok
16:47:35.0054 2876 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
16:47:35.0070 2876 MegaSR - ok
16:47:35.0912 2876 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
16:47:35.0912 2876 Modem - ok
16:47:36.0630 2876 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
16:47:36.0630 2876 monitor - ok
16:47:37.0238 2876 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
16:47:37.0254 2876 mouclass - ok
16:47:38.0018 2876 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
16:47:38.0050 2876 mouhid - ok
16:47:38.0689 2876 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
16:47:38.0705 2876 MountMgr - ok
16:47:39.0578 2876 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
16:47:39.0625 2876 mpio - ok
16:47:40.0358 2876 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
16:47:40.0390 2876 mpsdrv - ok
16:47:41.0154 2876 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
16:47:41.0185 2876 Mraid35x - ok
16:47:41.0622 2876 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
16:47:41.0638 2876 MRxDAV - ok
16:47:42.0480 2876 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:47:42.0496 2876 mrxsmb - ok
16:47:43.0666 2876 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:47:43.0744 2876 mrxsmb10 - ok
16:47:44.0540 2876 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:47:44.0556 2876 mrxsmb20 - ok
16:47:45.0071 2876 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
16:47:45.0117 2876 msahci - ok
16:47:45.0741 2876 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
16:47:45.0773 2876 msdsm - ok
16:47:46.0584 2876 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
16:47:46.0615 2876 Msfs - ok
16:47:47.0489 2876 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
16:47:47.0520 2876 msisadrv - ok
16:47:48.0456 2876 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
16:47:48.0487 2876 MSKSSRV - ok
16:47:49.0298 2876 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
16:47:49.0345 2876 MSPCLOCK - ok
16:47:50.0297 2876 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
16:47:50.0328 2876 MSPQM - ok
16:47:51.0279 2876 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
16:47:51.0326 2876 MsRPC - ok
16:47:52.0215 2876 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
16:47:52.0215 2876 mssmbios - ok
16:47:53.0292 2876 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
16:47:53.0339 2876 MSTEE - ok
16:47:54.0119 2876 MTsensor (97affa9d95ffe20eee6229bc6be166cf) C:\Windows\system32\DRIVERS\A0101V32.sys
16:47:54.0134 2876 MTsensor - ok
16:47:54.0524 2876 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
16:47:54.0524 2876 Mup - ok
16:47:54.0930 2876 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
16:47:54.0945 2876 NativeWifiP - ok
16:47:55.0757 2876 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
16:47:55.0866 2876 NDIS - ok
16:47:57.0036 2876 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
16:47:57.0067 2876 NdisTapi - ok
16:47:57.0566 2876 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
16:47:57.0566 2876 Ndisuio - ok
16:47:58.0362 2876 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
16:47:58.0377 2876 NdisWan - ok
16:47:59.0142 2876 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
16:47:59.0157 2876 NDProxy - ok
16:48:00.0218 2876 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
16:48:00.0234 2876 NetBIOS - ok
16:48:02.0153 2876 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
16:48:02.0168 2876 netbt - ok
16:48:03.0011 2876 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
16:48:03.0042 2876 nfrd960 - ok
16:48:03.0791 2876 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
16:48:03.0791 2876 Npfs - ok
16:48:04.0742 2876 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
16:48:04.0789 2876 nsiproxy - ok
16:48:05.0585 2876 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
16:48:05.0959 2876 Ntfs - ok
16:48:06.0614 2876 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
16:48:06.0630 2876 ntrigdigi - ok
16:48:07.0332 2876 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
16:48:07.0363 2876 Null - ok
16:48:08.0112 2876 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
16:48:08.0159 2876 nvraid - ok
16:48:09.0126 2876 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
16:48:09.0173 2876 nvstor - ok
16:48:09.0937 2876 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
16:48:09.0984 2876 nv_agp - ok
16:48:10.0764 2876 NwlnkFlt - ok
16:48:11.0637 2876 NwlnkFwd - ok
16:48:12.0417 2876 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
16:48:12.0417 2876 ohci1394 - ok
16:48:13.0369 2876 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
16:48:13.0431 2876 Parport - ok
16:48:14.0321 2876 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
16:48:14.0336 2876 partmgr - ok
16:48:15.0225 2876 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
16:48:15.0241 2876 Parvdm - ok
16:48:16.0193 2876 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
16:48:16.0239 2876 pci - ok
16:48:17.0097 2876 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
16:48:17.0129 2876 pciide - ok
16:48:18.0143 2876 pcmcia (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys
16:48:18.0236 2876 pcmcia - ok
16:48:19.0235 2876 PCTCore (995e6bc3bb92bb4a9eb49a663c43b6cb) C:\Windows\system32\drivers\PCTCore.sys
16:48:19.0281 2876 PCTCore - ok
16:48:20.0108 2876 pctDS (f820b4c61d1e591325b679d479d4eea4) C:\Windows\system32\drivers\pctDS.sys
16:48:20.0171 2876 pctDS - ok
16:48:21.0185 2876 pctEFA (acc8c15f3d59f17c5d903ff1de3b43d3) C:\Windows\system32\drivers\pctEFA.sys
16:48:21.0278 2876 pctEFA - ok
16:48:22.0433 2876 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
16:48:22.0698 2876 PEAUTH - ok
16:48:23.0634 2876 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
16:48:23.0649 2876 PptpMiniport - ok
16:48:24.0461 2876 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
16:48:24.0507 2876 Processor - ok
16:48:25.0428 2876 psadd (f8a25f1dd8b2c332cbc663e3579566e7) C:\Windows\system32\DRIVERS\psadd.sys
16:48:25.0537 2876 psadd - ok
16:48:25.0989 2876 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
16:48:26.0021 2876 PSched - ok
16:48:26.0801 2876 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
16:48:26.0832 2876 PxHelp20 - ok
16:48:27.0939 2876 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
16:48:28.0127 2876 ql2300 - ok
16:48:28.0922 2876 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
16:48:28.0953 2876 ql40xx - ok
16:48:30.0030 2876 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
16:48:30.0061 2876 QWAVEdrv - ok
16:48:30.0950 2876 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
16:48:30.0981 2876 RasAcd - ok
16:48:31.0902 2876 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:48:31.0964 2876 Rasl2tp - ok
16:48:32.0822 2876 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
16:48:32.0853 2876 RasPppoe - ok
16:48:33.0477 2876 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
16:48:33.0493 2876 RasSstp - ok
16:48:34.0289 2876 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
16:48:34.0367 2876 rdbss - ok
16:48:35.0287 2876 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:48:35.0287 2876 RDPCDD - ok
16:48:36.0192 2876 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
16:48:36.0254 2876 rdpdr - ok
16:48:37.0190 2876 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
16:48:37.0206 2876 RDPENCDD - ok
16:48:38.0095 2876 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
16:48:38.0126 2876 RDPWD - ok
16:48:39.0000 2876 rimmptsk (a5b12a4b3b774432db9b9fa221190e59) C:\Windows\system32\DRIVERS\rimmptsk.sys
16:48:39.0000 2876 rimmptsk - ok
16:48:39.0749 2876 rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys
16:48:39.0764 2876 rimsptsk - ok
16:48:40.0529 2876 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
16:48:40.0544 2876 rismxdp - ok
16:48:41.0324 2876 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
16:48:41.0355 2876 rspndr - ok
16:48:42.0120 2876 RTL8169 (7157e70a90cce49deb8885d23a073a39) C:\Windows\system32\DRIVERS\Rtlh86.sys
16:48:42.0135 2876 RTL8169 - ok
16:48:42.0369 2876 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
16:48:42.0385 2876 SASDIFSV - ok
16:48:42.0510 2876 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
16:48:42.0525 2876 SASKUTIL - ok
16:48:42.0915 2876 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
16:48:42.0915 2876 sbp2port - ok
16:48:43.0399 2876 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
16:48:43.0415 2876 sdbus - ok
16:48:44.0132 2876 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
16:48:44.0132 2876 secdrv - ok
16:48:44.0585 2876 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
16:48:44.0585 2876 Serenum - ok
16:48:44.0975 2876 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
16:48:44.0975 2876 Serial - ok
16:48:45.0443 2876 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
16:48:45.0443 2876 sermouse - ok
16:48:45.0926 2876 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
16:48:45.0957 2876 sffdisk - ok
16:48:46.0457 2876 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
16:48:46.0457 2876 sffp_mmc - ok
16:48:46.0831 2876 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
16:48:46.0831 2876 sffp_sd - ok
16:48:47.0408 2876 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
16:48:47.0408 2876 sfloppy - ok
16:48:47.0845 2876 Shockprf (1310c5e81966e86b2ced7ae8ce3d74f1) C:\Windows\system32\DRIVERS\Apsx86.sys
16:48:47.0845 2876 Shockprf - ok
16:48:48.0266 2876 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
16:48:48.0266 2876 sisagp - ok
16:48:48.0703 2876 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
16:48:48.0719 2876 SiSRaid2 - ok
16:48:49.0062 2876 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
16:48:49.0062 2876 SiSRaid4 - ok
16:48:49.0514 2876 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
16:48:49.0530 2876 Smb - ok
16:48:50.0029 2876 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
16:48:50.0045 2876 spldr - ok
16:48:50.0497 2876 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
16:48:50.0497 2876 srv - ok
16:48:51.0137 2876 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
16:48:51.0152 2876 srv2 - ok
16:48:51.0589 2876 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
16:48:51.0589 2876 srvnet - ok
16:48:52.0041 2876 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
16:48:52.0041 2876 swenum - ok
16:48:52.0447 2876 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
16:48:52.0447 2876 Symc8xx - ok
16:48:52.0931 2876 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
16:48:52.0931 2876 Sym_hi - ok
16:48:53.0367 2876 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
16:48:53.0383 2876 Sym_u3 - ok
16:48:53.0960 2876 SynTP (f92350e343b056a83093bc0d8f750f05) C:\Windows\system32\DRIVERS\SynTP.sys
16:48:53.0960 2876 SynTP - ok
16:48:54.0569 2876 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
16:48:54.0600 2876 Tcpip - ok
16:48:55.0099 2876 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
16:48:55.0115 2876 Tcpip6 - ok
16:48:55.0583 2876 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
16:48:55.0583 2876 tcpipreg - ok
16:48:56.0144 2876 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
16:48:56.0175 2876 TDPIPE - ok
16:48:56.0534 2876 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
16:48:56.0534 2876 TDTCP - ok
16:48:56.0877 2876 tdx - ok
16:48:57.0314 2876 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
16:48:57.0330 2876 TermDD - ok
16:48:57.0813 2876 TPDIGIMN (d7a29e343632e2fc5f7ebfc886f12675) C:\Windows\system32\DRIVERS\ApsHM86.sys
16:48:57.0813 2876 TPDIGIMN - ok
16:48:58.0328 2876 TPM (cb258c2f726f1be73c507022be33ebb3) C:\Windows\system32\drivers\tpm.sys
16:48:58.0328 2876 TPM - ok
16:48:58.0781 2876 TPPWRIF (1bd5719ef160e0ab739cd0ff3ba5e298) C:\Windows\system32\drivers\Tppwr32v.sys
16:48:58.0781 2876 TPPWRIF - ok
16:48:59.0264 2876 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:48:59.0264 2876 tssecsrv - ok
16:48:59.0654 2876 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
16:48:59.0654 2876 tunmp - ok
16:49:00.0060 2876 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
16:49:00.0075 2876 tunnel - ok
16:49:00.0512 2876 tvtfilter (49258a02a1e8d304ed88b0f1c56b1738) C:\Windows\system32\DRIVERS\tvtfilter.sys
16:49:00.0512 2876 tvtfilter - ok
16:49:01.0121 2876 tvtumon (fc4d5a1ea9d736907cb547085248199f) C:\Windows\system32\DRIVERS\tvtumon.sys
16:49:01.0121 2876 tvtumon - ok
16:49:01.0542 2876 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
16:49:01.0542 2876 uagp35 - ok
16:49:02.0025 2876 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
16:49:02.0041 2876 udfs - ok
16:49:02.0509 2876 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
16:49:02.0509 2876 uliagpkx - ok
16:49:02.0993 2876 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
16:49:02.0993 2876 uliahci - ok
16:49:03.0461 2876 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
16:49:03.0476 2876 UlSata - ok
16:49:03.0944 2876 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
16:49:03.0944 2876 ulsata2 - ok
16:49:04.0412 2876 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
16:49:04.0428 2876 umbus - ok
16:49:04.0833 2876 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
16:49:04.0865 2876 USBAAPL - ok
16:49:05.0239 2876 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
16:49:05.0239 2876 usbccgp - ok
16:49:05.0645 2876 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
16:49:05.0645 2876 usbcir - ok
16:49:06.0175 2876 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
16:49:06.0175 2876 usbehci - ok
16:49:06.0799 2876 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
16:49:06.0799 2876 usbhub - ok
16:49:07.0220 2876 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
16:49:07.0220 2876 usbohci - ok
16:49:07.0704 2876 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
16:49:07.0719 2876 usbprint - ok
16:49:08.0343 2876 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
16:49:08.0359 2876 usbscan - ok
16:49:09.0155 2876 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:49:09.0155 2876 USBSTOR - ok
16:49:09.0638 2876 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
16:49:09.0638 2876 usbuhci - ok
16:49:10.0122 2876 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
16:49:10.0137 2876 usbvideo - ok
16:49:10.0621 2876 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
16:49:10.0621 2876 vga - ok
16:49:11.0073 2876 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
16:49:11.0089 2876 VgaSave - ok
16:49:11.0557 2876 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
16:49:11.0557 2876 viaagp - ok
16:49:12.0103 2876 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
16:49:12.0103 2876 ViaC7 - ok
16:49:12.0680 2876 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
16:49:12.0680 2876 viaide - ok
16:49:13.0133 2876 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
16:49:13.0148 2876 volmgr - ok
16:49:13.0601 2876 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
16:49:13.0616 2876 volmgrx - ok
16:49:14.0022 2876 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
16:49:14.0022 2876 volsnap - ok
16:49:14.0537 2876 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
16:49:14.0552 2876 vsmraid - ok
16:49:15.0051 2876 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
16:49:15.0067 2876 WacomPen - ok
16:49:15.0488 2876 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:49:15.0488 2876 Wanarp - ok
16:49:15.0535 2876 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:49:15.0535 2876 Wanarpv6 - ok
16:49:15.0925 2876 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
16:49:15.0941 2876 Wd - ok
16:49:16.0393 2876 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
16:49:16.0440 2876 Wdf01000 - ok
16:49:17.0251 2876 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
16:49:17.0282 2876 WimFltr - ok
16:49:17.0984 2876 winachsf (bb9cbaf6ac20452b245c324f1f50ee81) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
16:49:18.0000 2876 winachsf - ok
16:49:18.0827 2876 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:49:18.0858 2876 WmiAcpi - ok
16:49:19.0685 2876 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
16:49:19.0700 2876 WpdUsb - ok
16:49:20.0137 2876 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
16:49:20.0137 2876 ws2ifsl - ok
16:49:20.0589 2876 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:49:20.0589 2876 WUDFRd - ok
16:49:21.0042 2876 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
16:49:21.0042 2876 XAudio - ok
16:49:21.0104 2876 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
16:49:21.0182 2876 \Device\Harddisk0\DR0 - ok
16:49:21.0182 2876 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
16:49:21.0198 2876 \Device\Harddisk1\DR1 - ok
16:49:21.0198 2876 Boot (0x1200) (db22cc3cf933e4bbdc879e17b323bf87) \Device\Harddisk0\DR0\Partition0
16:49:21.0198 2876 \Device\Harddisk0\DR0\Partition0 - ok
16:49:21.0245 2876 Boot (0x1200) (2e8e2d73dfe7b63ffe913ceae517bade) \Device\Harddisk0\DR0\Partition1
16:49:21.0245 2876 \Device\Harddisk0\DR0\Partition1 - ok
16:49:21.0291 2876 Boot (0x1200) (01aec9517935ec23d2e9c0dd7359e4ed) \Device\Harddisk0\DR0\Partition2
16:49:21.0291 2876 \Device\Harddisk0\DR0\Partition2 - ok
16:49:21.0291 2876 Boot (0x1200) (b8f1d9319df78927e391e24460fdfb2a) \Device\Harddisk1\DR1\Partition0
16:49:21.0291 2876 \Device\Harddisk1\DR1\Partition0 - ok
16:49:21.0291 2876 ============================================================
16:49:21.0291 2876 Scan finished
16:49:21.0291 2876 ============================================================
16:49:21.0307 6032 Detected object count: 0
16:49:21.0323 6032 Actual detected object count: 0
16:49:49.0574 5636 ============================================================
16:49:49.0574 5636 Scan started
16:49:49.0574 5636 Mode: Manual;
16:49:49.0574 5636 ============================================================
16:49:51.0462 5636 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
16:49:51.0462 5636 ACPI - ok
16:49:52.0351 5636 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
16:49:52.0367 5636 adp94xx - ok
16:49:53.0209 5636 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
16:49:53.0209 5636 adpahci - ok
16:49:54.0020 5636 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
16:49:54.0020 5636 adpu160m - ok
16:49:54.0379 5636 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
16:49:54.0379 5636 adpu320 - ok
16:49:54.0925 5636 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
16:49:54.0925 5636 AFD - ok
16:49:55.0627 5636 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
16:49:55.0627 5636 agp440 - ok
16:49:56.0251 5636 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
16:49:56.0251 5636 aic78xx - ok
16:49:56.0875 5636 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
16:49:56.0875 5636 aliide - ok
16:49:57.0265 5636 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
16:49:57.0265 5636 amdagp - ok
16:49:57.0733 5636 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
16:49:57.0733 5636 amdide - ok
16:49:58.0154 5636 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
16:49:58.0154 5636 AmdK7 - ok
16:49:58.0856 5636 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
16:49:58.0856 5636 AmdK8 - ok
16:49:59.0901 5636 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
16:49:59.0901 5636 arc - ok
16:50:00.0432 5636 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
16:50:00.0432 5636 arcsas - ok
16:50:00.0635 5636 ASMMAP (7b4d08d2017ac06689d422e06c43f0aa) C:\Program Files\Lenovo\ATK Hotkey\ASMMAP.sys
16:50:00.0635 5636 ASMMAP - ok
16:50:01.0415 5636 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
16:50:01.0415 5636 AsyncMac - ok
16:50:02.0257 5636 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
16:50:02.0273 5636 atapi - ok
16:50:03.0255 5636 athr (4df523f49694b2884f8e5d870bf3e253) C:\Windows\system32\DRIVERS\athr.sys
16:50:03.0271 5636 athr - ok
16:50:03.0817 5636 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
16:50:03.0817 5636 Beep - ok
16:50:04.0675 5636 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
16:50:04.0675 5636 blbdrive - ok
16:50:05.0486 5636 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
16:50:05.0486 5636 bowser - ok
16:50:06.0235 5636 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
16:50:06.0235 5636 BrFiltLo - ok
16:50:06.0937 5636 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
16:50:06.0937 5636 BrFiltUp - ok
16:50:07.0811 5636 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
16:50:07.0811 5636 Brserid - ok
16:50:08.0450 5636 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
16:50:08.0450 5636 BrSerWdm - ok
16:50:08.0903 5636 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
16:50:08.0918 5636 BrUsbMdm - ok
16:50:09.0308 5636 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
16:50:09.0308 5636 BrUsbSer - ok
16:50:09.0792 5636 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
16:50:09.0792 5636 BTHMODEM - ok
16:50:09.0963 5636 catchme - ok
16:50:10.0541 5636 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
16:50:10.0556 5636 cdfs - ok
16:50:11.0149 5636 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
16:50:11.0149 5636 cdrom - ok
16:50:11.0711 5636 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
16:50:11.0726 5636 circlass - ok
16:50:12.0085 5636 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
16:50:12.0101 5636 CLFS - ok
16:50:12.0756 5636 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
16:50:12.0756 5636 CmBatt - ok
16:50:13.0146 5636 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
16:50:13.0146 5636 cmdide - ok
16:50:13.0567 5636 CnxtHdAudService (2e3e4579b4299c528de109b3ce4294ac) C:\Windows\system32\drivers\CHDRT32.sys
16:50:13.0567 5636 CnxtHdAudService - ok
16:50:14.0113 5636 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
16:50:14.0113 5636 Compbatt - ok
16:50:14.0690 5636 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
16:50:14.0690 5636 crcdisk - ok
16:50:15.0174 5636 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
16:50:15.0174 5636 Crusoe - ok
16:50:15.0642 5636 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
16:50:15.0642 5636 DfsC - ok
16:50:16.0266 5636 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
16:50:16.0266 5636 disk - ok
16:50:16.0812 5636 DLABMFSM (5b149ccfe275f4de0b4b8ec6b9f6821e) C:\Windows\system32\DLA\DLABMFSM.SYS
16:50:16.0812 5636 DLABMFSM - ok
16:50:17.0171 5636 DLABOIOM (ad4cb3d783634c90a9d0ce360933a63c) C:\Windows\system32\DLA\DLABOIOM.SYS
16:50:17.0171 5636 DLABOIOM - ok
16:50:17.0763 5636 DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\Windows\system32\Drivers\DLACDBHM.SYS
16:50:17.0763 5636 DLACDBHM - ok
16:50:18.0216 5636 DLADResM (93d03238cc3f0ee3c0b3985d110ec575) C:\Windows\system32\DLA\DLADResM.SYS
16:50:18.0216 5636 DLADResM - ok
16:50:18.0621 5636 DLAIFS_M (6a82f77c4a6f5235bf352f0028e2ef52) C:\Windows\system32\DLA\DLAIFS_M.SYS
16:50:18.0621 5636 DLAIFS_M - ok
16:50:19.0152 5636 DLAOPIOM (0e6052c0ada37504896a847231a3907d) C:\Windows\system32\DLA\DLAOPIOM.SYS
16:50:19.0152 5636 DLAOPIOM - ok
16:50:19.0713 5636 DLAPoolM (29670bb4e2b973c5b55a76107d4910b2) C:\Windows\system32\DLA\DLAPoolM.SYS
16:50:19.0713 5636 DLAPoolM - ok
16:50:20.0197 5636 DLARTL_M (77fe51f0f8d86804cb81f6ef6bfb86dd) C:\Windows\system32\Drivers\DLARTL_M.SYS
16:50:20.0197 5636 DLARTL_M - ok
16:50:20.0759 5636 DLAUDFAM (6b087732b86c1d866d69dbbe463ea90a) C:\Windows\system32\DLA\DLAUDFAM.SYS
16:50:20.0774 5636 DLAUDFAM - ok
16:50:21.0492 5636 DLAUDF_M (bbeecb95f2841ae4a3e3690d46d7153d) C:\Windows\system32\DLA\DLAUDF_M.SYS
16:50:21.0492 5636 DLAUDF_M - ok
16:50:21.0960 5636 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
16:50:21.0960 5636 drmkaud - ok
16:50:22.0443 5636 DRVMCDB (83106585494d5eb96f59187200c144bd) C:\Windows\system32\Drivers\DRVMCDB.SYS
16:50:22.0443 5636 DRVMCDB - ok
16:50:22.0974 5636 DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\Windows\system32\Drivers\DRVNDDM.SYS
16:50:22.0974 5636 DRVNDDM - ok
16:50:23.0504 5636 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
16:50:23.0504 5636 DXGKrnl - ok
16:50:24.0206 5636 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
16:50:24.0206 5636 e1express - ok
16:50:24.0627 5636 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
16:50:24.0627 5636 E1G60 - ok
16:50:25.0127 5636 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
16:50:25.0142 5636 Ecache - ok
16:50:25.0688 5636 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
16:50:25.0704 5636 elxstor - ok
16:50:26.0219 5636 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
16:50:26.0219 5636 ErrDev - ok
16:50:26.0843 5636 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
16:50:26.0843 5636 exfat - ok
16:50:27.0373 5636 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
16:50:27.0373 5636 fastfat - ok
16:50:27.0919 5636 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
16:50:27.0919 5636 fdc - ok
16:50:28.0496 5636 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
16:50:28.0496 5636 FileInfo - ok
16:50:28.0995 5636 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
16:50:28.0995 5636 Filetrace - ok
16:50:29.0463 5636 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
16:50:29.0463 5636 flpydisk - ok
16:50:29.0963 5636 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
16:50:29.0963 5636 FltMgr - ok
16:50:30.0571 5636 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
16:50:30.0571 5636 Fs_Rec - ok
16:50:31.0023 5636 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
16:50:31.0023 5636 gagp30kx - ok
16:50:31.0679 5636 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:50:31.0679 5636 GEARAspiWDM - ok
16:50:32.0131 5636 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
16:50:32.0131 5636 HdAudAddService - ok
16:50:32.0661 5636 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:50:32.0661 5636 HDAudBus - ok
16:50:33.0207 5636 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
16:50:33.0207 5636 HidBth - ok
16:50:33.0847 5636 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
16:50:33.0847 5636 HidIr - ok
16:50:34.0299 5636 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
16:50:34.0299 5636 HidUsb - ok
16:50:34.0908 5636 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
16:50:34.0908 5636 HpCISSs - ok
16:50:35.0501 5636 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
16:50:35.0501 5636 HSFHWAZL - ok
16:50:36.0047 5636 HSF_DPV (fadd7095163cb3cb4073793ebb50fe75) C:\Windows\system32\DRIVERS\HSX_DPV.sys
16:50:36.0047 5636 HSF_DPV - ok
16:50:36.0577 5636 HSXHWAZL (058783bedd17615d1fece09f77960436) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
16:50:36.0577 5636 HSXHWAZL - ok
16:50:37.0185 5636 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
16:50:37.0185 5636 HTTP - ok
16:50:37.0607 5636 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
16:50:37.0607 5636 i2omp - ok
16:50:38.0012 5636 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
16:50:38.0012 5636 i8042prt - ok
16:50:38.0543 5636 iaStor (baabb0301949774a66b955c65319635a) C:\Windows\system32\drivers\iastor.sys
16:50:38.0558 5636 iaStor - ok
16:50:39.0198 5636 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
16:50:39.0213 5636 iaStorV - ok
16:50:39.0635 5636 IBMPMDRV (4a8ab38fdf3649c1fe3e9d16bf79927d) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
16:50:39.0635 5636 IBMPMDRV - ok
16:50:40.0929 5636 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
16:50:41.0054 5636 igfx - ok
16:50:41.0616 5636 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
16:50:41.0616 5636 iirsp - ok
16:50:42.0084 5636 IntcHdmiAddService (092a78e9c6f71bf0e22379503b90e800) C:\Windows\system32\drivers\IntcHdmi.sys
16:50:42.0084 5636 IntcHdmiAddService - ok
16:50:42.0552 5636 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
16:50:42.0552 5636 intelide - ok
16:50:43.0098 5636 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
16:50:43.0098 5636 intelppm - ok
16:50:43.0628 5636 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:50:43.0628 5636 IpFilterDriver - ok
16:50:44.0143 5636 IpInIp - ok
16:50:44.0611 5636 IPMIDRV (b25aaf203552b7b3491139
-
Please run Avenger and post the log.
-
This is Avenger from tonight; will go back for Combofix
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows Vista
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
Completed script processing.
*******************
Finished! Terminate.
-
Here is Combofix
ComboFix 12-02-05.02 - Costa 2012-02-10 22:18:20.3.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.2.1033.18.2013.1159 [GMT -5:00]
Running from: e:\combofix\ComboFix.exe
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
- REDUCED FUNCTIONALITY MODE -
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\LP
c:\program files\LP\1199\5FCB.tmp
c:\program files\LP\1199\71A6.tmp
.
c:\windows\system32\drivers\tdx.sys was missing
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy7_!Windows!System32!drivers!tdx.sys
.
.
((((((((((((((((((((((((( Files Created from 2012-01-11 to 2012-02-11 )))))))))))))))))))))))))))))))
.
.
2012-02-11 03:23 . 2012-02-11 03:27 -------- d-----w- c:\users\Costa\AppData\Local\temp
2012-02-11 03:23 . 2012-02-11 03:23 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-02-11 03:23 . 2012-02-11 03:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-02 00:50 . 2012-02-02 00:50 -------- d-----w- c:\windows\Sun
2012-02-02 00:16 . 2011-11-17 06:48 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-02-02 00:16 . 2011-11-16 16:23 278528 ----a-w- c:\windows\system32\schannel.dll
2012-02-02 00:16 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-02-02 00:16 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll
2012-02-02 00:16 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe
2012-01-28 13:34 . 2012-02-02 03:58 -------- d-----w- c:\program files\0A1FD
2012-01-27 01:56 . 2012-02-02 03:57 -------- d-----w- c:\users\Costa\AppData\Roaming\Xiypyc
2012-01-27 01:56 . 2012-01-27 02:22 -------- d-----w- c:\users\Costa\AppData\Roaming\Bavu
2012-01-27 01:52 . 2012-02-02 03:57 -------- d-----w- c:\users\Costa\AppData\Roaming\0A1FD
2012-01-27 01:52 . 2012-01-27 01:52 98816 ----a-w- c:\users\Costa\AppData\Roaming\Microsoft\1199\E85F.tmp
2012-01-27 01:52 . 2012-02-02 03:58 -------- d-----w- c:\users\Costa\AppData\Roaming\9EB0A
2012-01-27 01:51 . 2012-01-27 01:51 -------- d-----w- c:\users\Costa\AppData\Local\SanctionedMedia
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-27 01:52 . 2011-05-15 22:20 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-06 04:19 . 2012-01-24 13:39 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{13B9286A-88E7-4DE5-8347-EE27386AE36B}\mpengine.dll
2011-12-10 20:24 . 2011-03-06 06:55 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 15:59 . 2012-01-11 18:55 376320 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:37 . 2011-12-15 00:10 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 20:23 . 2012-01-11 18:55 1205064 ----a-w- c:\windows\system32\ntdll.dll
2011-11-18 17:47 . 2012-01-11 18:54 66560 ----a-w- c:\windows\system32\packager.dll
2011-11-16 16:23 . 2012-02-02 00:16 377344 ----a-w- c:\windows\system32\winhttp.dll
2011-11-15 19:29 . 2010-04-11 01:40 222080 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{930f1200-f5f1-4870-bac6-e233ec8e7023}"= "c:\program files\Softonic_English\tbSoft.dll" [2009-11-09 2331672]
.
[HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 17:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
2009-11-09 23:38 2331672 ----a-w- c:\program files\Softonic_English\tbSoft.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{930f1200-f5f1-4870-bac6-e233ec8e7023}"= "c:\program files\Softonic_English\tbSoft.dll" [2009-11-09 2331672]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{930F1200-F5F1-4870-BAC6-E233EC8E7023}"= "c:\program files\Softonic_English\tbSoft.dll" [2009-11-09 2331672]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-09 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-07-30 60192]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-10 1045800]
"TpShocks"="TpShocks.exe" [2008-06-07 181536]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\LVOSDSVC.exe" [2008-03-24 64368]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-06-04 242976]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-05-24 487424]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2008-04-25 244208]
"RoxioDragToDisc"="c:\program files\Lenovo\Drag-to-Disc\DrgToDsc.exe" [2007-03-13 1116920]
"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2007-02-01 419376]
"LPManager"="c:\progra~1\Lenovo\LENOVO~2\LPMGR.exe" [2008-06-08 165208]
"LPMailChecker"="c:\progra~1\Lenovo\LENOVO~2\LPMLCHK.exe" [2008-06-08 124248]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2008-10-26 632096]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BTVLogEx.DLL" [2008-10-26 214576]
"CreateLMBCShortCut"="c:\program files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe" [2009-01-21 36864]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2009-02-21 435488]
"ACWlIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWlIcon.exe" [2009-02-21 165152]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2008-06-25 3077432]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"IdeaNotesUser"="c:\program files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe" [2009-08-24 221872]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2010-09-02 1638400]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520]
"PCTools FGuard"="c:\program files\PC Tools Security\BDT\FGuard.exe" [2011-01-07 108496]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Brother BPRSP.lnk - c:\windows\Installer\{8040527F-DD74-4B45-8A06-C4BF145B6C76}\BrSupSsp.exe_44686FC076524EF5975EF92EE48E2958.exe [2011-5-9 40960]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2010-1-27 323584]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 22:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-01-13 19:53 460872 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyTomTomSA.exe]
2011-11-14 11:02 435672 ----a-w- c:\program files\MyTomTom 3\MyTomTomSA.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-02-18 20:29 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2011-12-05 12:34 247728 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-09 04:06]
.
2012-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-09 04:06]
.
2011-12-05 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PCDR5\pcdr5cuiw32.exe [2008-12-12 23:32]
.
2011-03-09 c:\windows\Tasks\User_Feed_Synchronization-{1DEDB864-CDE5-46C2-A040-FFC9FFB7A4EB}.job
- c:\windows\system32\msfeedssync.exe [2011-04-30 20:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:52162
uSearchURL,(Default) = hxxp://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Costa\AppData\Roaming\Mozilla\Firefox\Profiles\gyi7i6zf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2786678&SearchSource=13
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 52162
FF - prefs.js: network.proxy.type - 1
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Browser Defender Toolbar: {cb84136f-9c44-433a-9048-c5cd9df1dc16} - c:\program files\PC Tools Security\BDT\Firefox
FF - Ext: Conduit Engine : [email protected] - %profile%\extensions\[email protected]
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-10 22:26
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\users\Costa\AppData\Roaming\Apple Computer\Logs\asl.202113_06Feb12.log 6094 bytes
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BFE]
"ImagePath"="NADA"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{930F1200-F5F1-4870-BAC6-E233EC8E7023}"=hex:51,66,7a,6c,4c,1d,38,12,6e,11,1c,
97,c3,bb,1e,0d,c5,d0,a1,73,e9,d0,34,37
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=hex:51,66,7a,6c,4c,1d,38,12,7b,ba,ea,
34,67,f9,48,0d,fd,1d,4b,bb,a3,e3,60,89
"{71576546-354D-41C9-AAE8-31F2EC22BF0D}"=hex:51,66,7a,6c,4c,1d,38,12,28,66,44,
75,7f,7b,a7,04,d5,fe,72,b2,e9,7c,fb,19
"{472734EA-242A-422B-ADF8-83D1E48CC825}"=hex:51,66,7a,6c,4c,1d,38,12,84,37,34,
43,18,6a,45,07,d2,ee,c0,91,e1,d2,8c,31
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}"=hex:51,66,7a,6c,4c,1d,38,12,75,3e,1c,
2e,3b,47,9a,0a,cd,64,23,dc,cb,3e,10,f3
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,
6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2}"=hex:51,66,7a,6c,4c,1d,38,12,38,80,55,
bb,4c,f5,b9,07,e0,03,0c,7b,9e,91,8a,c6
"{C920E44A-7F78-4E64-BDD7-A57026E7FEB7}"=hex:51,66,7a,6c,4c,1d,38,12,24,e7,33,
cd,4a,31,0a,0b,c2,c1,e6,30,23,b9,ba,a3
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:70,6f,40,f8,41,e1,cc,01
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4048)
c:\program files\Lenovo\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Lenovo\Drag-to-Disc\ShellRes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Lenovo\ATK Hotkey\ASLDRSrv.exe
c:\program files\Lenovo\ATK Hotkey\GFNEXSrv.exe
c:\program files\Lenovo\ATK Hotkey\LFKAS.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\PC Tools Security\BDT\BDTUpdateService.exe
c:\program files\DDNI\DIBS\DDNIService.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE
c:\program files\Lenovo\ATK Hotkey\LCONTROL.exe
c:\program files\Lenovo\ATK Hotkey\LFKA.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\System32\TPHDEXLG.exe
c:\program files\LENOVO\HOTKEY\TPHKSVC.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\WUDFHost.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\system32\conime.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\System32\TpShocks.exe
c:\program files\ThinkPad\Utilities\EZEJMNAP.EXE
c:\program files\Lenovo\LenovoCare\LPMGR.EXE
c:\program files\Lenovo\LenovoCare\LPMLCHK.EXE
c:\windows\System32\rundll32.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Synaptics\SynTP\SynTPLpr.exe
c:\brother\BPRSP\resources\BrSupSsp.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\program files\Browny02\BrYNSvc.exe
c:\windows\System32\GfxUI.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\ThinkPad\UTILIT~1\PWMUIAux.exe
.
**************************************************************************
.
Completion time: 2012-02-10 22:35:03 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-11 03:34
ComboFix2.txt 2011-03-09 05:13
.
Pre-Run: 84,261,441,536 bytes free
Post-Run: 84,641,824,768 bytes free
.
- - End Of File - - 1B5F5CCAA2783E66C98331DEBD658322
-
Noticed I am still missing much of the Killer file; attached where it previously left off on post
16:50:45.0110 5636 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
16:50:45.0110 5636 IPNAT - ok
16:50:45.0578 5636 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
16:50:45.0578 5636 IRENUM - ok
16:50:46.0233 5636 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
16:50:46.0249 5636 isapnp - ok
16:50:46.0701 5636 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
16:50:46.0717 5636 iScsiPrt - ok
16:50:47.0216 5636 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
16:50:47.0216 5636 iteatapi - ok
16:50:47.0715 5636 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
16:50:47.0715 5636 iteraid - ok
16:50:48.0137 5636 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
16:50:48.0137 5636 kbdclass - ok
16:50:48.0573 5636 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
16:50:48.0573 5636 kbdhid - ok
16:50:49.0104 5636 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
16:50:49.0104 5636 KSecDD - ok
16:50:49.0650 5636 lenovo.smi (3c3f7f424e324c6971632c5de5ff458f) C:\Windows\system32\DRIVERS\smiif32.sys
16:50:49.0650 5636 lenovo.smi - ok
16:50:50.0009 5636 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
16:50:50.0009 5636 lltdio - ok
16:50:50.0695 5636 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
16:50:50.0695 5636 LSI_FC - ok
16:50:51.0194 5636 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
16:50:51.0194 5636 LSI_SAS - ok
16:50:51.0990 5636 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
16:50:51.0990 5636 LSI_SCSI - ok
16:50:52.0723 5636 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
16:50:52.0723 5636 luafv - ok
16:50:53.0300 5636 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
16:50:53.0300 5636 mdmxsdk - ok
16:50:53.0768 5636 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
16:50:53.0784 5636 megasas - ok
16:50:54.0704 5636 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
16:50:54.0704 5636 MegaSR - ok
16:50:55.0297 5636 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
16:50:55.0313 5636 Modem - ok
16:50:55.0859 5636 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
16:50:55.0859 5636 monitor - ok
16:50:56.0280 5636 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
16:50:56.0280 5636 mouclass - ok
16:50:56.0826 5636 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
16:50:56.0841 5636 mouhid - ok
16:50:57.0403 5636 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
16:50:57.0403 5636 MountMgr - ok
16:50:57.0855 5636 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
16:50:57.0871 5636 mpio - ok
16:50:58.0292 5636 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
16:50:58.0292 5636 mpsdrv - ok
16:50:58.0885 5636 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
16:50:58.0885 5636 Mraid35x - ok
16:50:59.0478 5636 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
16:50:59.0478 5636 MRxDAV - ok
16:50:59.0946 5636 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:50:59.0946 5636 mrxsmb - ok
16:51:00.0383 5636 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:51:00.0398 5636 mrxsmb10 - ok
16:51:00.0960 5636 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:51:00.0960 5636 mrxsmb20 - ok
16:51:01.0365 5636 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
16:51:01.0365 5636 msahci - ok
16:51:02.0067 5636 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
16:51:02.0067 5636 msdsm - ok
16:51:02.0520 5636 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
16:51:02.0520 5636 Msfs - ok
16:51:02.0957 5636 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
16:51:02.0957 5636 msisadrv - ok
16:51:03.0456 5636 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
16:51:03.0456 5636 MSKSSRV - ok
16:51:04.0111 5636 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
16:51:04.0111 5636 MSPCLOCK - ok
16:51:04.0641 5636 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
16:51:04.0641 5636 MSPQM - ok
16:51:05.0094 5636 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
16:51:05.0094 5636 MsRPC - ok
16:51:05.0562 5636 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
16:51:05.0562 5636 mssmbios - ok
16:51:06.0123 5636 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
16:51:06.0123 5636 MSTEE - ok
16:51:06.0560 5636 MTsensor (97affa9d95ffe20eee6229bc6be166cf) C:\Windows\system32\DRIVERS\A0101V32.sys
16:51:06.0560 5636 MTsensor - ok
16:51:07.0091 5636 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
16:51:07.0091 5636 Mup - ok
16:51:07.0527 5636 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
16:51:07.0543 5636 NativeWifiP - ok
16:51:08.0027 5636 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
16:51:08.0027 5636 NDIS - ok
16:51:08.0619 5636 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
16:51:08.0619 5636 NdisTapi - ok
16:51:09.0119 5636 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
16:51:09.0119 5636 Ndisuio - ok
16:51:09.0524 5636 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
16:51:09.0524 5636 NdisWan - ok
16:51:09.0977 5636 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
16:51:09.0977 5636 NDProxy - ok
16:51:10.0460 5636 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
16:51:10.0460 5636 NetBIOS - ok
16:51:10.0991 5636 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
16:51:10.0991 5636 netbt - ok
16:51:11.0474 5636 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
16:51:11.0474 5636 nfrd960 - ok
16:51:12.0067 5636 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
16:51:12.0067 5636 Npfs - ok
16:51:12.0722 5636 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
16:51:12.0722 5636 nsiproxy - ok
16:51:13.0143 5636 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
16:51:13.0159 5636 Ntfs - ok
16:51:13.0674 5636 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
16:51:13.0674 5636 ntrigdigi - ok
16:51:14.0220 5636 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
16:51:14.0220 5636 Null - ok
16:51:14.0828 5636 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
16:51:14.0828 5636 nvraid - ok
16:51:15.0390 5636 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
16:51:15.0390 5636 nvstor - ok
16:51:15.0920 5636 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
16:51:15.0936 5636 nv_agp - ok
16:51:16.0513 5636 NwlnkFlt - ok
16:51:16.0997 5636 NwlnkFwd - ok
16:51:17.0480 5636 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
16:51:17.0496 5636 ohci1394 - ok
16:51:18.0198 5636 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
16:51:18.0198 5636 Parport - ok
16:51:18.0635 5636 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
16:51:18.0635 5636 partmgr - ok
16:51:19.0165 5636 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
16:51:19.0165 5636 Parvdm - ok
16:51:19.0649 5636 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
16:51:19.0649 5636 pci - ok
16:51:20.0351 5636 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
16:51:20.0351 5636 pciide - ok
16:51:20.0834 5636 pcmcia (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys
16:51:20.0834 5636 pcmcia - ok
16:51:21.0443 5636 PCTCore (995e6bc3bb92bb4a9eb49a663c43b6cb) C:\Windows\system32\drivers\PCTCore.sys
16:51:21.0443 5636 PCTCore - ok
16:51:21.0973 5636 pctDS (f820b4c61d1e591325b679d479d4eea4) C:\Windows\system32\drivers\pctDS.sys
16:51:21.0973 5636 pctDS - ok
16:51:22.0519 5636 pctEFA (acc8c15f3d59f17c5d903ff1de3b43d3) C:\Windows\system32\drivers\pctEFA.sys
16:51:22.0535 5636 pctEFA - ok
16:51:23.0096 5636 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
16:51:23.0112 5636 PEAUTH - ok
16:51:23.0705 5636 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
16:51:23.0705 5636 PptpMiniport - ok
16:51:24.0219 5636 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
16:51:24.0219 5636 Processor - ok
16:51:24.0797 5636 psadd (f8a25f1dd8b2c332cbc663e3579566e7) C:\Windows\system32\DRIVERS\psadd.sys
16:51:24.0812 5636 psadd - ok
16:51:25.0483 5636 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
16:51:25.0483 5636 PSched - ok
16:51:25.0904 5636 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
16:51:25.0904 5636 PxHelp20 - ok
16:51:26.0528 5636 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
16:51:26.0544 5636 ql2300 - ok
16:51:27.0137 5636 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
16:51:27.0137 5636 ql40xx - ok
16:51:27.0636 5636 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
16:51:27.0636 5636 QWAVEdrv - ok
16:51:28.0073 5636 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
16:51:28.0073 5636 RasAcd - ok
16:51:28.0619 5636 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:51:28.0619 5636 Rasl2tp - ok
16:51:29.0133 5636 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
16:51:29.0149 5636 RasPppoe - ok
16:51:29.0648 5636 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
16:51:29.0648 5636 RasSstp - ok
16:51:30.0179 5636 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
16:51:30.0179 5636 rdbss - ok
16:51:30.0709 5636 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:51:30.0709 5636 RDPCDD - ok
16:51:31.0271 5636 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
16:51:31.0271 5636 rdpdr - ok
16:51:31.0832 5636 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
16:51:31.0832 5636 RDPENCDD - ok
16:51:32.0363 5636 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
16:51:32.0363 5636 RDPWD - ok
16:51:32.0893 5636 rimmptsk (a5b12a4b3b774432db9b9fa221190e59) C:\Windows\system32\DRIVERS\rimmptsk.sys
16:51:32.0893 5636 rimmptsk - ok
16:51:33.0392 5636 rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys
16:51:33.0392 5636 rimsptsk - ok
16:51:33.0923 5636 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
16:51:33.0923 5636 rismxdp - ok
16:51:34.0469 5636 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
16:51:34.0469 5636 rspndr - ok
16:51:35.0077 5636 RTL8169 (7157e70a90cce49deb8885d23a073a39) C:\Windows\system32\DRIVERS\Rtlh86.sys
16:51:35.0077 5636 RTL8169 - ok
16:51:35.0249 5636 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
16:51:35.0264 5636 SASDIFSV - ok
16:51:35.0280 5636 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
16:51:35.0280 5636 SASKUTIL - ok
16:51:35.0732 5636 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
16:51:35.0732 5636 sbp2port - ok
16:51:36.0341 5636 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
16:51:36.0341 5636 sdbus - ok
16:51:36.0809 5636 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
16:51:36.0809 5636 secdrv - ok
16:51:37.0448 5636 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
16:51:37.0448 5636 Serenum - ok
16:51:38.0228 5636 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
16:51:38.0228 5636 Serial - ok
16:51:38.0837 5636 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
16:51:38.0837 5636 sermouse - ok
16:51:39.0273 5636 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
16:51:39.0273 5636 sffdisk - ok
16:51:39.0757 5636 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
16:51:39.0757 5636 sffp_mmc - ok
16:51:40.0225 5636 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
16:51:40.0225 5636 sffp_sd - ok
16:51:40.0740 5636 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
16:51:40.0740 5636 sfloppy - ok
16:51:41.0255 5636 Shockprf (1310c5e81966e86b2ced7ae8ce3d74f1) C:\Windows\system32\DRIVERS\Apsx86.sys
16:51:41.0255 5636 Shockprf - ok
16:51:41.0613 5636 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
16:51:41.0613 5636 sisagp - ok
16:51:42.0050 5636 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
16:51:42.0050 5636 SiSRaid2 - ok
16:51:42.0549 5636 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
16:51:42.0549 5636 SiSRaid4 - ok
16:51:43.0049 5636 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
16:51:43.0049 5636 Smb - ok
16:51:43.0548 5636 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
16:51:43.0548 5636 spldr - ok
16:51:44.0063 5636 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
16:51:44.0063 5636 srv - ok
16:51:44.0437 5636 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
16:51:44.0453 5636 srv2 - ok
16:51:44.0827 5636 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
16:51:44.0827 5636 srvnet - ok
16:51:45.0248 5636 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
16:51:45.0248 5636 swenum - ok
16:51:45.0654 5636 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
16:51:45.0654 5636 Symc8xx - ok
16:51:46.0200 5636 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
16:51:46.0200 5636 Sym_hi - ok
16:51:46.0559 5636 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
16:51:46.0559 5636 Sym_u3 - ok
16:51:47.0073 5636 SynTP (f92350e343b056a83093bc0d8f750f05) C:\Windows\system32\DRIVERS\SynTP.sys
16:51:47.0073 5636 SynTP - ok
16:51:47.0682 5636 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
16:51:47.0682 5636 Tcpip - ok
16:51:48.0134 5636 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
16:51:48.0150 5636 Tcpip6 - ok
16:51:48.0587 5636 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
16:51:48.0587 5636 tcpipreg - ok
16:51:48.0977 5636 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
16:51:48.0992 5636 TDPIPE - ok
16:51:49.0491 5636 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
16:51:49.0491 5636 TDTCP - ok
16:51:49.0944 5636 tdx - ok
16:51:50.0271 5636 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
16:51:50.0271 5636 TermDD - ok
16:51:50.0849 5636 TPDIGIMN (d7a29e343632e2fc5f7ebfc886f12675) C:\Windows\system32\DRIVERS\ApsHM86.sys
16:51:50.0849 5636 TPDIGIMN - ok
16:51:51.0176 5636 TPM (cb258c2f726f1be73c507022be33ebb3) C:\Windows\system32\drivers\tpm.sys
16:51:51.0176 5636 TPM - ok
16:51:51.0535 5636 TPPWRIF (1bd5719ef160e0ab739cd0ff3ba5e298) C:\Windows\system32\drivers\Tppwr32v.sys
16:51:51.0535 5636 TPPWRIF - ok
16:51:51.0987 5636 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:51:51.0987 5636 tssecsrv - ok
16:51:52.0393 5636 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
16:51:52.0393 5636 tunmp - ok
16:51:52.0783 5636 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
16:51:52.0783 5636 tunnel - ok
16:51:53.0189 5636 tvtfilter (49258a02a1e8d304ed88b0f1c56b1738) C:\Windows\system32\DRIVERS\tvtfilter.sys
16:51:53.0189 5636 tvtfilter - ok
16:51:53.0610 5636 tvtumon (fc4d5a1ea9d736907cb547085248199f) C:\Windows\system32\DRIVERS\tvtumon.sys
16:51:53.0610 5636 tvtumon - ok
16:51:54.0140 5636 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
16:51:54.0140 5636 uagp35 - ok
16:51:54.0717 5636 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
16:51:54.0717 5636 udfs - ok
16:51:55.0185 5636 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
16:51:55.0185 5636 uliagpkx - ok
16:51:55.0981 5636 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
16:51:55.0981 5636 uliahci - ok
16:51:56.0418 5636 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
16:51:56.0418 5636 UlSata - ok
16:51:56.0917 5636 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
16:51:56.0917 5636 ulsata2 - ok
16:51:57.0369 5636 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
16:51:57.0369 5636 umbus - ok
16:51:57.0947 5636 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
16:51:57.0947 5636 USBAAPL - ok
16:51:58.0571 5636 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
16:51:58.0571 5636 usbccgp - ok
16:51:59.0039 5636 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
16:51:59.0039 5636 usbcir - ok
16:51:59.0553 5636 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
16:51:59.0553 5636 usbehci - ok
16:52:00.0193 5636 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
16:52:00.0193 5636 usbhub - ok
16:52:00.0895 5636 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
16:52:00.0911 5636 usbohci - ok
16:52:01.0332 5636 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
16:52:01.0332 5636 usbprint - ok
16:52:01.0878 5636 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
16:52:01.0878 5636 usbscan - ok
16:52:02.0549 5636 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:52:02.0549 5636 USBSTOR - ok
16:52:03.0126 5636 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
16:52:03.0173 5636 usbuhci - ok
16:52:03.0719 5636 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
16:52:03.0719 5636 usbvideo - ok
16:52:04.0374 5636 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
16:52:04.0452 5636 vga - ok
16:52:05.0123 5636 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
16:52:05.0123 5636 VgaSave - ok
16:52:05.0825 5636 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
16:52:05.0825 5636 viaagp - ok
16:52:06.0293 5636 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
16:52:06.0293 5636 ViaC7 - ok
16:52:06.0979 5636 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
16:52:06.0979 5636 viaide - ok
16:52:07.0681 5636 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
16:52:07.0681 5636 volmgr - ok
16:52:08.0274 5636 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
16:52:08.0274 5636 volmgrx - ok
16:52:08.0898 5636 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
16:52:08.0898 5636 volsnap - ok
16:52:09.0428 5636 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
16:52:09.0428 5636 vsmraid - ok
16:52:09.0974 5636 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
16:52:09.0990 5636 WacomPen - ok
16:52:10.0442 5636 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:52:10.0442 5636 Wanarp - ok
16:52:10.0505 5636 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:52:10.0505 5636 Wanarpv6 - ok
16:52:11.0004 5636 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
16:52:11.0004 5636 Wd - ok
16:52:11.0503 5636 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
16:52:11.0519 5636 Wdf01000 - ok
16:52:12.0174 5636 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
16:52:12.0174 5636 WimFltr - ok
16:52:12.0954 5636 winachsf (bb9cbaf6ac20452b245c324f1f50ee81) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
16:52:12.0969 5636 winachsf - ok
16:52:13.0593 5636 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:52:13.0593 5636 WmiAcpi - ok
16:52:14.0233 5636 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
16:52:14.0233 5636 WpdUsb - ok
16:52:14.0888 5636 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
16:52:14.0888 5636 ws2ifsl - ok
16:52:15.0356 5636 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:52:15.0356 5636 WUDFRd - ok
16:52:15.0980 5636 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
16:52:15.0980 5636 XAudio - ok
16:52:16.0074 5636 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
16:52:16.0152 5636 \Device\Harddisk0\DR0 - ok
16:52:16.0152 5636 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
16:52:16.0167 5636 \Device\Harddisk1\DR1 - ok
16:52:16.0167 5636 Boot (0x1200) (db22cc3cf933e4bbdc879e17b323bf87) \Device\Harddisk0\DR0\Partition0
16:52:16.0167 5636 \Device\Harddisk0\DR0\Partition0 - ok
16:52:16.0214 5636 Boot (0x1200) (2e8e2d73dfe7b63ffe913ceae517bade) \Device\Harddisk0\DR0\Partition1
16:52:16.0245 5636 \Device\Harddisk0\DR0\Partition1 - ok
16:52:16.0277 5636 Boot (0x1200) (01aec9517935ec23d2e9c0dd7359e4ed) \Device\Harddisk0\DR0\Partition2
16:52:16.0277 5636 \Device\Harddisk0\DR0\Partition2 - ok
16:52:16.0277 5636 Boot (0x1200) (b8f1d9319df78927e391e24460fdfb2a) \Device\Harddisk1\DR1\Partition0
16:52:16.0277 5636 \Device\Harddisk1\DR1\Partition0 - ok
16:52:16.0292 5636 ============================================================
16:52:16.0292 5636 Scan finished
16:52:16.0292 5636 ============================================================
16:52:16.0308 4768 Detected object count: 0
16:52:16.0308 4768 Actual detected object count: 0
-
I'd like to scan your machine with ESET OnlineScan
•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetOnline.png) button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstall.png) to download the ESET Smart Installer. Save it to your desktop.
- Double click on the (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstallDesktopIcon-1.png) icon on your desktop.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetAcceptTerms.png)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetStart.png) button.
•Accept any security warnings from your browser.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetScanArchives.png)
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push (http://i424.photobucket.com/albums/pp322/digistar/esetListThreats.png)
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetExport.png), and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the (http://i424.photobucket.com/albums/pp322/digistar/esetBack.png) button.
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetFinish.png)
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
-
Hi Dave
I am still unable to access online with the laptop and I have been using a USB stick back and forth ; what would be the best way to have ESET saved as a file onto stick and then opened on laptop's desktop; would I update the file while opening on the desktop or would it then subject the desktop to a scan?
-
what would be the best way to have ESET saved as a file onto stick and then opened on laptop's desktop; would I update the file while opening on the desktop or would it then subject the desktop to a scan?
That won't work. It needs a connection in order to scan your computer.
Please download MiniToolBox (http://download.bleepingcomputer.com/farbar/MiniToolBox.exe) to Desktop and run it.
(http://i424.photobucket.com/albums/pp322/digistar/MiniToolBox.png)
Checkmark the following boxes:
- Flush DNS
- Report IE Proxy Settings
- Reset IE Proxy Settings
- List content of Hosts
- List IP Configuration
- Lst Last 10 Event Viewer Errors
- List Users, Partitions and Memory Size
[/b]
Click Go and copy/paste the log (Result.txt) into your next post.
***************************************************************
Please download Farbar Service Scanner (http://download.bleepingcomputer.com/farbar/FSS.exe) and run it on the computer with the issue.
- Press "Scan".
- It will create a log (FSS.txt) in the same directory the tool is run.
- Please copy and paste the log to your reply.
-
MiniToolBox note
MiniToolBox by Farbar Version: 18-01-2012
Ran by Costa (administrator) on 11-02-2012 at 17:56:13
Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86)
Boot Mode: Nerwork
***************************************************************************
========================= Flush DNS: ===================================
Windows IP Configuration
Could not flush the DNS Resolver Cache: Function failed during execution.
========================= IE Proxy Settings: ==============================
Proxy is not enabled.
ProxyServer: http=127.0.0.1:52162
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
127.0.0.1 localhost
========================= IP Configuration: ================================
Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0) = Local Area Connection (Media disconnected)
11b/g Wireless LAN Mini PCI Express Adapter III = Maddiechat (Media disconnected)
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
reset
set global
popd
# End of IPv4 configuration
Windows IP Configuration
Host Name . . . . . . . . . . . . : Costa-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Mixed
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Wireless LAN adapter Maddiechat:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 11b/g Wireless LAN Mini PCI Express Adapter III
Physical Address. . . . . . . . . : 00-24-2C-E4-E8-84
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : vaniercollege.intra
Description . . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
Physical Address. . . . . . . . . : 00-24-8C-B3-B1-19
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 7:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.vaniercollege.intra
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 11:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 12:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 14:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{47E42986-067B-4D6D-A977-3BFE22D64C3F}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 127.0.0.1
Ping request could not find host google.com. Please check the name and try again.
Server: UnKnown
Address: 127.0.0.1
Ping request could not find host yahoo.com. Please check the name and try again.
Server: UnKnown
Address: 127.0.0.1
Ping request could not find host bleepingcomputer.com. Please check the name and try again.
Pinging with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Ping statistics for :
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11 ...00 24 2c e4 e8 84 ...... 11b/g Wireless LAN Mini PCI Express Adapter III
10 ...00 24 8c b3 b1 19 ...... Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
1 ........................... Software Loopback Interface 1
14 ...00 00 00 00 00 00 00 e0 isatap.vaniercollege.intra
12 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
15 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
16 ...00 00 00 00 00 00 00 e0 isatap.{47E42986-067B-4D6D-A977-3BFE22D64C3F}
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Event log errors: ===============================
Application errors:
==================
Error: (02/11/2012 05:53:18 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/11/2012 05:52:50 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
Error: (02/10/2012 10:49:46 PM) (Source: Microsoft-Windows-SpoolerSpoolss) (User: SYSTEM)SYSTEM
Description: 0x80072af9
Error: (02/10/2012 10:48:29 PM) (Source: Application Error) (User: )
Description: Faulting application jusched.exe, version 2.0.3.1, time stamp 0x4ccb4165, faulting module USER32.dll, version 6.0.6002.18005, time stamp 0x49e0380e, exception code 0xc0000005, fault offset 0x00015703,
process id 0x834, application start time 0xjusched.exe0.
Error: (02/10/2012 10:47:46 PM) (Source: Microsoft-Windows-SpoolerSpoolss) (User: SYSTEM)SYSTEM
Description: 0x80072af9
Error: (02/10/2012 10:44:43 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/10/2012 10:43:23 PM) (Source: Microsoft-Windows-SpoolerSpoolss) (User: SYSTEM)SYSTEM
Description: 0x80072af9
Error: (02/10/2012 10:31:37 PM) (Source: Application Error) (User: )
Description: Faulting application jusched.exe, version 2.0.3.1, time stamp 0x4ccb4165, faulting module USER32.dll, version 6.0.6002.18005, time stamp 0x49e0380e, exception code 0xc0000005, fault offset 0x00015703,
process id 0xfa8, application start time 0xjusched.exe0.
Error: (02/10/2012 10:28:00 PM) (Source: Microsoft-Windows-SpoolerSpoolss) (User: SYSTEM)SYSTEM
Description: 0x80072af9
Error: (02/10/2012 10:26:59 PM) (Source: Microsoft-Windows-SpoolerSpoolss) (User: SYSTEM)SYSTEM
Description: 0x80072af9
System errors:
=============
Error: (02/11/2012 05:53:20 PM) (Source: Service Control Manager) (User: )
Description: lenovo.smi
SASDIFSV
SASKUTIL
spldr
tdx
TPPWRIF
tvtumon
Wanarpv6
Error: (02/11/2012 05:53:20 PM) (Source: Service Control Manager) (User: )
Description: Internet Connection Sharing (ICS)BFE%%2
Error: (02/11/2012 05:53:20 PM) (Source: Service Control Manager) (User: )
Description: IPsec Policy AgentBFE%%2
Error: (02/11/2012 05:53:20 PM) (Source: Service Control Manager) (User: )
Description: IKE and AuthIP IPsec Keying ModulesBFE%%2
Error: (02/11/2012 05:53:20 PM) (Source: Service Control Manager) (User: )
Description: BFE%%2
Error: (02/11/2012 05:53:20 PM) (Source: Service Control Manager) (User: )
Description: Computer BrowserServer%%1068
Error: (02/11/2012 05:53:20 PM) (Source: Service Control Manager) (User: )
Description: DNS ClientNetIO Legacy TDI Support Driver%%31
Error: (02/11/2012 05:53:20 PM) (Source: Service Control Manager) (User: )
Description: DHCP ClientNetIO Legacy TDI Support Driver%%31
Error: (02/11/2012 05:53:02 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
Error: (02/11/2012 05:52:49 PM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}
Microsoft Office Sessions:
=========================
Error: (10/06/2010 09:10:43 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5531 seconds with 2280 seconds of active time. This session ended with a crash.
========================= Memory info: ===================================
Percentage of memory in use: 20%
Total physical RAM: 2012.54 MB
Available physical RAM: 1605.28 MB
Total Pagefile: 4262.32 MB
Available Pagefile: 4011.8 MB
Total Virtual: 2047.88 MB
Available Virtual: 1965.53 MB
========================= Partitions: =====================================
1 Drive c: (SW_Preload) (Fixed) (Total:137.82 GB) (Free:80.35 GB) NTFS
3 Drive e: () (Removable) (Total:7.45 GB) (Free:7.36 GB) FAT32
4 Drive q: (Lenovo) (Fixed) (Total:9.77 GB) (Free:4.1 GB) NTFS
5 Drive s: (SERVICEV003) (Fixed) (Total:1.46 GB) (Free:0.69 GB) NTFS
========================= Users: ========================================
User accounts for \\COSTA-PC
Administrator Costa Guest
**** End of log ****
Here is FarBar result
Farbar Service Scanner Version: 10-02-2012
Ran by Costa (administrator) on 11-02-2012 at 17:57:47
Running from "E:\FarBar"
Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86)
Boot Mode: Nerwork
****************************************************************
Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.
tdx Service is not running. Checking service configuration:
The start type of tdx service is OK.
The ImagePath of tdx service is OK.
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.
File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys
[2011-06-16 08:17] - [2011-04-21 08:58] - 0273408 ____A (Microsoft Corporation)
Attention! C:\Windows\system32\Drivers\tdx.sys is missing.
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
**** End of log ****
-
Rescanned with farbar but checked off all choices except defender
Farbar Service Scanner Version: 10-02-2012
Ran by Costa (administrator) on 11-02-2012 at 18:11:09
Running from "E:\FarBar"
Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86)
Boot Mode: Nerwork
****************************************************************
Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.
tdx Service is not running. Checking service configuration:
The start type of tdx service is OK.
The ImagePath of tdx service is OK.
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.
Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.
MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking LEGACY_MpsSvc: Attention! Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.
bfe Service is not running. Checking service configuration:
The start type of bfe service is set to Demand. The default start type is Auto.
The ImagePath of bfe: "NADA".
Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.
Checking LEGACY_bfe: Attention! Unable to open LEGACY_bfe\0000 registry key. The key does not exist.
Firewall Disabled Policy:
==================
System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.
Checking LEGACY_SDRSVC: Attention! Unable to open LEGACY_SDRSVC\0000 registry key. The key does not exist.
VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.
System Restore Disabled Policy:
========================
Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.
Checking LEGACY_BITS: Attention! Unable to open LEGACY_BITS\0000 registry key. The key does not exist.
EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.
File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
Attention! C:\Windows\system32\Drivers\tdx.sys is missing.
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
**** End of log ****
-
Please download SystemLook from one of the links below and save it to your desktop.
Link # 1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Link # 2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)
Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this (http://www.bleepingcomputer.com/forums/topic114351.html) link to see a list of security programs that should be disabled and how to disable them.
Double-click SystemLook.exe to run it.
Copy the contents of the following codebox into the main textfield.
:filefind
tdx.sys
Click the Look button to start the scan.
Note: The scan may take some time so please just let it do its work and be patient (or do something else unrelated to the computer).
When finished, a notepad window will open with the results of the scan. Please post the log. The log can also be found on your desktop entitled SystemLook.txt
-
Here is SystemLook
SystemLook 30.07.11 by jpshortstuff
Log created at 10:11 on 12/02/2012 by Costa
Administrator - Elevation successful
========== filefind ==========
Searching for "tdx.sys"
C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6001.18000_none_ea3dc84bdc15a8b7\tdx.sys --a---- 71680 bytes [02:34 21/01/2008] [02:34 21/01/2008] D09276B1FAB033CE1D40DCBDF303D10F
-= EOF =-
-
Do you have your Windows OS disk or can you borrow one? It must be Vista™ Home Basic.
-
Would it have been included with the Lenovo?
-
Is it called Windows Live Installer?
-
Would it have been included with the Lenovo?
I'm not sure what Lenovo's policy is regarding OS disks. If it's like most Vista installations there should be a Recovery Console on the computer. In your case, it looks like there might be one on the Q drive. You can verify this by clicking on Windows Explorer and clicking on My Computer of Computer. There you should see the C drive and all the other drives. One should be named Recovery Console. In your case it should be the Q drive.
Run the Vista Recovery Console.
1. Eject and remove any discs or memory cards from your computer.
2. Click the "Start" button on the desktop to open the Start menu, click the small arrow icon to the right of the lock icon and select "Restart".
3. Hold the "F8" key on your computer's keyboard as Windows Vista reboots.
4. Highlight and select "Repair your computer" choose your keyboard type and click "Next".
5. Choose your user name, type your password if prompted and click "OK" to access the System Recovery Options menu.
-
Hi Dave
Was able to access System Recovery Options window
Asks me to choose a recovery tool; operating system Microsoft Windows Vista on (D:) SW_Preload
choices are
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
Lenovo Product Recovery
Which one do I access?
-
Let's start out with Startup Repair.
-
Done and completed within ~10 seconds.
Opened diagnosis and repair details
Last successful boot time: 2/14/2012 10:58:55 PM (GMT)
Session details
System disk= device/harddisk0
Windows directory= D:/Windows
AutoChk Run = 0
Number of root causes = 1
Lists several tests (check for updates, system disk test, disk failure diagnosis, disk metadata test, target OS test, volume content check, Boot manager diagnosis, system boot log diagnosis, event log diagnosis, internal state check, boot status test) that were all completed successfully.
Last comment is
Root cause found:
Boot status indicates that the OS booted successfully.
That is it.
-
Ok. Please try running the FarBar Service Scanner in Reply # 34
-
Guess it still can't find that 'file'
Farbar Service Scanner Version: 10-02-2012
Ran by Costa (administrator) on 15-02-2012 at 18:24:33
Running from "E:\FarBar"
Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86)
Boot Mode: Nerwork
****************************************************************
Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.
tdx Service is not running. Checking service configuration:
The start type of tdx service is OK.
The ImagePath of tdx service is OK.
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.
Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.
MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking LEGACY_MpsSvc: Attention! Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.
bfe Service is not running. Checking service configuration:
The start type of bfe service is set to Demand. The default start type is Auto.
The ImagePath of bfe: "NADA".
Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.
Checking LEGACY_bfe: Attention! Unable to open LEGACY_bfe\0000 registry key. The key does not exist.
Firewall Disabled Policy:
==================
System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.
Checking LEGACY_SDRSVC: Attention! Unable to open LEGACY_SDRSVC\0000 registry key. The key does not exist.
VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.
System Restore Disabled Policy:
========================
Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.
Checking LEGACY_BITS: Attention! Unable to open LEGACY_BITS\0000 registry key. The key does not exist.
EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.
File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
Attention! C:\Windows\system32\Drivers\tdx.sys is missing.
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
**** End of log ****
-
Let's try to find this file again.You should already have this program on your desktop.
Please download SystemLook from one of the links below and save it to your desktop.
Link # 1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Link # 2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)
Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this (http://www.bleepingcomputer.com/forums/topic114351.html) link to see a list of security programs that should be disabled and how to disable them.
Double-click SystemLook.exe to run it.
Copy the contents of the following codebox into the main textfield.
:filefind
tdx.sys
Click the Look button to start the scan.
Note: The scan may take some time so please just let it do its work and be patient (or do something else unrelated to the computer).
When finished, a notepad window will open with the results of the scan. Please post the log. The log can also be found on your desktop entitled SystemLook.txt
-
SystemLook 30.07.11 by jpshortstuff
System Look tonight
Log created at 23:11 on 15/02/2012 by Costa
Administrator - Elevation successful
========== filefind ==========
Searching for "tdx.sys"
C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6001.18000_none_ea3dc84bdc15a8b7\tdx.sys --a---- 71680 bytes [02:34 21/01/2008] [02:34 21/01/2008] D09276B1FAB033CE1D40DCBDF303D10F
-= EOF =-
-
Could you please check your Device Manager to see if there are any yellow warning flags?
Please delete ComboFix from your desktop, download a new version and run another scan. The instructions are in Reply # 7.
-
Clicked on Device manager; everything is listed; no yellow flags anywhere
-
Trying to run new combofix.
Once autoscan opens up; first info tells me 'failed to get data for 'enableLVA'
second separate window again pops up with
You are infected with Rootkit.ZeroAccess!It has inserted itself into the tcp/ip stack. This is a particularly difficult infection. If for any reason that you're unable to connect to the internet, log off and reboot machine and rerun combofix.
I left it alone and autoscan continues; its been 3 hrs on another pop up "detected rootkit activity and need to reboot" - finally x'ed it and then machine rebooted; placed it in safe mode (previous combofix attempt was in regular mode).
Am leaving the laptop on to see what will happen with Rootkit box opened.
Side question: my Java is outdated and reading around seems to pose a risk for intruders
should I uninstall it?
Thanks
-
Dear OP:
You are infected with Rootkit.ZeroAccess!It has inserted itself into the tcp/ip stack. This is a particularly difficult infection. If for any reason that you're unable to connect to the internet, log off and reboot machine and rerun combofix.
That kind of warning is extremely serious.
There are no shortcuts around it.
Please pay attention to the experts who are trying to help you.
-
Side question: my Java is outdated and reading around seems to pose a risk for intruders
should I uninstall it?
No. Just update it.
Update Your Java (JRE)
Old versions of Java have vulnerabilities that malware can use to infect your system.
First Verify your Java Version (http://www.java.com/en/download/installed.jsp)
If there are any other version(s) installed then update now.
Get the new version (if needed)
If your version is out of date install the newest version of the Sun Java Runtime Environment (http://www.majorgeeks.com/Sun_Java_Runtime_Environment_d4648.html).
Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Be sure to close ALL open web browsers before starting the installation.
Remove any old versions
1. Download JavaRa (http://raproducts.org/click/click.php?id=1) and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.
Additional Note: The Java Quick Starter (JQS.exe) (http://java.sun.com/javase/6/docs/technotes/guides/jweb/otherFeatures/jqs.html) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
*************************************************************
Let's try ComboFix with this:
Delete your copy of ComboFix; download a fresh copy, except before you download it, rename it to blackpudding.bat
Navigate to Start --> Run, and enter the following command exactly as shown:
"%userprofile%\desktop\blackpudding.bat" /killall
See if ComboFix will run now
-
Did rename prior to downloading on PC; brought to laptop with USB; deleted old combofix on desktop; zipped new pudding name/file onto desktop; cut and paste the command and laptop is telling me that it cannot find it!!!
After that no-go, am trying to run combofix via pudding from USB-pudding file, so far same discovery of rootkit message, another box opened with 'Rootkit is detected. Be patient as this may take some moments' message. Two loud beeps and now box 'Combofix has detected the presence of rootkit activity and needs to reboot the machine'
Will wait and see what happens and update a post.
Have to say you must be one patient fellow; have felt numerous times to zing this laptop into the dumpster!!!!!!!!!!!!!!!!
Also for Java, can I download onto the USB via desktop the latest version-link and carry it to laptop with USB?
-
Also for Java, can I download onto the USB via desktop the latest version-link and carry it to laptop with USB?
That should work. Don't forget to uninstall the old versions.
-
Did rename prior to downloading on PC; brought to laptop with USB; deleted old combofix on desktop; zipped new pudding name/file onto desktop; cut and paste the command and laptop is telling me that it cannot find it!!!
After that no-go, am trying to run combofix via pudding from USB-pudding file, so far same discovery of rootkit message, another box opened with 'Rootkit is detected. Be patient as this may take some moments' message. Two loud beeps and now box 'Combofix has detected the presence of rootkit activity and needs to reboot the machine'
Will wait and see what happens and update a post.
That box has remained on desktop for 3 hrs now.
-
That box has remained on desktop for 3 hrs now.
That's too long. You can abort that operation. I'm running out of tools to run on this computer. Soon we will have to look at saving your important data and running the Recovery Console to restore your computer back to the day you purchased it.
Download BootKit Remover (http://www.smartestcomputing.us.com/files/file/11-bootkit-remover/) to your Desktop.
•You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip (http://www.7-zip.org/)
•After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator.
•It will show a Black screen with some data on it.
•Right click on the screen and click Select All.
•Press Enter
•Open a Notepad and press CTRL V
•Post the output back here.
-
This is a bootkit debug log; don't think you needed this but the file was there
.\debug.cpp(238) : Debug log started at 19.02.2012 - 03:38:14
.\boot_cleaner.cpp(527) : Bootkit Remover
.\boot_cleaner.cpp(528) : (c) 2009 Esage Lab
.\boot_cleaner.cpp(529) : www.esagelab.com
.\boot_cleaner.cpp(533) : Program version: 1.2.0.1
.\boot_cleaner.cpp(540) : OS Version: Microsoft Windows Vista Home Basic Edition Service Pack 2 (build 6002), 32-bit
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x8304a000 0x003ba000 "\SystemRoot\system32\ntkrnlpa.exe"
.\debug.cpp(256) : 0x83017000 0x00033000 "\SystemRoot\system32\hal.dll"
.\debug.cpp(256) : 0x80409000 0x00007000 "\SystemRoot\system32\kdcom.dll"
.\debug.cpp(256) : 0x80410000 0x00070000 "\SystemRoot\system32\mcupdate_GenuineIntel.dll"
.\debug.cpp(256) : 0x80480000 0x00011000 "\SystemRoot\system32\PSHED.dll"
.\debug.cpp(256) : 0x80491000 0x00008000 "\SystemRoot\system32\BOOTVID.dll"
.\debug.cpp(256) : 0x80499000 0x00041000 "\SystemRoot\system32\CLFS.SYS"
.\debug.cpp(256) : 0x804da000 0x000e0000 "\SystemRoot\system32\CI.dll"
.\debug.cpp(256) : 0x8060f000 0x0007c000 "\SystemRoot\system32\drivers\Wdf01000.sys"
.\debug.cpp(256) : 0x8068b000 0x0000d000 "\SystemRoot\system32\drivers\WDFLDR.SYS"
.\debug.cpp(256) : 0x80698000 0x00032000 "\SystemRoot\system32\drivers\fltmgr.sys"
.\debug.cpp(256) : 0x806ca000 0x00046000 "\SystemRoot\system32\drivers\acpi.sys"
.\debug.cpp(256) : 0x80710000 0x00009000 "\SystemRoot\system32\drivers\WMILIB.SYS"
.\debug.cpp(256) : 0x80719000 0x00008000 "\SystemRoot\system32\drivers\msisadrv.sys"
.\debug.cpp(256) : 0x80721000 0x00027000 "\SystemRoot\system32\drivers\pci.sys"
.\debug.cpp(256) : 0x80748000 0x0000f000 "\SystemRoot\System32\drivers\partmgr.sys"
.\debug.cpp(256) : 0x80757000 0x00003000 "\SystemRoot\system32\DRIVERS\compbatt.sys"
.\debug.cpp(256) : 0x8075a000 0x0000a000 "\SystemRoot\system32\DRIVERS\BATTC.SYS"
.\debug.cpp(256) : 0x80764000 0x0000f000 "\SystemRoot\system32\drivers\volmgr.sys"
.\debug.cpp(256) : 0x80773000 0x0004a000 "\SystemRoot\System32\drivers\volmgrx.sys"
.\debug.cpp(256) : 0x807bd000 0x00010000 "\SystemRoot\System32\drivers\mountmgr.sys"
.\debug.cpp(256) : 0x8360d000 0x000da000 "\SystemRoot\system32\drivers\iastor.sys"
.\debug.cpp(256) : 0x836e7000 0x00010000 "\SystemRoot\system32\drivers\fileinfo.sys"
.\debug.cpp(256) : 0x836f7000 0x0003d000 "\SystemRoot\system32\drivers\PCTCore.sys"
.\debug.cpp(256) : 0x83734000 0x00057000 "\SystemRoot\system32\drivers\pctDS.sys"
.\debug.cpp(256) : 0x8900e000 0x000a5000 "\SystemRoot\system32\drivers\pctEFA.sys"
.\debug.cpp(256) : 0x890b3000 0x00017000 "\SystemRoot\System32\Drivers\DRVMCDB.SYS"
.\debug.cpp(256) : 0x890ca000 0x0000a000 "\SystemRoot\System32\Drivers\PxHelp20.sys"
.\debug.cpp(256) : 0x890d4000 0x00072000 "\SystemRoot\System32\Drivers\ksecdd.sys"
.\debug.cpp(256) : 0x8920b000 0x0010b000 "\SystemRoot\system32\drivers\ndis.sys"
.\debug.cpp(256) : 0x89316000 0x0002b000 "\SystemRoot\system32\drivers\msrpc.sys"
.\debug.cpp(256) : 0x89341000 0x0003b000 "\SystemRoot\system32\drivers\NETIO.SYS"
.\debug.cpp(256) : 0x8940a000 0x000ea000 "\SystemRoot\System32\drivers\tcpip.sys"
.\debug.cpp(256) : 0x894f4000 0x0001b000 "\SystemRoot\System32\drivers\fwpkclnt.sys"
.\debug.cpp(256) : 0x89608000 0x00110000 "\SystemRoot\System32\Drivers\Ntfs.sys"
.\debug.cpp(256) : 0x89718000 0x00039000 "\SystemRoot\system32\drivers\volsnap.sys"
.\debug.cpp(256) : 0x89751000 0x00008000 "\SystemRoot\System32\DRIVERS\ApsHM86.sys"
.\debug.cpp(256) : 0x89761000 0x0001e000 "\SystemRoot\System32\DRIVERS\Apsx86.sys"
.\debug.cpp(256) : 0x8977f000 0x0000f000 "\SystemRoot\System32\Drivers\mup.sys"
.\debug.cpp(256) : 0x8978e000 0x00027000 "\SystemRoot\System32\drivers\ecache.sys"
.\debug.cpp(256) : 0x897b5000 0x00011000 "\SystemRoot\system32\drivers\disk.sys"
.\debug.cpp(256) : 0x897c6000 0x00021000 "\SystemRoot\system32\drivers\CLASSPNP.SYS"
.\debug.cpp(256) : 0x897e7000 0x00009000 "\SystemRoot\system32\drivers\crcdisk.sys"
.\debug.cpp(256) : 0x895e9000 0x0000b000 "\SystemRoot\system32\DRIVERS\tunnel.sys"
.\debug.cpp(256) : 0x895f4000 0x00009000 "\SystemRoot\system32\DRIVERS\tunmp.sys"
.\debug.cpp(256) : 0x8937c000 0x0000b000 "\SystemRoot\system32\DRIVERS\usbuhci.sys"
.\debug.cpp(256) : 0x89387000 0x0003e000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS"
.\debug.cpp(256) : 0x893c5000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbehci.sys"
.\debug.cpp(256) : 0x89146000 0x0008d000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys"
.\debug.cpp(256) : 0x8d40a000 0x000e4000 "\SystemRoot\system32\DRIVERS\athr.sys"
.\debug.cpp(256) : 0x8d4ee000 0x00021000 "\SystemRoot\system32\DRIVERS\Rtlh86.sys"
.\debug.cpp(256) : 0x8d50f000 0x00010000 "\SystemRoot\system32\DRIVERS\ohci1394.sys"
.\debug.cpp(256) : 0x8d51f000 0x0000e000 "\SystemRoot\system32\DRIVERS\1394BUS.SYS"
.\debug.cpp(256) : 0x8d52d000 0x00011000 "\SystemRoot\system32\DRIVERS\rimmptsk.sys"
.\debug.cpp(256) : 0x8d53e000 0x00014000 "\SystemRoot\system32\DRIVERS\rimsptsk.sys"
.\debug.cpp(256) : 0x8d552000 0x00052000 "\SystemRoot\system32\DRIVERS\rixdptsk.sys"
.\debug.cpp(256) : 0x8d5a4000 0x00013000 "\SystemRoot\system32\DRIVERS\i8042prt.sys"
.\debug.cpp(256) : 0x8d5b7000 0x0000b000 "\SystemRoot\system32\DRIVERS\kbdclass.sys"
.\debug.cpp(256) : 0x8d5c2000 0x00030000 "\SystemRoot\system32\DRIVERS\SynTP.sys"
.\debug.cpp(256) : 0x8d5f2000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS"
.\debug.cpp(256) : 0x8d5f4000 0x0000b000 "\SystemRoot\system32\DRIVERS\mouclass.sys"
.\debug.cpp(256) : 0x8d400000 0x00004000 "\SystemRoot\system32\DRIVERS\ibmpmdrv.sys"
.\debug.cpp(256) : 0x8d404000 0x00002000 "\SystemRoot\System32\Drivers\DLACDBHM.SYS"
.\debug.cpp(256) : 0x893d4000 0x00018000 "\SystemRoot\system32\DRIVERS\cdrom.sys"
.\debug.cpp(256) : 0x89600000 0x00006000 "\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys"
.\debug.cpp(256) : 0x89759000 0x00008000 "\SystemRoot\system32\DRIVERS\A0101V32.sys"
.\debug.cpp(256) : 0x8378b000 0x0002f000 "\SystemRoot\system32\DRIVERS\msiscsi.sys"
.\debug.cpp(256) : 0x837ba000 0x00041000 "\SystemRoot\system32\DRIVERS\storport.sys"
.\debug.cpp(256) : 0x893ec000 0x0000b000 "\SystemRoot\system32\DRIVERS\TDI.SYS"
.\debug.cpp(256) : 0x891d3000 0x00017000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys"
.\debug.cpp(256) : 0x89200000 0x0000b000 "\SystemRoot\system32\DRIVERS\ndistapi.sys"
.\debug.cpp(256) : 0x807cd000 0x00023000 "\SystemRoot\system32\DRIVERS\ndiswan.sys"
.\debug.cpp(256) : 0x891ea000 0x0000f000 "\SystemRoot\system32\DRIVERS\raspppoe.sys"
.\debug.cpp(256) : 0x805ba000 0x00014000 "\SystemRoot\system32\DRIVERS\raspptp.sys"
.\debug.cpp(256) : 0x805ce000 0x00015000 "\SystemRoot\system32\DRIVERS\rassstp.sys"
.\debug.cpp(256) : 0x807f0000 0x00010000 "\SystemRoot\system32\DRIVERS\termdd.sys"
.\debug.cpp(256) : 0x8d406000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys"
.\debug.cpp(256) : 0x8dc05000 0x0002a000 "\SystemRoot\system32\DRIVERS\ks.sys"
.\debug.cpp(256) : 0x8dc2f000 0x0000a000 "\SystemRoot\system32\DRIVERS\mssmbios.sys"
.\debug.cpp(256) : 0x8dc39000 0x0000d000 "\SystemRoot\system32\DRIVERS\umbus.sys"
.\debug.cpp(256) : 0x8dc46000 0x00035000 "\SystemRoot\system32\DRIVERS\usbhub.sys"
.\debug.cpp(256) : 0x8dc7b000 0x00011000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
.\debug.cpp(256) : 0x8dc8c000 0x00009000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS"
.\debug.cpp(256) : 0x8dc95000 0x00007000 "\SystemRoot\System32\Drivers\Null.SYS"
.\debug.cpp(256) : 0x8dc9c000 0x00007000 "\SystemRoot\System32\Drivers\Beep.SYS"
.\debug.cpp(256) : 0x8dca3000 0x00006000 "\SystemRoot\System32\Drivers\DLARTL_M.SYS"
.\debug.cpp(256) : 0x8dca9000 0x0000c000 "\SystemRoot\System32\drivers\vga.sys"
.\debug.cpp(256) : 0x8dcb5000 0x00021000 "\SystemRoot\System32\drivers\VIDEOPRT.SYS"
.\debug.cpp(256) : 0x8dcd6000 0x0000c000 "\SystemRoot\System32\drivers\watchdog.sys"
.\debug.cpp(256) : 0x8dce2000 0x00008000 "\SystemRoot\system32\drivers\rdpencdd.sys"
.\debug.cpp(256) : 0x8dcea000 0x0000b000 "\SystemRoot\System32\Drivers\Msfs.SYS"
.\debug.cpp(256) : 0x8dcf5000 0x0000e000 "\SystemRoot\System32\Drivers\Npfs.SYS"
.\debug.cpp(256) : 0x8dd03000 0x00009000 "\SystemRoot\System32\DRIVERS\rasacd.sys"
.\debug.cpp(256) : 0x8dd0c000 0x00014000 "\SystemRoot\system32\DRIVERS\smb.sys"
.\debug.cpp(256) : 0x8dd20000 0x00048000 "\SystemRoot\system32\drivers\afd.sys"
.\debug.cpp(256) : 0x8dd68000 0x00032000 "\SystemRoot\System32\DRIVERS\netbt.sys"
.\debug.cpp(256) : 0x8dd9a000 0x00009000 "\SystemRoot\system32\drivers\ws2ifsl.sys"
.\debug.cpp(256) : 0x8dda3000 0x00016000 "\SystemRoot\system32\DRIVERS\pacer.sys"
.\debug.cpp(256) : 0x8ddb9000 0x0000e000 "\SystemRoot\system32\DRIVERS\netbios.sys"
.\debug.cpp(256) : 0x8e003000 0x0003c000 "\SystemRoot\system32\DRIVERS\rdbss.sys"
.\debug.cpp(256) : 0x8e03f000 0x0000a000 "\SystemRoot\system32\drivers\nsiproxy.sys"
.\debug.cpp(256) : 0x8e049000 0x00017000 "\SystemRoot\System32\Drivers\dfsc.sys"
.\debug.cpp(256) : 0x8e060000 0x00017000 "\SystemRoot\system32\DRIVERS\usbccgp.sys"
.\debug.cpp(256) : 0x8e077000 0x00009000 "\SystemRoot\system32\DRIVERS\hidusb.sys"
.\debug.cpp(256) : 0x8e080000 0x00010000 "\SystemRoot\system32\DRIVERS\HIDCLASS.SYS"
.\debug.cpp(256) : 0x8e090000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS"
.\debug.cpp(256) : 0x8e097000 0x00009000 "\SystemRoot\system32\DRIVERS\kbdhid.sys"
.\debug.cpp(256) : 0x8e0a0000 0x00008000 "\SystemRoot\system32\DRIVERS\mouhid.sys"
.\debug.cpp(256) : 0x8e0a8000 0x0000d000 "\SystemRoot\System32\Drivers\crashdmp.sys"
.\debug.cpp(256) : 0x8e0b5000 0x000da000 "\SystemRoot\System32\Drivers\dump_iaStor.sys"
.\debug.cpp(256) : 0x93ee0000 0x00204000 "\SystemRoot\System32\win32k.sys"
.\debug.cpp(256) : 0x8e18f000 0x0000a000 "\SystemRoot\System32\drivers\Dxapi.sys"
.\debug.cpp(256) : 0x940f0000 0x00017000 "\SystemRoot\System32\drivers\dxg.sys"
.\debug.cpp(256) : 0x94120000 0x00009000 "\SystemRoot\System32\TSDDD.dll"
.\debug.cpp(256) : 0x941a0000 0x00008000 "\SystemRoot\System32\framebuf.dll"
.\debug.cpp(256) : 0x8e199000 0x0002a000 "\SystemRoot\system32\DRIVERS\nwifi.sys"
.\debug.cpp(256) : 0x8e1c3000 0x0000a000 "\SystemRoot\system32\DRIVERS\ndisuio.sys"
.\debug.cpp(256) : 0x8e1cd000 0x00019000 "\SystemRoot\system32\DRIVERS\bowser.sys"
.\debug.cpp(256) : 0x8ddc7000 0x0001f000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys"
.\debug.cpp(256) : 0x8950f000 0x00039000 "\SystemRoot\system32\DRIVERS\mrxsmb10.sys"
.\debug.cpp(256) : 0x8e1e6000 0x00018000 "\SystemRoot\system32\DRIVERS\mrxsmb20.sys"
.\debug.cpp(256) : 0x8dde6000 0x00016000 "\SystemRoot\system32\DRIVERS\cdfs.sys"
.\debug.cpp(256) : 0x8955d000 0x00028000 "\SystemRoot\System32\Drivers\fastfat.SYS"
.\debug.cpp(256) : 0x89585000 0x00015000 "\SystemRoot\system32\DRIVERS\USBSTOR.SYS"
.\debug.cpp(256) : 0x770c0000 0x00128000 "\Windows\System32\ntdll.dll"
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
.\debug.cpp(400) : Destination "\Device\Ndis"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
.\debug.cpp(400) : Destination "\Device\Video0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000038"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
.\debug.cpp(400) : Destination "\Device\Video1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&14bae781&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000039"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000036"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0E#2&daba3ff&3#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\0000004a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&2f6d72dd&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-7"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{368ABA44-F30B-4B9B-B006-B5A2DB131DBF}"
.\debug.cpp(400) : Destination "\Device\NDMP13"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E34CD445-D9B5-45AC-8C30-61A9E6C9AE11}"
.\debug.cpp(400) : Destination "\Device\NDMP12"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000001"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy1"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\E:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000037"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ATKACPI"
.\debug.cpp(400) : Destination "\Device\ATKACPI"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy2"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIAdminDevice"
.\debug.cpp(400) : Destination "\Device\WMIAdminDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&Signature901C13D0Offset22D2200000Length 271000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{601A5F35-E01E-4A22-A307-3541312908BA}"
.\debug.cpp(400) : Destination "\Device\NDMP11"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0014#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000004"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tun0"
.\debug.cpp(400) : Destination "\Device\Tun0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000001"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy3"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VolMgrControl"
.\debug.cpp(400) : Destination "\Device\VolMgrControl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy4"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{28192cc9-44a0-11de-aff2-806e6f6e6963}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&b460f2&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy5"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CompositeBattery"
.\debug.cpp(400) : Destination "\Device\CompositeBattery"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_0781&PID_556B#200607749213F9337288#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-9"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
.\debug.cpp(400) : Destination "\Device\WMIDataDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_045E&PID_0745&MI_01&Col01#7&f8f2aa4&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\00000072"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_293C&SUBSYS_20F117AA&REV_03#3&11583659&0&D7#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0006"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TUNMP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000005"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IBMPmDrv"
.\debug.cpp(400) : Destination "\Device\PMDRV"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy6"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Q:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&Signature901C13D0Offset5DD00000Length22 744FF000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_293A&SUBSYS_20F117AA&REV_03#3&11583659&0&EF#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0015"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy7"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy7"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
.\debug.cpp(400) : Destination "\Device\NamedPipe"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy8"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy8"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
.\debug.cpp(400) : Destination "\Device\Mup"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_045E&PID_0745&MI_02&Col02#7&2752b6e9&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\00000075"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Psched"
.\debug.cpp(400) : Destination "\Device\Psched"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GEARAspiWDMDevice"
.\debug.cpp(400) : Destination "\Device\GEARAspiWDMDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy9"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy9"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
.\debug.cpp(400) : Destination "\Device\USBFDO-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgrMsg"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2936&SUBSYS_20F017AA&REV_03#3&11583659&0&EA#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0014"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
.\debug.cpp(400) : Destination "\Device\USBFDO-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\pctEFA"
.\debug.cpp(400) : Destination "\Device\pctEFA"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
.\debug.cpp(400) : Destination "\DosDevices\LPT1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
.\debug.cpp(400) : Destination "\Device\Harddisk0\DR0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2"
.\debug.cpp(400) : Destination "\Device\USBFDO-2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TUNMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000005"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive1"
.\debug.cpp(400) : Destination "\Device\Harddisk1\DR2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#UMBUS#0000#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
.\debug.cpp(400) : Destination "\Device\00000041"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
.\debug.cpp(400) : Destination "\Device\FsWrap"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3"
.\debug.cpp(400) : Destination "\Device\USBFDO-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{bc73035e-449a-11de-93e7-00248cb3b119}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\S:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\0000003a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4"
.\debug.cpp(400) : Destination "\Device\USBFDO-4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#volmgr#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000042"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\pctDS"
.\debug.cpp(400) : Destination "\Device\pctDS"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_045E&PID_0745&MI_02&Col03#7&2752b6e9&0&0002#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\00000076"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000036"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ISCSIPRT#0000#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000008"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD5"
.\debug.cpp(400) : Destination "\Device\USBFDO-5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
.\debug.cpp(400) : Destination "\GLOBAL??"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LOG:"
.\debug.cpp(400) : Destination "\clfs"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&2a2a2ff4&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000003b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD6"
.\debug.cpp(400) : Destination "\Device\USBFDO-6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E11515E1-E1A9-47CC-A452-7F766AD61B50}"
.\debug.cpp(400) : Destination "\Device\NDMP2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_045E&PID_0745&MI_02&Col01#7&2752b6e9&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\00000074"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD7"
.\debug.cpp(400) : Destination "\Device\USBFDO-7"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_168C&DEV_001C&SUBSYS_0035168C&REV_01#4&2f9c0b34&0&00E1#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0019"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy10"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy10"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0D#2&daba3ff&3#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\0000004b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#THRM#{4afa3d51-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000048"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{AE8C233E-0FF8-4B63-A88F-C59B54A2A7A5}"
.\debug.cpp(400) : Destination "\Device\NDMP3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy11"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy11"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&Signature901C13D0Offset100000Length5DC0 0000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy12"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy12"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{28192ccc-44a0-11de-aff2-806e6f6e6963}"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\nativewifip"
.\debug.cpp(400) : Destination "\Device\nativewifip"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#LEN0013#4&19087a06&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000056"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000039"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2934&SUBSYS_20F017AA&REV_03#3&11583659&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0012"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy20"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy20"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy13"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy13"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\0000003b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{31D45F66-1FBA-464A-A198-F953D26B3D9E}"
.\debug.cpp(400) : Destination "\Device\NDMP6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{47E42986-067B-4D6D-A977-3BFE22D64C3F}"
.\debug.cpp(400) : Destination "\Device\NDMP5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0014#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000004"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy21"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy21"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy14"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy14"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Shockpf0"
.\debug.cpp(400) : Destination "\Device\Shockpf0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
.\debug.cpp(400) : Destination "\Device\MountPointManager"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000037"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000035"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2939&SUBSYS_20F017AA&REV_03#3&11583659&0&D2#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0005"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy22"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy22"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy15"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy15"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&_??_USBSTOR#Disk&Ven_SanDisk&Prod_Cruzer_Edge&Rev_1.20#200607749213F9337288&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Nsi"
.\debug.cpp(400) : Destination "\Device\Nsi"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&39baf81a&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2938&SUBSYS_20F017AA&REV_03#3&11583659&0&D1#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0004"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy23"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy23"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy16"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy16"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2929&SUBSYS_20F817AA&REV_03#3&11583659&0&FA#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0018"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PartmgrControl"
.\debug.cpp(400) : Destination "\Device\PartmgrControl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#VolumeSnapshot#HarddiskVolumeSnapshot27#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy27"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_SanDisk&Prod_Cruzer_Edge&Rev_1.20#200607749213F9337288&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\0000007c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000035"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ShockMgr"
.\debug.cpp(400) : Destination "\Device\ShockMgr"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{850EA409-FC82-49A7-9DEB-BABC66146CA7}"
.\debug.cpp(400) : Destination "\Device\NDMP7"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1180&DEV_0843&SUBSYS_210B17AA&REV_12#4&7ee979b&0&02F0#{ba39d8e2-30c9-11d4-b3cd-d916bda91711}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0023"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy24"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy24"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy17"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy17"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NXTIPSECDevice"
.\debug.cpp(400) : Destination "\Device\NXTIPSEC"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{f32bd873-5a4d-11e1-a7d8-00248cb3b119}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy27"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_045E&PID_0745&MI_02&Col04#7&2752b6e9&0&0003#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\00000077"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&2a372ade&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
.\debug.cpp(400) : Destination "\Device\NDMP9"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2935&SUBSYS_20F017AA&REV_03#3&11583659&0&E9#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0013"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0011#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000003"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy25"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy25"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy18"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy18"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WFPDev"
.\debug.cpp(400) : Destination "\Device\WFP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
.\debug.cpp(400) : Destination "\Device\Ide\iaStor0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHL-DT-ST_DVDRAM_GSA-T50N________________RE05____#4&1ec7b392&0&0.1.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IAAStorageDevice-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1180&DEV_0832&SUBSYS_210917AA&REV_05#4&7ee979b&0&00F0#{6bdd1fc1-810f-11d0-bec7-08002be2092f}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0021"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{BB1484E4-9D4E-41BC-8D7D-D59FC7747231}"
.\debug.cpp(400) : Destination "\Device\NDMP4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{402F775A-9265-4754-A371-C34AE3D84EBA}"
.\debug.cpp(400) : Destination "\Device\NDMP1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy26"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy26"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy19"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy19"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&3#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\0000004c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_045E&PID_0745&MI_01&Col01#7&f8f2aa4&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000072"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\1394BUS0"
.\debug.cpp(400) : Destination "\Device\1394BUS0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy27"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy27"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHL-DT-ST_DVDRAM_GSA-T50N________________RE05____#4&1ec7b392&0&0.1.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IAAStorageDevice-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000003a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2937&SUBSYS_20F017AA&REV_03#3&11583659&0&D0#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0003"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0011#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000003"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{7f71fc5e-4d29-11e1-96c8-00248cb3b119}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{bc730357-449a-11de-93e7-00248cb3b119}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
.\debug.cpp(400) : Destination "\Device\RaidPort0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskHITACHI_HTS543216L9SA00_________________FB2ZC4EC#4&1ec7b392&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IAAStorageDevice-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
.\debug.cpp(400) : Destination "\Device\NdisWan"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANBH"
.\debug.cpp(400) : Destination "\Device\NDMP8"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10EC&DEV_8168&SUBSYS_210817AA&REV_02#FFFFFFFF00#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0020"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10EC&DEV_8168&SUBSYS_210817AA&REV_02#FFFFFFFF00#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0020"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1180&DEV_0852&SUBSYS_210D17AA&REV_12#4&7ee979b&0&04F0#{58b90d02-b4b0-4504-9bea-52b93082ddf6}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0025"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\drvmcdb"
.\debug.cpp(400) : Destination "\Device\drvmcdb"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_045E&PID_0745&MI_00#7&33666866&0&0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000071"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
.\debug.cpp(400) : Destination "\Device\VolMgrControl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgr"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
.\debug.cpp(400) : Destination "\Device\MailSlot"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_045E&PID_0745#5&26fbe77f&0&2#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-8"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
.\debug.cpp(400) : Destination "\DosDevices\COM1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&7b13611&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIPV6"
.\debug.cpp(400) : Destination "\Device\NDMP10"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCTCoreDriver"
.\debug.cpp(400) : Destination "\Device\PCTCoreDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio"
.\debug.cpp(400) : Destination "\Device\Ndisuio"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&19087a06&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000055"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\0000003d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
.\debug.cpp(400) : Destination "\Device\Null"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&244bafa7&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SstpDrv"
.\debug.cpp(400) : Destination "\Device\SstpDrv"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
.\debug.cpp(400) : Destination ""
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_045E&PID_0745&MI_00#7&33666866&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\00000071"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\0000003c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_168C&DEV_001C&SUBSYS_0035168C&REV_01#4&2f9c0b34&0&00E1#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0019"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SYNTP"
.\debug.cpp(400) : Destination "\Device\SynTP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WfpAle"
.\debug.cpp(400) : Destination "\Device\WfpAle"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_045E&PID_0745&MI_01&Col02#7&f8f2aa4&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\00000073"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000038"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1180&DEV_0592&SUBSYS_210C17AA&REV_12#4&7ee979b&0&03F0#{d2d3b8e3-2400-448c-8c0d-79abecfcfda3}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0024"
.\debug.cpp(409) : --
.\debug.cpp(453) : **********************************************
.\boot_cleaner.cpp(565) : System volume is \\.\C:
.\boot_cleaner.cpp(600) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000
.\boot_cleaner.cpp(276) : Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826
.\boot_cleaner.cpp(1061) :
.\boot_cleaner.cpp(1062) : Size Device Name MBR Status
.\boot_cleaner.cpp(1063) : --------------------------------------------
.\boot_cleaner.cpp(1107) : 149 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)
.\boot_cleaner.cpp(1113) :
.\boot_cleaner.cpp(1152) : Done;
-
Here is the cntrlV post; I hope I did this correctly; the black screen opened up as you said but even if I had the 7z file within the USB not sure if it ever acted upon the unzip file; sorry if I screwed up.
Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com
Program version: 1.2.0.1
OS Version: Microsoft Windows Vista Home Basic Edition Service Pack 2 (build 600
2), 32-bit
System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000
Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826
Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)
Done;
Press any key to quit...
-
One last thing to try.
Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
XP - Create new Restore Point (http://support.microsoft.com/kb/948247)
Vista and Seven - Create a new Restore Point (http://www.howtogeek.com/howto/windows-vista/create-a-restore-point-for-windows-vistas-system-restore/)
Download XP.zip file from here: XP.zip (http://www.smartestcomputing.us.com/files/download/9-registry-network-keys/)
Unzip the file.
You'll find six files inside.
Right click on MpsSvc.reg file, click "Merge".
Allow registry merge.
Restart computer and see if internet works.
If not ask please post fresh Farbar Service Scanner log.
-
Hi Dave
Sorry for the confusion but should it be vista.zip since the laptop is a vista? or the XPzip?
Thanks
-
Sorry. Choose the Vista zip.
-
Device manager is telling me that it cannot support a system restore point because of
0x80070032 could not support it.
Should I still go ahead with the Vista MpsSvc.reg file "Merge?
Also noticed when I went into device manager that there is a yellow caution sign besides Microsoft ASATAP adapter.
Should I have been trying the above under safe mode?
-
Also noticed when I went into device manager that there is a yellow caution sign besides Microsoft ASATAP adapter.
Here's (http://www.vistax64.com/vista-networking-sharing/30771-microsoft-isatap-adapter.html) some information about that.
Should I still go ahead with the Vista MpsSvc.reg file "Merge?
Yes, please.
-
Did the merge and no change.
Here is latest Farbar.
Dave, perhaps let me know how to restart at initial settings (anything important has been on USB and is safe at work) unless you feel that some of my attempts were not perfectly done (could be).
Farbar Service Scanner Version: 10-02-2012
Ran by Costa (administrator) on 20-02-2012 at 17:54:41
Running from "E:\FarBar"
Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86)
Boot Mode: Nerwork
****************************************************************
Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.
tdx Service is not running. Checking service configuration:
The start type of tdx service is OK.
The ImagePath of tdx service is OK.
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.
Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.
Checking LEGACY_MpsSvc: Attention! Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.
bfe Service is not running. Checking service configuration:
The start type of bfe service is set to Demand. The default start type is Auto.
The ImagePath of bfe: "NADA".
Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.
Checking LEGACY_bfe: Attention! Unable to open LEGACY_bfe\0000 registry key. The key does not exist.
Firewall Disabled Policy:
==================
System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.
Checking LEGACY_SDRSVC: Attention! Unable to open LEGACY_SDRSVC\0000 registry key. The key does not exist.
VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.
System Restore Disabled Policy:
========================
Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.
Checking LEGACY_BITS: Attention! Unable to open LEGACY_BITS\0000 registry key. The key does not exist.
EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.
Windows Defender:
=============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
Attention! C:\Windows\system32\Drivers\tdx.sys is missing.
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll
[2008-01-20 21:33] - [2008-01-20 21:33] - 0272952 ____A (Microsoft Corporation) 4575AA12561C5648483403541D0D7F2B
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
**** End of log ****
-
Dave, perhaps let me know how to restart at initial settings
Do you mean to do a complete Recovery?
unless you feel that some of my attempts were not perfectly done (could be).
No. I don't have a problem with how you performed the work at your end. It's just that C:\Windows\system32\Drivers\tdx.sys is missing.
ComboFix said it replaced that file but for some reason it's still showing as MIA. If all your important data has been saved, perhaps a Recovery would be the best thing to do at this point. You can find the instructions in Reply # 42. Instead of Repair you should choose Windows Complete PC Restore
-
Murphys Law has dictated that
A valid backup location could not be found. Attach the backup hard disk or insert the final DVD from a backup set and retry.
AAgghh
-
The only thing I can think of now is to find a Vista Home Basic disk to do the Restore.
-
Hi SuperDave
I want to thank you for all your help.
Will try to find a disk somewhere; difficult to keep up as the desktop hard drive just crashed as well
Thanks again
MtlHab
-
Hi SuperDave
I want to thank you for all your help.
Will try to find a disk somewhere; difficult to keep up as the desktop hard drive just crashed as well
Thanks again
MtlHab
You're welcome and good luck getting into the playoffs. ;D
-
Your comment has been removed. Please do not post malware advice, or post here in the malware forum, unless you need help. If you want to help, please go here. (http://www.computerhope.com/forum/index.php/topic,57605.0.html) Superdave.
-
Hi SuperDave
Which link in these forums is best for establishing security for 'new' HP lptop for teenager's usage, in terms of spyware, malware, etc?
The desktop has been Spybot and Avast protected so far.
BTW, Markov is back, the city is abuzz with the what-if??
Thanks again
Mtl
-
In reviewing your thread I just realized that there appears to be no Anti-Virus on your computer. If this is, in fact, to be true please download and install one of these free AV's, then run a full scan. We also should do some cleanup
Remember to only install one antivirus!
1) Avast! Home Edition (http://www.majorgeeks.com/Avast_Home_Edition_d1968.html)
2) AVG Free Edition (http://www.majorgeeks.com/download.php?det=886)
3) Avira AntiVir Personal (http://www.majorgeeks.com/AntiVir_Personal_Edition_7_d955.html)
4) Microsoft Security Essentials for Windows Vista\Windows 7 (http://majorgeeks.com/Microsoft_Security_Essentials_for_Windows_VistaWindows_7_d6242.html) - 64 bit Download (http://majorgeeks.com/downloadget.php?id=6242&file=5&evp=9112d44b71f157fc5d7fcd7724b088ca)
4-a) Microsoft Security Essentials for Windows XP (http://www.microsoft.com/security_essentials/)
5) Comodo Antivirus (http://www.majorgeeks.com/Comodo_AntiVirus_d5109.html) (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
6) PC Tools AntiVirus Free Edition (http://www.majorgeeks.com/PC_Tools_AntiVirus_Free_Edition_d5469.html)
7) ThreatFire (http://www.threatfire.com/)
It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.
***********************************************
Clean out your temporary internet files and temp files.
Download TFC by OldTimer (http://oldtimer.geekstogo.com/TFC.exe) to your desktop.
Double-click TFC.exe to run it.
Note: If you are running on Vista, right-click on the file and choose Run As Administrator
TFC will close all programs when run, so make sure you have saved all your work before you begin.
* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.
Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
**********************************************
Download this program and run it Uninstall ComboFix (http://download.bleepingcomputer.com/sUBs/CF_UNINST.EXE) .It will remove ComboFix for you
***********************************************
Go to Microsoft Windows Update (http://windowsupdate.microsoft.com/) and get all critical updates.
----------
I suggest using WOT - Web of Trust (http://www.mywot.com/). WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.
SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html)- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer (http://www.bleepingcomputer.com/forums/tutorial49.html) from Spyware and Malware
* If you don't know what ActiveX controls are, see here (http://www.webopedia.com/TERM/A/ActiveX_control.html)
Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. (http://www.safer-networking.org/en/spybotsd/index.html) Guide: Use Spybot's Immunize Feature (http://www.bleepingcomputer.com/tutorials/tutorial43.html#immunize) to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ (http://www.safer-networking.org/en/faq/index.html)
Check out Keeping Yourself Safe On The Web (http://evilfantasy.wordpress.com/2008/05/20/keeping-yourself-safe-on-the-web/) for tips and free tools to help keep you safe in the future.
Also see Slow Computer? It may not be Malware (http://evilfantasy.wordpress.com/2008/05/24/slow-computer-it-may-not-be-malware/) for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!