Author Topic: VistaAntispyware 2012 ??? (Read 29978 times)

MtlHab39 · « **on:** January 26, 2012, 07:50:33 PM »

Hi everyone
I have Lenovo laptop with Vista OS.

Wife and sons have been on line this evening and since then, it has been under attack as I have tried logging on.

Have a Vista icon popping up labeled Vista Antispyware 2012 - Unregistred Version telling me that 29 critical system objects have been found; the catch I guess is to get me to register which I have not. I have tried opening programs including spybot & malware but another Vista alert popps up telling me that Trojan-BNK.Win32.Keylogger.gen has infected the program...again, it asks me to register. I click on No, continue unprotected (dangerous) but the program will not run.

I do have CC cleaner, SysProt, SuperAntispyware and malware by Anti-Malware from last year's 'infection'.

Even as i type, pop-ups appears telling me that a Internet connection alert is present.

Please help as i have read the ground rules at the top of this section but I am unsure what to do next.

Also please specify how i can access the net (open with safe mode?).

Thank you

Allan · « **Reply #1 on:** January 27, 2012, 06:06:56 AM »

I didn't see any mention of an anti virus application installed. Anyway,

Please follow the instructions in the following link and post your logs:
http://www.computerhope.com/forum/index.php/topic,46313.0.html

SuperDave · « **Reply #2 on:** January 27, 2012, 11:54:04 AM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
***********************************************

Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
**************************************************
Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
* Save both reports to your desktop.
* The instructions here ask you to attach the Attach.txt.

1) DDS.txt
2) Attach.txt
Instead of attaching, please copy/past both logs into your Thread

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.

•Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE .Then post your DDS logs. (DDS.txt and Attach.txt )

MtlHab39 · « **Reply #3 on:** January 28, 2012, 07:11:48 AM »

Good morning
Tried booting in safe mode but Vista Alert bug pops up as soon as I open Explorer or even my Super AntiSpyware I am blocked.

I guess I need to do this...........

"If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line."

Just need to be clear...I transfer SuperAntiSpyware and Malware onto this computer and then onto a stick (don't even know how to burn info on to CD???sorry). Will this not affect security on this PC?
Shift key down for 10 sec: I do this upon USB entry and removal from both laptop and PC?

Apologize about the level of knowledge but am waiting for children to get older so they could handle this

SuperDave · « **Reply #4 on:** January 28, 2012, 11:37:37 AM »

Quote

Will this not affect security on this PC?
Shift key down for 10 sec: I do this upon USB entry and removal from both laptop and PC?

Just use the 10 sec. rule and your computer will be safe.

MtlHab39 · « **Reply #5 on:** February 01, 2012, 04:34:16 PM »

Did as you said and used a USB to load and import Super AntiSpyware and malware and DDS.
Held shift button after loading with Safe mode; virus popped blocking SAS but allowed Malware to be installed and updated; asked me to reboot to finish for Malware.

Did this (was not sure what to do with USB during reboot time) so left it in place.

Upon reboot, was able to uninstall old SAS and load updates for new SAS; so far so good.
Update: started the SAS scan.

Will let you know...

MtlHab39 · « **Reply #6 on:** February 02, 2012, 04:19:40 AM »

Here is SAS
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/01/2012 at 10:55 PM

Application Version : 5.0.1142

Core Rules Database Version : 8191
Trace Rules Database Version: 6003

Scan type : Complete Scan
Total Scan Time : 01:25:53

Operating System Information
Windows Vista Home Basic 32-bit, Service Pack 2 (Build 6.00.6002)
UAC Off - Administrator

Memory items scanned : 345
Memory threats detected : 3
Registry items scanned : 37957
Registry threats detected : 5
File items scanned : 164078
File threats detected : 53

Malware.Trace
   HKU\S-1-5-21-2953296840-3789730768-1391761679-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON#SHELL

Adware.Tracking Cookie
   C:\USERS\COSTA\AppData\Roaming\Microsoft\Windows\Cookies\Low\5AUJ5IRS.txt [ Cookie:[email protected]/accounts ]
   C:\USERS\COSTA\AppData\Roaming\Microsoft\Windows\Cookies\Low\XKCF6KNM.txt [ Cookie:[email protected]/adserving ]
   C:\USERS\COSTA\AppData\Roaming\Microsoft\Windows\Cookies\Low\GME1A6YG.txt [ Cookie:[email protected]/ ]
   C:\USERS\COSTA\AppData\Roaming\Microsoft\Windows\Cookies\Low\HAX3EHSQ.txt [ Cookie:[email protected]/accounts/ ]
   C:\USERS\COSTA\AppData\Roaming\Microsoft\Windows\Cookies\Low\9JJK9FZR.txt [ Cookie:[email protected]/ ]
   C:\USERS\COSTA\AppData\Roaming\Microsoft\Windows\Cookies\Low\QH39A6IL.txt [ Cookie:[email protected]/ ]
   C:\USERS\COSTA\AppData\Roaming\Microsoft\Windows\Cookies\Low\5BNZVZI8.txt [ Cookie:[email protected]/ ]
   C:\USERS\COSTA\AppData\Roaming\Microsoft\Windows\Cookies\Low\CF1QQXER.txt [ Cookie:[email protected]/accounts ]
   C:\USERS\COSTA\AppData\Roaming\Microsoft\Windows\Cookies\Low\PWA45YBW.txt [ Cookie:[email protected]/ ]
   C:\USERS\COSTA\AppData\Roaming\Microsoft\Windows\Cookies\Low\TZ112SZC.txt [ Cookie:[email protected]/ads/ ]
   C:\USERS\COSTA\AppData\Roaming\Microsoft\Windows\Cookies\Low\IKOR3Y1K.txt [ Cookie:[email protected]/ ]
   C:\USERS\COSTA\AppData\Roaming\Microsoft\Windows\Cookies\Low\0TIA0YRS.txt [ Cookie:[email protected]/cgi-bin ]
   C:\USERS\COSTA\AppData\Roaming\Microsoft\Windows\Cookies\Low\EENEGICA.txt [ Cookie:[email protected]/accounts ]
   C:\USERS\COSTA\AppData\Roaming\Microsoft\Windows\Cookies\Low\S5EXYI06.txt [ Cookie:[email protected]/ ]
   C:\$RECYCLE.BIN\S-1-5-21-2953296840-3789730768-1391761679-1003\$RNRK2WB\DOCUMENTS AND SETTINGS\TEMP\COOKIES\[email protected][2].TXT [ /AD.WSOD ]
   secure-us.imrworldwide.com [ C:\USERS\COSTA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7JEYPD8L ]
   .imrworldwide.com [ C:\USERS\COSTA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GYI7I6ZF.DEFAULT\COOKIES.SQLITE ]
   .imrworldwide.com [ C:\USERS\COSTA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GYI7I6ZF.DEFAULT\COOKIES.SQLITE ]
   .at.atwola.com [ C:\USERS\COSTA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GYI7I6ZF.DEFAULT\COOKIES.SQLITE ]
   .tacoda.at.atwola.com [ C:\USERS\COSTA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GYI7I6ZF.DEFAULT\COOKIES.SQLITE ]
   .tacoda.at.atwola.com [ C:\USERS\COSTA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GYI7I6ZF.DEFAULT\COOKIES.SQLITE ]
   .tacoda.at.atwola.com [ C:\USERS\COSTA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GYI7I6ZF.DEFAULT\COOKIES.SQLITE ]
   .tacoda.at.atwola.com [ C:\USERS\COSTA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GYI7I6ZF.DEFAULT\COOKIES.SQLITE ]
   .at.atwola.com [ C:\USERS\COSTA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GYI7I6ZF.DEFAULT\COOKIES.SQLITE ]
   .tacoda.at.atwola.com [ C:\USERS\COSTA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GYI7I6ZF.DEFAULT\COOKIES.SQLITE ]
   .ar.atwola.com [ C:\USERS\COSTA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GYI7I6ZF.DEFAULT\COOKIES.SQLITE ]
   .revsci.net [ C:\USERS\COSTA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GYI7I6ZF.DEFAULT\COOKIES.SQLITE ]
   .revsci.net [ C:\USERS\COSTA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GYI7I6ZF.DEFAULT\COOKIES.SQLITE ]
   .revsci.net [ C:\USERS\COSTA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GYI7I6ZF.DEFAULT\COOKIES.SQLITE ]
   .revsci.net [ C:\USERS\COSTA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GYI7I6ZF.DEFAULT\COOKIES.SQLITE ]
   .legolas-media.com [ C:\USERS\COSTA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GYI7I6ZF.DEFAULT\COOKIES.SQLITE ]
   .legolas-media.com [ C:\USERS\COSTA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GYI7I6ZF.DEFAULT\COOKIES.SQLITE ]
   video.baronsmedia.com [ C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\SEJGYGW7 ]
   vitamine.networldmedia.net [ C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\SEJGYGW7 ]

Trojan.Agent/Gen-Kazy
   [48C.exe] C:\PROGRAM FILES\LP\1199\48C.EXE
   C:\PROGRAM FILES\LP\1199\48C.EXE
   [48C.exe] C:\USERS\COSTA\APPDATA\ROAMING\MICROSOFT\1199\48C.EXE
   C:\USERS\COSTA\APPDATA\ROAMING\MICROSOFT\1199\48C.EXE
   [Load] C:\USERS\COSTA\APPDATA\ROAMING\0A1FD\LVVM.EXE
   C:\USERS\COSTA\APPDATA\ROAMING\0A1FD\LVVM.EXE
   C:\USERS\COSTA\APPDATA\ROAMING\9EB0A\B3B11.EXE
   C:\USERS\COSTA\APPDATA\ROAMING\9EB0A\B3B11.EXE
   C:\PROGRAM FILES\LP\1199\48C.EXE
   C:\PROGRAM FILES\0A1FD\LVVM.EXE
   C:\PROGRAM FILES\0A1FD\LVVM.EXE

Trojan.Agent/Gen-Kryptik
   [{AD82FCD2-11F7-AD7E-C49A-DA9B163BA1B6}] C:\USERS\COSTA\APPDATA\ROAMING\XIYPYC\QYFA.EXE
   C:\USERS\COSTA\APPDATA\ROAMING\XIYPYC\QYFA.EXE

Trojan.Agent/Gen
   C:\PROGRAMDATA\0LIK14T3.EXE
   C:\WINDOWS\SYSTEM32\8LKYO1UK.COM
   C:\WINDOWS\SYSTEM32\8LKYO1UK.COM_
   C:\WINDOWS\TEMP\HKI3485.EXE
   C:\WINDOWS\TEMP\VGMRHE\SETUP.EXE

Trojan.Agent/Gen-Rimecud
   C:\SWTOOLS\APPS\DDNI\DIBS\PROGRAMFILES\DDNISERVICE.EXE

Trojan.Agent/Gen-Kazy[EX]
   C:\USERS\COSTA\APPDATA\LOCAL\TEMP\ARSNOMXEWC.EXE
   C:\USERS\COSTA\APPDATA\ROAMING\WINWORD.EXE

Trojan.Agent/Gen-MSFake
   C:\USERS\COSTA\APPDATA\LOCAL\TEMP\CWSAEXORNM.EXE

Trojan.Agent/Gen-FraudScan[Prod]
   C:\USERS\COSTA\APPDATA\LOCAL\TEMP\MSIMG32.DLL
   C:\USERS\COSTA\APPDATA\LOCAL\TEMP\WOSMCXENRA.EXE
   C:\WINDOWS\SYSTEM32\DRIVERS\TDX.SYS
   C:\WINDOWS\WINSXS\X86_MICROSOFT-WINDOWS-TDI-OVER-TCPIP_31BF3856AD364E35_6.0.6002.18005_NONE_EC294157D9377403\TDX.SYS

Here is Malware
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.01.13.04

Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Costa :: COSTA-PC [administrator]

2012-02-01 11:12:18 PM
mbam-log-2012-02-01 (23-12-18).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 355337
Time elapsed: 57 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smad (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Smad (Trojan.Agent) -> Data: "C:\Users\Costa\AppData\Local\SanctionedMedia\Smad\Smad.exe" -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Costa\AppData\Local\SanctionedMedia\Smad\Smad.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Costa\Local Settings\Application Data\SanctionedMedia\Smad\Smad.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

Here is the DDS
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Costa at 0:32:59.30 on 2012-02-02
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.2.1033.18.2013.816 [GMT -5:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Lenovo\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe
C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Lenovo\ATK Hotkey\LCONTROL.exe
C:\Program Files\Lenovo\ATK Hotkey\LFKA.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\DDNI\DIBS\DDNIService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\IoctlSvc.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Windows\System32\TPHDEXLG.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe
C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE
C:\Program Files\Lenovo\LenovoCare\LPMLCHK.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe
C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\PC Tools Security\BDT\FGuard.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Brother\BPRSP\resources\BrSupSsp.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Browny02\BrYNSvc.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k wdisvc
C:\PROGRA~1\ThinkPad\UTILIT~1\PWMUIAux.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Costa\Desktop\dds.scr
C:\Windows\system32\conime.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:52162
uSearchURL,(Default) = hxxp://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
uURLSearchHooks: Softonic English Toolbar: {930f1200-f5f1-4870-bac6-e233ec8e7023} - c:\program files\softonic_english\tbSoft.dll
uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
uURLSearchHooks: H - No File
mURLSearchHooks: Softonic English Toolbar: {930f1200-f5f1-4870-bac6-e233ec8e7023} - c:\program files\softonic_english\tbSoft.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Softonic English Toolbar: {930f1200-f5f1-4870-bac6-e233ec8e7023} - c:\program files\softonic_english\tbSoft.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Softonic English Toolbar: {930f1200-f5f1-4870-bac6-e233ec8e7023} - c:\program files\softonic_english\tbSoft.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TpShocks] TpShocks.exe
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\LVOSDSVC.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatchTray10.exe"
mRun: [RoxioDragToDisc] "c:\program files\lenovo\drag-to-disc\DrgToDsc.exe"
mRun: [AMSG] c:\program files\thinkvantage\amsg\Amsg.exe /startup
mRun: [LPManager] c:\progra~1\lenovo\lenovo~2\LPMGR.exe
mRun: [LPMailChecker] c:\progra~1\lenovo\lenovo~2\LPMLCHK.exe
mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BTVLogEx.DLL,StartBattLog
mRun: [CreateLMBCShortCut] "c:\program files\lenovo\mobile broadband connect\UserShortcutCreator.exe"
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [ACWlIcon] c:\program files\thinkpad\connectutilities\ACWlIcon.exe
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [IdeaNotesUser] c:\program files\ddni\lenovo idea notes\DDNIMSGUser.exe
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PCTools FGuard] c:\program files\pc tools security\bdt\FGuard.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [BrStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\brothe~1.lnk - c:\windows\installer\{8040527f-dd74-4b45-8a06-c4bf145b6c76}\BrSupSsp.exe_44686FC076524EF5975EF92EE48E2958.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
LSP: mswsock.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\costa\appdata\roaming\mozilla\firefox\profiles\gyi7i6zf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2786678&SearchSource=13
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 52162
FF - prefs.js: network.proxy.type - 1
FF - component: c:\program files\pc tools security\bdt\firefox\platform\winnt_x86-msvc\components\libheuristic.dll
FF - component: c:\users\costa\appdata\roaming\mozilla\firefox\profiles\gyi7i6zf.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCore.dll
FF - component: c:\users\costa\appdata\roaming\mozilla\firefox\profiles\gyi7i6zf.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\costa\appdata\roaming\mozilla\firefox\profiles\gyi7i6zf.default\extensions\[email protected]\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Browser Defender Toolbar: {cb84136f-9c44-433a-9048-c5cd9df1dc16} - c:\program files\pc tools security\bdt\Firefox
FF - Ext: Conduit Engine : [email protected] - %profile%\extensions\[email protected]
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-3-13 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-3-13 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-3-13 656320]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2008-5-14 19496]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2008-5-19 13480]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools security\bdt\BDTUpdateService.exe [2011-3-13 247760]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 DDNIMSGService;DDNIMSGService;c:\program files\ddni\lenovo idea notes\DDNIMSGService.exe [2009-6-23 171872]
R2 DDNIService;DDNIService;c:\program files\ddni\dibs\DDNIService.exe [2010-4-18 163680]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 LFKAS;Service of LFKA;c:\program files\lenovo\atk hotkey\LFKAS.exe [2009-5-19 208896]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2009-5-19 66848]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2008-9-23 53325]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2008-5-24 520192]
R3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2011-5-9 245760]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-5-19 112128]
S1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2009-5-19 48192]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-8 136176]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\roxio\digital home 10\RoxioUpnpService10.exe [2008-4-25 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2008-4-25 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2008-4-25 166384]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-9-8 1153368]
S2 SessionLauncher;SessionLauncher;c:\users\admini~1\appdata\local\temp\dx9\sessionlauncher.exe --> c:\users\admini~1\appdata\local\temp\dx9\SessionLauncher.exe [?]
S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\lenovo\rescue and recovery\UpdateMonitor.exe [2008-5-24 360448]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-10-8 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\roxio\digital home 10\RoxioUPnPRenderer10.exe [2008-4-25 313840]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-4-25 1120752]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2011-3-13 366840]
S3 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2011-3-13 1150936]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2011-12-5 92592]
.
=============== Created Last 30 ================
.
2012-02-02 00:16:17   440192   ----a-w-   c:\windows\system32\drivers\ksecdd.sys
2012-02-02 00:16:17   278528   ----a-w-   c:\windows\system32\schannel.dll
2012-02-02 00:16:17   1259008   ----a-w-   c:\windows\system32\lsasrv.dll
2012-02-02 00:16:16   9728   ----a-w-   c:\windows\system32\lsass.exe
2012-02-02 00:16:16   72704   ----a-w-   c:\windows\system32\secur32.dll
2012-02-02 00:16:16   377344   ----a-w-   c:\windows\system32\winhttp.dll
2012-01-28 13:34:40   --------   d-----w-   c:\program files\0A1FD
2012-01-28 13:34:30   --------   d-----w-   c:\program files\LP
2012-01-27 01:56:21   --------   d-----w-   c:\users\costa\appdata\roaming\Xiypyc
2012-01-27 01:56:21   --------   d-----w-   c:\users\costa\appdata\roaming\Bavu
2012-01-27 01:52:45   --------   d-----w-   c:\users\costa\appdata\roaming\0A1FD
2012-01-27 01:52:33   98816   ----a-w-   c:\users\costa\appdata\roaming\microsoft\1199\E85F.tmp
2012-01-27 01:52:23   --------   d-----w-   c:\users\costa\appdata\roaming\9EB0A
2012-01-27 01:51:49   --------   d-----w-   c:\users\costa\appdata\local\SanctionedMedia
2012-01-24 13:39:27   6557240   ----a-w-   c:\progra~2\microsoft\windows defender\definition updates\{13b9286a-88e7-4de5-8347-ee27386ae36b}\mpengine.dll
2012-01-11 18:55:15   376320   ----a-w-   c:\windows\system32\winsrv.dll
2012-01-11 18:55:08   189952   ----a-w-   c:\windows\system32\winmm.dll
2012-01-11 18:55:07   23552   ----a-w-   c:\windows\system32\mciseq.dll
2012-01-11 18:55:01   1205064   ----a-w-   c:\windows\system32\ntdll.dll
2012-01-11 18:54:39   66560   ----a-w-   c:\windows\system32\packager.dll
2012-01-11 18:54:32   2409784   ----a-w-   c:\program files\windows mail\OESpamFilter.dat
2012-01-11 18:54:19   497152   ----a-w-   c:\windows\system32\qdvd.dll
2012-01-11 18:54:19   1314816   ----a-w-   c:\windows\system32\quartz.dll
2012-01-05 21:22:23   --------   d-----w-   c:\program files\TomTom HOME 2
2012-01-05 21:09:28   --------   d-----w-   c:\program files\MyTomTom 3
2012-01-05 16:20:26   --------   d-----w-   c:\progra~2\TomTom
2012-01-05 16:18:04   --------   d-----w-   c:\users\costa\appdata\roaming\TomTom
2012-01-05 16:18:04   --------   d-----w-   c:\users\costa\appdata\local\TomTom
2012-01-05 16:18:01   --------   d-----w-   c:\program files\TomTom International B.V
.
==================== Find3M ====================
.
2012-01-27 01:52:36   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 13:37:27   2043904   ----a-w-   c:\windows\system32\win32k.sys
2011-11-15 19:29:56   222080   ------w-   c:\windows\system32\MpSigStub.exe
2011-11-08 14:42:19   2048   ----a-w-   c:\windows\system32\tzres.dll
.
============= FINISH: 0:34:28.55 ===============

Here is the attachtxt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume1
Install Date: 2009-05-19 2:13:34 PM
System Uptime: 2012-02-02 12:24:28 AM (0 hours ago)
.
Motherboard: LENOVO | | 2743CTO
Processor: Intel(R) Core(TM)2 Duo CPU T6570 @ 2.10GHz | Socket 478 | 1200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 138 GiB total, 78.607 GiB free.
D: is CDROM ()
E: is Removable
Q: is FIXED (NTFS) - 10 GiB total, 4.1 GiB free.
S: is FIXED (NTFS) - 1 GiB total, 0.686 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0001
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter
PNP Device ID: ROOT\*ISATAP\0001
Service: tunnel
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
.
Update for Microsoft Office 2007 (KB2508958)
ABBYY PDF Transformer 2.0
Access Help
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.1)
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
Bonjour
Brother Product Research and Support Program
Browser Defender 3.0
CCleaner
CCScore
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Client Security - Password Manager
Comical 0.8
Conduit Engine
Conexant HD Audio
D3DX10
DIBS
DirectXInstallService
DivX Web Player
Drag-to-Disc
ESET Online Scanner v3
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
ExamView Player
ExamView Pro
fflink
Foxit Reader
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
HDAUDIO Soft Data Fax Modem with SmartCP
Help Center
HiJackThis
HL-2240
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
InterVideo Register Manager
InterVideo WinDVD
iTunes
Java Auto Updater
Java(TM) 6 Update 24
Kodak EasyShare software
Lenovo Care
Lenovo Care Supplement
Lenovo Central
Lenovo Idea Notes
Lenovo Registration
Lenovo System Interface Driver
Lenovo System Toolbox
Lenovo Welcome v1.0.24.3
Lenovo_ATK_Package
Malwarebytes Anti-Malware version 1.60.1.1000
McAfee Security Scan Plus
Message Center
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mobile Broadband Connect
Mozilla Firefox (3.0.19)
MP3 Rocket
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML4SP2
MyTomTom 3.1.0.530
Nero 8
neroxml
netbrdg
OfotoXMI
On Screen Display
Presentation Director
Product Recovery Disc Burning Utility
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
Registry patch for Windows Vista USB S3 PM Enablement
Registry patch of Changing Timing of IDLE IRP by Finger Print Driver for Windows Vista
Registry Patch of Enabling Device Initiated Power Management(DIPM) on SATA for Windows Vista
Registry patch to improve USB device detection on resume from sleep for Windows Vista
Rescue and Recovery
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01
Roxio Activation Module
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Creator Small Business Edition
Roxio Express Labeler 3
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Groove 2007 (KB2552997)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Segoe UI
SFR
SHASTA
skin0001
SKINXSDK
Soap 3.0 Toolkit
Softonic_English Toolbar
Sonic CinePlayer Decoder Pack
Sonic Icons for Lenovo
Spybot - Search & Destroy
Spyware Doctor 8.0
staticcr
SUPERAntiSpyware
System Update
ThinkPad EasyEject Utility
ThinkPad FullScreen Magnifier
ThinkPad Hotkey Features Setup
ThinkPad Mobility Center Customization
ThinkPad Power Management Driver for SL Series
ThinkPad Power Manager
ThinkPad UltraNav Driver
ThinkPad UltraNav Utility
Thinkpad Wireless LAN Adapters Software (11a/b/g/n)
ThinkVantage Access Connections
ThinkVantage Active Protection System
ThinkVantage Status Gadget
ThinkVantage Technologies Welcome Message
TomTom HOME 2.8.3.2458
TomTom HOME Visual Studio Merge Modules
UFile 2009
UFile 2010
UFile Updater 2009
UFile Updater 2010
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.762
Verizon Wireless BroadbandAccess Self Activation
Visual Studio C++ 10.0 Runtime
VPRINTOL
Wallpapers
Windows Driver Package - Lenovo 1.44 (05/14/2008 1.44)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player Firefox Plugin
WinRAR archiver
WIRELESS
WOT for Internet Explorer
.
==== End Of File ===========================

Thnaks for the help.

SuperDave · « **Reply #7 on:** February 02, 2012, 12:40:47 PM »

Download OTL to your desktop.

* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code: [Select]

:OTL

uURLSearchHooks: H - No File
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 52162

:COMMANDS
[resethosts]
[purity]
[start explorer]

* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
**************************************************************
Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

Close any open windows and double click ComboFix.exe to run it.

You will see the following image:

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.

MtlHab39 · « **Reply #8 on:** February 05, 2012, 04:07:15 PM »

Hi SuperDave

Since last we spoke, have not been able to get online even in safe mode.
Via USB, have ran OTL without any problem; will post results soon but seemed to be clear.

Combofix has run for ~30 minutes and seemed to get stuck when a pop up window said that the PC has been 'infected with Rootkit'; this was a couple of minutes after it had another window saying that it 'failed to get data for Enable LUA or LVA'.

It asked me to rerun Combofix again so I have; same result except it seems to have done something to rootkit; window now says that
'Combofix has detected the presence of rootkit activity and needs to reboot the machine'

Do I press OK or will combofix continue itself?

MtlHab39 · « **Reply #9 on:** February 05, 2012, 04:23:07 PM »

Pressed OK and the whole process has went faster than first 2 times but......still finds rootkit and same windows telling me to close and reboot.

I will look for created file for combofix and post next.

SuperDave · « **Reply #10 on:** February 05, 2012, 07:07:58 PM »

Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

On completion of the scan click save log, save it to your desktop and post in your next reply

MtlHab39 · « **Reply #11 on:** February 06, 2012, 08:08:56 AM »

Here is the OTL report.

========== OTL ==========
Prefs.js: network.proxy.http - 127.0.0.1 removed from refs.js
Prefs.js: network.proxy.http_port - 52162 removed from refs.js
========== COMMANDS ==========
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 02052012_164956

I will post the asw once complete.

MtlHab39 · « **Reply #12 on:** February 06, 2012, 08:19:48 AM »

Here is the ASW report

aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-06 10:15:34
-----------------------------
10:15:34.583 OS Version: Windows 6.0.6002 Service Pack 2
10:15:34.583 Number of processors: 2 586 0x170A
10:15:34.583 ComputerName: COSTA-PC UserName: Costa
10:15:35.582 Initialize success
10:15:56.969 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
10:15:56.969 Disk 0 Vendor: HITACHI_ FB2Z Size: 152627MB BusType: 3
10:15:56.985 Disk 0 MBR read successfully
10:15:56.985 Disk 0 MBR scan
10:15:56.985 Disk 0 unknown MBR code
10:15:57.001 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1500 MB offset 2048
10:15:57.016 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 141124 MB offset 3074048
10:15:57.047 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 10000 MB offset 292098048
10:15:57.047 Disk 0 scanning sectors +312578048
10:15:57.125 Disk 0 scanning C:\Windows\system32\drivers
10:16:05.534 Service scanning
10:16:09.574 Modules scanning
10:16:21.695 Disk 0 trace - called modules:
10:16:21.727 ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys acpi.sys hal.dll iastor.sys
10:16:21.727 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d055f0]
10:16:21.758 3 CLASSPNP.SYS[897d08b3] -> nt!IofCallDriver -> [0x86d05df0]
10:16:21.758 5 PCTCore.sys[83704099] -> nt!IofCallDriver -> [0x85842118]
10:16:21.773 7 acpi.sys[806d06bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x861f9028]
10:16:21.773 Scan finished successfully
10:16:37.249 Disk 0 MBR has been saved successfully to "C:\Users\Costa\Desktop\MBR.dat"
10:16:37.249 The log file has been saved successfully to "C:\Users\Costa\Desktop\aswMBR.txt"
10:17:14.720 Disk 0 MBR has been saved successfully to "E:\ASW\MBR.dat"
10:17:14.735 The log file has been saved successfully to "E:\ASW\aswMBR.txt"

SuperDave · « **Reply #13 on:** February 06, 2012, 12:29:49 PM »

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.

Link 1
Link 2
Link 3

•Double-click on MBRCheck.exe to run it.

•It will open a black window...please do not fix anything (if it gives you an option).

•When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.

•A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
•Please copy and paste the contents of that log in your next reply.

MtlHab39 · « **Reply #14 on:** February 06, 2012, 02:56:28 PM »

Black box opens with this message after 5 seconds

Found non-standard or infected MBR.
Enter 'Y' and hit enter for more options, or 'N' to exit:

what should I do next?

SuperDave · « **Reply #15 on:** February 06, 2012, 04:48:24 PM »

Run the Vista Recovery Console.

1. Eject and remove any discs or memory cards from your computer.

2. Click the "Start" button on the desktop to open the Start menu, click the small arrow icon to the right of the lock icon and select "Restart".

3. Hold the "F8" key on your computer's keyboard as Windows Vista reboots.

4. Highlight and select "Repair your computer" choose your keyboard type and click "Next".

5. Choose your user name, type your password if prompted and click "OK" to access the System Recovery Options menu.

6. Next type bootrec /fixmbr

7. If it ask if you're sure you want to write a new MBR, answer 'Y'

8. Then type EXIT to reboot the machine.

9.With that done, please post back and let me know how things are now.

MtlHab39 · « **Reply #16 on:** February 06, 2012, 06:50:47 PM »

I finally got through to the System Recovery Options Window
Went into command prompt
Typed in bootrec/fixmbr
Told me the operation completed successfully.
Seems to have worked since I retried MBR check and ran without any issues; here is the log

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version:      Windows Vista Home Basic Edition
Windows Information:      Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer:   LENOVO
BIOS Manufacturer:      LENOVO
System Manufacturer:      LENOVO
System Product Name:      2743CTO
Logical Drives Mask:      0x0005001c

Kernel Drivers (total 173):
0x83052000 \SystemRoot\system32\ntkrnlpa.exe
0x8301F000 \SystemRoot\system32\hal.dll
0x80401000 \SystemRoot\system32\kdcom.dll
0x80408000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80478000 \SystemRoot\system32\PSHED.dll
0x80489000 \SystemRoot\system32\BOOTVID.dll
0x80491000 \SystemRoot\system32\CLFS.SYS
0x804D2000 \SystemRoot\system32\CI.dll
0x80608000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80684000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80691000 \SystemRoot\system32\drivers\fltmgr.sys
0x806C3000 \SystemRoot\system32\drivers\acpi.sys
0x80709000 \SystemRoot\system32\drivers\WMILIB.SYS
0x80712000 \SystemRoot\system32\drivers\msisadrv.sys
0x8071A000 \SystemRoot\system32\drivers\pci.sys
0x80741000 \SystemRoot\System32\drivers\partmgr.sys
0x80750000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80753000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8075D000 \SystemRoot\system32\drivers\volmgr.sys
0x8076C000 \SystemRoot\System32\drivers\volmgrx.sys
0x807B6000 \SystemRoot\System32\drivers\mountmgr.sys
0x83605000 \SystemRoot\system32\drivers\iastor.sys
0x836DF000 \SystemRoot\system32\drivers\fileinfo.sys
0x836EF000 \SystemRoot\system32\drivers\PCTCore.sys
0x8372C000 \SystemRoot\system32\drivers\pctDS.sys
0x89007000 \SystemRoot\system32\drivers\pctEFA.sys
0x890AC000 \SystemRoot\System32\Drivers\DRVMCDB.SYS
0x890C3000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x890CD000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8920D000 \SystemRoot\system32\drivers\ndis.sys
0x89318000 \SystemRoot\system32\drivers\msrpc.sys
0x89343000 \SystemRoot\system32\drivers\NETIO.SYS
0x89401000 \SystemRoot\System32\drivers\tcpip.sys
0x894EB000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x89605000 \SystemRoot\System32\Drivers\Ntfs.sys
0x89715000 \SystemRoot\system32\drivers\volsnap.sys
0x8974E000 \SystemRoot\System32\DRIVERS\ApsHM86.sys
0x89756000 \SystemRoot\System32\Drivers\spldr.sys
0x8975E000 \SystemRoot\System32\DRIVERS\Apsx86.sys
0x8977C000 \SystemRoot\System32\Drivers\mup.sys
0x8978B000 \SystemRoot\System32\drivers\ecache.sys
0x897B2000 \SystemRoot\system32\drivers\disk.sys
0x897C3000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x897E4000 \SystemRoot\system32\drivers\crcdisk.sys
0x895E0000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x895EB000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8937E000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8DC0E000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8E52B000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8E5CB000 \SystemRoot\System32\drivers\watchdog.sys
0x8E5D7000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8938D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8E5E2000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8913F000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8E802000 \SystemRoot\system32\DRIVERS\athr.sys
0x8E8E6000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8E907000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8E917000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8E925000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8E93F000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x8E950000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x8E964000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8E9B6000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8E9C9000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x893CB000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8E9D4000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8E9D6000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8E9E1000 \SystemRoot\system32\DRIVERS\ibmpmdrv.sys
0x8E9E5000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0x8E9E7000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8E5F1000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8E5F7000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8DC00000 \SystemRoot\system32\DRIVERS\A0101V32.sys
0x891CC000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x83783000 \SystemRoot\system32\DRIVERS\storport.sys
0x895F4000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x837C4000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x89200000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x837DB000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x807C6000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x807D5000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x807E9000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x805B2000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8DC08000 \SystemRoot\system32\DRIVERS\psadd.sys
0x8E800000 \SystemRoot\system32\DRIVERS\swenum.sys
0x805C2000 \SystemRoot\system32\DRIVERS\ks.sys
0x805EC000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8F40B000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8F418000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8F44D000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8F45E000 \SystemRoot\system32\drivers\CHDRT32.sys
0x8F49F000 \SystemRoot\system32\drivers\portcls.sys
0x8F4CC000 \SystemRoot\system32\drivers\drmk.sys
0x8F4F1000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x91005000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x91107000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x911BC000 \SystemRoot\system32\drivers\modem.sys
0x911C9000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x8F52E000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x911EA000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8F545000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x911F3000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8F555000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8F55E000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8F575000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8F57E000 \SystemRoot\System32\Drivers\Null.SYS
0x8F585000 \SystemRoot\System32\Drivers\Beep.SYS
0x911FA000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
0x8F58C000 \SystemRoot\System32\drivers\vga.sys
0x8F598000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8F5B9000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8F5C1000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8F5C9000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8F5D4000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8F5E2000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8F5EB000 \SystemRoot\system32\DRIVERS\smb.sys
0x9120C000 \SystemRoot\system32\drivers\afd.sys
0x91254000 \SystemRoot\System32\DRIVERS\netbt.sys
0x91286000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x9128F000 \SystemRoot\system32\DRIVERS\pacer.sys
0x912A5000 \SystemRoot\system32\DRIVERS\netbios.sys
0x912B3000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x912C6000 \SystemRoot\System32\drivers\Tppwr32v.sys
0x912CC000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x912EE000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x912F4000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x91330000 \SystemRoot\system32\drivers\nsiproxy.sys
0x9133A000 \SystemRoot\system32\DRIVERS\smiif32.sys
0x9133C000 \SystemRoot\System32\Drivers\dfsc.sys
0x91353000 \SystemRoot\System32\Drivers\crashdmp.sys
0x89506000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x9BA90000 \SystemRoot\System32\win32k.sys
0x91360000 \SystemRoot\System32\drivers\Dxapi.sys
0x9136A000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9BCB0000 \SystemRoot\System32\TSDDD.dll
0x9BCD0000 \SystemRoot\System32\cdd.dll
0x91379000 \SystemRoot\system32\drivers\luafv.sys
0x91394000 \SystemRoot\system32\DRIVERS\tvtfilter.sys
0x9139D000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0x913A8000 \SystemRoot\System32\DLA\DLADResM.SYS
0x913A9000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0x913C1000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0x913C6000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0x913C8000 \SystemRoot\System32\DLA\DLABMFSM.SYS
0x913CF000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0x913D6000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0x8240F000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0x82426000 \SystemRoot\system32\drivers\spsys.sys
0x824D6000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x824E6000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x82510000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8251A000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x8252D000 \??\C:\Program Files\Lenovo\ATK Hotkey\ASMMAP.sys
0x82534000 \SystemRoot\system32\drivers\HTTP.sys
0x825A1000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x825BE000 \SystemRoot\system32\DRIVERS\bowser.sys
0x825D7000 \SystemRoot\system32\drivers\mrxdav.sys
0xADA00000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xADA1F000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xADA58000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xADA70000 \SystemRoot\System32\DRIVERS\srv2.sys
0xADA98000 \SystemRoot\System32\DRIVERS\srv.sys
0xADAE7000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xADAFD000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xADB12000 \SystemRoot\System32\Drivers\fastfat.SYS
0xADB3A000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xB7E00000 \SystemRoot\system32\drivers\peauth.sys
0xB7EDE000 \SystemRoot\System32\Drivers\secdrv.SYS
0xB7EE8000 \SystemRoot\System32\drivers\tcpipreg.sys
0xB7EF4000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xB7F09000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0xB7F1B000 \SystemRoot\system32\DRIVERS\xaudio.sys
0x771D0000 \Windows\System32\ntdll.dll

Processes (total 110):
0 System Idle Process
4 System
528 C:\Windows\System32\smss.exe
660 csrss.exe
704 C:\Windows\System32\wininit.exe
716 csrss.exe
748 C:\Windows\System32\services.exe
760 C:\Windows\System32\lsass.exe
768 C:\Windows\System32\lsm.exe
848 C:\Windows\System32\winlogon.exe
968 C:\Windows\System32\svchost.exe
1032 C:\Windows\System32\ibmpmsvc.exe
1084 C:\Windows\System32\svchost.exe
1144 C:\Windows\System32\svchost.exe
1252 C:\Windows\System32\svchost.exe
1264 C:\Windows\System32\svchost.exe
1344 C:\Windows\System32\audiodg.exe
1364 C:\Windows\System32\svchost.exe
1380 C:\Windows\System32\SLsvc.exe
1408 C:\Windows\System32\svchost.exe
1624 C:\Program Files\Lenovo\ATK Hotkey\ASLDRSrv.exe
1636 C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe
1664 C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe
1672 C:\Windows\System32\wlanext.exe
1796 C:\Windows\System32\spoolsv.exe
1996 C:\Windows\System32\dwm.exe
2020 C:\Windows\System32\taskeng.exe
376 C:\Windows\System32\taskeng.exe
412 C:\Windows\System32\taskeng.exe
444 C:\Windows\explorer.exe
1184 C:\Program Files\Lenovo\ATK Hotkey\LControl.exe
1428 C:\Program Files\Lenovo\ATK Hotkey\LFKA.exe
816 C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
1936 C:\Windows\System32\igfxsrvc.exe
1080 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
744 C:\Windows\System32\TpShocks.exe
1208 C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe
944 C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
860 C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
1404 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
1596 C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
1708 C:\Program Files\Lenovo\ZOOM\TpScrex.exe
2068 C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe
2084 C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE
2092 C:\Program Files\Lenovo\LenovoCare\LPMLCHK.EXE
2104 C:\Windows\System32\rundll32.exe
2196 C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
2204 C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
2212 C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
2220 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
2232 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2248 C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe
2268 C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
2280 C:\Windows\System32\igfxtray.exe
2288 C:\Windows\System32\hkcmd.exe
2296 C:\Windows\System32\igfxpers.exe
2304 C:\Program Files\PC Tools Security\BDT\FGuard.exe
2324 C:\Program Files\Browny02\Brother\BrStMonW.exe
2348 C:\Program Files\iTunes\iTunesHelper.exe
2356 C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
2364 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
2376 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
2392 C:\Brother\BPRSP\resources\BrSupSsp.exe
2404 C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
2416 C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
3308 C:\Program Files\SUPERAntiSpyware\SASCore.exe
3320 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
3332 C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
3352 C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
3392 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
3420 C:\Program Files\Bonjour\mDNSResponder.exe
3432 C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
3484 C:\Windows\System32\svchost.exe
3496 C:\Program Files\DDNI\DIBS\DDNIService.exe
3516 C:\Windows\System32\svchost.exe
3540 C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
3572 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
3780 C:\Windows\System32\IoctlSvc.exe
3796 C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
4016 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
4076 C:\Windows\System32\svchost.exe
2124 C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
2320 C:\Windows\System32\TPHDEXLG.exe
1976 C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
2336 C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
2432 C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
2624 C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
2756 C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
1480 C:\Windows\System32\svchost.exe
2440 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2968 C:\Windows\System32\SearchIndexer.exe
3100 WUDFHost.exe
3184 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
2540 C:\Windows\System32\drivers\XAudio.exe
2536 C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
3752 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
3108 C:\Program Files\Lenovo\System Update\SUService.exe
2692 WmiPrvSE.exe
4100 C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
4108 C:\Windows\System32\mobsync.exe
4232 C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
4268 WmiPrvSE.exe
4344 C:\Program Files\Browny02\BrYNSvc.exe
4436 C:\Program Files\iPod\bin\iPodService.exe
4660 C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
4896 dllhost.exe
4952 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
5188 dllhost.exe
5236 E:\MBRCheck.exe
5260 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 (NTFS)
\\.\Q: --> \\.\PhysicalDrive0 at offset 0x00000022`d2200000 (NTFS)
\\.\S: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive0 Model Number: HITACHIHTS543216L9SA00, Rev: FB2ZC4EC

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: D46C623DC978C47D5224D9183DF5CF1370A53AA 5

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

SuperDave · « **Reply #17 on:** February 07, 2012, 11:21:54 AM »

It's still showing a non-standard or infected MBR. Please try it again and then run the MBR Check again.

MtlHab39 · « **Reply #18 on:** February 07, 2012, 07:29:55 PM »

Here it goes again..think it passed.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version:      Windows Vista Home Basic Edition
Windows Information:      Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer:   LENOVO
BIOS Manufacturer:      LENOVO
System Manufacturer:      LENOVO
System Product Name:      2743CTO
Logical Drives Mask:      0x0005001c

Kernel Drivers (total 125):
0x83042000 \SystemRoot\system32\ntkrnlpa.exe
0x8300F000 \SystemRoot\system32\hal.dll
0x8040D000 \SystemRoot\system32\kdcom.dll
0x80414000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80484000 \SystemRoot\system32\PSHED.dll
0x80495000 \SystemRoot\system32\BOOTVID.dll
0x8049D000 \SystemRoot\system32\CLFS.SYS
0x804DE000 \SystemRoot\system32\CI.dll
0x80609000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80685000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80692000 \SystemRoot\system32\drivers\fltmgr.sys
0x806C4000 \SystemRoot\system32\drivers\acpi.sys
0x8070A000 \SystemRoot\system32\drivers\WMILIB.SYS
0x80713000 \SystemRoot\system32\drivers\msisadrv.sys
0x8071B000 \SystemRoot\system32\drivers\pci.sys
0x80742000 \SystemRoot\System32\drivers\partmgr.sys
0x80751000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80754000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8075E000 \SystemRoot\system32\drivers\volmgr.sys
0x8076D000 \SystemRoot\System32\drivers\volmgrx.sys
0x807B7000 \SystemRoot\System32\drivers\mountmgr.sys
0x83604000 \SystemRoot\system32\drivers\iastor.sys
0x836DE000 \SystemRoot\system32\drivers\fileinfo.sys
0x836EE000 \SystemRoot\system32\drivers\PCTCore.sys
0x8372B000 \SystemRoot\system32\drivers\pctDS.sys
0x8900D000 \SystemRoot\system32\drivers\pctEFA.sys
0x890B2000 \SystemRoot\System32\Drivers\DRVMCDB.SYS
0x890C9000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x890D3000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8920F000 \SystemRoot\system32\drivers\ndis.sys
0x8931A000 \SystemRoot\system32\drivers\msrpc.sys
0x89345000 \SystemRoot\system32\drivers\NETIO.SYS
0x89400000 \SystemRoot\System32\drivers\tcpip.sys
0x894EA000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x89608000 \SystemRoot\System32\Drivers\Ntfs.sys
0x89718000 \SystemRoot\system32\drivers\volsnap.sys
0x89751000 \SystemRoot\System32\DRIVERS\ApsHM86.sys
0x89761000 \SystemRoot\System32\DRIVERS\Apsx86.sys
0x8977F000 \SystemRoot\System32\Drivers\mup.sys
0x8978E000 \SystemRoot\System32\drivers\ecache.sys
0x897B5000 \SystemRoot\system32\drivers\disk.sys
0x897C6000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x897E7000 \SystemRoot\system32\drivers\crcdisk.sys
0x895DF000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x895EA000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x895F3000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x89380000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x893BE000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x89145000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8CC01000 \SystemRoot\system32\DRIVERS\athr.sys
0x8CCE5000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8CD06000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8CD16000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8CD24000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x8CD35000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x8CD49000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8CD9B000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8CDAE000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8CDB9000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8CDE9000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8CDEB000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8CDF6000 \SystemRoot\system32\DRIVERS\ibmpmdrv.sys
0x8CDFA000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0x893CD000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x89600000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x89759000 \SystemRoot\system32\DRIVERS\A0101V32.sys
0x83782000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x837B1000 \SystemRoot\system32\DRIVERS\storport.sys
0x893E5000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x891D2000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x893F0000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x807C7000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x89200000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x891E9000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x807EA000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x805BE000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8CDFC000 \SystemRoot\system32\DRIVERS\swenum.sys
0x805CE000 \SystemRoot\system32\DRIVERS\ks.sys
0x89000000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x837F2000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8D80F000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8D844000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8D855000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8D85E000 \SystemRoot\System32\Drivers\Null.SYS
0x8D865000 \SystemRoot\System32\Drivers\Beep.SYS
0x8D86C000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
0x8D872000 \SystemRoot\System32\drivers\vga.sys
0x8D87E000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8D89F000 \SystemRoot\System32\drivers\watchdog.sys
0x8D8AB000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8D8B3000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8D8BE000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8D8CC000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8D8D5000 \SystemRoot\system32\DRIVERS\smb.sys
0x8D8E9000 \SystemRoot\system32\drivers\afd.sys
0x8D931000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8D963000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x8D96C000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8D982000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8D990000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8D9CC000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8D9D6000 \SystemRoot\System32\Drivers\dfsc.sys
0x8DC04000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8DC1B000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8DC24000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8DC34000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8DC3B000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8DC44000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8DC4C000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8DC59000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x95C30000 \SystemRoot\System32\win32k.sys
0x8DD33000 \SystemRoot\System32\drivers\Dxapi.sys
0x95E40000 \SystemRoot\System32\drivers\dxg.sys
0x95E70000 \SystemRoot\System32\TSDDD.dll
0x95EF0000 \SystemRoot\System32\framebuf.dll
0x8DD3D000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8DD67000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8DD71000 \SystemRoot\system32\DRIVERS\bowser.sys
0x8DD8A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x8DDA9000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x8DDE2000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x89505000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x8951B000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x89530000 \SystemRoot\System32\Drivers\fastfat.SYS
0x77A20000 \Windows\System32\ntdll.dll

Processes (total 23):
0 System Idle Process
4 System
496 C:\Windows\System32\smss.exe
604 csrss.exe
640 csrss.exe
648 C:\Windows\System32\wininit.exe
692 C:\Windows\System32\winlogon.exe
724 C:\Windows\System32\services.exe
736 C:\Windows\System32\lsass.exe
744 C:\Windows\System32\lsm.exe
892 C:\Windows\System32\svchost.exe
948 C:\Windows\System32\svchost.exe
1044 C:\Windows\System32\svchost.exe
1068 C:\Windows\System32\svchost.exe
1108 C:\Windows\System32\svchost.exe
1252 C:\Windows\System32\svchost.exe
1412 C:\Windows\explorer.exe
1536 C:\Program Files\SUPERAntiSpyware\SASCore.exe
1548 C:\Windows\System32\svchost.exe
2032 C:\Windows\System32\wbem\unsecapp.exe
248 WmiPrvSE.exe
1792 E:\MBRCheck.exe
1768 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 (NTFS)
\\.\Q: --> \\.\PhysicalDrive0 at offset 0x00000022`d2200000 (NTFS)
\\.\S: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive0 Model Number: HITACHIHTS543216L9SA00, Rev: FB2ZC4EC

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A797 9

Done!

SuperDave · « **Reply #19 on:** February 08, 2012, 11:55:56 AM »

Could you please try running ComboFix again?

MtlHab39 · « **Reply #20 on:** February 08, 2012, 08:18:58 PM »

Didn't catch it but a window popped up and said that it was infected with some rootkit ...particularly bad infection ...

Combofix has run twice for ~5 minutes and seemed to get stuck when a pop up window said that the PC has been 'infected with Rootkit'; this was a couple of minutes after it had another window saying that it 'failed to get data for Enable LUA or LVA'.

It asked me to rerun Combofix again so I have;
'Combofix has detected the presence of rootkit activity and needs to reboot the machine'

Do I press OK or will combofix continue itself? I have left the laptop as is for now..

SuperDave · « **Reply #21 on:** February 09, 2012, 12:02:07 PM »

Quote

Do I press OK or will combofix continue itself? I have left the laptop as is for now..

Let's try these first.

AVENGER

Download The Avenger by Swandog46 from here.
Unzip/extract it to a folder on your desktop.
Double click on avenger.exe to run The Avenger.
Click OK.
Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
Click the Execute button.
You will be asked No script has been entered. Do you want to execute a rootkit scan only?.
Click Yes.
You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
Click Yes.
Your PC will now be rebooted.
After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).
Please post this log in your next reply.

**************************************************

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory..

MtlHab39 · « **Reply #22 on:** February 09, 2012, 03:05:45 PM »

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Completed script processing.

*******************

Finished! Terminate.

That was Avenger

Here is Killer; never stopped; was complete within 5 minutes.

16:45:36.0638 1256   TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
16:45:36.0716 1256   ============================================================
16:45:36.0716 1256   Current date / time: 2012/02/09 16:45:36.0716
16:45:36.0716 1256   SystemInfo:
16:45:36.0716 1256
16:45:36.0716 1256   OS Version: 6.0.6002 ServicePack: 2.0
16:45:36.0716 1256   Product type: Workstation
16:45:36.0716 1256   ComputerName: COSTA-PC
16:45:36.0731 1256   UserName: Costa
16:45:36.0731 1256   Windows directory: C:\Windows
16:45:36.0731 1256   System windows directory: C:\Windows
16:45:36.0731 1256   Processor architecture: Intel x86
16:45:36.0731 1256   Number of processors: 2
16:45:36.0731 1256   Page size: 0x1000
16:45:36.0731 1256   Boot type: Normal boot
16:45:36.0731 1256   ============================================================
16:45:38.0057 1256   Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:45:38.0088 1256   Drive \Device\Harddisk1\DR1 - Size: 0x1DD180000 (7.45 Gb), SectorSize: 0x200, Cylinders: 0x3CD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:45:38.0088 1256   \Device\Harddisk0\DR0:
16:45:38.0088 1256   MBR used
16:45:38.0088 1256   \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2EE000
16:45:38.0088 1256   \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x113A27F8
16:45:38.0088 1256   \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x11691000, BlocksNum 0x1388000
16:45:38.0088 1256   \Device\Harddisk1\DR1:
16:45:38.0088 1256   MBR used
16:45:38.0088 1256   \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0xEE8BE0
16:45:38.0510 1256   Initialize success
16:45:38.0510 1256   ============================================================
16:45:41.0505 2876   ============================================================
16:45:41.0505 2876   Scan started
16:45:41.0505 2876   Mode: Manual;
16:45:41.0505 2876   ============================================================
16:45:49.0164 2876   ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
16:45:49.0492 2876   ACPI - ok
16:45:50.0709 2876   adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
16:45:50.0724 2876   adp94xx - ok
16:45:51.0785 2876   adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
16:45:51.0801 2876   adpahci - ok
16:45:52.0768 2876   adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
16:45:52.0815 2876   adpu160m - ok
16:45:53.0891 2876   adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
16:45:53.0907 2876   adpu320 - ok
16:45:54.0656 2876   AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
16:45:54.0656 2876   AFD - ok
16:45:55.0685 2876   agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
16:45:55.0716 2876   agp440 - ok
16:45:56.0824 2876   aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
16:45:56.0933 2876   aic78xx - ok
16:45:57.0773 2876   aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
16:45:57.0835 2876   aliide - ok
16:45:58.0974 2876   amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
16:45:58.0990 2876   amdagp - ok
16:45:59.0910 2876   amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
16:45:59.0926 2876   amdide - ok
16:46:00.0706 2876   AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
16:46:00.0737 2876   AmdK7 - ok
16:46:01.0735 2876   AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
16:46:01.0782 2876   AmdK8 - ok
16:46:02.0843 2876   arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
16:46:02.0890 2876   arc - ok
16:46:04.0013 2876   arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
16:46:04.0028 2876   arcsas - ok
16:46:04.0325 2876   ASMMAP (7b4d08d2017ac06689d422e06c43f0aa) C:\Program Files\Lenovo\ATK Hotkey\ASMMAP.sys
16:46:04.0340 2876   ASMMAP - ok
16:46:05.0744 2876   AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
16:46:05.0776 2876   AsyncMac - ok
16:46:06.0836 2876   atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
16:46:06.0868 2876   atapi - ok
16:46:08.0209 2876   athr (4df523f49694b2884f8e5d870bf3e253) C:\Windows\system32\DRIVERS\athr.sys
16:46:08.0818 2876   athr - ok
16:46:11.0220 2876   Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
16:46:11.0251 2876   Beep - ok
16:46:12.0125 2876   blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
16:46:12.0172 2876   blbdrive - ok
16:46:12.0967 2876   bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
16:46:12.0998 2876   bowser - ok
16:46:14.0090 2876   BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
16:46:14.0106 2876   BrFiltLo - ok
16:46:14.0995 2876   BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
16:46:15.0026 2876   BrFiltUp - ok
16:46:15.0916 2876   Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
16:46:15.0947 2876   Brserid - ok
16:46:16.0680 2876   BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
16:46:16.0696 2876   BrSerWdm - ok
16:46:17.0632 2876   BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
16:46:17.0647 2876   BrUsbMdm - ok
16:46:18.0458 2876   BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
16:46:18.0474 2876   BrUsbSer - ok
16:46:19.0348 2876   BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
16:46:19.0363 2876   BTHMODEM - ok
16:46:19.0675 2876   catchme - ok
16:46:20.0596 2876   cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
16:46:20.0642 2876   cdfs - ok
16:46:21.0781 2876   cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
16:46:21.0812 2876   cdrom - ok
16:46:22.0390 2876   circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
16:46:22.0405 2876   circlass - ok
16:46:23.0404 2876   CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
16:46:23.0435 2876   CLFS - ok
16:46:24.0418 2876   CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
16:46:24.0418 2876   CmBatt - ok
16:46:25.0010 2876   cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
16:46:25.0010 2876   cmdide - ok
16:46:26.0165 2876   CnxtHdAudService (2e3e4579b4299c528de109b3ce4294ac) C:\Windows\system32\drivers\CHDRT32.sys
16:46:26.0165 2876   CnxtHdAudService - ok
16:46:26.0945 2876   Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
16:46:26.0945 2876   Compbatt - ok
16:46:28.0130 2876   crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
16:46:28.0146 2876   crcdisk - ok
16:46:29.0347 2876   Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
16:46:29.0347 2876   Crusoe - ok
16:46:30.0065 2876   DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
16:46:30.0080 2876   DfsC - ok
16:46:31.0282 2876   disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
16:46:31.0328 2876   disk - ok
16:46:32.0405 2876   DLABMFSM (5b149ccfe275f4de0b4b8ec6b9f6821e) C:\Windows\system32\DLA\DLABMFSM.SYS
16:46:32.0405 2876   DLABMFSM - ok
16:46:33.0122 2876   DLABOIOM (ad4cb3d783634c90a9d0ce360933a63c) C:\Windows\system32\DLA\DLABOIOM.SYS
16:46:33.0138 2876   DLABOIOM - ok
16:46:34.0090 2876   DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\Windows\system32\Drivers\DLACDBHM.SYS
16:46:34.0105 2876   DLACDBHM - ok
16:46:34.0838 2876   DLADResM (93d03238cc3f0ee3c0b3985d110ec575) C:\Windows\system32\DLA\DLADResM.SYS
16:46:34.0854 2876   DLADResM - ok
16:46:35.0384 2876   DLAIFS_M (6a82f77c4a6f5235bf352f0028e2ef52) C:\Windows\system32\DLA\DLAIFS_M.SYS
16:46:35.0400 2876   DLAIFS_M - ok
16:46:36.0164 2876   DLAOPIOM (0e6052c0ada37504896a847231a3907d) C:\Windows\system32\DLA\DLAOPIOM.SYS
16:46:36.0180 2876   DLAOPIOM - ok
16:46:37.0334 2876   DLAPoolM (29670bb4e2b973c5b55a76107d4910b2) C:\Windows\system32\DLA\DLAPoolM.SYS
16:46:37.0350 2876   DLAPoolM - ok
16:46:37.0943 2876   DLARTL_M (77fe51f0f8d86804cb81f6ef6bfb86dd) C:\Windows\system32\Drivers\DLARTL_M.SYS
16:46:37.0943 2876   DLARTL_M - ok
16:46:38.0660 2876   DLAUDFAM (6b087732b86c1d866d69dbbe463ea90a) C:\Windows\system32\DLA\DLAUDFAM.SYS
16:46:38.0692 2876   DLAUDFAM - ok
16:46:39.0175 2876   DLAUDF_M (bbeecb95f2841ae4a3e3690d46d7153d) C:\Windows\system32\DLA\DLAUDF_M.SYS
16:46:39.0222 2876   DLAUDF_M - ok
16:46:40.0033 2876   drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
16:46:40.0064 2876   drmkaud - ok
16:46:41.0016 2876   DRVMCDB (83106585494d5eb96f59187200c144bd) C:\Windows\system32\Drivers\DRVMCDB.SYS
16:46:41.0032 2876   DRVMCDB - ok
16:46:41.0437 2876   DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\Windows\system32\Drivers\DRVNDDM.SYS
16:46:41.0437 2876   DRVNDDM - ok
16:46:42.0295 2876   DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
16:46:42.0436 2876   DXGKrnl - ok
16:46:43.0325 2876   e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
16:46:43.0387 2876   e1express - ok
16:46:44.0308 2876   E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
16:46:44.0354 2876   E1G60 - ok
16:46:45.0025 2876   Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
16:46:45.0025 2876   Ecache - ok
16:46:46.0086 2876   elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
16:46:46.0180 2876   elxstor - ok
16:46:46.0960 2876   ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
16:46:46.0960 2876   ErrDev - ok
16:46:48.0442 2876   exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
16:46:48.0504 2876   exfat - ok
16:46:49.0549 2876   fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
16:46:49.0596 2876   fastfat - ok
16:46:50.0875 2876   fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
16:46:50.0891 2876   fdc - ok
16:46:51.0780 2876   FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
16:46:51.0811 2876   FileInfo - ok
16:46:52.0482 2876   Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
16:46:52.0498 2876   Filetrace - ok
16:46:53.0137 2876   flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
16:46:53.0137 2876   flpydisk - ok
16:46:53.0824 2876   FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
16:46:53.0886 2876   FltMgr - ok
16:46:54.0635 2876   Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
16:46:54.0650 2876   Fs_Rec - ok
16:46:55.0399 2876   gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
16:46:55.0430 2876   gagp30kx - ok
16:46:56.0195 2876   GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:46:56.0195 2876   GEARAspiWDM - ok
16:46:57.0022 2876   HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
16:46:57.0068 2876   HdAudAddService - ok
16:46:58.0363 2876   HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:46:58.0441 2876   HDAudBus - ok
16:46:59.0330 2876   HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
16:46:59.0408 2876   HidBth - ok
16:47:00.0251 2876   HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
16:47:00.0282 2876   HidIr - ok
16:47:01.0156 2876   HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
16:47:01.0171 2876   HidUsb - ok
16:47:02.0060 2876   HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
16:47:02.0092 2876   HpCISSs - ok
16:47:02.0965 2876   HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
16:47:03.0028 2876   HSFHWAZL - ok
16:47:04.0385 2876   HSF_DPV (fadd7095163cb3cb4073793ebb50fe75) C:\Windows\system32\DRIVERS\HSX_DPV.sys
16:47:04.0510 2876   HSF_DPV - ok
16:47:05.0212 2876   HSXHWAZL (058783bedd17615d1fece09f77960436) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
16:47:05.0274 2876   HSXHWAZL - ok
16:47:05.0882 2876   HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
16:47:05.0882 2876   HTTP - ok
16:47:06.0382 2876   i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
16:47:06.0413 2876   i2omp - ok
16:47:07.0302 2876   i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
16:47:07.0333 2876   i8042prt - ok
16:47:08.0238 2876   iaStor (baabb0301949774a66b955c65319635a) C:\Windows\system32\drivers\iastor.sys
16:47:08.0254 2876   iaStor - ok
16:47:09.0205 2876   iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
16:47:09.0252 2876   iaStorV - ok
16:47:10.0235 2876   IBMPMDRV (4a8ab38fdf3649c1fe3e9d16bf79927d) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
16:47:10.0250 2876   IBMPMDRV - ok
16:47:12.0216 2876   igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
16:47:14.0774 2876   igfx - ok
16:47:15.0695 2876   iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
16:47:15.0710 2876   iirsp - ok
16:47:16.0288 2876   IntcHdmiAddService (092a78e9c6f71bf0e22379503b90e800) C:\Windows\system32\drivers\IntcHdmi.sys
16:47:16.0303 2876   IntcHdmiAddService - ok
16:47:16.0756 2876   intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
16:47:16.0756 2876   intelide - ok
16:47:17.0614 2876   intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
16:47:17.0614 2876   intelppm - ok
16:47:18.0456 2876   IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:47:18.0472 2876   IpFilterDriver - ok
16:47:18.0846 2876   IpInIp - ok
16:47:19.0423 2876   IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
16:47:19.0423 2876   IPMIDRV - ok
16:47:19.0829 2876   IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
16:47:19.0860 2876   IPNAT - ok
16:47:20.0624 2876   IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
16:47:20.0687 2876   IRENUM - ok
16:47:21.0623 2876   isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
16:47:21.0654 2876   isapnp - ok
16:47:22.0450 2876   iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
16:47:22.0481 2876   iScsiPrt - ok
16:47:23.0089 2876   iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
16:47:23.0105 2876   iteatapi - ok
16:47:23.0994 2876   iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
16:47:24.0010 2876   iteraid - ok
16:47:24.0852 2876   kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
16:47:24.0852 2876   kbdclass - ok
16:47:25.0694 2876   kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
16:47:25.0710 2876   kbdhid - ok
16:47:26.0521 2876   KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
16:47:26.0584 2876   KSecDD - ok
16:47:27.0863 2876   lenovo.smi (3c3f7f424e324c6971632c5de5ff458f) C:\Windows\system32\DRIVERS\smiif32.sys
16:47:27.0878 2876   lenovo.smi - ok
16:47:28.0549 2876   lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
16:47:28.0565 2876   lltdio - ok
16:47:29.0345 2876   LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
16:47:29.0392 2876   LSI_FC - ok
16:47:30.0234 2876   LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
16:47:30.0265 2876   LSI_SAS - ok
16:47:31.0342 2876   LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
16:47:31.0373 2876   LSI_SCSI - ok
16:47:32.0168 2876   luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
16:47:32.0200 2876   luafv - ok
16:47:33.0011 2876   mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
16:47:33.0026 2876   mdmxsdk - ok
16:47:33.0822 2876   megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
16:47:34.0118 2876   megasas - ok
16:47:35.0054 2876   MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
16:47:35.0070 2876   MegaSR - ok
16:47:35.0912 2876   Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
16:47:35.0912 2876   Modem - ok
16:47:36.0630 2876   monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
16:47:36.0630 2876   monitor - ok
16:47:37.0238 2876   mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
16:47:37.0254 2876   mouclass - ok
16:47:38.0018 2876   mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
16:47:38.0050 2876   mouhid - ok
16:47:38.0689 2876   MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
16:47:38.0705 2876   MountMgr - ok
16:47:39.0578 2876   mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
16:47:39.0625 2876   mpio - ok
16:47:40.0358 2876   mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
16:47:40.0390 2876   mpsdrv - ok
16:47:41.0154 2876   Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
16:47:41.0185 2876   Mraid35x - ok
16:47:41.0622 2876   MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
16:47:41.0638 2876   MRxDAV - ok
16:47:42.0480 2876   mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:47:42.0496 2876   mrxsmb - ok
16:47:43.0666 2876   mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:47:43.0744 2876   mrxsmb10 - ok
16:47:44.0540 2876   mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:47:44.0556 2876   mrxsmb20 - ok
16:47:45.0071 2876   msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
16:47:45.0117 2876   msahci - ok
16:47:45.0741 2876   msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
16:47:45.0773 2876   msdsm - ok
16:47:46.0584 2876   Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
16:47:46.0615 2876   Msfs - ok
16:47:47.0489 2876   msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
16:47:47.0520 2876   msisadrv - ok
16:47:48.0456 2876   MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
16:47:48.0487 2876   MSKSSRV - ok
16:47:49.0298 2876   MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
16:47:49.0345 2876   MSPCLOCK - ok
16:47:50.0297 2876   MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
16:47:50.0328 2876   MSPQM - ok
16:47:51.0279 2876   MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
16:47:51.0326 2876   MsRPC - ok
16:47:52.0215 2876   mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
16:47:52.0215 2876   mssmbios - ok
16:47:53.0292 2876   MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
16:47:53.0339 2876   MSTEE - ok
16:47:54.0119 2876   MTsensor (97affa9d95ffe20eee6229bc6be166cf) C:\Windows\system32\DRIVERS\A0101V32.sys
16:47:54.0134 2876   MTsensor - ok
16:47:54.0524 2876   Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
16:47:54.0524 2876   Mup - ok
16:47:54.0930 2876   NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
16:47:54.0945 2876   NativeWifiP - ok
16:47:55.0757 2876   NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
16:47:55.0866 2876   NDIS - ok
16:47:57.0036 2876   NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
16:47:57.0067 2876   NdisTapi - ok
16:47:57.0566 2876   Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
16:47:57.0566 2876   Ndisuio - ok
16:47:58.0362 2876   NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
16:47:58.0377 2876   NdisWan - ok
16:47:59.0142 2876   NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
16:47:59.0157 2876   NDProxy - ok
16:48:00.0218 2876   NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
16:48:00.0234 2876   NetBIOS - ok
16:48:02.0153 2876   netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
16:48:02.0168 2876   netbt - ok
16:48:03.0011 2876   nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
16:48:03.0042 2876   nfrd960 - ok
16:48:03.0791 2876   Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
16:48:03.0791 2876   Npfs - ok
16:48:04.0742 2876   nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
16:48:04.0789 2876   nsiproxy - ok
16:48:05.0585 2876   Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
16:48:05.0959 2876   Ntfs - ok
16:48:06.0614 2876   ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
16:48:06.0630 2876   ntrigdigi - ok
16:48:07.0332 2876   Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
16:48:07.0363 2876   Null - ok
16:48:08.0112 2876   nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
16:48:08.0159 2876   nvraid - ok
16:48:09.0126 2876   nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
16:48:09.0173 2876   nvstor - ok
16:48:09.0937 2876   nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
16:48:09.0984 2876   nv_agp - ok
16:48:10.0764 2876   NwlnkFlt - ok
16:48:11.0637 2876   NwlnkFwd - ok
16:48:12.0417 2876   ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
16:48:12.0417 2876   ohci1394 - ok
16:48:13.0369 2876   Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
16:48:13.0431 2876   Parport - ok
16:48:14.0321 2876   partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
16:48:14.0336 2876   partmgr - ok
16:48:15.0225 2876   Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
16:48:15.0241 2876   Parvdm - ok
16:48:16.0193 2876   pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
16:48:16.0239 2876   pci - ok
16:48:17.0097 2876   pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
16:48:17.0129 2876   pciide - ok
16:48:18.0143 2876   pcmcia (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys
16:48:18.0236 2876   pcmcia - ok
16:48:19.0235 2876   PCTCore (995e6bc3bb92bb4a9eb49a663c43b6cb) C:\Windows\system32\drivers\PCTCore.sys
16:48:19.0281 2876   PCTCore - ok
16:48:20.0108 2876   pctDS (f820b4c61d1e591325b679d479d4eea4) C:\Windows\system32\drivers\pctDS.sys
16:48:20.0171 2876   pctDS - ok
16:48:21.0185 2876   pctEFA (acc8c15f3d59f17c5d903ff1de3b43d3) C:\Windows\system32\drivers\pctEFA.sys
16:48:21.0278 2876   pctEFA - ok
16:48:22.0433 2876   PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
16:48:22.0698 2876   PEAUTH - ok
16:48:23.0634 2876   PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
16:48:23.0649 2876   PptpMiniport - ok
16:48:24.0461 2876   Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
16:48:24.0507 2876   Processor - ok
16:48:25.0428 2876   psadd (f8a25f1dd8b2c332cbc663e3579566e7) C:\Windows\system32\DRIVERS\psadd.sys
16:48:25.0537 2876   psadd - ok
16:48:25.0989 2876   PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
16:48:26.0021 2876   PSched - ok
16:48:26.0801 2876   PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
16:48:26.0832 2876   PxHelp20 - ok
16:48:27.0939 2876   ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
16:48:28.0127 2876   ql2300 - ok
16:48:28.0922 2876   ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
16:48:28.0953 2876   ql40xx - ok
16:48:30.0030 2876   QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
16:48:30.0061 2876   QWAVEdrv - ok
16:48:30.0950 2876   RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
16:48:30.0981 2876   RasAcd - ok
16:48:31.0902 2876   Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:48:31.0964 2876   Rasl2tp - ok
16:48:32.0822 2876   RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
16:48:32.0853 2876   RasPppoe - ok
16:48:33.0477 2876   RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
16:48:33.0493 2876   RasSstp - ok
16:48:34.0289 2876   rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
16:48:34.0367 2876   rdbss - ok
16:48:35.0287 2876   RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:48:35.0287 2876   RDPCDD - ok
16:48:36.0192 2876   rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
16:48:36.0254 2876   rdpdr - ok
16:48:37.0190 2876   RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
16:48:37.0206 2876   RDPENCDD - ok
16:48:38.0095 2876   RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
16:48:38.0126 2876   RDPWD - ok
16:48:39.0000 2876   rimmptsk (a5b12a4b3b774432db9b9fa221190e59) C:\Windows\system32\DRIVERS\rimmptsk.sys
16:48:39.0000 2876   rimmptsk - ok
16:48:39.0749 2876   rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys
16:48:39.0764 2876   rimsptsk - ok
16:48:40.0529 2876   rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
16:48:40.0544 2876   rismxdp - ok
16:48:41.0324 2876   rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
16:48:41.0355 2876   rspndr - ok
16:48:42.0120 2876   RTL8169 (7157e70a90cce49deb8885d23a073a39) C:\Windows\system32\DRIVERS\Rtlh86.sys
16:48:42.0135 2876   RTL8169 - ok
16:48:42.0369 2876   SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
16:48:42.0385 2876   SASDIFSV - ok
16:48:42.0510 2876   SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
16:48:42.0525 2876   SASKUTIL - ok
16:48:42.0915 2876   sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
16:48:42.0915 2876   sbp2port - ok
16:48:43.0399 2876   sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
16:48:43.0415 2876   sdbus - ok
16:48:44.0132 2876   secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
16:48:44.0132 2876   secdrv - ok
16:48:44.0585 2876   Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
16:48:44.0585 2876   Serenum - ok
16:48:44.0975 2876   Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
16:48:44.0975 2876   Serial - ok
16:48:45.0443 2876   sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
16:48:45.0443 2876   sermouse - ok
16:48:45.0926 2876   sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
16:48:45.0957 2876   sffdisk - ok
16:48:46.0457 2876   sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
16:48:46.0457 2876   sffp_mmc - ok
16:48:46.0831 2876   sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
16:48:46.0831 2876   sffp_sd - ok
16:48:47.0408 2876   sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
16:48:47.0408 2876   sfloppy - ok
16:48:47.0845 2876   Shockprf (1310c5e81966e86b2ced7ae8ce3d74f1) C:\Windows\system32\DRIVERS\Apsx86.sys
16:48:47.0845 2876   Shockprf - ok
16:48:48.0266 2876   sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
16:48:48.0266 2876   sisagp - ok
16:48:48.0703 2876   SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
16:48:48.0719 2876   SiSRaid2 - ok
16:48:49.0062 2876   SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
16:48:49.0062 2876   SiSRaid4 - ok
16:48:49.0514 2876   Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
16:48:49.0530 2876   Smb - ok
16:48:50.0029 2876   spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
16:48:50.0045 2876   spldr - ok
16:48:50.0497 2876   srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
16:48:50.0497 2876   srv - ok
16:48:51.0137 2876   srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
16:48:51.0152 2876   srv2 - ok
16:48:51.0589 2876   srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
16:48:51.0589 2876   srvnet - ok
16:48:52.0041 2876   swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
16:48:52.0041 2876   swenum - ok
16:48:52.0447 2876   Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
16:48:52.0447 2876   Symc8xx - ok
16:48:52.0931 2876   Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
16:48:52.0931 2876   Sym_hi - ok
16:48:53.0367 2876   Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
16:48:53.0383 2876   Sym_u3 - ok
16:48:53.0960 2876   SynTP (f92350e343b056a83093bc0d8f750f05) C:\Windows\system32\DRIVERS\SynTP.sys
16:48:53.0960 2876   SynTP - ok
16:48:54.0569 2876   Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
16:48:54.0600 2876   Tcpip - ok
16:48:55.0099 2876   Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
16:48:55.0115 2876   Tcpip6 - ok
16:48:55.0583 2876   tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
16:48:55.0583 2876   tcpipreg - ok
16:48:56.0144 2876   TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
16:48:56.0175 2876   TDPIPE - ok
16:48:56.0534 2876   TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
16:48:56.0534 2876   TDTCP - ok
16:48:56.0877 2876   tdx - ok
16:48:57.0314 2876   TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
16:48:57.0330 2876   TermDD - ok
16:48:57.0813 2876   TPDIGIMN (d7a29e343632e2fc5f7ebfc886f12675) C:\Windows\system32\DRIVERS\ApsHM86.sys
16:48:57.0813 2876   TPDIGIMN - ok
16:48:58.0328 2876   TPM (cb258c2f726f1be73c507022be33ebb3) C:\Windows\system32\drivers\tpm.sys
16:48:58.0328 2876   TPM - ok
16:48:58.0781 2876   TPPWRIF (1bd5719ef160e0ab739cd0ff3ba5e298) C:\Windows\system32\drivers\Tppwr32v.sys
16:48:58.0781 2876   TPPWRIF - ok
16:48:59.0264 2876   tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:48:59.0264 2876   tssecsrv - ok
16:48:59.0654 2876   tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
16:48:59.0654 2876   tunmp - ok
16:49:00.0060 2876   tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
16:49:00.0075 2876   tunnel - ok
16:49:00.0512 2876   tvtfilter (49258a02a1e8d304ed88b0f1c56b1738) C:\Windows\system32\DRIVERS\tvtfilter.sys
16:49:00.0512 2876   tvtfilter - ok
16:49:01.0121 2876   tvtumon (fc4d5a1ea9d736907cb547085248199f) C:\Windows\system32\DRIVERS\tvtumon.sys
16:49:01.0121 2876   tvtumon - ok
16:49:01.0542 2876   uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
16:49:01.0542 2876   uagp35 - ok
16:49:02.0025 2876   udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
16:49:02.0041 2876   udfs - ok
16:49:02.0509 2876   uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
16:49:02.0509 2876   uliagpkx - ok
16:49:02.0993 2876   uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
16:49:02.0993 2876   uliahci - ok
16:49:03.0461 2876   UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
16:49:03.0476 2876   UlSata - ok
16:49:03.0944 2876   ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
16:49:03.0944 2876   ulsata2 - ok
16:49:04.0412 2876   umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
16:49:04.0428 2876   umbus - ok
16:49:04.0833 2876   USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
16:49:04.0865 2876   USBAAPL - ok
16:49:05.0239 2876   usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
16:49:05.0239 2876   usbccgp - ok
16:49:05.0645 2876   usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
16:49:05.0645 2876   usbcir - ok
16:49:06.0175 2876   usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
16:49:06.0175 2876   usbehci - ok
16:49:06.0799 2876   usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
16:49:06.0799 2876   usbhub - ok
16:49:07.0220 2876   usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
16:49:07.0220 2876   usbohci - ok
16:49:07.0704 2876   usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
16:49:07.0719 2876   usbprint - ok
16:49:08.0343 2876   usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
16:49:08.0359 2876   usbscan - ok
16:49:09.0155 2876   USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:49:09.0155 2876   USBSTOR - ok
16:49:09.0638 2876   usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
16:49:09.0638 2876   usbuhci - ok
16:49:10.0122 2876   usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
16:49:10.0137 2876   usbvideo - ok
16:49:10.0621 2876   vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
16:49:10.0621 2876   vga - ok
16:49:11.0073 2876   VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
16:49:11.0089 2876   VgaSave - ok
16:49:11.0557 2876   viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
16:49:11.0557 2876   viaagp - ok
16:49:12.0103 2876   ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
16:49:12.0103 2876   ViaC7 - ok
16:49:12.0680 2876   viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
16:49:12.0680 2876   viaide - ok
16:49:13.0133 2876   volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
16:49:13.0148 2876   volmgr - ok
16:49:13.0601 2876   volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
16:49:13.0616 2876   volmgrx - ok
16:49:14.0022 2876   volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
16:49:14.0022 2876   volsnap - ok
16:49:14.0537 2876   vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
16:49:14.0552 2876   vsmraid - ok
16:49:15.0051 2876   WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
16:49:15.0067 2876   WacomPen - ok
16:49:15.0488 2876   Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:49:15.0488 2876   Wanarp - ok
16:49:15.0535 2876   Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:49:15.0535 2876   Wanarpv6 - ok
16:49:15.0925 2876   Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
16:49:15.0941 2876   Wd - ok
16:49:16.0393 2876   Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
16:49:16.0440 2876   Wdf01000 - ok
16:49:17.0251 2876   WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
16:49:17.0282 2876   WimFltr - ok
16:49:17.0984 2876   winachsf (bb9cbaf6ac20452b245c324f1f50ee81) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
16:49:18.0000 2876   winachsf - ok
16:49:18.0827 2876   WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:49:18.0858 2876   WmiAcpi - ok
16:49:19.0685 2876   WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
16:49:19.0700 2876   WpdUsb - ok
16:49:20.0137 2876   ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
16:49:20.0137 2876   ws2ifsl - ok
16:49:20.0589 2876   WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:49:20.0589 2876   WUDFRd - ok
16:49:21.0042 2876   XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
16:49:21.0042 2876   XAudio - ok
16:49:21.0104 2876   MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
16:49:21.0182 2876   \Device\Harddisk0\DR0 - ok
16:49:21.0182 2876   MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
16:49:21.0198 2876   \Device\Harddisk1\DR1 - ok
16:49:21.0198 2876   Boot (0x1200) (db22cc3cf933e4bbdc879e17b323bf87) \Device\Harddisk0\DR0\Partition0
16:49:21.0198 2876   \Device\Harddisk0\DR0\Partition0 - ok
16:49:21.0245 2876   Boot (0x1200) (2e8e2d73dfe7b63ffe913ceae517bade) \Device\Harddisk0\DR0\Partition1
16:49:21.0245 2876   \Device\Harddisk0\DR0\Partition1 - ok
16:49:21.0291 2876   Boot (0x1200) (01aec9517935ec23d2e9c0dd7359e4ed) \Device\Harddisk0\DR0\Partition2
16:49:21.0291 2876   \Device\Harddisk0\DR0\Partition2 - ok
16:49:21.0291 2876   Boot (0x1200) (b8f1d9319df78927e391e24460fdfb2a) \Device\Harddisk1\DR1\Partition0
16:49:21.0291 2876   \Device\Harddisk1\DR1\Partition0 - ok
16:49:21.0291 2876   ============================================================
16:49:21.0291 2876   Scan finished
16:49:21.0291 2876   ============================================================
16:49:21.0307 6032   Detected object count: 0
16:49:21.0323 6032   Actual detected object count: 0
16:49:49.0574 5636   ============================================================
16:49:49.0574 5636   Scan started
16:49:49.0574 5636   Mode: Manual;
16:49:49.0574 5636   ============================================================
16:49:51.0462 5636   ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
16:49:51.0462 5636   ACPI - ok
16:49:52.0351 5636   adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
16:49:52.0367 5636   adp94xx - ok
16:49:53.0209 5636   adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
16:49:53.0209 5636   adpahci - ok
16:49:54.0020 5636   adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
16:49:54.0020 5636   adpu160m - ok
16:49:54.0379 5636   adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
16:49:54.0379 5636   adpu320 - ok
16:49:54.0925 5636   AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
16:49:54.0925 5636   AFD - ok
16:49:55.0627 5636   agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
16:49:55.0627 5636   agp440 - ok
16:49:56.0251 5636   aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
16:49:56.0251 5636   aic78xx - ok
16:49:56.0875 5636   aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
16:49:56.0875 5636   aliide - ok
16:49:57.0265 5636   amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
16:49:57.0265 5636   amdagp - ok
16:49:57.0733 5636   amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
16:49:57.0733 5636   amdide - ok
16:49:58.0154 5636   AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
16:49:58.0154 5636   AmdK7 - ok
16:49:58.0856 5636   AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
16:49:58.0856 5636   AmdK8 - ok
16:49:59.0901 5636   arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
16:49:59.0901 5636   arc - ok
16:50:00.0432 5636   arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
16:50:00.0432 5636   arcsas - ok
16:50:00.0635 5636   ASMMAP (7b4d08d2017ac06689d422e06c43f0aa) C:\Program Files\Lenovo\ATK Hotkey\ASMMAP.sys
16:50:00.0635 5636   ASMMAP - ok
16:50:01.0415 5636   AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
16:50:01.0415 5636   AsyncMac - ok
16:50:02.0257 5636   atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
16:50:02.0273 5636   atapi - ok
16:50:03.0255 5636   athr (4df523f49694b2884f8e5d870bf3e253) C:\Windows\system32\DRIVERS\athr.sys
16:50:03.0271 5636   athr - ok
16:50:03.0817 5636   Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
16:50:03.0817 5636   Beep - ok
16:50:04.0675 5636   blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
16:50:04.0675 5636   blbdrive - ok
16:50:05.0486 5636   bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
16:50:05.0486 5636   bowser - ok
16:50:06.0235 5636   BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
16:50:06.0235 5636   BrFiltLo - ok
16:50:06.0937 5636   BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
16:50:06.0937 5636   BrFiltUp - ok
16:50:07.0811 5636   Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
16:50:07.0811 5636   Brserid - ok
16:50:08.0450 5636   BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
16:50:08.0450 5636   BrSerWdm - ok
16:50:08.0903 5636   BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
16:50:08.0918 5636   BrUsbMdm - ok
16:50:09.0308 5636   BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
16:50:09.0308 5636   BrUsbSer - ok
16:50:09.0792 5636   BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
16:50:09.0792 5636   BTHMODEM - ok
16:50:09.0963 5636   catchme - ok
16:50:10.0541 5636   cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
16:50:10.0556 5636   cdfs - ok
16:50:11.0149 5636   cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
16:50:11.0149 5636   cdrom - ok
16:50:11.0711 5636   circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
16:50:11.0726 5636   circlass - ok
16:50:12.0085 5636   CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
16:50:12.0101 5636   CLFS - ok
16:50:12.0756 5636   CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
16:50:12.0756 5636   CmBatt - ok
16:50:13.0146 5636   cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
16:50:13.0146 5636   cmdide - ok
16:50:13.0567 5636   CnxtHdAudService (2e3e4579b4299c528de109b3ce4294ac) C:\Windows\system32\drivers\CHDRT32.sys
16:50:13.0567 5636   CnxtHdAudService - ok
16:50:14.0113 5636   Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
16:50:14.0113 5636   Compbatt - ok
16:50:14.0690 5636   crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
16:50:14.0690 5636   crcdisk - ok
16:50:15.0174 5636   Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
16:50:15.0174 5636   Crusoe - ok
16:50:15.0642 5636   DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
16:50:15.0642 5636   DfsC - ok
16:50:16.0266 5636   disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
16:50:16.0266 5636   disk - ok
16:50:16.0812 5636   DLABMFSM (5b149ccfe275f4de0b4b8ec6b9f6821e) C:\Windows\system32\DLA\DLABMFSM.SYS
16:50:16.0812 5636   DLABMFSM - ok
16:50:17.0171 5636   DLABOIOM (ad4cb3d783634c90a9d0ce360933a63c) C:\Windows\system32\DLA\DLABOIOM.SYS
16:50:17.0171 5636   DLABOIOM - ok
16:50:17.0763 5636   DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\Windows\system32\Drivers\DLACDBHM.SYS
16:50:17.0763 5636   DLACDBHM - ok
16:50:18.0216 5636   DLADResM (93d03238cc3f0ee3c0b3985d110ec575) C:\Windows\system32\DLA\DLADResM.SYS
16:50:18.0216 5636   DLADResM - ok
16:50:18.0621 5636   DLAIFS_M (6a82f77c4a6f5235bf352f0028e2ef52) C:\Windows\system32\DLA\DLAIFS_M.SYS
16:50:18.0621 5636   DLAIFS_M - ok
16:50:19.0152 5636   DLAOPIOM (0e6052c0ada37504896a847231a3907d) C:\Windows\system32\DLA\DLAOPIOM.SYS
16:50:19.0152 5636   DLAOPIOM - ok
16:50:19.0713 5636   DLAPoolM (29670bb4e2b973c5b55a76107d4910b2) C:\Windows\system32\DLA\DLAPoolM.SYS
16:50:19.0713 5636   DLAPoolM - ok
16:50:20.0197 5636   DLARTL_M (77fe51f0f8d86804cb81f6ef6bfb86dd) C:\Windows\system32\Drivers\DLARTL_M.SYS
16:50:20.0197 5636   DLARTL_M - ok
16:50:20.0759 5636   DLAUDFAM (6b087732b86c1d866d69dbbe463ea90a) C:\Windows\system32\DLA\DLAUDFAM.SYS
16:50:20.0774 5636   DLAUDFAM - ok
16:50:21.0492 5636   DLAUDF_M (bbeecb95f2841ae4a3e3690d46d7153d) C:\Windows\system32\DLA\DLAUDF_M.SYS
16:50:21.0492 5636   DLAUDF_M - ok
16:50:21.0960 5636   drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
16:50:21.0960 5636   drmkaud - ok
16:50:22.0443 5636   DRVMCDB (83106585494d5eb96f59187200c144bd) C:\Windows\system32\Drivers\DRVMCDB.SYS
16:50:22.0443 5636   DRVMCDB - ok
16:50:22.0974 5636   DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\Windows\system32\Drivers\DRVNDDM.SYS
16:50:22.0974 5636   DRVNDDM - ok
16:50:23.0504 5636   DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
16:50:23.0504 5636   DXGKrnl - ok
16:50:24.0206 5636   e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
16:50:24.0206 5636   e1express - ok
16:50:24.0627 5636   E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
16:50:24.0627 5636   E1G60 - ok
16:50:25.0127 5636   Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
16:50:25.0142 5636   Ecache - ok
16:50:25.0688 5636   elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
16:50:25.0704 5636   elxstor - ok
16:50:26.0219 5636   ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
16:50:26.0219 5636   ErrDev - ok
16:50:26.0843 5636   exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
16:50:26.0843 5636   exfat - ok
16:50:27.0373 5636   fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
16:50:27.0373 5636   fastfat - ok
16:50:27.0919 5636   fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
16:50:27.0919 5636   fdc - ok
16:50:28.0496 5636   FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
16:50:28.0496 5636   FileInfo - ok
16:50:28.0995 5636   Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
16:50:28.0995 5636   Filetrace - ok
16:50:29.0463 5636   flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
16:50:29.0463 5636   flpydisk - ok
16:50:29.0963 5636   FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
16:50:29.0963 5636   FltMgr - ok
16:50:30.0571 5636   Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
16:50:30.0571 5636   Fs_Rec - ok
16:50:31.0023 5636   gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
16:50:31.0023 5636   gagp30kx - ok
16:50:31.0679 5636   GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:50:31.0679 5636   GEARAspiWDM - ok
16:50:32.0131 5636   HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
16:50:32.0131 5636   HdAudAddService - ok
16:50:32.0661 5636   HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:50:32.0661 5636   HDAudBus - ok
16:50:33.0207 5636   HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
16:50:33.0207 5636   HidBth - ok
16:50:33.0847 5636   HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
16:50:33.0847 5636   HidIr - ok
16:50:34.0299 5636   HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
16:50:34.0299 5636   HidUsb - ok
16:50:34.0908 5636   HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
16:50:34.0908 5636   HpCISSs - ok
16:50:35.0501 5636   HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
16:50:35.0501 5636   HSFHWAZL - ok
16:50:36.0047 5636   HSF_DPV (fadd7095163cb3cb4073793ebb50fe75) C:\Windows\system32\DRIVERS\HSX_DPV.sys
16:50:36.0047 5636   HSF_DPV - ok
16:50:36.0577 5636   HSXHWAZL (058783bedd17615d1fece09f77960436) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
16:50:36.0577 5636   HSXHWAZL - ok
16:50:37.0185 5636   HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
16:50:37.0185 5636   HTTP - ok
16:50:37.0607 5636   i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
16:50:37.0607 5636   i2omp - ok
16:50:38.0012 5636   i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
16:50:38.0012 5636   i8042prt - ok
16:50:38.0543 5636   iaStor (baabb0301949774a66b955c65319635a) C:\Windows\system32\drivers\iastor.sys
16:50:38.0558 5636   iaStor - ok
16:50:39.0198 5636   iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
16:50:39.0213 5636   iaStorV - ok
16:50:39.0635 5636   IBMPMDRV (4a8ab38fdf3649c1fe3e9d16bf79927d) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
16:50:39.0635 5636   IBMPMDRV - ok
16:50:40.0929 5636   igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
16:50:41.0054 5636   igfx - ok
16:50:41.0616 5636   iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
16:50:41.0616 5636   iirsp - ok
16:50:42.0084 5636   IntcHdmiAddService (092a78e9c6f71bf0e22379503b90e800) C:\Windows\system32\drivers\IntcHdmi.sys

MtlHab39 · « **Reply #23 on:** February 09, 2012, 03:17:27 PM »

Did not attach the complete killer scan; here it is

6:45:36.0638 1256   TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
16:45:36.0716 1256   ============================================================
16:45:36.0716 1256   Current date / time: 2012/02/09 16:45:36.0716
16:45:36.0716 1256   SystemInfo:
16:45:36.0716 1256
16:45:36.0716 1256   OS Version: 6.0.6002 ServicePack: 2.0
16:45:36.0716 1256   Product type: Workstation
16:45:36.0716 1256   ComputerName: COSTA-PC
16:45:36.0731 1256   UserName: Costa
16:45:36.0731 1256   Windows directory: C:\Windows
16:45:36.0731 1256   System windows directory: C:\Windows
16:45:36.0731 1256   Processor architecture: Intel x86
16:45:36.0731 1256   Number of processors: 2
16:45:36.0731 1256   Page size: 0x1000
16:45:36.0731 1256   Boot type: Normal boot
16:45:36.0731 1256   ============================================================
16:45:38.0057 1256   Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:45:38.0088 1256   Drive \Device\Harddisk1\DR1 - Size: 0x1DD180000 (7.45 Gb), SectorSize: 0x200, Cylinders: 0x3CD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:45:38.0088 1256   \Device\Harddisk0\DR0:
16:45:38.0088 1256   MBR used
16:45:38.0088 1256   \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2EE000
16:45:38.0088 1256   \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x113A27F8
16:45:38.0088 1256   \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x11691000, BlocksNum 0x1388000
16:45:38.0088 1256   \Device\Harddisk1\DR1:
16:45:38.0088 1256   MBR used
16:45:38.0088 1256   \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0xEE8BE0
16:45:38.0510 1256   Initialize success
16:45:38.0510 1256   ============================================================
16:45:41.0505 2876   ============================================================
16:45:41.0505 2876   Scan started
16:45:41.0505 2876   Mode: Manual;
16:45:41.0505 2876   ============================================================
16:45:49.0164 2876   ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
16:45:49.0492 2876   ACPI - ok
16:45:50.0709 2876   adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
16:45:50.0724 2876   adp94xx - ok
16:45:51.0785 2876   adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
16:45:51.0801 2876   adpahci - ok
16:45:52.0768 2876   adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
16:45:52.0815 2876   adpu160m - ok
16:45:53.0891 2876   adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
16:45:53.0907 2876   adpu320 - ok
16:45:54.0656 2876   AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
16:45:54.0656 2876   AFD - ok
16:45:55.0685 2876   agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
16:45:55.0716 2876   agp440 - ok
16:45:56.0824 2876   aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
16:45:56.0933 2876   aic78xx - ok
16:45:57.0773 2876   aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
16:45:57.0835 2876   aliide - ok
16:45:58.0974 2876   amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
16:45:58.0990 2876   amdagp - ok
16:45:59.0910 2876   amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
16:45:59.0926 2876   amdide - ok
16:46:00.0706 2876   AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
16:46:00.0737 2876   AmdK7 - ok
16:46:01.0735 2876   AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
16:46:01.0782 2876   AmdK8 - ok
16:46:02.0843 2876   arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
16:46:02.0890 2876   arc - ok
16:46:04.0013 2876   arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
16:46:04.0028 2876   arcsas - ok
16:46:04.0325 2876   ASMMAP (7b4d08d2017ac06689d422e06c43f0aa) C:\Program Files\Lenovo\ATK Hotkey\ASMMAP.sys
16:46:04.0340 2876   ASMMAP - ok
16:46:05.0744 2876   AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
16:46:05.0776 2876   AsyncMac - ok
16:46:06.0836 2876   atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
16:46:06.0868 2876   atapi - ok
16:46:08.0209 2876   athr (4df523f49694b2884f8e5d870bf3e253) C:\Windows\system32\DRIVERS\athr.sys
16:46:08.0818 2876   athr - ok
16:46:11.0220 2876   Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
16:46:11.0251 2876   Beep - ok
16:46:12.0125 2876   blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
16:46:12.0172 2876   blbdrive - ok
16:46:12.0967 2876   bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
16:46:12.0998 2876   bowser - ok
16:46:14.0090 2876   BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
16:46:14.0106 2876   BrFiltLo - ok
16:46:14.0995 2876   BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
16:46:15.0026 2876   BrFiltUp - ok
16:46:15.0916 2876   Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
16:46:15.0947 2876   Brserid - ok
16:46:16.0680 2876   BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
16:46:16.0696 2876   BrSerWdm - ok
16:46:17.0632 2876   BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
16:46:17.0647 2876   BrUsbMdm - ok
16:46:18.0458 2876   BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
16:46:18.0474 2876   BrUsbSer - ok
16:46:19.0348 2876   BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
16:46:19.0363 2876   BTHMODEM - ok
16:46:19.0675 2876   catchme - ok
16:46:20.0596 2876   cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
16:46:20.0642 2876   cdfs - ok
16:46:21.0781 2876   cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
16:46:21.0812 2876   cdrom - ok
16:46:22.0390 2876   circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
16:46:22.0405 2876   circlass - ok
16:46:23.0404 2876   CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
16:46:23.0435 2876   CLFS - ok
16:46:24.0418 2876   CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
16:46:24.0418 2876   CmBatt - ok
16:46:25.0010 2876   cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
16:46:25.0010 2876   cmdide - ok
16:46:26.0165 2876   CnxtHdAudService (2e3e4579b4299c528de109b3ce4294ac) C:\Windows\system32\drivers\CHDRT32.sys
16:46:26.0165 2876   CnxtHdAudService - ok
16:46:26.0945 2876   Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
16:46:26.0945 2876   Compbatt - ok
16:46:28.0130 2876   crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
16:46:28.0146 2876   crcdisk - ok
16:46:29.0347 2876   Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
16:46:29.0347 2876   Crusoe - ok
16:46:30.0065 2876   DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
16:46:30.0080 2876   DfsC - ok
16:46:31.0282 2876   disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
16:46:31.0328 2876   disk - ok
16:46:32.0405 2876   DLABMFSM (5b149ccfe275f4de0b4b8ec6b9f6821e) C:\Windows\system32\DLA\DLABMFSM.SYS
16:46:32.0405 2876   DLABMFSM - ok
16:46:33.0122 2876   DLABOIOM (ad4cb3d783634c90a9d0ce360933a63c) C:\Windows\system32\DLA\DLABOIOM.SYS
16:46:33.0138 2876   DLABOIOM - ok
16:46:34.0090 2876   DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\Windows\system32\Drivers\DLACDBHM.SYS
16:46:34.0105 2876   DLACDBHM - ok
16:46:34.0838 2876   DLADResM (93d03238cc3f0ee3c0b3985d110ec575) C:\Windows\system32\DLA\DLADResM.SYS
16:46:34.0854 2876   DLADResM - ok
16:46:35.0384 2876   DLAIFS_M (6a82f77c4a6f5235bf352f0028e2ef52) C:\Windows\system32\DLA\DLAIFS_M.SYS
16:46:35.0400 2876   DLAIFS_M - ok
16:46:36.0164 2876   DLAOPIOM (0e6052c0ada37504896a847231a3907d) C:\Windows\system32\DLA\DLAOPIOM.SYS
16:46:36.0180 2876   DLAOPIOM - ok
16:46:37.0334 2876   DLAPoolM (29670bb4e2b973c5b55a76107d4910b2) C:\Windows\system32\DLA\DLAPoolM.SYS
16:46:37.0350 2876   DLAPoolM - ok
16:46:37.0943 2876   DLARTL_M (77fe51f0f8d86804cb81f6ef6bfb86dd) C:\Windows\system32\Drivers\DLARTL_M.SYS
16:46:37.0943 2876   DLARTL_M - ok
16:46:38.0660 2876   DLAUDFAM (6b087732b86c1d866d69dbbe463ea90a) C:\Windows\system32\DLA\DLAUDFAM.SYS
16:46:38.0692 2876   DLAUDFAM - ok
16:46:39.0175 2876   DLAUDF_M (bbeecb95f2841ae4a3e3690d46d7153d) C:\Windows\system32\DLA\DLAUDF_M.SYS
16:46:39.0222 2876   DLAUDF_M - ok
16:46:40.0033 2876   drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
16:46:40.0064 2876   drmkaud - ok
16:46:41.0016 2876   DRVMCDB (83106585494d5eb96f59187200c144bd) C:\Windows\system32\Drivers\DRVMCDB.SYS
16:46:41.0032 2876   DRVMCDB - ok
16:46:41.0437 2876   DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\Windows\system32\Drivers\DRVNDDM.SYS
16:46:41.0437 2876   DRVNDDM - ok
16:46:42.0295 2876   DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
16:46:42.0436 2876   DXGKrnl - ok
16:46:43.0325 2876   e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
16:46:43.0387 2876   e1express - ok
16:46:44.0308 2876   E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
16:46:44.0354 2876   E1G60 - ok
16:46:45.0025 2876   Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
16:46:45.0025 2876   Ecache - ok
16:46:46.0086 2876   elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
16:46:46.0180 2876   elxstor - ok
16:46:46.0960 2876   ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
16:46:46.0960 2876   ErrDev - ok
16:46:48.0442 2876   exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
16:46:48.0504 2876   exfat - ok
16:46:49.0549 2876   fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
16:46:49.0596 2876   fastfat - ok
16:46:50.0875 2876   fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
16:46:50.0891 2876   fdc - ok
16:46:51.0780 2876   FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
16:46:51.0811 2876   FileInfo - ok
16:46:52.0482 2876   Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
16:46:52.0498 2876   Filetrace - ok
16:46:53.0137 2876   flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
16:46:53.0137 2876   flpydisk - ok
16:46:53.0824 2876   FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
16:46:53.0886 2876   FltMgr - ok
16:46:54.0635 2876   Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
16:46:54.0650 2876   Fs_Rec - ok
16:46:55.0399 2876   gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
16:46:55.0430 2876   gagp30kx - ok
16:46:56.0195 2876   GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:46:56.0195 2876   GEARAspiWDM - ok
16:46:57.0022 2876   HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
16:46:57.0068 2876   HdAudAddService - ok
16:46:58.0363 2876   HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:46:58.0441 2876   HDAudBus - ok
16:46:59.0330 2876   HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
16:46:59.0408 2876   HidBth - ok
16:47:00.0251 2876   HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
16:47:00.0282 2876   HidIr - ok
16:47:01.0156 2876   HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
16:47:01.0171 2876   HidUsb - ok
16:47:02.0060 2876   HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
16:47:02.0092 2876   HpCISSs - ok
16:47:02.0965 2876   HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
16:47:03.0028 2876   HSFHWAZL - ok
16:47:04.0385 2876   HSF_DPV (fadd7095163cb3cb4073793ebb50fe75) C:\Windows\system32\DRIVERS\HSX_DPV.sys
16:47:04.0510 2876   HSF_DPV - ok
16:47:05.0212 2876   HSXHWAZL (058783bedd17615d1fece09f77960436) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
16:47:05.0274 2876   HSXHWAZL - ok
16:47:05.0882 2876   HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
16:47:05.0882 2876   HTTP - ok
16:47:06.0382 2876   i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
16:47:06.0413 2876   i2omp - ok
16:47:07.0302 2876   i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
16:47:07.0333 2876   i8042prt - ok
16:47:08.0238 2876   iaStor (baabb0301949774a66b955c65319635a) C:\Windows\system32\drivers\iastor.sys
16:47:08.0254 2876   iaStor - ok
16:47:09.0205 2876   iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
16:47:09.0252 2876   iaStorV - ok
16:47:10.0235 2876   IBMPMDRV (4a8ab38fdf3649c1fe3e9d16bf79927d) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
16:47:10.0250 2876   IBMPMDRV - ok
16:47:12.0216 2876   igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
16:47:14.0774 2876   igfx - ok
16:47:15.0695 2876   iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
16:47:15.0710 2876   iirsp - ok
16:47:16.0288 2876   IntcHdmiAddService (092a78e9c6f71bf0e22379503b90e800) C:\Windows\system32\drivers\IntcHdmi.sys
16:47:16.0303 2876   IntcHdmiAddService - ok
16:47:16.0756 2876   intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
16:47:16.0756 2876   intelide - ok
16:47:17.0614 2876   intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
16:47:17.0614 2876   intelppm - ok
16:47:18.0456 2876   IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:47:18.0472 2876   IpFilterDriver - ok
16:47:18.0846 2876   IpInIp - ok
16:47:19.0423 2876   IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
16:47:19.0423 2876   IPMIDRV - ok
16:47:19.0829 2876   IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
16:47:19.0860 2876   IPNAT - ok
16:47:20.0624 2876   IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
16:47:20.0687 2876   IRENUM - ok
16:47:21.0623 2876   isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
16:47:21.0654 2876   isapnp - ok
16:47:22.0450 2876   iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
16:47:22.0481 2876   iScsiPrt - ok
16:47:23.0089 2876   iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
16:47:23.0105 2876   iteatapi - ok
16:47:23.0994 2876   iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
16:47:24.0010 2876   iteraid - ok
16:47:24.0852 2876   kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
16:47:24.0852 2876   kbdclass - ok
16:47:25.0694 2876   kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
16:47:25.0710 2876   kbdhid - ok
16:47:26.0521 2876   KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
16:47:26.0584 2876   KSecDD - ok
16:47:27.0863 2876   lenovo.smi (3c3f7f424e324c6971632c5de5ff458f) C:\Windows\system32\DRIVERS\smiif32.sys
16:47:27.0878 2876   lenovo.smi - ok
16:47:28.0549 2876   lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
16:47:28.0565 2876   lltdio - ok
16:47:29.0345 2876   LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
16:47:29.0392 2876   LSI_FC - ok
16:47:30.0234 2876   LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
16:47:30.0265 2876   LSI_SAS - ok
16:47:31.0342 2876   LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
16:47:31.0373 2876   LSI_SCSI - ok
16:47:32.0168 2876   luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
16:47:32.0200 2876   luafv - ok
16:47:33.0011 2876   mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
16:47:33.0026 2876   mdmxsdk - ok
16:47:33.0822 2876   megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
16:47:34.0118 2876   megasas - ok
16:47:35.0054 2876   MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
16:47:35.0070 2876   MegaSR - ok
16:47:35.0912 2876   Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
16:47:35.0912 2876   Modem - ok
16:47:36.0630 2876   monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
16:47:36.0630 2876   monitor - ok
16:47:37.0238 2876   mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
16:47:37.0254 2876   mouclass - ok
16:47:38.0018 2876   mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
16:47:38.0050 2876   mouhid - ok
16:47:38.0689 2876   MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
16:47:38.0705 2876   MountMgr - ok
16:47:39.0578 2876   mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
16:47:39.0625 2876   mpio - ok
16:47:40.0358 2876   mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
16:47:40.0390 2876   mpsdrv - ok
16:47:41.0154 2876   Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
16:47:41.0185 2876   Mraid35x - ok
16:47:41.0622 2876   MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
16:47:41.0638 2876   MRxDAV - ok
16:47:42.0480 2876   mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:47:42.0496 2876   mrxsmb - ok
16:47:43.0666 2876   mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:47:43.0744 2876   mrxsmb10 - ok
16:47:44.0540 2876   mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:47:44.0556 2876   mrxsmb20 - ok
16:47:45.0071 2876   msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
16:47:45.0117 2876   msahci - ok
16:47:45.0741 2876   msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
16:47:45.0773 2876   msdsm - ok
16:47:46.0584 2876   Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
16:47:46.0615 2876   Msfs - ok
16:47:47.0489 2876   msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
16:47:47.0520 2876   msisadrv - ok
16:47:48.0456 2876   MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
16:47:48.0487 2876   MSKSSRV - ok
16:47:49.0298 2876   MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
16:47:49.0345 2876   MSPCLOCK - ok
16:47:50.0297 2876   MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
16:47:50.0328 2876   MSPQM - ok
16:47:51.0279 2876   MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
16:47:51.0326 2876   MsRPC - ok
16:47:52.0215 2876   mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
16:47:52.0215 2876   mssmbios - ok
16:47:53.0292 2876   MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
16:47:53.0339 2876   MSTEE - ok
16:47:54.0119 2876   MTsensor (97affa9d95ffe20eee6229bc6be166cf) C:\Windows\system32\DRIVERS\A0101V32.sys
16:47:54.0134 2876   MTsensor - ok
16:47:54.0524 2876   Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
16:47:54.0524 2876   Mup - ok
16:47:54.0930 2876   NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
16:47:54.0945 2876   NativeWifiP - ok
16:47:55.0757 2876   NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
16:47:55.0866 2876   NDIS - ok
16:47:57.0036 2876   NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
16:47:57.0067 2876   NdisTapi - ok
16:47:57.0566 2876   Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
16:47:57.0566 2876   Ndisuio - ok
16:47:58.0362 2876   NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
16:47:58.0377 2876   NdisWan - ok
16:47:59.0142 2876   NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
16:47:59.0157 2876   NDProxy - ok
16:48:00.0218 2876   NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
16:48:00.0234 2876   NetBIOS - ok
16:48:02.0153 2876   netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
16:48:02.0168 2876   netbt - ok
16:48:03.0011 2876   nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
16:48:03.0042 2876   nfrd960 - ok
16:48:03.0791 2876   Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
16:48:03.0791 2876   Npfs - ok
16:48:04.0742 2876   nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
16:48:04.0789 2876   nsiproxy - ok
16:48:05.0585 2876   Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
16:48:05.0959 2876   Ntfs - ok
16:48:06.0614 2876   ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
16:48:06.0630 2876   ntrigdigi - ok
16:48:07.0332 2876   Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
16:48:07.0363 2876   Null - ok
16:48:08.0112 2876   nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
16:48:08.0159 2876   nvraid - ok
16:48:09.0126 2876   nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
16:48:09.0173 2876   nvstor - ok
16:48:09.0937 2876   nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
16:48:09.0984 2876   nv_agp - ok
16:48:10.0764 2876   NwlnkFlt - ok
16:48:11.0637 2876   NwlnkFwd - ok
16:48:12.0417 2876   ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
16:48:12.0417 2876   ohci1394 - ok
16:48:13.0369 2876   Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
16:48:13.0431 2876   Parport - ok
16:48:14.0321 2876   partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
16:48:14.0336 2876   partmgr - ok
16:48:15.0225 2876   Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
16:48:15.0241 2876   Parvdm - ok
16:48:16.0193 2876   pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
16:48:16.0239 2876   pci - ok
16:48:17.0097 2876   pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
16:48:17.0129 2876   pciide - ok
16:48:18.0143 2876   pcmcia (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys
16:48:18.0236 2876   pcmcia - ok
16:48:19.0235 2876   PCTCore (995e6bc3bb92bb4a9eb49a663c43b6cb) C:\Windows\system32\drivers\PCTCore.sys
16:48:19.0281 2876   PCTCore - ok
16:48:20.0108 2876   pctDS (f820b4c61d1e591325b679d479d4eea4) C:\Windows\system32\drivers\pctDS.sys
16:48:20.0171 2876   pctDS - ok
16:48:21.0185 2876   pctEFA (acc8c15f3d59f17c5d903ff1de3b43d3) C:\Windows\system32\drivers\pctEFA.sys
16:48:21.0278 2876   pctEFA - ok
16:48:22.0433 2876   PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
16:48:22.0698 2876   PEAUTH - ok
16:48:23.0634 2876   PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
16:48:23.0649 2876   PptpMiniport - ok
16:48:24.0461 2876   Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
16:48:24.0507 2876   Processor - ok
16:48:25.0428 2876   psadd (f8a25f1dd8b2c332cbc663e3579566e7) C:\Windows\system32\DRIVERS\psadd.sys
16:48:25.0537 2876   psadd - ok
16:48:25.0989 2876   PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
16:48:26.0021 2876   PSched - ok
16:48:26.0801 2876   PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
16:48:26.0832 2876   PxHelp20 - ok
16:48:27.0939 2876   ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
16:48:28.0127 2876   ql2300 - ok
16:48:28.0922 2876   ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
16:48:28.0953 2876   ql40xx - ok
16:48:30.0030 2876   QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
16:48:30.0061 2876   QWAVEdrv - ok
16:48:30.0950 2876   RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
16:48:30.0981 2876   RasAcd - ok
16:48:31.0902 2876   Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:48:31.0964 2876   Rasl2tp - ok
16:48:32.0822 2876   RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
16:48:32.0853 2876   RasPppoe - ok
16:48:33.0477 2876   RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
16:48:33.0493 2876   RasSstp - ok
16:48:34.0289 2876   rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
16:48:34.0367 2876   rdbss - ok
16:48:35.0287 2876   RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:48:35.0287 2876   RDPCDD - ok
16:48:36.0192 2876   rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
16:48:36.0254 2876   rdpdr - ok
16:48:37.0190 2876   RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
16:48:37.0206 2876   RDPENCDD - ok
16:48:38.0095 2876   RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
16:48:38.0126 2876   RDPWD - ok
16:48:39.0000 2876   rimmptsk (a5b12a4b3b774432db9b9fa221190e59) C:\Windows\system32\DRIVERS\rimmptsk.sys
16:48:39.0000 2876   rimmptsk - ok
16:48:39.0749 2876   rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys
16:48:39.0764 2876   rimsptsk - ok
16:48:40.0529 2876   rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
16:48:40.0544 2876   rismxdp - ok
16:48:41.0324 2876   rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
16:48:41.0355 2876   rspndr - ok
16:48:42.0120 2876   RTL8169 (7157e70a90cce49deb8885d23a073a39) C:\Windows\system32\DRIVERS\Rtlh86.sys
16:48:42.0135 2876   RTL8169 - ok
16:48:42.0369 2876   SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
16:48:42.0385 2876   SASDIFSV - ok
16:48:42.0510 2876   SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
16:48:42.0525 2876   SASKUTIL - ok
16:48:42.0915 2876   sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
16:48:42.0915 2876   sbp2port - ok
16:48:43.0399 2876   sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
16:48:43.0415 2876   sdbus - ok
16:48:44.0132 2876   secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
16:48:44.0132 2876   secdrv - ok
16:48:44.0585 2876   Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
16:48:44.0585 2876   Serenum - ok
16:48:44.0975 2876   Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
16:48:44.0975 2876   Serial - ok
16:48:45.0443 2876   sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
16:48:45.0443 2876   sermouse - ok
16:48:45.0926 2876   sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
16:48:45.0957 2876   sffdisk - ok
16:48:46.0457 2876   sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
16:48:46.0457 2876   sffp_mmc - ok
16:48:46.0831 2876   sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
16:48:46.0831 2876   sffp_sd - ok
16:48:47.0408 2876   sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
16:48:47.0408 2876   sfloppy - ok
16:48:47.0845 2876   Shockprf (1310c5e81966e86b2ced7ae8ce3d74f1) C:\Windows\system32\DRIVERS\Apsx86.sys
16:48:47.0845 2876   Shockprf - ok
16:48:48.0266 2876   sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
16:48:48.0266 2876   sisagp - ok
16:48:48.0703 2876   SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
16:48:48.0719 2876   SiSRaid2 - ok
16:48:49.0062 2876   SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
16:48:49.0062 2876   SiSRaid4 - ok
16:48:49.0514 2876   Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
16:48:49.0530 2876   Smb - ok
16:48:50.0029 2876   spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
16:48:50.0045 2876   spldr - ok
16:48:50.0497 2876   srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
16:48:50.0497 2876   srv - ok
16:48:51.0137 2876   srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
16:48:51.0152 2876   srv2 - ok
16:48:51.0589 2876   srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
16:48:51.0589 2876   srvnet - ok
16:48:52.0041 2876   swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
16:48:52.0041 2876   swenum - ok
16:48:52.0447 2876   Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
16:48:52.0447 2876   Symc8xx - ok
16:48:52.0931 2876   Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
16:48:52.0931 2876   Sym_hi - ok
16:48:53.0367 2876   Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
16:48:53.0383 2876   Sym_u3 - ok
16:48:53.0960 2876   SynTP (f92350e343b056a83093bc0d8f750f05) C:\Windows\system32\DRIVERS\SynTP.sys
16:48:53.0960 2876   SynTP - ok
16:48:54.0569 2876   Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
16:48:54.0600 2876   Tcpip - ok
16:48:55.0099 2876   Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
16:48:55.0115 2876   Tcpip6 - ok
16:48:55.0583 2876   tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
16:48:55.0583 2876   tcpipreg - ok
16:48:56.0144 2876   TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
16:48:56.0175 2876   TDPIPE - ok
16:48:56.0534 2876   TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
16:48:56.0534 2876   TDTCP - ok
16:48:56.0877 2876   tdx - ok
16:48:57.0314 2876   TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
16:48:57.0330 2876   TermDD - ok
16:48:57.0813 2876   TPDIGIMN (d7a29e343632e2fc5f7ebfc886f12675) C:\Windows\system32\DRIVERS\ApsHM86.sys
16:48:57.0813 2876   TPDIGIMN - ok
16:48:58.0328 2876   TPM (cb258c2f726f1be73c507022be33ebb3) C:\Windows\system32\drivers\tpm.sys
16:48:58.0328 2876   TPM - ok
16:48:58.0781 2876   TPPWRIF (1bd5719ef160e0ab739cd0ff3ba5e298) C:\Windows\system32\drivers\Tppwr32v.sys
16:48:58.0781 2876   TPPWRIF - ok
16:48:59.0264 2876   tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:48:59.0264 2876   tssecsrv - ok
16:48:59.0654 2876   tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
16:48:59.0654 2876   tunmp - ok
16:49:00.0060 2876   tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
16:49:00.0075 2876   tunnel - ok
16:49:00.0512 2876   tvtfilter (49258a02a1e8d304ed88b0f1c56b1738) C:\Windows\system32\DRIVERS\tvtfilter.sys
16:49:00.0512 2876   tvtfilter - ok
16:49:01.0121 2876   tvtumon (fc4d5a1ea9d736907cb547085248199f) C:\Windows\system32\DRIVERS\tvtumon.sys
16:49:01.0121 2876   tvtumon - ok
16:49:01.0542 2876   uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
16:49:01.0542 2876   uagp35 - ok
16:49:02.0025 2876   udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
16:49:02.0041 2876   udfs - ok
16:49:02.0509 2876   uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
16:49:02.0509 2876   uliagpkx - ok
16:49:02.0993 2876   uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
16:49:02.0993 2876   uliahci - ok
16:49:03.0461 2876   UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
16:49:03.0476 2876   UlSata - ok
16:49:03.0944 2876   ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
16:49:03.0944 2876   ulsata2 - ok
16:49:04.0412 2876   umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
16:49:04.0428 2876   umbus - ok
16:49:04.0833 2876   USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
16:49:04.0865 2876   USBAAPL - ok
16:49:05.0239 2876   usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
16:49:05.0239 2876   usbccgp - ok
16:49:05.0645 2876   usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
16:49:05.0645 2876   usbcir - ok
16:49:06.0175 2876   usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
16:49:06.0175 2876   usbehci - ok
16:49:06.0799 2876   usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
16:49:06.0799 2876   usbhub - ok
16:49:07.0220 2876   usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
16:49:07.0220 2876   usbohci - ok
16:49:07.0704 2876   usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
16:49:07.0719 2876   usbprint - ok
16:49:08.0343 2876   usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
16:49:08.0359 2876   usbscan - ok
16:49:09.0155 2876   USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:49:09.0155 2876   USBSTOR - ok
16:49:09.0638 2876   usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
16:49:09.0638 2876   usbuhci - ok
16:49:10.0122 2876   usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
16:49:10.0137 2876   usbvideo - ok
16:49:10.0621 2876   vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
16:49:10.0621 2876   vga - ok
16:49:11.0073 2876   VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
16:49:11.0089 2876   VgaSave - ok
16:49:11.0557 2876   viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
16:49:11.0557 2876   viaagp - ok
16:49:12.0103 2876   ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
16:49:12.0103 2876   ViaC7 - ok
16:49:12.0680 2876   viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
16:49:12.0680 2876   viaide - ok
16:49:13.0133 2876   volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
16:49:13.0148 2876   volmgr - ok
16:49:13.0601 2876   volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
16:49:13.0616 2876   volmgrx - ok
16:49:14.0022 2876   volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
16:49:14.0022 2876   volsnap - ok
16:49:14.0537 2876   vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
16:49:14.0552 2876   vsmraid - ok
16:49:15.0051 2876   WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
16:49:15.0067 2876   WacomPen - ok
16:49:15.0488 2876   Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:49:15.0488 2876   Wanarp - ok
16:49:15.0535 2876   Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:49:15.0535 2876   Wanarpv6 - ok
16:49:15.0925 2876   Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
16:49:15.0941 2876   Wd - ok
16:49:16.0393 2876   Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
16:49:16.0440 2876   Wdf01000 - ok
16:49:17.0251 2876   WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
16:49:17.0282 2876   WimFltr - ok
16:49:17.0984 2876   winachsf (bb9cbaf6ac20452b245c324f1f50ee81) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
16:49:18.0000 2876   winachsf - ok
16:49:18.0827 2876   WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:49:18.0858 2876   WmiAcpi - ok
16:49:19.0685 2876   WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
16:49:19.0700 2876   WpdUsb - ok
16:49:20.0137 2876   ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
16:49:20.0137 2876   ws2ifsl - ok
16:49:20.0589 2876   WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:49:20.0589 2876   WUDFRd - ok
16:49:21.0042 2876   XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
16:49:21.0042 2876   XAudio - ok
16:49:21.0104 2876   MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
16:49:21.0182 2876   \Device\Harddisk0\DR0 - ok
16:49:21.0182 2876   MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
16:49:21.0198 2876   \Device\Harddisk1\DR1 - ok
16:49:21.0198 2876   Boot (0x1200) (db22cc3cf933e4bbdc879e17b323bf87) \Device\Harddisk0\DR0\Partition0
16:49:21.0198 2876   \Device\Harddisk0\DR0\Partition0 - ok
16:49:21.0245 2876   Boot (0x1200) (2e8e2d73dfe7b63ffe913ceae517bade) \Device\Harddisk0\DR0\Partition1
16:49:21.0245 2876   \Device\Harddisk0\DR0\Partition1 - ok
16:49:21.0291 2876   Boot (0x1200) (01aec9517935ec23d2e9c0dd7359e4ed) \Device\Harddisk0\DR0\Partition2
16:49:21.0291 2876   \Device\Harddisk0\DR0\Partition2 - ok
16:49:21.0291 2876   Boot (0x1200) (b8f1d9319df78927e391e24460fdfb2a) \Device\Harddisk1\DR1\Partition0
16:49:21.0291 2876   \Device\Harddisk1\DR1\Partition0 - ok
16:49:21.0291 2876   ============================================================
16:49:21.0291 2876   Scan finished
16:49:21.0291 2876   ============================================================
16:49:21.0307 6032   Detected object count: 0
16:49:21.0323 6032   Actual detected object count: 0
16:49:49.0574 5636   ============================================================
16:49:49.0574 5636   Scan started
16:49:49.0574 5636   Mode: Manual;
16:49:49.0574 5636   ============================================================
16:49:51.0462 5636   ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
16:49:51.0462 5636   ACPI - ok
16:49:52.0351 5636   adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
16:49:52.0367 5636   adp94xx - ok
16:49:53.0209 5636   adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
16:49:53.0209 5636   adpahci - ok
16:49:54.0020 5636   adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
16:49:54.0020 5636   adpu160m - ok
16:49:54.0379 5636   adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
16:49:54.0379 5636   adpu320 - ok
16:49:54.0925 5636   AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
16:49:54.0925 5636   AFD - ok
16:49:55.0627 5636   agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
16:49:55.0627 5636   agp440 - ok
16:49:56.0251 5636   aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
16:49:56.0251 5636   aic78xx - ok
16:49:56.0875 5636   aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
16:49:56.0875 5636   aliide - ok
16:49:57.0265 5636   amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
16:49:57.0265 5636   amdagp - ok
16:49:57.0733 5636   amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
16:49:57.0733 5636   amdide - ok
16:49:58.0154 5636   AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
16:49:58.0154 5636   AmdK7 - ok
16:49:58.0856 5636   AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
16:49:58.0856 5636   AmdK8 - ok
16:49:59.0901 5636   arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
16:49:59.0901 5636   arc - ok
16:50:00.0432 5636   arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
16:50:00.0432 5636   arcsas - ok
16:50:00.0635 5636   ASMMAP (7b4d08d2017ac06689d422e06c43f0aa) C:\Program Files\Lenovo\ATK Hotkey\ASMMAP.sys
16:50:00.0635 5636   ASMMAP - ok
16:50:01.0415 5636   AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
16:50:01.0415 5636   AsyncMac - ok
16:50:02.0257 5636   atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
16:50:02.0273 5636   atapi - ok
16:50:03.0255 5636   athr (4df523f49694b2884f8e5d870bf3e253) C:\Windows\system32\DRIVERS\athr.sys
16:50:03.0271 5636   athr - ok
16:50:03.0817 5636   Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
16:50:03.0817 5636   Beep - ok
16:50:04.0675 5636   blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
16:50:04.0675 5636   blbdrive - ok
16:50:05.0486 5636   bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
16:50:05.0486 5636   bowser - ok
16:50:06.0235 5636   BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
16:50:06.0235 5636   BrFiltLo - ok
16:50:06.0937 5636   BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
16:50:06.0937 5636   BrFiltUp - ok
16:50:07.0811 5636   Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
16:50:07.0811 5636   Brserid - ok
16:50:08.0450 5636   BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
16:50:08.0450 5636   BrSerWdm - ok
16:50:08.0903 5636   BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
16:50:08.0918 5636   BrUsbMdm - ok
16:50:09.0308 5636   BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
16:50:09.0308 5636   BrUsbSer - ok
16:50:09.0792 5636   BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
16:50:09.0792 5636   BTHMODEM - ok
16:50:09.0963 5636   catchme - ok
16:50:10.0541 5636   cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
16:50:10.0556 5636   cdfs - ok
16:50:11.0149 5636   cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
16:50:11.0149 5636   cdrom - ok
16:50:11.0711 5636   circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
16:50:11.0726 5636   circlass - ok
16:50:12.0085 5636   CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
16:50:12.0101 5636   CLFS - ok
16:50:12.0756 5636   CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
16:50:12.0756 5636   CmBatt - ok
16:50:13.0146 5636   cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
16:50:13.0146 5636   cmdide - ok
16:50:13.0567 5636   CnxtHdAudService (2e3e4579b4299c528de109b3ce4294ac) C:\Windows\system32\drivers\CHDRT32.sys
16:50:13.0567 5636   CnxtHdAudService - ok
16:50:14.0113 5636   Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
16:50:14.0113 5636   Compbatt - ok
16:50:14.0690 5636   crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
16:50:14.0690 5636   crcdisk - ok
16:50:15.0174 5636   Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
16:50:15.0174 5636   Crusoe - ok
16:50:15.0642 5636   DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
16:50:15.0642 5636   DfsC - ok
16:50:16.0266 5636   disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
16:50:16.0266 5636   disk - ok
16:50:16.0812 5636   DLABMFSM (5b149ccfe275f4de0b4b8ec6b9f6821e) C:\Windows\system32\DLA\DLABMFSM.SYS
16:50:16.0812 5636   DLABMFSM - ok
16:50:17.0171 5636   DLABOIOM (ad4cb3d783634c90a9d0ce360933a63c) C:\Windows\system32\DLA\DLABOIOM.SYS
16:50:17.0171 5636   DLABOIOM - ok
16:50:17.0763 5636   DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\Windows\system32\Drivers\DLACDBHM.SYS
16:50:17.0763 5636   DLACDBHM - ok
16:50:18.0216 5636   DLADResM (93d03238cc3f0ee3c0b3985d110ec575) C:\Windows\system32\DLA\DLADResM.SYS
16:50:18.0216 5636   DLADResM - ok
16:50:18.0621 5636   DLAIFS_M (6a82f77c4a6f5235bf352f0028e2ef52) C:\Windows\system32\DLA\DLAIFS_M.SYS
16:50:18.0621 5636   DLAIFS_M - ok
16:50:19.0152 5636   DLAOPIOM (0e6052c0ada37504896a847231a3907d) C:\Windows\system32\DLA\DLAOPIOM.SYS
16:50:19.0152 5636   DLAOPIOM - ok
16:50:19.0713 5636   DLAPoolM (29670bb4e2b973c5b55a76107d4910b2) C:\Windows\system32\DLA\DLAPoolM.SYS
16:50:19.0713 5636   DLAPoolM - ok
16:50:20.0197 5636   DLARTL_M (77fe51f0f8d86804cb81f6ef6bfb86dd) C:\Windows\system32\Drivers\DLARTL_M.SYS
16:50:20.0197 5636   DLARTL_M - ok
16:50:20.0759 5636   DLAUDFAM (6b087732b86c1d866d69dbbe463ea90a) C:\Windows\system32\DLA\DLAUDFAM.SYS
16:50:20.0774 5636   DLAUDFAM - ok
16:50:21.0492 5636   DLAUDF_M (bbeecb95f2841ae4a3e3690d46d7153d) C:\Windows\system32\DLA\DLAUDF_M.SYS
16:50:21.0492 5636   DLAUDF_M - ok
16:50:21.0960 5636   drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
16:50:21.0960 5636   drmkaud - ok
16:50:22.0443 5636   DRVMCDB (83106585494d5eb96f59187200c144bd) C:\Windows\system32\Drivers\DRVMCDB.SYS
16:50:22.0443 5636   DRVMCDB - ok
16:50:22.0974 5636   DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\Windows\system32\Drivers\DRVNDDM.SYS
16:50:22.0974 5636   DRVNDDM - ok
16:50:23.0504 5636   DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
16:50:23.0504 5636   DXGKrnl - ok
16:50:24.0206 5636   e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
16:50:24.0206 5636   e1express - ok
16:50:24.0627 5636   E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
16:50:24.0627 5636   E1G60 - ok
16:50:25.0127 5636   Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
16:50:25.0142 5636   Ecache - ok
16:50:25.0688 5636   elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
16:50:25.0704 5636   elxstor - ok
16:50:26.0219 5636   ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
16:50:26.0219 5636   ErrDev - ok
16:50:26.0843 5636   exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
16:50:26.0843 5636   exfat - ok
16:50:27.0373 5636   fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
16:50:27.0373 5636   fastfat - ok
16:50:27.0919 5636   fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
16:50:27.0919 5636   fdc - ok
16:50:28.0496 5636   FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
16:50:28.0496 5636   FileInfo - ok
16:50:28.0995 5636   Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
16:50:28.0995 5636   Filetrace - ok
16:50:29.0463 5636   flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
16:50:29.0463 5636   flpydisk - ok
16:50:29.0963 5636   FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
16:50:29.0963 5636   FltMgr - ok
16:50:30.0571 5636   Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
16:50:30.0571 5636   Fs_Rec - ok
16:50:31.0023 5636   gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
16:50:31.0023 5636   gagp30kx - ok
16:50:31.0679 5636   GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:50:31.0679 5636   GEARAspiWDM - ok
16:50:32.0131 5636   HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
16:50:32.0131 5636   HdAudAddService - ok
16:50:32.0661 5636   HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:50:32.0661 5636   HDAudBus - ok
16:50:33.0207 5636   HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
16:50:33.0207 5636   HidBth - ok
16:50:33.0847 5636   HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
16:50:33.0847 5636   HidIr - ok
16:50:34.0299 5636   HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
16:50:34.0299 5636   HidUsb - ok
16:50:34.0908 5636   HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
16:50:34.0908 5636   HpCISSs - ok
16:50:35.0501 5636   HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
16:50:35.0501 5636   HSFHWAZL - ok
16:50:36.0047 5636   HSF_DPV (fadd7095163cb3cb4073793ebb50fe75) C:\Windows\system32\DRIVERS\HSX_DPV.sys
16:50:36.0047 5636   HSF_DPV - ok
16:50:36.0577 5636   HSXHWAZL (058783bedd17615d1fece09f77960436) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
16:50:36.0577 5636   HSXHWAZL - ok
16:50:37.0185 5636   HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
16:50:37.0185 5636   HTTP - ok
16:50:37.0607 5636   i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
16:50:37.0607 5636   i2omp - ok
16:50:38.0012 5636   i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
16:50:38.0012 5636   i8042prt - ok
16:50:38.0543 5636   iaStor (baabb0301949774a66b955c65319635a) C:\Windows\system32\drivers\iastor.sys
16:50:38.0558 5636   iaStor - ok
16:50:39.0198 5636   iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
16:50:39.0213 5636   iaStorV - ok
16:50:39.0635 5636   IBMPMDRV (4a8ab38fdf3649c1fe3e9d16bf79927d) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
16:50:39.0635 5636   IBMPMDRV - ok
16:50:40.0929 5636   igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
16:50:41.0054 5636   igfx - ok
16:50:41.0616 5636   iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
16:50:41.0616 5636   iirsp - ok
16:50:42.0084 5636   IntcHdmiAddService (092a78e9c6f71bf0e22379503b90e800) C:\Windows\system32\drivers\IntcHdmi.sys
16:50:42.0084 5636   IntcHdmiAddService - ok
16:50:42.0552 5636   intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
16:50:42.0552 5636   intelide - ok
16:50:43.0098 5636   intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
16:50:43.0098 5636   intelppm - ok
16:50:43.0628 5636   IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:50:43.0628 5636   IpFilterDriver - ok
16:50:44.0143 5636   IpInIp - ok
16:50:44.0611 56

SuperDave · « **Reply #24 on:** February 09, 2012, 04:17:32 PM »

The log seems to be cut off. Are you sure you got it all?

MtlHab39 · « **Reply #25 on:** February 10, 2012, 02:40:20 PM »

Sorry about that; thought I had it all. Here it is and in case you were wondering.....THANKS FOR THE HELP!!!

16:45:36.0638 1256   TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
16:45:36.0716 1256   ============================================================
16:45:36.0716 1256   Current date / time: 2012/02/09 16:45:36.0716
16:45:36.0716 1256   SystemInfo:
16:45:36.0716 1256
16:45:36.0716 1256   OS Version: 6.0.6002 ServicePack: 2.0
16:45:36.0716 1256   Product type: Workstation
16:45:36.0716 1256   ComputerName: COSTA-PC
16:45:36.0731 1256   UserName: Costa
16:45:36.0731 1256   Windows directory: C:\Windows
16:45:36.0731 1256   System windows directory: C:\Windows
16:45:36.0731 1256   Processor architecture: Intel x86
16:45:36.0731 1256   Number of processors: 2
16:45:36.0731 1256   Page size: 0x1000
16:45:36.0731 1256   Boot type: Normal boot
16:45:36.0731 1256   ============================================================
16:45:38.0057 1256   Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:45:38.0088 1256   Drive \Device\Harddisk1\DR1 - Size: 0x1DD180000 (7.45 Gb), SectorSize: 0x200, Cylinders: 0x3CD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:45:38.0088 1256   \Device\Harddisk0\DR0:
16:45:38.0088 1256   MBR used
16:45:38.0088 1256   \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2EE000
16:45:38.0088 1256   \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x113A27F8
16:45:38.0088 1256   \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x11691000, BlocksNum 0x1388000
16:45:38.0088 1256   \Device\Harddisk1\DR1:
16:45:38.0088 1256   MBR used
16:45:38.0088 1256   \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0xEE8BE0
16:45:38.0510 1256   Initialize success
16:45:38.0510 1256   ============================================================
16:45:41.0505 2876   ============================================================
16:45:41.0505 2876   Scan started
16:45:41.0505 2876   Mode: Manual;
16:45:41.0505 2876   ============================================================
16:45:49.0164 2876   ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
16:45:49.0492 2876   ACPI - ok
16:45:50.0709 2876   adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
16:45:50.0724 2876   adp94xx - ok
16:45:51.0785 2876   adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
16:45:51.0801 2876   adpahci - ok
16:45:52.0768 2876   adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
16:45:52.0815 2876   adpu160m - ok
16:45:53.0891 2876   adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
16:45:53.0907 2876   adpu320 - ok
16:45:54.0656 2876   AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
16:45:54.0656 2876   AFD - ok
16:45:55.0685 2876   agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
16:45:55.0716 2876   agp440 - ok
16:45:56.0824 2876   aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
16:45:56.0933 2876   aic78xx - ok
16:45:57.0773 2876   aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
16:45:57.0835 2876   aliide - ok
16:45:58.0974 2876   amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
16:45:58.0990 2876   amdagp - ok
16:45:59.0910 2876   amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
16:45:59.0926 2876   amdide - ok
16:46:00.0706 2876   AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
16:46:00.0737 2876   AmdK7 - ok
16:46:01.0735 2876   AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
16:46:01.0782 2876   AmdK8 - ok
16:46:02.0843 2876   arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
16:46:02.0890 2876   arc - ok
16:46:04.0013 2876   arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
16:46:04.0028 2876   arcsas - ok
16:46:04.0325 2876   ASMMAP (7b4d08d2017ac06689d422e06c43f0aa) C:\Program Files\Lenovo\ATK Hotkey\ASMMAP.sys
16:46:04.0340 2876   ASMMAP - ok
16:46:05.0744 2876   AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
16:46:05.0776 2876   AsyncMac - ok
16:46:06.0836 2876   atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
16:46:06.0868 2876   atapi - ok
16:46:08.0209 2876   athr (4df523f49694b2884f8e5d870bf3e253) C:\Windows\system32\DRIVERS\athr.sys
16:46:08.0818 2876   athr - ok
16:46:11.0220 2876   Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
16:46:11.0251 2876   Beep - ok
16:46:12.0125 2876   blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
16:46:12.0172 2876   blbdrive - ok
16:46:12.0967 2876   bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
16:46:12.0998 2876   bowser - ok
16:46:14.0090 2876   BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
16:46:14.0106 2876   BrFiltLo - ok
16:46:14.0995 2876   BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
16:46:15.0026 2876   BrFiltUp - ok
16:46:15.0916 2876   Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
16:46:15.0947 2876   Brserid - ok
16:46:16.0680 2876   BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
16:46:16.0696 2876   BrSerWdm - ok
16:46:17.0632 2876   BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
16:46:17.0647 2876   BrUsbMdm - ok
16:46:18.0458 2876   BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
16:46:18.0474 2876   BrUsbSer - ok
16:46:19.0348 2876   BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
16:46:19.0363 2876   BTHMODEM - ok
16:46:19.0675 2876   catchme - ok
16:46:20.0596 2876   cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
16:46:20.0642 2876   cdfs - ok
16:46:21.0781 2876   cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
16:46:21.0812 2876   cdrom - ok
16:46:22.0390 2876   circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
16:46:22.0405 2876   circlass - ok
16:46:23.0404 2876   CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
16:46:23.0435 2876   CLFS - ok
16:46:24.0418 2876   CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
16:46:24.0418 2876   CmBatt - ok
16:46:25.0010 2876   cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
16:46:25.0010 2876   cmdide - ok
16:46:26.0165 2876   CnxtHdAudService (2e3e4579b4299c528de109b3ce4294ac) C:\Windows\system32\drivers\CHDRT32.sys
16:46:26.0165 2876   CnxtHdAudService - ok
16:46:26.0945 2876   Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
16:46:26.0945 2876   Compbatt - ok
16:46:28.0130 2876   crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
16:46:28.0146 2876   crcdisk - ok
16:46:29.0347 2876   Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
16:46:29.0347 2876   Crusoe - ok
16:46:30.0065 2876   DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
16:46:30.0080 2876   DfsC - ok
16:46:31.0282 2876   disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
16:46:31.0328 2876   disk - ok
16:46:32.0405 2876   DLABMFSM (5b149ccfe275f4de0b4b8ec6b9f6821e) C:\Windows\system32\DLA\DLABMFSM.SYS
16:46:32.0405 2876   DLABMFSM - ok
16:46:33.0122 2876   DLABOIOM (ad4cb3d783634c90a9d0ce360933a63c) C:\Windows\system32\DLA\DLABOIOM.SYS
16:46:33.0138 2876   DLABOIOM - ok
16:46:34.0090 2876   DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\Windows\system32\Drivers\DLACDBHM.SYS
16:46:34.0105 2876   DLACDBHM - ok
16:46:34.0838 2876   DLADResM (93d03238cc3f0ee3c0b3985d110ec575) C:\Windows\system32\DLA\DLADResM.SYS
16:46:34.0854 2876   DLADResM - ok
16:46:35.0384 2876   DLAIFS_M (6a82f77c4a6f5235bf352f0028e2ef52) C:\Windows\system32\DLA\DLAIFS_M.SYS
16:46:35.0400 2876   DLAIFS_M - ok
16:46:36.0164 2876   DLAOPIOM (0e6052c0ada37504896a847231a3907d) C:\Windows\system32\DLA\DLAOPIOM.SYS
16:46:36.0180 2876   DLAOPIOM - ok
16:46:37.0334 2876   DLAPoolM (29670bb4e2b973c5b55a76107d4910b2) C:\Windows\system32\DLA\DLAPoolM.SYS
16:46:37.0350 2876   DLAPoolM - ok
16:46:37.0943 2876   DLARTL_M (77fe51f0f8d86804cb81f6ef6bfb86dd) C:\Windows\system32\Drivers\DLARTL_M.SYS
16:46:37.0943 2876   DLARTL_M - ok
16:46:38.0660 2876   DLAUDFAM (6b087732b86c1d866d69dbbe463ea90a) C:\Windows\system32\DLA\DLAUDFAM.SYS
16:46:38.0692 2876   DLAUDFAM - ok
16:46:39.0175 2876   DLAUDF_M (bbeecb95f2841ae4a3e3690d46d7153d) C:\Windows\system32\DLA\DLAUDF_M.SYS
16:46:39.0222 2876   DLAUDF_M - ok
16:46:40.0033 2876   drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
16:46:40.0064 2876   drmkaud - ok
16:46:41.0016 2876   DRVMCDB (83106585494d5eb96f59187200c144bd) C:\Windows\system32\Drivers\DRVMCDB.SYS
16:46:41.0032 2876   DRVMCDB - ok
16:46:41.0437 2876   DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\Windows\system32\Drivers\DRVNDDM.SYS
16:46:41.0437 2876   DRVNDDM - ok
16:46:42.0295 2876   DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
16:46:42.0436 2876   DXGKrnl - ok
16:46:43.0325 2876   e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
16:46:43.0387 2876   e1express - ok
16:46:44.0308 2876   E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
16:46:44.0354 2876   E1G60 - ok
16:46:45.0025 2876   Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
16:46:45.0025 2876   Ecache - ok
16:46:46.0086 2876   elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
16:46:46.0180 2876   elxstor - ok
16:46:46.0960 2876   ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
16:46:46.0960 2876   ErrDev - ok
16:46:48.0442 2876   exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
16:46:48.0504 2876   exfat - ok
16:46:49.0549 2876   fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
16:46:49.0596 2876   fastfat - ok
16:46:50.0875 2876   fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
16:46:50.0891 2876   fdc - ok
16:46:51.0780 2876   FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
16:46:51.0811 2876   FileInfo - ok
16:46:52.0482 2876   Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
16:46:52.0498 2876   Filetrace - ok
16:46:53.0137 2876   flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
16:46:53.0137 2876   flpydisk - ok
16:46:53.0824 2876   FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
16:46:53.0886 2876   FltMgr - ok
16:46:54.0635 2876   Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
16:46:54.0650 2876   Fs_Rec - ok
16:46:55.0399 2876   gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
16:46:55.0430 2876   gagp30kx - ok
16:46:56.0195 2876   GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:46:56.0195 2876   GEARAspiWDM - ok
16:46:57.0022 2876   HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
16:46:57.0068 2876   HdAudAddService - ok
16:46:58.0363 2876   HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:46:58.0441 2876   HDAudBus - ok
16:46:59.0330 2876   HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
16:46:59.0408 2876   HidBth - ok
16:47:00.0251 2876   HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
16:47:00.0282 2876   HidIr - ok
16:47:01.0156 2876   HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
16:47:01.0171 2876   HidUsb - ok
16:47:02.0060 2876   HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
16:47:02.0092 2876   HpCISSs - ok
16:47:02.0965 2876   HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
16:47:03.0028 2876   HSFHWAZL - ok
16:47:04.0385 2876   HSF_DPV (fadd7095163cb3cb4073793ebb50fe75) C:\Windows\system32\DRIVERS\HSX_DPV.sys
16:47:04.0510 2876   HSF_DPV - ok
16:47:05.0212 2876   HSXHWAZL (058783bedd17615d1fece09f77960436) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
16:47:05.0274 2876   HSXHWAZL - ok
16:47:05.0882 2876   HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
16:47:05.0882 2876   HTTP - ok
16:47:06.0382 2876   i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
16:47:06.0413 2876   i2omp - ok
16:47:07.0302 2876   i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
16:47:07.0333 2876   i8042prt - ok
16:47:08.0238 2876   iaStor (baabb0301949774a66b955c65319635a) C:\Windows\system32\drivers\iastor.sys
16:47:08.0254 2876   iaStor - ok
16:47:09.0205 2876   iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
16:47:09.0252 2876   iaStorV - ok
16:47:10.0235 2876   IBMPMDRV (4a8ab38fdf3649c1fe3e9d16bf79927d) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
16:47:10.0250 2876   IBMPMDRV - ok
16:47:12.0216 2876   igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
16:47:14.0774 2876   igfx - ok
16:47:15.0695 2876   iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
16:47:15.0710 2876   iirsp - ok
16:47:16.0288 2876   IntcHdmiAddService (092a78e9c6f71bf0e22379503b90e800) C:\Windows\system32\drivers\IntcHdmi.sys
16:47:16.0303 2876   IntcHdmiAddService - ok
16:47:16.0756 2876   intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
16:47:16.0756 2876   intelide - ok
16:47:17.0614 2876   intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
16:47:17.0614 2876   intelppm - ok
16:47:18.0456 2876   IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:47:18.0472 2876   IpFilterDriver - ok
16:47:18.0846 2876   IpInIp - ok
16:47:19.0423 2876   IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
16:47:19.0423 2876   IPMIDRV - ok
16:47:19.0829 2876   IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
16:47:19.0860 2876   IPNAT - ok
16:47:20.0624 2876   IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
16:47:20.0687 2876   IRENUM - ok
16:47:21.0623 2876   isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
16:47:21.0654 2876   isapnp - ok
16:47:22.0450 2876   iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
16:47:22.0481 2876   iScsiPrt - ok
16:47:23.0089 2876   iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
16:47:23.0105 2876   iteatapi - ok
16:47:23.0994 2876   iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
16:47:24.0010 2876   iteraid - ok
16:47:24.0852 2876   kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
16:47:24.0852 2876   kbdclass - ok
16:47:25.0694 2876   kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
16:47:25.0710 2876   kbdhid - ok
16:47:26.0521 2876   KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
16:47:26.0584 2876   KSecDD - ok
16:47:27.0863 2876   lenovo.smi (3c3f7f424e324c6971632c5de5ff458f) C:\Windows\system32\DRIVERS\smiif32.sys
16:47:27.0878 2876   lenovo.smi - ok
16:47:28.0549 2876   lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
16:47:28.0565 2876   lltdio - ok
16:47:29.0345 2876   LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
16:47:29.0392 2876   LSI_FC - ok
16:47:30.0234 2876   LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
16:47:30.0265 2876   LSI_SAS - ok
16:47:31.0342 2876   LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
16:47:31.0373 2876   LSI_SCSI - ok
16:47:32.0168 2876   luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
16:47:32.0200 2876   luafv - ok
16:47:33.0011 2876   mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
16:47:33.0026 2876   mdmxsdk - ok
16:47:33.0822 2876   megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
16:47:34.0118 2876   megasas - ok
16:47:35.0054 2876   MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
16:47:35.0070 2876   MegaSR - ok
16:47:35.0912 2876   Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
16:47:35.0912 2876   Modem - ok
16:47:36.0630 2876   monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
16:47:36.0630 2876   monitor - ok
16:47:37.0238 2876   mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
16:47:37.0254 2876   mouclass - ok
16:47:38.0018 2876   mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
16:47:38.0050 2876   mouhid - ok
16:47:38.0689 2876   MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
16:47:38.0705 2876   MountMgr - ok
16:47:39.0578 2876   mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
16:47:39.0625 2876   mpio - ok
16:47:40.0358 2876   mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
16:47:40.0390 2876   mpsdrv - ok
16:47:41.0154 2876   Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
16:47:41.0185 2876   Mraid35x - ok
16:47:41.0622 2876   MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
16:47:41.0638 2876   MRxDAV - ok
16:47:42.0480 2876   mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:47:42.0496 2876   mrxsmb - ok
16:47:43.0666 2876   mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:47:43.0744 2876   mrxsmb10 - ok
16:47:44.0540 2876   mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:47:44.0556 2876   mrxsmb20 - ok
16:47:45.0071 2876   msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
16:47:45.0117 2876   msahci - ok
16:47:45.0741 2876   msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
16:47:45.0773 2876   msdsm - ok
16:47:46.0584 2876   Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
16:47:46.0615 2876   Msfs - ok
16:47:47.0489 2876   msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
16:47:47.0520 2876   msisadrv - ok
16:47:48.0456 2876   MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
16:47:48.0487 2876   MSKSSRV - ok
16:47:49.0298 2876   MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
16:47:49.0345 2876   MSPCLOCK - ok
16:47:50.0297 2876   MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
16:47:50.0328 2876   MSPQM - ok
16:47:51.0279 2876   MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
16:47:51.0326 2876   MsRPC - ok
16:47:52.0215 2876   mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
16:47:52.0215 2876   mssmbios - ok
16:47:53.0292 2876   MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
16:47:53.0339 2876   MSTEE - ok
16:47:54.0119 2876   MTsensor (97affa9d95ffe20eee6229bc6be166cf) C:\Windows\system32\DRIVERS\A0101V32.sys
16:47:54.0134 2876   MTsensor - ok
16:47:54.0524 2876   Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
16:47:54.0524 2876   Mup - ok
16:47:54.0930 2876   NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
16:47:54.0945 2876   NativeWifiP - ok
16:47:55.0757 2876   NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
16:47:55.0866 2876   NDIS - ok
16:47:57.0036 2876   NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
16:47:57.0067 2876   NdisTapi - ok
16:47:57.0566 2876   Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
16:47:57.0566 2876   Ndisuio - ok
16:47:58.0362 2876   NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
16:47:58.0377 2876   NdisWan - ok
16:47:59.0142 2876   NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
16:47:59.0157 2876   NDProxy - ok
16:48:00.0218 2876   NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
16:48:00.0234 2876   NetBIOS - ok
16:48:02.0153 2876   netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
16:48:02.0168 2876   netbt - ok
16:48:03.0011 2876   nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
16:48:03.0042 2876   nfrd960 - ok
16:48:03.0791 2876   Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
16:48:03.0791 2876   Npfs - ok
16:48:04.0742 2876   nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
16:48:04.0789 2876   nsiproxy - ok
16:48:05.0585 2876   Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
16:48:05.0959 2876   Ntfs - ok
16:48:06.0614 2876   ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
16:48:06.0630 2876   ntrigdigi - ok
16:48:07.0332 2876   Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
16:48:07.0363 2876   Null - ok
16:48:08.0112 2876   nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
16:48:08.0159 2876   nvraid - ok
16:48:09.0126 2876   nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
16:48:09.0173 2876   nvstor - ok
16:48:09.0937 2876   nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
16:48:09.0984 2876   nv_agp - ok
16:48:10.0764 2876   NwlnkFlt - ok
16:48:11.0637 2876   NwlnkFwd - ok
16:48:12.0417 2876   ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
16:48:12.0417 2876   ohci1394 - ok
16:48:13.0369 2876   Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
16:48:13.0431 2876   Parport - ok
16:48:14.0321 2876   partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
16:48:14.0336 2876   partmgr - ok
16:48:15.0225 2876   Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
16:48:15.0241 2876   Parvdm - ok
16:48:16.0193 2876   pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
16:48:16.0239 2876   pci - ok
16:48:17.0097 2876   pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
16:48:17.0129 2876   pciide - ok
16:48:18.0143 2876   pcmcia (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys
16:48:18.0236 2876   pcmcia - ok
16:48:19.0235 2876   PCTCore (995e6bc3bb92bb4a9eb49a663c43b6cb) C:\Windows\system32\drivers\PCTCore.sys
16:48:19.0281 2876   PCTCore - ok
16:48:20.0108 2876   pctDS (f820b4c61d1e591325b679d479d4eea4) C:\Windows\system32\drivers\pctDS.sys
16:48:20.0171 2876   pctDS - ok
16:48:21.0185 2876   pctEFA (acc8c15f3d59f17c5d903ff1de3b43d3) C:\Windows\system32\drivers\pctEFA.sys
16:48:21.0278 2876   pctEFA - ok
16:48:22.0433 2876   PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
16:48:22.0698 2876   PEAUTH - ok
16:48:23.0634 2876   PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
16:48:23.0649 2876   PptpMiniport - ok
16:48:24.0461 2876   Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
16:48:24.0507 2876   Processor - ok
16:48:25.0428 2876   psadd (f8a25f1dd8b2c332cbc663e3579566e7) C:\Windows\system32\DRIVERS\psadd.sys
16:48:25.0537 2876   psadd - ok
16:48:25.0989 2876   PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
16:48:26.0021 2876   PSched - ok
16:48:26.0801 2876   PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
16:48:26.0832 2876   PxHelp20 - ok
16:48:27.0939 2876   ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
16:48:28.0127 2876   ql2300 - ok
16:48:28.0922 2876   ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
16:48:28.0953 2876   ql40xx - ok
16:48:30.0030 2876   QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
16:48:30.0061 2876   QWAVEdrv - ok
16:48:30.0950 2876   RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
16:48:30.0981 2876   RasAcd - ok
16:48:31.0902 2876   Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:48:31.0964 2876   Rasl2tp - ok
16:48:32.0822 2876   RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
16:48:32.0853 2876   RasPppoe - ok
16:48:33.0477 2876   RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
16:48:33.0493 2876   RasSstp - ok
16:48:34.0289 2876   rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
16:48:34.0367 2876   rdbss - ok
16:48:35.0287 2876   RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:48:35.0287 2876   RDPCDD - ok
16:48:36.0192 2876   rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
16:48:36.0254 2876   rdpdr - ok
16:48:37.0190 2876   RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
16:48:37.0206 2876   RDPENCDD - ok
16:48:38.0095 2876   RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
16:48:38.0126 2876   RDPWD - ok
16:48:39.0000 2876   rimmptsk (a5b12a4b3b774432db9b9fa221190e59) C:\Windows\system32\DRIVERS\rimmptsk.sys
16:48:39.0000 2876   rimmptsk - ok
16:48:39.0749 2876   rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys
16:48:39.0764 2876   rimsptsk - ok
16:48:40.0529 2876   rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
16:48:40.0544 2876   rismxdp - ok
16:48:41.0324 2876   rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
16:48:41.0355 2876   rspndr - ok
16:48:42.0120 2876   RTL8169 (7157e70a90cce49deb8885d23a073a39) C:\Windows\system32\DRIVERS\Rtlh86.sys
16:48:42.0135 2876   RTL8169 - ok
16:48:42.0369 2876   SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
16:48:42.0385 2876   SASDIFSV - ok
16:48:42.0510 2876   SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
16:48:42.0525 2876   SASKUTIL - ok
16:48:42.0915 2876   sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
16:48:42.0915 2876   sbp2port - ok
16:48:43.0399 2876   sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
16:48:43.0415 2876   sdbus - ok
16:48:44.0132 2876   secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
16:48:44.0132 2876   secdrv - ok
16:48:44.0585 2876   Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
16:48:44.0585 2876   Serenum - ok
16:48:44.0975 2876   Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
16:48:44.0975 2876   Serial - ok
16:48:45.0443 2876   sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
16:48:45.0443 2876   sermouse - ok
16:48:45.0926 2876   sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
16:48:45.0957 2876   sffdisk - ok
16:48:46.0457 2876   sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
16:48:46.0457 2876   sffp_mmc - ok
16:48:46.0831 2876   sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
16:48:46.0831 2876   sffp_sd - ok
16:48:47.0408 2876   sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
16:48:47.0408 2876   sfloppy - ok
16:48:47.0845 2876   Shockprf (1310c5e81966e86b2ced7ae8ce3d74f1) C:\Windows\system32\DRIVERS\Apsx86.sys
16:48:47.0845 2876   Shockprf - ok
16:48:48.0266 2876   sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
16:48:48.0266 2876   sisagp - ok
16:48:48.0703 2876   SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
16:48:48.0719 2876   SiSRaid2 - ok
16:48:49.0062 2876   SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
16:48:49.0062 2876   SiSRaid4 - ok
16:48:49.0514 2876   Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
16:48:49.0530 2876   Smb - ok
16:48:50.0029 2876   spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
16:48:50.0045 2876   spldr - ok
16:48:50.0497 2876   srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
16:48:50.0497 2876   srv - ok
16:48:51.0137 2876   srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
16:48:51.0152 2876   srv2 - ok
16:48:51.0589 2876   srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
16:48:51.0589 2876   srvnet - ok
16:48:52.0041 2876   swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
16:48:52.0041 2876   swenum - ok
16:48:52.0447 2876   Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
16:48:52.0447 2876   Symc8xx - ok
16:48:52.0931 2876   Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
16:48:52.0931 2876   Sym_hi - ok
16:48:53.0367 2876   Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
16:48:53.0383 2876   Sym_u3 - ok
16:48:53.0960 2876   SynTP (f92350e343b056a83093bc0d8f750f05) C:\Windows\system32\DRIVERS\SynTP.sys
16:48:53.0960 2876   SynTP - ok
16:48:54.0569 2876   Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
16:48:54.0600 2876   Tcpip - ok
16:48:55.0099 2876   Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
16:48:55.0115 2876   Tcpip6 - ok
16:48:55.0583 2876   tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
16:48:55.0583 2876   tcpipreg - ok
16:48:56.0144 2876   TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
16:48:56.0175 2876   TDPIPE - ok
16:48:56.0534 2876   TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
16:48:56.0534 2876   TDTCP - ok
16:48:56.0877 2876   tdx - ok
16:48:57.0314 2876   TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
16:48:57.0330 2876   TermDD - ok
16:48:57.0813 2876   TPDIGIMN (d7a29e343632e2fc5f7ebfc886f12675) C:\Windows\system32\DRIVERS\ApsHM86.sys
16:48:57.0813 2876   TPDIGIMN - ok
16:48:58.0328 2876   TPM (cb258c2f726f1be73c507022be33ebb3) C:\Windows\system32\drivers\tpm.sys
16:48:58.0328 2876   TPM - ok
16:48:58.0781 2876   TPPWRIF (1bd5719ef160e0ab739cd0ff3ba5e298) C:\Windows\system32\drivers\Tppwr32v.sys
16:48:58.0781 2876   TPPWRIF - ok
16:48:59.0264 2876   tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:48:59.0264 2876   tssecsrv - ok
16:48:59.0654 2876   tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
16:48:59.0654 2876   tunmp - ok
16:49:00.0060 2876   tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
16:49:00.0075 2876   tunnel - ok
16:49:00.0512 2876   tvtfilter (49258a02a1e8d304ed88b0f1c56b1738) C:\Windows\system32\DRIVERS\tvtfilter.sys
16:49:00.0512 2876   tvtfilter - ok
16:49:01.0121 2876   tvtumon (fc4d5a1ea9d736907cb547085248199f) C:\Windows\system32\DRIVERS\tvtumon.sys
16:49:01.0121 2876   tvtumon - ok
16:49:01.0542 2876   uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
16:49:01.0542 2876   uagp35 - ok
16:49:02.0025 2876   udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
16:49:02.0041 2876   udfs - ok
16:49:02.0509 2876   uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
16:49:02.0509 2876   uliagpkx - ok
16:49:02.0993 2876   uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
16:49:02.0993 2876   uliahci - ok
16:49:03.0461 2876   UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
16:49:03.0476 2876   UlSata - ok
16:49:03.0944 2876   ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
16:49:03.0944 2876   ulsata2 - ok
16:49:04.0412 2876   umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
16:49:04.0428 2876   umbus - ok
16:49:04.0833 2876   USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
16:49:04.0865 2876   USBAAPL - ok
16:49:05.0239 2876   usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
16:49:05.0239 2876   usbccgp - ok
16:49:05.0645 2876   usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
16:49:05.0645 2876   usbcir - ok
16:49:06.0175 2876   usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
16:49:06.0175 2876   usbehci - ok
16:49:06.0799 2876   usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
16:49:06.0799 2876   usbhub - ok
16:49:07.0220 2876   usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
16:49:07.0220 2876   usbohci - ok
16:49:07.0704 2876   usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
16:49:07.0719 2876   usbprint - ok
16:49:08.0343 2876   usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
16:49:08.0359 2876   usbscan - ok
16:49:09.0155 2876   USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:49:09.0155 2876   USBSTOR - ok
16:49:09.0638 2876   usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
16:49:09.0638 2876   usbuhci - ok
16:49:10.0122 2876   usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
16:49:10.0137 2876   usbvideo - ok
16:49:10.0621 2876   vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
16:49:10.0621 2876   vga - ok
16:49:11.0073 2876   VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
16:49:11.0089 2876   VgaSave - ok
16:49:11.0557 2876   viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
16:49:11.0557 2876   viaagp - ok
16:49:12.0103 2876   ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
16:49:12.0103 2876   ViaC7 - ok
16:49:12.0680 2876   viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
16:49:12.0680 2876   viaide - ok
16:49:13.0133 2876   volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
16:49:13.0148 2876   volmgr - ok
16:49:13.0601 2876   volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
16:49:13.0616 2876   volmgrx - ok
16:49:14.0022 2876   volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
16:49:14.0022 2876   volsnap - ok
16:49:14.0537 2876   vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
16:49:14.0552 2876   vsmraid - ok
16:49:15.0051 2876   WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
16:49:15.0067 2876   WacomPen - ok
16:49:15.0488 2876   Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:49:15.0488 2876   Wanarp - ok
16:49:15.0535 2876   Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:49:15.0535 2876   Wanarpv6 - ok
16:49:15.0925 2876   Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
16:49:15.0941 2876   Wd - ok
16:49:16.0393 2876   Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
16:49:16.0440 2876   Wdf01000 - ok
16:49:17.0251 2876   WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
16:49:17.0282 2876   WimFltr - ok
16:49:17.0984 2876   winachsf (bb9cbaf6ac20452b245c324f1f50ee81) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
16:49:18.0000 2876   winachsf - ok
16:49:18.0827 2876   WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:49:18.0858 2876   WmiAcpi - ok
16:49:19.0685 2876   WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
16:49:19.0700 2876   WpdUsb - ok
16:49:20.0137 2876   ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
16:49:20.0137 2876   ws2ifsl - ok
16:49:20.0589 2876   WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:49:20.0589 2876   WUDFRd - ok
16:49:21.0042 2876   XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
16:49:21.0042 2876   XAudio - ok
16:49:21.0104 2876   MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
16:49:21.0182 2876   \Device\Harddisk0\DR0 - ok
16:49:21.0182 2876   MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
16:49:21.0198 2876   \Device\Harddisk1\DR1 - ok
16:49:21.0198 2876   Boot (0x1200) (db22cc3cf933e4bbdc879e17b323bf87) \Device\Harddisk0\DR0\Partition0
16:49:21.0198 2876   \Device\Harddisk0\DR0\Partition0 - ok
16:49:21.0245 2876   Boot (0x1200) (2e8e2d73dfe7b63ffe913ceae517bade) \Device\Harddisk0\DR0\Partition1
16:49:21.0245 2876   \Device\Harddisk0\DR0\Partition1 - ok
16:49:21.0291 2876   Boot (0x1200) (01aec9517935ec23d2e9c0dd7359e4ed) \Device\Harddisk0\DR0\Partition2
16:49:21.0291 2876   \Device\Harddisk0\DR0\Partition2 - ok
16:49:21.0291 2876   Boot (0x1200) (b8f1d9319df78927e391e24460fdfb2a) \Device\Harddisk1\DR1\Partition0
16:49:21.0291 2876   \Device\Harddisk1\DR1\Partition0 - ok
16:49:21.0291 2876   ============================================================
16:49:21.0291 2876   Scan finished
16:49:21.0291 2876   ============================================================
16:49:21.0307 6032   Detected object count: 0
16:49:21.0323 6032   Actual detected object count: 0
16:49:49.0574 5636   ============================================================
16:49:49.0574 5636   Scan started
16:49:49.0574 5636   Mode: Manual;
16:49:49.0574 5636   ============================================================
16:49:51.0462 5636   ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
16:49:51.0462 5636   ACPI - ok
16:49:52.0351 5636   adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
16:49:52.0367 5636   adp94xx - ok
16:49:53.0209 5636   adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
16:49:53.0209 5636   adpahci - ok
16:49:54.0020 5636   adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
16:49:54.0020 5636   adpu160m - ok
16:49:54.0379 5636   adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
16:49:54.0379 5636   adpu320 - ok
16:49:54.0925 5636   AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
16:49:54.0925 5636   AFD - ok
16:49:55.0627 5636   agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
16:49:55.0627 5636   agp440 - ok
16:49:56.0251 5636   aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
16:49:56.0251 5636   aic78xx - ok
16:49:56.0875 5636   aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
16:49:56.0875 5636   aliide - ok
16:49:57.0265 5636   amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
16:49:57.0265 5636   amdagp - ok
16:49:57.0733 5636   amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
16:49:57.0733 5636   amdide - ok
16:49:58.0154 5636   AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
16:49:58.0154 5636   AmdK7 - ok
16:49:58.0856 5636   AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
16:49:58.0856 5636   AmdK8 - ok
16:49:59.0901 5636   arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
16:49:59.0901 5636   arc - ok
16:50:00.0432 5636   arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
16:50:00.0432 5636   arcsas - ok
16:50:00.0635 5636   ASMMAP (7b4d08d2017ac06689d422e06c43f0aa) C:\Program Files\Lenovo\ATK Hotkey\ASMMAP.sys
16:50:00.0635 5636   ASMMAP - ok
16:50:01.0415 5636   AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
16:50:01.0415 5636   AsyncMac - ok
16:50:02.0257 5636   atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
16:50:02.0273 5636   atapi - ok
16:50:03.0255 5636   athr (4df523f49694b2884f8e5d870bf3e253) C:\Windows\system32\DRIVERS\athr.sys
16:50:03.0271 5636   athr - ok
16:50:03.0817 5636   Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
16:50:03.0817 5636   Beep - ok
16:50:04.0675 5636   blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
16:50:04.0675 5636   blbdrive - ok
16:50:05.0486 5636   bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
16:50:05.0486 5636   bowser - ok
16:50:06.0235 5636   BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
16:50:06.0235 5636   BrFiltLo - ok
16:50:06.0937 5636   BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
16:50:06.0937 5636   BrFiltUp - ok
16:50:07.0811 5636   Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
16:50:07.0811 5636   Brserid - ok
16:50:08.0450 5636   BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
16:50:08.0450 5636   BrSerWdm - ok
16:50:08.0903 5636   BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
16:50:08.0918 5636   BrUsbMdm - ok
16:50:09.0308 5636   BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
16:50:09.0308 5636   BrUsbSer - ok
16:50:09.0792 5636   BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
16:50:09.0792 5636   BTHMODEM - ok
16:50:09.0963 5636   catchme - ok
16:50:10.0541 5636   cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
16:50:10.0556 5636   cdfs - ok
16:50:11.0149 5636   cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
16:50:11.0149 5636   cdrom - ok
16:50:11.0711 5636   circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
16:50:11.0726 5636   circlass - ok
16:50:12.0085 5636   CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
16:50:12.0101 5636   CLFS - ok
16:50:12.0756 5636   CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
16:50:12.0756 5636   CmBatt - ok
16:50:13.0146 5636   cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
16:50:13.0146 5636   cmdide - ok
16:50:13.0567 5636   CnxtHdAudService (2e3e4579b4299c528de109b3ce4294ac) C:\Windows\system32\drivers\CHDRT32.sys
16:50:13.0567 5636   CnxtHdAudService - ok
16:50:14.0113 5636   Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
16:50:14.0113 5636   Compbatt - ok
16:50:14.0690 5636   crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
16:50:14.0690 5636   crcdisk - ok
16:50:15.0174 5636   Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
16:50:15.0174 5636   Crusoe - ok
16:50:15.0642 5636   DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
16:50:15.0642 5636   DfsC - ok
16:50:16.0266 5636   disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
16:50:16.0266 5636   disk - ok
16:50:16.0812 5636   DLABMFSM (5b149ccfe275f4de0b4b8ec6b9f6821e) C:\Windows\system32\DLA\DLABMFSM.SYS
16:50:16.0812 5636   DLABMFSM - ok
16:50:17.0171 5636   DLABOIOM (ad4cb3d783634c90a9d0ce360933a63c) C:\Windows\system32\DLA\DLABOIOM.SYS
16:50:17.0171 5636   DLABOIOM - ok
16:50:17.0763 5636   DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\Windows\system32\Drivers\DLACDBHM.SYS
16:50:17.0763 5636   DLACDBHM - ok
16:50:18.0216 5636   DLADResM (93d03238cc3f0ee3c0b3985d110ec575) C:\Windows\system32\DLA\DLADResM.SYS
16:50:18.0216 5636   DLADResM - ok
16:50:18.0621 5636   DLAIFS_M (6a82f77c4a6f5235bf352f0028e2ef52) C:\Windows\system32\DLA\DLAIFS_M.SYS
16:50:18.0621 5636   DLAIFS_M - ok
16:50:19.0152 5636   DLAOPIOM (0e6052c0ada37504896a847231a3907d) C:\Windows\system32\DLA\DLAOPIOM.SYS
16:50:19.0152 5636   DLAOPIOM - ok
16:50:19.0713 5636   DLAPoolM (29670bb4e2b973c5b55a76107d4910b2) C:\Windows\system32\DLA\DLAPoolM.SYS
16:50:19.0713 5636   DLAPoolM - ok
16:50:20.0197 5636   DLARTL_M (77fe51f0f8d86804cb81f6ef6bfb86dd) C:\Windows\system32\Drivers\DLARTL_M.SYS
16:50:20.0197 5636   DLARTL_M - ok
16:50:20.0759 5636   DLAUDFAM (6b087732b86c1d866d69dbbe463ea90a) C:\Windows\system32\DLA\DLAUDFAM.SYS
16:50:20.0774 5636   DLAUDFAM - ok
16:50:21.0492 5636   DLAUDF_M (bbeecb95f2841ae4a3e3690d46d7153d) C:\Windows\system32\DLA\DLAUDF_M.SYS
16:50:21.0492 5636   DLAUDF_M - ok
16:50:21.0960 5636   drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
16:50:21.0960 5636   drmkaud - ok
16:50:22.0443 5636   DRVMCDB (83106585494d5eb96f59187200c144bd) C:\Windows\system32\Drivers\DRVMCDB.SYS
16:50:22.0443 5636   DRVMCDB - ok
16:50:22.0974 5636   DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\Windows\system32\Drivers\DRVNDDM.SYS
16:50:22.0974 5636   DRVNDDM - ok
16:50:23.0504 5636   DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
16:50:23.0504 5636   DXGKrnl - ok
16:50:24.0206 5636   e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
16:50:24.0206 5636   e1express - ok
16:50:24.0627 5636   E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
16:50:24.0627 5636   E1G60 - ok
16:50:25.0127 5636   Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
16:50:25.0142 5636   Ecache - ok
16:50:25.0688 5636   elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
16:50:25.0704 5636   elxstor - ok
16:50:26.0219 5636   ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
16:50:26.0219 5636   ErrDev - ok
16:50:26.0843 5636   exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
16:50:26.0843 5636   exfat - ok
16:50:27.0373 5636   fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
16:50:27.0373 5636   fastfat - ok
16:50:27.0919 5636   fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
16:50:27.0919 5636   fdc - ok
16:50:28.0496 5636   FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
16:50:28.0496 5636   FileInfo - ok
16:50:28.0995 5636   Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
16:50:28.0995 5636   Filetrace - ok
16:50:29.0463 5636   flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
16:50:29.0463 5636   flpydisk - ok
16:50:29.0963 5636   FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
16:50:29.0963 5636   FltMgr - ok
16:50:30.0571 5636   Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
16:50:30.0571 5636   Fs_Rec - ok
16:50:31.0023 5636   gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
16:50:31.0023 5636   gagp30kx - ok
16:50:31.0679 5636   GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:50:31.0679 5636   GEARAspiWDM - ok
16:50:32.0131 5636   HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
16:50:32.0131 5636   HdAudAddService - ok
16:50:32.0661 5636   HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:50:32.0661 5636   HDAudBus - ok
16:50:33.0207 5636   HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
16:50:33.0207 5636   HidBth - ok
16:50:33.0847 5636   HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
16:50:33.0847 5636   HidIr - ok
16:50:34.0299 5636   HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
16:50:34.0299 5636   HidUsb - ok
16:50:34.0908 5636   HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
16:50:34.0908 5636   HpCISSs - ok
16:50:35.0501 5636   HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
16:50:35.0501 5636   HSFHWAZL - ok
16:50:36.0047 5636   HSF_DPV (fadd7095163cb3cb4073793ebb50fe75) C:\Windows\system32\DRIVERS\HSX_DPV.sys
16:50:36.0047 5636   HSF_DPV - ok
16:50:36.0577 5636   HSXHWAZL (058783bedd17615d1fece09f77960436) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
16:50:36.0577 5636   HSXHWAZL - ok
16:50:37.0185 5636   HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
16:50:37.0185 5636   HTTP - ok
16:50:37.0607 5636   i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
16:50:37.0607 5636   i2omp - ok
16:50:38.0012 5636   i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
16:50:38.0012 5636   i8042prt - ok
16:50:38.0543 5636   iaStor (baabb0301949774a66b955c65319635a) C:\Windows\system32\drivers\iastor.sys
16:50:38.0558 5636   iaStor - ok
16:50:39.0198 5636   iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
16:50:39.0213 5636   iaStorV - ok
16:50:39.0635 5636   IBMPMDRV (4a8ab38fdf3649c1fe3e9d16bf79927d) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
16:50:39.0635 5636   IBMPMDRV - ok
16:50:40.0929 5636   igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
16:50:41.0054 5636   igfx - ok
16:50:41.0616 5636   iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
16:50:41.0616 5636   iirsp - ok
16:50:42.0084 5636   IntcHdmiAddService (092a78e9c6f71bf0e22379503b90e800) C:\Windows\system32\drivers\IntcHdmi.sys
16:50:42.0084 5636   IntcHdmiAddService - ok
16:50:42.0552 5636   intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
16:50:42.0552 5636   intelide - ok
16:50:43.0098 5636   intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
16:50:43.0098 5636   intelppm - ok
16:50:43.0628 5636   IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:50:43.0628 5636   IpFilt

SuperDave · « **Reply #26 on:** February 10, 2012, 07:35:56 PM »

AVENGER

Download The Avenger by Swandog46 from here.
Unzip/extract it to a folder on your desktop.
Double click on avenger.exe to run The Avenger.
Click OK.
Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
Click the Execute button.
You will be asked No script has been entered. Do you want to execute a rootkit scan only?.
Click Yes.
You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
Click Yes.
Your PC will now be rebooted.
After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).
Please post this log in your next reply.

Now, please try to run ComboFix again. If it still doesn't run, please try to run it in Safe Mode.

MtlHab39 · « **Reply #27 on:** February 10, 2012, 07:42:14 PM »

16:45:36.0638 1256   TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
16:45:36.0716 1256   ============================================================
16:45:36.0716 1256   Current date / time: 2012/02/09 16:45:36.0716
16:45:36.0716 1256   SystemInfo:
16:45:36.0716 1256
16:45:36.0716 1256   OS Version: 6.0.6002 ServicePack: 2.0
16:45:36.0716 1256   Product type: Workstation
16:45:36.0716 1256   ComputerName: COSTA-PC
16:45:36.0731 1256   UserName: Costa
16:45:36.0731 1256   Windows directory: C:\Windows
16:45:36.0731 1256   System windows directory: C:\Windows
16:45:36.0731 1256   Processor architecture: Intel x86
16:45:36.0731 1256   Number of processors: 2
16:45:36.0731 1256   Page size: 0x1000
16:45:36.0731 1256   Boot type: Normal boot
16:45:36.0731 1256   ============================================================
16:45:38.0057 1256   Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:45:38.0088 1256   Drive \Device\Harddisk1\DR1 - Size: 0x1DD180000 (7.45 Gb), SectorSize: 0x200, Cylinders: 0x3CD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:45:38.0088 1256   \Device\Harddisk0\DR0:
16:45:38.0088 1256   MBR used
16:45:38.0088 1256   \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2EE000
16:45:38.0088 1256   \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x113A27F8
16:45:38.0088 1256   \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x11691000, BlocksNum 0x1388000
16:45:38.0088 1256   \Device\Harddisk1\DR1:
16:45:38.0088 1256   MBR used
16:45:38.0088 1256   \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0xEE8BE0
16:45:38.0510 1256   Initialize success
16:45:38.0510 1256   ============================================================
16:45:41.0505 2876   ============================================================
16:45:41.0505 2876   Scan started
16:45:41.0505 2876   Mode: Manual;
16:45:41.0505 2876   ============================================================
16:45:49.0164 2876   ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
16:45:49.0492 2876   ACPI - ok
16:45:50.0709 2876   adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
16:45:50.0724 2876   adp94xx - ok
16:45:51.0785 2876   adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
16:45:51.0801 2876   adpahci - ok
16:45:52.0768 2876   adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
16:45:52.0815 2876   adpu160m - ok
16:45:53.0891 2876   adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
16:45:53.0907 2876   adpu320 - ok
16:45:54.0656 2876   AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
16:45:54.0656 2876   AFD - ok
16:45:55.0685 2876   agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
16:45:55.0716 2876   agp440 - ok
16:45:56.0824 2876   aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
16:45:56.0933 2876   aic78xx - ok
16:45:57.0773 2876   aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
16:45:57.0835 2876   aliide - ok
16:45:58.0974 2876   amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
16:45:58.0990 2876   amdagp - ok
16:45:59.0910 2876   amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
16:45:59.0926 2876   amdide - ok
16:46:00.0706 2876   AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
16:46:00.0737 2876   AmdK7 - ok
16:46:01.0735 2876   AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
16:46:01.0782 2876   AmdK8 - ok
16:46:02.0843 2876   arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
16:46:02.0890 2876   arc - ok
16:46:04.0013 2876   arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
16:46:04.0028 2876   arcsas - ok
16:46:04.0325 2876   ASMMAP (7b4d08d2017ac06689d422e06c43f0aa) C:\Program Files\Lenovo\ATK Hotkey\ASMMAP.sys
16:46:04.0340 2876   ASMMAP - ok
16:46:05.0744 2876   AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
16:46:05.0776 2876   AsyncMac - ok
16:46:06.0836 2876   atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
16:46:06.0868 2876   atapi - ok
16:46:08.0209 2876   athr (4df523f49694b2884f8e5d870bf3e253) C:\Windows\system32\DRIVERS\athr.sys
16:46:08.0818 2876   athr - ok
16:46:11.0220 2876   Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
16:46:11.0251 2876   Beep - ok
16:46:12.0125 2876   blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
16:46:12.0172 2876   blbdrive - ok
16:46:12.0967 2876   bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
16:46:12.0998 2876   bowser - ok
16:46:14.0090 2876   BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
16:46:14.0106 2876   BrFiltLo - ok
16:46:14.0995 2876   BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
16:46:15.0026 2876   BrFiltUp - ok
16:46:15.0916 2876   Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
16:46:15.0947 2876   Brserid - ok
16:46:16.0680 2876   BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
16:46:16.0696 2876   BrSerWdm - ok
16:46:17.0632 2876   BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
16:46:17.0647 2876   BrUsbMdm - ok
16:46:18.0458 2876   BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
16:46:18.0474 2876   BrUsbSer - ok
16:46:19.0348 2876   BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
16:46:19.0363 2876   BTHMODEM - ok
16:46:19.0675 2876   catchme - ok
16:46:20.0596 2876   cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
16:46:20.0642 2876   cdfs - ok
16:46:21.0781 2876   cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
16:46:21.0812 2876   cdrom - ok
16:46:22.0390 2876   circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
16:46:22.0405 2876   circlass - ok
16:46:23.0404 2876   CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
16:46:23.0435 2876   CLFS - ok
16:46:24.0418 2876   CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
16:46:24.0418 2876   CmBatt - ok
16:46:25.0010 2876   cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
16:46:25.0010 2876   cmdide - ok
16:46:26.0165 2876   CnxtHdAudService (2e3e4579b4299c528de109b3ce4294ac) C:\Windows\system32\drivers\CHDRT32.sys
16:46:26.0165 2876   CnxtHdAudService - ok
16:46:26.0945 2876   Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
16:46:26.0945 2876   Compbatt - ok
16:46:28.0130 2876   crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
16:46:28.0146 2876   crcdisk - ok
16:46:29.0347 2876   Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
16:46:29.0347 2876   Crusoe - ok
16:46:30.0065 2876   DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
16:46:30.0080 2876   DfsC - ok
16:46:31.0282 2876   disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
16:46:31.0328 2876   disk - ok
16:46:32.0405 2876   DLABMFSM (5b149ccfe275f4de0b4b8ec6b9f6821e) C:\Windows\system32\DLA\DLABMFSM.SYS
16:46:32.0405 2876   DLABMFSM - ok
16:46:33.0122 2876   DLABOIOM (ad4cb3d783634c90a9d0ce360933a63c) C:\Windows\system32\DLA\DLABOIOM.SYS
16:46:33.0138 2876   DLABOIOM - ok
16:46:34.0090 2876   DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\Windows\system32\Drivers\DLACDBHM.SYS
16:46:34.0105 2876   DLACDBHM - ok
16:46:34.0838 2876   DLADResM (93d03238cc3f0ee3c0b3985d110ec575) C:\Windows\system32\DLA\DLADResM.SYS
16:46:34.0854 2876   DLADResM - ok
16:46:35.0384 2876   DLAIFS_M (6a82f77c4a6f5235bf352f0028e2ef52) C:\Windows\system32\DLA\DLAIFS_M.SYS
16:46:35.0400 2876   DLAIFS_M - ok
16:46:36.0164 2876   DLAOPIOM (0e6052c0ada37504896a847231a3907d) C:\Windows\system32\DLA\DLAOPIOM.SYS
16:46:36.0180 2876   DLAOPIOM - ok
16:46:37.0334 2876   DLAPoolM (29670bb4e2b973c5b55a76107d4910b2) C:\Windows\system32\DLA\DLAPoolM.SYS
16:46:37.0350 2876   DLAPoolM - ok
16:46:37.0943 2876   DLARTL_M (77fe51f0f8d86804cb81f6ef6bfb86dd) C:\Windows\system32\Drivers\DLARTL_M.SYS
16:46:37.0943 2876   DLARTL_M - ok
16:46:38.0660 2876   DLAUDFAM (6b087732b86c1d866d69dbbe463ea90a) C:\Windows\system32\DLA\DLAUDFAM.SYS
16:46:38.0692 2876   DLAUDFAM - ok
16:46:39.0175 2876   DLAUDF_M (bbeecb95f2841ae4a3e3690d46d7153d) C:\Windows\system32\DLA\DLAUDF_M.SYS
16:46:39.0222 2876   DLAUDF_M - ok
16:46:40.0033 2876   drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
16:46:40.0064 2876   drmkaud - ok
16:46:41.0016 2876   DRVMCDB (83106585494d5eb96f59187200c144bd) C:\Windows\system32\Drivers\DRVMCDB.SYS
16:46:41.0032 2876   DRVMCDB - ok
16:46:41.0437 2876   DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\Windows\system32\Drivers\DRVNDDM.SYS
16:46:41.0437 2876   DRVNDDM - ok
16:46:42.0295 2876   DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
16:46:42.0436 2876   DXGKrnl - ok
16:46:43.0325 2876   e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
16:46:43.0387 2876   e1express - ok
16:46:44.0308 2876   E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
16:46:44.0354 2876   E1G60 - ok
16:46:45.0025 2876   Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
16:46:45.0025 2876   Ecache - ok
16:46:46.0086 2876   elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
16:46:46.0180 2876   elxstor - ok
16:46:46.0960 2876   ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
16:46:46.0960 2876   ErrDev - ok
16:46:48.0442 2876   exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
16:46:48.0504 2876   exfat - ok
16:46:49.0549 2876   fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
16:46:49.0596 2876   fastfat - ok
16:46:50.0875 2876   fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
16:46:50.0891 2876   fdc - ok
16:46:51.0780 2876   FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
16:46:51.0811 2876   FileInfo - ok
16:46:52.0482 2876   Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
16:46:52.0498 2876   Filetrace - ok
16:46:53.0137 2876   flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
16:46:53.0137 2876   flpydisk - ok
16:46:53.0824 2876   FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
16:46:53.0886 2876   FltMgr - ok
16:46:54.0635 2876   Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
16:46:54.0650 2876   Fs_Rec - ok
16:46:55.0399 2876   gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
16:46:55.0430 2876   gagp30kx - ok
16:46:56.0195 2876   GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:46:56.0195 2876   GEARAspiWDM - ok
16:46:57.0022 2876   HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
16:46:57.0068 2876   HdAudAddService - ok
16:46:58.0363 2876   HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:46:58.0441 2876   HDAudBus - ok
16:46:59.0330 2876   HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
16:46:59.0408 2876   HidBth - ok
16:47:00.0251 2876   HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
16:47:00.0282 2876   HidIr - ok
16:47:01.0156 2876   HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
16:47:01.0171 2876   HidUsb - ok
16:47:02.0060 2876   HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
16:47:02.0092 2876   HpCISSs - ok
16:47:02.0965 2876   HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
16:47:03.0028 2876   HSFHWAZL - ok
16:47:04.0385 2876   HSF_DPV (fadd7095163cb3cb4073793ebb50fe75) C:\Windows\system32\DRIVERS\HSX_DPV.sys
16:47:04.0510 2876   HSF_DPV - ok
16:47:05.0212 2876   HSXHWAZL (058783bedd17615d1fece09f77960436) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
16:47:05.0274 2876   HSXHWAZL - ok
16:47:05.0882 2876   HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
16:47:05.0882 2876   HTTP - ok
16:47:06.0382 2876   i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
16:47:06.0413 2876   i2omp - ok
16:47:07.0302 2876   i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
16:47:07.0333 2876   i8042prt - ok
16:47:08.0238 2876   iaStor (baabb0301949774a66b955c65319635a) C:\Windows\system32\drivers\iastor.sys
16:47:08.0254 2876   iaStor - ok
16:47:09.0205 2876   iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
16:47:09.0252 2876   iaStorV - ok
16:47:10.0235 2876   IBMPMDRV (4a8ab38fdf3649c1fe3e9d16bf79927d) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
16:47:10.0250 2876   IBMPMDRV - ok
16:47:12.0216 2876   igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
16:47:14.0774 2876   igfx - ok
16:47:15.0695 2876   iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
16:47:15.0710 2876   iirsp - ok
16:47:16.0288 2876   IntcHdmiAddService (092a78e9c6f71bf0e22379503b90e800) C:\Windows\system32\drivers\IntcHdmi.sys
16:47:16.0303 2876   IntcHdmiAddService - ok
16:47:16.0756 2876   intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
16:47:16.0756 2876   intelide - ok
16:47:17.0614 2876   intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
16:47:17.0614 2876   intelppm - ok
16:47:18.0456 2876   IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:47:18.0472 2876   IpFilterDriver - ok
16:47:18.0846 2876   IpInIp - ok
16:47:19.0423 2876   IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
16:47:19.0423 2876   IPMIDRV - ok
16:47:19.0829 2876   IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
16:47:19.0860 2876   IPNAT - ok
16:47:20.0624 2876   IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
16:47:20.0687 2876   IRENUM - ok
16:47:21.0623 2876   isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
16:47:21.0654 2876   isapnp - ok
16:47:22.0450 2876   iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
16:47:22.0481 2876   iScsiPrt - ok
16:47:23.0089 2876   iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
16:47:23.0105 2876   iteatapi - ok
16:47:23.0994 2876   iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
16:47:24.0010 2876   iteraid - ok
16:47:24.0852 2876   kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
16:47:24.0852 2876   kbdclass - ok
16:47:25.0694 2876   kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
16:47:25.0710 2876   kbdhid - ok
16:47:26.0521 2876   KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
16:47:26.0584 2876   KSecDD - ok
16:47:27.0863 2876   lenovo.smi (3c3f7f424e324c6971632c5de5ff458f) C:\Windows\system32\DRIVERS\smiif32.sys
16:47:27.0878 2876   lenovo.smi - ok
16:47:28.0549 2876   lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
16:47:28.0565 2876   lltdio - ok
16:47:29.0345 2876   LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
16:47:29.0392 2876   LSI_FC - ok
16:47:30.0234 2876   LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
16:47:30.0265 2876   LSI_SAS - ok
16:47:31.0342 2876   LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
16:47:31.0373 2876   LSI_SCSI - ok
16:47:32.0168 2876   luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
16:47:32.0200 2876   luafv - ok
16:47:33.0011 2876   mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
16:47:33.0026 2876   mdmxsdk - ok
16:47:33.0822 2876   megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
16:47:34.0118 2876   megasas - ok
16:47:35.0054 2876   MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
16:47:35.0070 2876   MegaSR - ok
16:47:35.0912 2876   Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
16:47:35.0912 2876   Modem - ok
16:47:36.0630 2876   monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
16:47:36.0630 2876   monitor - ok
16:47:37.0238 2876   mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
16:47:37.0254 2876   mouclass - ok
16:47:38.0018 2876   mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
16:47:38.0050 2876   mouhid - ok
16:47:38.0689 2876   MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
16:47:38.0705 2876   MountMgr - ok
16:47:39.0578 2876   mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
16:47:39.0625 2876   mpio - ok
16:47:40.0358 2876   mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
16:47:40.0390 2876   mpsdrv - ok
16:47:41.0154 2876   Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
16:47:41.0185 2876   Mraid35x - ok
16:47:41.0622 2876   MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
16:47:41.0638 2876   MRxDAV - ok
16:47:42.0480 2876   mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:47:42.0496 2876   mrxsmb - ok
16:47:43.0666 2876   mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:47:43.0744 2876   mrxsmb10 - ok
16:47:44.0540 2876   mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:47:44.0556 2876   mrxsmb20 - ok
16:47:45.0071 2876   msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
16:47:45.0117 2876   msahci - ok
16:47:45.0741 2876   msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
16:47:45.0773 2876   msdsm - ok
16:47:46.0584 2876   Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
16:47:46.0615 2876   Msfs - ok
16:47:47.0489 2876   msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
16:47:47.0520 2876   msisadrv - ok
16:47:48.0456 2876   MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
16:47:48.0487 2876   MSKSSRV - ok
16:47:49.0298 2876   MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
16:47:49.0345 2876   MSPCLOCK - ok
16:47:50.0297 2876   MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
16:47:50.0328 2876   MSPQM - ok
16:47:51.0279 2876   MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
16:47:51.0326 2876   MsRPC - ok
16:47:52.0215 2876   mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
16:47:52.0215 2876   mssmbios - ok
16:47:53.0292 2876   MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
16:47:53.0339 2876   MSTEE - ok
16:47:54.0119 2876   MTsensor (97affa9d95ffe20eee6229bc6be166cf) C:\Windows\system32\DRIVERS\A0101V32.sys
16:47:54.0134 2876   MTsensor - ok
16:47:54.0524 2876   Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
16:47:54.0524 2876   Mup - ok
16:47:54.0930 2876   NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
16:47:54.0945 2876   NativeWifiP - ok
16:47:55.0757 2876   NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
16:47:55.0866 2876   NDIS - ok
16:47:57.0036 2876   NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
16:47:57.0067 2876   NdisTapi - ok
16:47:57.0566 2876   Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
16:47:57.0566 2876   Ndisuio - ok
16:47:58.0362 2876   NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
16:47:58.0377 2876   NdisWan - ok
16:47:59.0142 2876   NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
16:47:59.0157 2876   NDProxy - ok
16:48:00.0218 2876   NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
16:48:00.0234 2876   NetBIOS - ok
16:48:02.0153 2876   netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
16:48:02.0168 2876   netbt - ok
16:48:03.0011 2876   nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
16:48:03.0042 2876   nfrd960 - ok
16:48:03.0791 2876   Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
16:48:03.0791 2876   Npfs - ok
16:48:04.0742 2876   nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
16:48:04.0789 2876   nsiproxy - ok
16:48:05.0585 2876   Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
16:48:05.0959 2876   Ntfs - ok
16:48:06.0614 2876   ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
16:48:06.0630 2876   ntrigdigi - ok
16:48:07.0332 2876   Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
16:48:07.0363 2876   Null - ok
16:48:08.0112 2876   nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
16:48:08.0159 2876   nvraid - ok
16:48:09.0126 2876   nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
16:48:09.0173 2876   nvstor - ok
16:48:09.0937 2876   nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
16:48:09.0984 2876   nv_agp - ok
16:48:10.0764 2876   NwlnkFlt - ok
16:48:11.0637 2876   NwlnkFwd - ok
16:48:12.0417 2876   ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
16:48:12.0417 2876   ohci1394 - ok
16:48:13.0369 2876   Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
16:48:13.0431 2876   Parport - ok
16:48:14.0321 2876   partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
16:48:14.0336 2876   partmgr - ok
16:48:15.0225 2876   Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
16:48:15.0241 2876   Parvdm - ok
16:48:16.0193 2876   pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
16:48:16.0239 2876   pci - ok
16:48:17.0097 2876   pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
16:48:17.0129 2876   pciide - ok
16:48:18.0143 2876   pcmcia (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys
16:48:18.0236 2876   pcmcia - ok
16:48:19.0235 2876   PCTCore (995e6bc3bb92bb4a9eb49a663c43b6cb) C:\Windows\system32\drivers\PCTCore.sys
16:48:19.0281 2876   PCTCore - ok
16:48:20.0108 2876   pctDS (f820b4c61d1e591325b679d479d4eea4) C:\Windows\system32\drivers\pctDS.sys
16:48:20.0171 2876   pctDS - ok
16:48:21.0185 2876   pctEFA (acc8c15f3d59f17c5d903ff1de3b43d3) C:\Windows\system32\drivers\pctEFA.sys
16:48:21.0278 2876   pctEFA - ok
16:48:22.0433 2876   PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
16:48:22.0698 2876   PEAUTH - ok
16:48:23.0634 2876   PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
16:48:23.0649 2876   PptpMiniport - ok
16:48:24.0461 2876   Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
16:48:24.0507 2876   Processor - ok
16:48:25.0428 2876   psadd (f8a25f1dd8b2c332cbc663e3579566e7) C:\Windows\system32\DRIVERS\psadd.sys
16:48:25.0537 2876   psadd - ok
16:48:25.0989 2876   PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
16:48:26.0021 2876   PSched - ok
16:48:26.0801 2876   PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
16:48:26.0832 2876   PxHelp20 - ok
16:48:27.0939 2876   ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
16:48:28.0127 2876   ql2300 - ok
16:48:28.0922 2876   ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
16:48:28.0953 2876   ql40xx - ok
16:48:30.0030 2876   QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
16:48:30.0061 2876   QWAVEdrv - ok
16:48:30.0950 2876   RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
16:48:30.0981 2876   RasAcd - ok
16:48:31.0902 2876   Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:48:31.0964 2876   Rasl2tp - ok
16:48:32.0822 2876   RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
16:48:32.0853 2876   RasPppoe - ok
16:48:33.0477 2876   RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
16:48:33.0493 2876   RasSstp - ok
16:48:34.0289 2876   rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
16:48:34.0367 2876   rdbss - ok
16:48:35.0287 2876   RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:48:35.0287 2876   RDPCDD - ok
16:48:36.0192 2876   rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
16:48:36.0254 2876   rdpdr - ok
16:48:37.0190 2876   RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
16:48:37.0206 2876   RDPENCDD - ok
16:48:38.0095 2876   RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
16:48:38.0126 2876   RDPWD - ok
16:48:39.0000 2876   rimmptsk (a5b12a4b3b774432db9b9fa221190e59) C:\Windows\system32\DRIVERS\rimmptsk.sys
16:48:39.0000 2876   rimmptsk - ok
16:48:39.0749 2876   rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys
16:48:39.0764 2876   rimsptsk - ok
16:48:40.0529 2876   rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
16:48:40.0544 2876   rismxdp - ok
16:48:41.0324 2876   rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
16:48:41.0355 2876   rspndr - ok
16:48:42.0120 2876   RTL8169 (7157e70a90cce49deb8885d23a073a39) C:\Windows\system32\DRIVERS\Rtlh86.sys
16:48:42.0135 2876   RTL8169 - ok
16:48:42.0369 2876   SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
16:48:42.0385 2876   SASDIFSV - ok
16:48:42.0510 2876   SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
16:48:42.0525 2876   SASKUTIL - ok
16:48:42.0915 2876   sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
16:48:42.0915 2876   sbp2port - ok
16:48:43.0399 2876   sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
16:48:43.0415 2876   sdbus - ok
16:48:44.0132 2876   secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
16:48:44.0132 2876   secdrv - ok
16:48:44.0585 2876   Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
16:48:44.0585 2876   Serenum - ok
16:48:44.0975 2876   Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
16:48:44.0975 2876   Serial - ok
16:48:45.0443 2876   sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
16:48:45.0443 2876   sermouse - ok
16:48:45.0926 2876   sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
16:48:45.0957 2876   sffdisk - ok
16:48:46.0457 2876   sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
16:48:46.0457 2876   sffp_mmc - ok
16:48:46.0831 2876   sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
16:48:46.0831 2876   sffp_sd - ok
16:48:47.0408 2876   sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
16:48:47.0408 2876   sfloppy - ok
16:48:47.0845 2876   Shockprf (1310c5e81966e86b2ced7ae8ce3d74f1) C:\Windows\system32\DRIVERS\Apsx86.sys
16:48:47.0845 2876   Shockprf - ok
16:48:48.0266 2876   sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
16:48:48.0266 2876   sisagp - ok
16:48:48.0703 2876   SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
16:48:48.0719 2876   SiSRaid2 - ok
16:48:49.0062 2876   SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
16:48:49.0062 2876   SiSRaid4 - ok
16:48:49.0514 2876   Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
16:48:49.0530 2876   Smb - ok
16:48:50.0029 2876   spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
16:48:50.0045 2876   spldr - ok
16:48:50.0497 2876   srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
16:48:50.0497 2876   srv - ok
16:48:51.0137 2876   srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
16:48:51.0152 2876   srv2 - ok
16:48:51.0589 2876   srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
16:48:51.0589 2876   srvnet - ok
16:48:52.0041 2876   swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
16:48:52.0041 2876   swenum - ok
16:48:52.0447 2876   Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
16:48:52.0447 2876   Symc8xx - ok
16:48:52.0931 2876   Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
16:48:52.0931 2876   Sym_hi - ok
16:48:53.0367 2876   Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
16:48:53.0383 2876   Sym_u3 - ok
16:48:53.0960 2876   SynTP (f92350e343b056a83093bc0d8f750f05) C:\Windows\system32\DRIVERS\SynTP.sys
16:48:53.0960 2876   SynTP - ok
16:48:54.0569 2876   Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
16:48:54.0600 2876   Tcpip - ok
16:48:55.0099 2876   Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
16:48:55.0115 2876   Tcpip6 - ok
16:48:55.0583 2876   tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
16:48:55.0583 2876   tcpipreg - ok
16:48:56.0144 2876   TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
16:48:56.0175 2876   TDPIPE - ok
16:48:56.0534 2876   TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
16:48:56.0534 2876   TDTCP - ok
16:48:56.0877 2876   tdx - ok
16:48:57.0314 2876   TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
16:48:57.0330 2876   TermDD - ok
16:48:57.0813 2876   TPDIGIMN (d7a29e343632e2fc5f7ebfc886f12675) C:\Windows\system32\DRIVERS\ApsHM86.sys
16:48:57.0813 2876   TPDIGIMN - ok
16:48:58.0328 2876   TPM (cb258c2f726f1be73c507022be33ebb3) C:\Windows\system32\drivers\tpm.sys
16:48:58.0328 2876   TPM - ok
16:48:58.0781 2876   TPPWRIF (1bd5719ef160e0ab739cd0ff3ba5e298) C:\Windows\system32\drivers\Tppwr32v.sys
16:48:58.0781 2876   TPPWRIF - ok
16:48:59.0264 2876   tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:48:59.0264 2876   tssecsrv - ok
16:48:59.0654 2876   tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
16:48:59.0654 2876   tunmp - ok
16:49:00.0060 2876   tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
16:49:00.0075 2876   tunnel - ok
16:49:00.0512 2876   tvtfilter (49258a02a1e8d304ed88b0f1c56b1738) C:\Windows\system32\DRIVERS\tvtfilter.sys
16:49:00.0512 2876   tvtfilter - ok
16:49:01.0121 2876   tvtumon (fc4d5a1ea9d736907cb547085248199f) C:\Windows\system32\DRIVERS\tvtumon.sys
16:49:01.0121 2876   tvtumon - ok
16:49:01.0542 2876   uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
16:49:01.0542 2876   uagp35 - ok
16:49:02.0025 2876   udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
16:49:02.0041 2876   udfs - ok
16:49:02.0509 2876   uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
16:49:02.0509 2876   uliagpkx - ok
16:49:02.0993 2876   uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
16:49:02.0993 2876   uliahci - ok
16:49:03.0461 2876   UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
16:49:03.0476 2876   UlSata - ok
16:49:03.0944 2876   ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
16:49:03.0944 2876   ulsata2 - ok
16:49:04.0412 2876   umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
16:49:04.0428 2876   umbus - ok
16:49:04.0833 2876   USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
16:49:04.0865 2876   USBAAPL - ok
16:49:05.0239 2876   usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
16:49:05.0239 2876   usbccgp - ok
16:49:05.0645 2876   usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
16:49:05.0645 2876   usbcir - ok
16:49:06.0175 2876   usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
16:49:06.0175 2876   usbehci - ok
16:49:06.0799 2876   usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
16:49:06.0799 2876   usbhub - ok
16:49:07.0220 2876   usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
16:49:07.0220 2876   usbohci - ok
16:49:07.0704 2876   usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
16:49:07.0719 2876   usbprint - ok
16:49:08.0343 2876   usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
16:49:08.0359 2876   usbscan - ok
16:49:09.0155 2876   USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:49:09.0155 2876   USBSTOR - ok
16:49:09.0638 2876   usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
16:49:09.0638 2876   usbuhci - ok
16:49:10.0122 2876   usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
16:49:10.0137 2876   usbvideo - ok
16:49:10.0621 2876   vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
16:49:10.0621 2876   vga - ok
16:49:11.0073 2876   VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
16:49:11.0089 2876   VgaSave - ok
16:49:11.0557 2876   viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
16:49:11.0557 2876   viaagp - ok
16:49:12.0103 2876   ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
16:49:12.0103 2876   ViaC7 - ok
16:49:12.0680 2876   viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
16:49:12.0680 2876   viaide - ok
16:49:13.0133 2876   volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
16:49:13.0148 2876   volmgr - ok
16:49:13.0601 2876   volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
16:49:13.0616 2876   volmgrx - ok
16:49:14.0022 2876   volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
16:49:14.0022 2876   volsnap - ok
16:49:14.0537 2876   vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
16:49:14.0552 2876   vsmraid - ok
16:49:15.0051 2876   WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
16:49:15.0067 2876   WacomPen - ok
16:49:15.0488 2876   Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:49:15.0488 2876   Wanarp - ok
16:49:15.0535 2876   Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:49:15.0535 2876   Wanarpv6 - ok
16:49:15.0925 2876   Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
16:49:15.0941 2876   Wd - ok
16:49:16.0393 2876   Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
16:49:16.0440 2876   Wdf01000 - ok
16:49:17.0251 2876   WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
16:49:17.0282 2876   WimFltr - ok
16:49:17.0984 2876   winachsf (bb9cbaf6ac20452b245c324f1f50ee81) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
16:49:18.0000 2876   winachsf - ok
16:49:18.0827 2876   WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:49:18.0858 2876   WmiAcpi - ok
16:49:19.0685 2876   WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
16:49:19.0700 2876   WpdUsb - ok
16:49:20.0137 2876   ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
16:49:20.0137 2876   ws2ifsl - ok
16:49:20.0589 2876   WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:49:20.0589 2876   WUDFRd - ok
16:49:21.0042 2876   XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
16:49:21.0042 2876   XAudio - ok
16:49:21.0104 2876   MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
16:49:21.0182 2876   \Device\Harddisk0\DR0 - ok
16:49:21.0182 2876   MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
16:49:21.0198 2876   \Device\Harddisk1\DR1 - ok
16:49:21.0198 2876   Boot (0x1200) (db22cc3cf933e4bbdc879e17b323bf87) \Device\Harddisk0\DR0\Partition0
16:49:21.0198 2876   \Device\Harddisk0\DR0\Partition0 - ok
16:49:21.0245 2876   Boot (0x1200) (2e8e2d73dfe7b63ffe913ceae517bade) \Device\Harddisk0\DR0\Partition1
16:49:21.0245 2876   \Device\Harddisk0\DR0\Partition1 - ok
16:49:21.0291 2876   Boot (0x1200) (01aec9517935ec23d2e9c0dd7359e4ed) \Device\Harddisk0\DR0\Partition2
16:49:21.0291 2876   \Device\Harddisk0\DR0\Partition2 - ok
16:49:21.0291 2876   Boot (0x1200) (b8f1d9319df78927e391e24460fdfb2a) \Device\Harddisk1\DR1\Partition0
16:49:21.0291 2876   \Device\Harddisk1\DR1\Partition0 - ok
16:49:21.0291 2876   ============================================================
16:49:21.0291 2876   Scan finished
16:49:21.0291 2876   ============================================================
16:49:21.0307 6032   Detected object count: 0
16:49:21.0323 6032   Actual detected object count: 0
16:49:49.0574 5636   ============================================================
16:49:49.0574 5636   Scan started
16:49:49.0574 5636   Mode: Manual;
16:49:49.0574 5636   ============================================================
16:49:51.0462 5636   ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
16:49:51.0462 5636   ACPI - ok
16:49:52.0351 5636   adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
16:49:52.0367 5636   adp94xx - ok
16:49:53.0209 5636   adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
16:49:53.0209 5636   adpahci - ok
16:49:54.0020 5636   adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
16:49:54.0020 5636   adpu160m - ok
16:49:54.0379 5636   adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
16:49:54.0379 5636   adpu320 - ok
16:49:54.0925 5636   AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
16:49:54.0925 5636   AFD - ok
16:49:55.0627 5636   agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
16:49:55.0627 5636   agp440 - ok
16:49:56.0251 5636   aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
16:49:56.0251 5636   aic78xx - ok
16:49:56.0875 5636   aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
16:49:56.0875 5636   aliide - ok
16:49:57.0265 5636   amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
16:49:57.0265 5636   amdagp - ok
16:49:57.0733 5636   amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
16:49:57.0733 5636   amdide - ok
16:49:58.0154 5636   AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
16:49:58.0154 5636   AmdK7 - ok
16:49:58.0856 5636   AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
16:49:58.0856 5636   AmdK8 - ok
16:49:59.0901 5636   arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
16:49:59.0901 5636   arc - ok
16:50:00.0432 5636   arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
16:50:00.0432 5636   arcsas - ok
16:50:00.0635 5636   ASMMAP (7b4d08d2017ac06689d422e06c43f0aa) C:\Program Files\Lenovo\ATK Hotkey\ASMMAP.sys
16:50:00.0635 5636   ASMMAP - ok
16:50:01.0415 5636   AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
16:50:01.0415 5636   AsyncMac - ok
16:50:02.0257 5636   atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
16:50:02.0273 5636   atapi - ok
16:50:03.0255 5636   athr (4df523f49694b2884f8e5d870bf3e253) C:\Windows\system32\DRIVERS\athr.sys
16:50:03.0271 5636   athr - ok
16:50:03.0817 5636   Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
16:50:03.0817 5636   Beep - ok
16:50:04.0675 5636   blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
16:50:04.0675 5636   blbdrive - ok
16:50:05.0486 5636   bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
16:50:05.0486 5636   bowser - ok
16:50:06.0235 5636   BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
16:50:06.0235 5636   BrFiltLo - ok
16:50:06.0937 5636   BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
16:50:06.0937 5636   BrFiltUp - ok
16:50:07.0811 5636   Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
16:50:07.0811 5636   Brserid - ok
16:50:08.0450 5636   BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
16:50:08.0450 5636   BrSerWdm - ok
16:50:08.0903 5636   BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
16:50:08.0918 5636   BrUsbMdm - ok
16:50:09.0308 5636   BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
16:50:09.0308 5636   BrUsbSer - ok
16:50:09.0792 5636   BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
16:50:09.0792 5636   BTHMODEM - ok
16:50:09.0963 5636   catchme - ok
16:50:10.0541 5636   cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
16:50:10.0556 5636   cdfs - ok
16:50:11.0149 5636   cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
16:50:11.0149 5636   cdrom - ok
16:50:11.0711 5636   circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
16:50:11.0726 5636   circlass - ok
16:50:12.0085 5636   CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
16:50:12.0101 5636   CLFS - ok
16:50:12.0756 5636   CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
16:50:12.0756 5636   CmBatt - ok
16:50:13.0146 5636   cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
16:50:13.0146 5636   cmdide - ok
16:50:13.0567 5636   CnxtHdAudService (2e3e4579b4299c528de109b3ce4294ac) C:\Windows\system32\drivers\CHDRT32.sys
16:50:13.0567 5636   CnxtHdAudService - ok
16:50:14.0113 5636   Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
16:50:14.0113 5636   Compbatt - ok
16:50:14.0690 5636   crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
16:50:14.0690 5636   crcdisk - ok
16:50:15.0174 5636   Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
16:50:15.0174 5636   Crusoe - ok
16:50:15.0642 5636   DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
16:50:15.0642 5636   DfsC - ok
16:50:16.0266 5636   disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
16:50:16.0266 5636   disk - ok
16:50:16.0812 5636   DLABMFSM (5b149ccfe275f4de0b4b8ec6b9f6821e) C:\Windows\system32\DLA\DLABMFSM.SYS
16:50:16.0812 5636   DLABMFSM - ok
16:50:17.0171 5636   DLABOIOM (ad4cb3d783634c90a9d0ce360933a63c) C:\Windows\system32\DLA\DLABOIOM.SYS
16:50:17.0171 5636   DLABOIOM - ok
16:50:17.0763 5636   DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\Windows\system32\Drivers\DLACDBHM.SYS
16:50:17.0763 5636   DLACDBHM - ok
16:50:18.0216 5636   DLADResM (93d03238cc3f0ee3c0b3985d110ec575) C:\Windows\system32\DLA\DLADResM.SYS
16:50:18.0216 5636   DLADResM - ok
16:50:18.0621 5636   DLAIFS_M (6a82f77c4a6f5235bf352f0028e2ef52) C:\Windows\system32\DLA\DLAIFS_M.SYS
16:50:18.0621 5636   DLAIFS_M - ok
16:50:19.0152 5636   DLAOPIOM (0e6052c0ada37504896a847231a3907d) C:\Windows\system32\DLA\DLAOPIOM.SYS
16:50:19.0152 5636   DLAOPIOM - ok
16:50:19.0713 5636   DLAPoolM (29670bb4e2b973c5b55a76107d4910b2) C:\Windows\system32\DLA\DLAPoolM.SYS
16:50:19.0713 5636   DLAPoolM - ok
16:50:20.0197 5636   DLARTL_M (77fe51f0f8d86804cb81f6ef6bfb86dd) C:\Windows\system32\Drivers\DLARTL_M.SYS
16:50:20.0197 5636   DLARTL_M - ok
16:50:20.0759 5636   DLAUDFAM (6b087732b86c1d866d69dbbe463ea90a) C:\Windows\system32\DLA\DLAUDFAM.SYS
16:50:20.0774 5636   DLAUDFAM - ok
16:50:21.0492 5636   DLAUDF_M (bbeecb95f2841ae4a3e3690d46d7153d) C:\Windows\system32\DLA\DLAUDF_M.SYS
16:50:21.0492 5636   DLAUDF_M - ok
16:50:21.0960 5636   drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
16:50:21.0960 5636   drmkaud - ok
16:50:22.0443 5636   DRVMCDB (83106585494d5eb96f59187200c144bd) C:\Windows\system32\Drivers\DRVMCDB.SYS
16:50:22.0443 5636   DRVMCDB - ok
16:50:22.0974 5636   DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\Windows\system32\Drivers\DRVNDDM.SYS
16:50:22.0974 5636   DRVNDDM - ok
16:50:23.0504 5636   DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
16:50:23.0504 5636   DXGKrnl - ok
16:50:24.0206 5636   e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
16:50:24.0206 5636   e1express - ok
16:50:24.0627 5636   E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
16:50:24.0627 5636   E1G60 - ok
16:50:25.0127 5636   Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
16:50:25.0142 5636   Ecache - ok
16:50:25.0688 5636   elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
16:50:25.0704 5636   elxstor - ok
16:50:26.0219 5636   ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
16:50:26.0219 5636   ErrDev - ok
16:50:26.0843 5636   exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
16:50:26.0843 5636   exfat - ok
16:50:27.0373 5636   fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
16:50:27.0373 5636   fastfat - ok
16:50:27.0919 5636   fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
16:50:27.0919 5636   fdc - ok
16:50:28.0496 5636   FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
16:50:28.0496 5636   FileInfo - ok
16:50:28.0995 5636   Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
16:50:28.0995 5636   Filetrace - ok
16:50:29.0463 5636   flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
16:50:29.0463 5636   flpydisk - ok
16:50:29.0963 5636   FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
16:50:29.0963 5636   FltMgr - ok
16:50:30.0571 5636   Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
16:50:30.0571 5636   Fs_Rec - ok
16:50:31.0023 5636   gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
16:50:31.0023 5636   gagp30kx - ok
16:50:31.0679 5636   GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:50:31.0679 5636   GEARAspiWDM - ok
16:50:32.0131 5636   HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
16:50:32.0131 5636   HdAudAddService - ok
16:50:32.0661 5636   HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:50:32.0661 5636   HDAudBus - ok
16:50:33.0207 5636   HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
16:50:33.0207 5636   HidBth - ok
16:50:33.0847 5636   HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
16:50:33.0847 5636   HidIr - ok
16:50:34.0299 5636   HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
16:50:34.0299 5636   HidUsb - ok
16:50:34.0908 5636   HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
16:50:34.0908 5636   HpCISSs - ok
16:50:35.0501 5636   HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
16:50:35.0501 5636   HSFHWAZL - ok
16:50:36.0047 5636   HSF_DPV (fadd7095163cb3cb4073793ebb50fe75) C:\Windows\system32\DRIVERS\HSX_DPV.sys
16:50:36.0047 5636   HSF_DPV - ok
16:50:36.0577 5636   HSXHWAZL (058783bedd17615d1fece09f77960436) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
16:50:36.0577 5636   HSXHWAZL - ok
16:50:37.0185 5636   HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
16:50:37.0185 5636   HTTP - ok
16:50:37.0607 5636   i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
16:50:37.0607 5636   i2omp - ok
16:50:38.0012 5636   i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
16:50:38.0012 5636   i8042prt - ok
16:50:38.0543 5636   iaStor (baabb0301949774a66b955c65319635a) C:\Windows\system32\drivers\iastor.sys
16:50:38.0558 5636   iaStor - ok
16:50:39.0198 5636   iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
16:50:39.0213 5636   iaStorV - ok
16:50:39.0635 5636   IBMPMDRV (4a8ab38fdf3649c1fe3e9d16bf79927d) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
16:50:39.0635 5636   IBMPMDRV - ok
16:50:40.0929 5636   igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
16:50:41.0054 5636   igfx - ok
16:50:41.0616 5636   iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
16:50:41.0616 5636   iirsp - ok
16:50:42.0084 5636   IntcHdmiAddService (092a78e9c6f71bf0e22379503b90e800) C:\Windows\system32\drivers\IntcHdmi.sys
16:50:42.0084 5636   IntcHdmiAddService - ok
16:50:42.0552 5636   intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
16:50:42.0552 5636   intelide - ok
16:50:43.0098 5636   intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
16:50:43.0098 5636   intelppm - ok
16:50:43.0628 5636   IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:50:43.0628 5636   IpFilterDriver - ok
16:50:44.0143 5636   IpInIp - ok
16:50:44.0611 5636   IPMIDRV (b25aaf203552b7b3491139

SuperDave · « **Reply #28 on:** February 10, 2012, 07:45:12 PM »

Please run Avenger and post the log.

MtlHab39 · « **Reply #29 on:** February 10, 2012, 08:13:18 PM »

This is Avenger from tonight; will go back for Combofix

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Completed script processing.

*******************

Finished! Terminate.

MtlHab39 · « **Reply #30 on:** February 10, 2012, 08:47:28 PM »

Here is Combofix

ComboFix 12-02-05.02 - Costa 2012-02-10 22:18:20.3.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.2.1033.18.2013.1159 [GMT -5:00]
Running from: e:\combofix\ComboFix.exe
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
- REDUCED FUNCTIONALITY MODE -
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\LP
c:\program files\LP\1199\5FCB.tmp
c:\program files\LP\1199\71A6.tmp
.
c:\windows\system32\drivers\tdx.sys was missing
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy7_!Windows!System32!drivers!tdx.sys
.
.
((((((((((((((((((((((((( Files Created from 2012-01-11 to 2012-02-11 )))))))))))))))))))))))))))))))
.
.
2012-02-11 03:23 . 2012-02-11 03:27   --------   d-----w-   c:\users\Costa\AppData\Local\temp
2012-02-11 03:23 . 2012-02-11 03:23   --------   d-----w-   c:\users\Public\AppData\Local\temp
2012-02-11 03:23 . 2012-02-11 03:23   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-02-02 00:50 . 2012-02-02 00:50   --------   d-----w-   c:\windows\Sun
2012-02-02 00:16 . 2011-11-17 06:48   440192   ----a-w-   c:\windows\system32\drivers\ksecdd.sys
2012-02-02 00:16 . 2011-11-16 16:23   278528   ----a-w-   c:\windows\system32\schannel.dll
2012-02-02 00:16 . 2011-11-16 16:21   1259008   ----a-w-   c:\windows\system32\lsasrv.dll
2012-02-02 00:16 . 2011-11-16 16:23   72704   ----a-w-   c:\windows\system32\secur32.dll
2012-02-02 00:16 . 2011-11-16 14:12   9728   ----a-w-   c:\windows\system32\lsass.exe
2012-01-28 13:34 . 2012-02-02 03:58   --------   d-----w-   c:\program files\0A1FD
2012-01-27 01:56 . 2012-02-02 03:57   --------   d-----w-   c:\users\Costa\AppData\Roaming\Xiypyc
2012-01-27 01:56 . 2012-01-27 02:22   --------   d-----w-   c:\users\Costa\AppData\Roaming\Bavu
2012-01-27 01:52 . 2012-02-02 03:57   --------   d-----w-   c:\users\Costa\AppData\Roaming\0A1FD
2012-01-27 01:52 . 2012-01-27 01:52   98816   ----a-w-   c:\users\Costa\AppData\Roaming\Microsoft\1199\E85F.tmp
2012-01-27 01:52 . 2012-02-02 03:58   --------   d-----w-   c:\users\Costa\AppData\Roaming\9EB0A
2012-01-27 01:51 . 2012-01-27 01:51   --------   d-----w-   c:\users\Costa\AppData\Local\SanctionedMedia
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-27 01:52 . 2011-05-15 22:20   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-06 04:19 . 2012-01-24 13:39   6557240   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{13B9286A-88E7-4DE5-8347-EE27386AE36B}\mpengine.dll
2011-12-10 20:24 . 2011-03-06 06:55   20464   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-11-25 15:59 . 2012-01-11 18:55   376320   ----a-w-   c:\windows\system32\winsrv.dll
2011-11-23 13:37 . 2011-12-15 00:10   2043904   ----a-w-   c:\windows\system32\win32k.sys
2011-11-18 20:23 . 2012-01-11 18:55   1205064   ----a-w-   c:\windows\system32\ntdll.dll
2011-11-18 17:47 . 2012-01-11 18:54   66560   ----a-w-   c:\windows\system32\packager.dll
2011-11-16 16:23 . 2012-02-02 00:16   377344   ----a-w-   c:\windows\system32\winhttp.dll
2011-11-15 19:29 . 2010-04-11 01:40   222080   ------w-   c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{930f1200-f5f1-4870-bac6-e233ec8e7023}"= "c:\program files\Softonic_English\tbSoft.dll" [2009-11-09 2331672]
.
[HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 17:26   3908192   ----a-w-   c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
2009-11-09 23:38   2331672   ----a-w-   c:\program files\Softonic_English\tbSoft.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{930f1200-f5f1-4870-bac6-e233ec8e7023}"= "c:\program files\Softonic_English\tbSoft.dll" [2009-11-09 2331672]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{930F1200-F5F1-4870-BAC6-E233EC8E7023}"= "c:\program files\Softonic_English\tbSoft.dll" [2009-11-09 2331672]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-09 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-07-30 60192]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-10 1045800]
"TpShocks"="TpShocks.exe" [2008-06-07 181536]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\LVOSDSVC.exe" [2008-03-24 64368]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-06-04 242976]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-05-24 487424]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2008-04-25 244208]
"RoxioDragToDisc"="c:\program files\Lenovo\Drag-to-Disc\DrgToDsc.exe" [2007-03-13 1116920]
"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2007-02-01 419376]
"LPManager"="c:\progra~1\Lenovo\LENOVO~2\LPMGR.exe" [2008-06-08 165208]
"LPMailChecker"="c:\progra~1\Lenovo\LENOVO~2\LPMLCHK.exe" [2008-06-08 124248]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2008-10-26 632096]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BTVLogEx.DLL" [2008-10-26 214576]
"CreateLMBCShortCut"="c:\program files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe" [2009-01-21 36864]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2009-02-21 435488]
"ACWlIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWlIcon.exe" [2009-02-21 165152]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2008-06-25 3077432]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"IdeaNotesUser"="c:\program files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe" [2009-08-24 221872]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2010-09-02 1638400]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520]
"PCTools FGuard"="c:\program files\PC Tools Security\BDT\FGuard.exe" [2011-01-07 108496]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Brother BPRSP.lnk - c:\windows\Installer\{8040527F-DD74-4B45-8A06-C4BF145B6C76}\BrSupSsp.exe_44686FC076524EF5975EF92EE48E2958.exe [2011-5-9 40960]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2010-1-27 323584]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54   551296   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 22:16   421160   ----a-w-   c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-01-13 19:53   460872   ----a-w-   c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyTomTomSA.exe]
2011-11-14 11:02   435672   ----a-w-   c:\program files\MyTomTom 3\MyTomTomSA.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-02-18 20:29   2221352   ----a-w-   c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2011-12-05 12:34   247728   ----a-w-   c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork   REG_MULTI_SZ     PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation   REG_MULTI_SZ     FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-09 04:06]
.
2012-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-09 04:06]
.
2011-12-05 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PCDR5\pcdr5cuiw32.exe [2008-12-12 23:32]
.
2011-03-09 c:\windows\Tasks\User_Feed_Synchronization-{1DEDB864-CDE5-46C2-A040-FFC9FFB7A4EB}.job
- c:\windows\system32\msfeedssync.exe [2011-04-30 20:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:52162
uSearchURL,(Default) = hxxp://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Costa\AppData\Roaming\Mozilla\Firefox\Profiles\gyi7i6zf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2786678&SearchSource=13
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 52162
FF - prefs.js: network.proxy.type - 1
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Browser Defender Toolbar: {cb84136f-9c44-433a-9048-c5cd9df1dc16} - c:\program files\PC Tools Security\BDT\Firefox
FF - Ext: Conduit Engine : [email protected] - %profile%\extensions\[email protected]
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-10 22:26
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\users\Costa\AppData\Roaming\Apple Computer\Logs\asl.202113_06Feb12.log 6094 bytes
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BFE]
"ImagePath"="NADA"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{930F1200-F5F1-4870-BAC6-E233EC8E7023}"=hex:51,66,7a,6c,4c,1d,38,12,6e,11,1c,
97,c3,bb,1e,0d,c5,d0,a1,73,e9,d0,34,37
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=hex:51,66,7a,6c,4c,1d,38,12,7b,ba,ea,
34,67,f9,48,0d,fd,1d,4b,bb,a3,e3,60,89
"{71576546-354D-41C9-AAE8-31F2EC22BF0D}"=hex:51,66,7a,6c,4c,1d,38,12,28,66,44,
75,7f,7b,a7,04,d5,fe,72,b2,e9,7c,fb,19
"{472734EA-242A-422B-ADF8-83D1E48CC825}"=hex:51,66,7a,6c,4c,1d,38,12,84,37,34,
43,18,6a,45,07,d2,ee,c0,91,e1,d2,8c,31
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}"=hex:51,66,7a,6c,4c,1d,38,12,75,3e,1c,
2e,3b,47,9a,0a,cd,64,23,dc,cb,3e,10,f3
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,
6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2}"=hex:51,66,7a,6c,4c,1d,38,12,38,80,55,
bb,4c,f5,b9,07,e0,03,0c,7b,9e,91,8a,c6
"{C920E44A-7F78-4E64-BDD7-A57026E7FEB7}"=hex:51,66,7a,6c,4c,1d,38,12,24,e7,33,
cd,4a,31,0a,0b,c2,c1,e6,30,23,b9,ba,a3
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:70,6f,40,f8,41,e1,cc,01
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4048)
c:\program files\Lenovo\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Lenovo\Drag-to-Disc\ShellRes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Lenovo\ATK Hotkey\ASLDRSrv.exe
c:\program files\Lenovo\ATK Hotkey\GFNEXSrv.exe
c:\program files\Lenovo\ATK Hotkey\LFKAS.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\PC Tools Security\BDT\BDTUpdateService.exe
c:\program files\DDNI\DIBS\DDNIService.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE
c:\program files\Lenovo\ATK Hotkey\LCONTROL.exe
c:\program files\Lenovo\ATK Hotkey\LFKA.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\System32\TPHDEXLG.exe
c:\program files\LENOVO\HOTKEY\TPHKSVC.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\WUDFHost.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\system32\conime.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\System32\TpShocks.exe
c:\program files\ThinkPad\Utilities\EZEJMNAP.EXE
c:\program files\Lenovo\LenovoCare\LPMGR.EXE
c:\program files\Lenovo\LenovoCare\LPMLCHK.EXE
c:\windows\System32\rundll32.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Synaptics\SynTP\SynTPLpr.exe
c:\brother\BPRSP\resources\BrSupSsp.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\program files\Browny02\BrYNSvc.exe
c:\windows\System32\GfxUI.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\ThinkPad\UTILIT~1\PWMUIAux.exe
.
**************************************************************************
.
Completion time: 2012-02-10 22:35:03 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-11 03:34
ComboFix2.txt 2011-03-09 05:13
.
Pre-Run: 84,261,441,536 bytes free
Post-Run: 84,641,824,768 bytes free
.
- - End Of File - - 1B5F5CCAA2783E66C98331DEBD658322

MtlHab39 · « **Reply #31 on:** February 10, 2012, 08:52:14 PM »

Noticed I am still missing much of the Killer file; attached where it previously left off on post

16:50:45.0110 5636   IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
16:50:45.0110 5636   IPNAT - ok
16:50:45.0578 5636   IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
16:50:45.0578 5636   IRENUM - ok
16:50:46.0233 5636   isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
16:50:46.0249 5636   isapnp - ok
16:50:46.0701 5636   iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
16:50:46.0717 5636   iScsiPrt - ok
16:50:47.0216 5636   iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
16:50:47.0216 5636   iteatapi - ok
16:50:47.0715 5636   iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
16:50:47.0715 5636   iteraid - ok
16:50:48.0137 5636   kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
16:50:48.0137 5636   kbdclass - ok
16:50:48.0573 5636   kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
16:50:48.0573 5636   kbdhid - ok
16:50:49.0104 5636   KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
16:50:49.0104 5636   KSecDD - ok
16:50:49.0650 5636   lenovo.smi (3c3f7f424e324c6971632c5de5ff458f) C:\Windows\system32\DRIVERS\smiif32.sys
16:50:49.0650 5636   lenovo.smi - ok
16:50:50.0009 5636   lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
16:50:50.0009 5636   lltdio - ok
16:50:50.0695 5636   LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
16:50:50.0695 5636   LSI_FC - ok
16:50:51.0194 5636   LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
16:50:51.0194 5636   LSI_SAS - ok
16:50:51.0990 5636   LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
16:50:51.0990 5636   LSI_SCSI - ok
16:50:52.0723 5636   luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
16:50:52.0723 5636   luafv - ok
16:50:53.0300 5636   mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
16:50:53.0300 5636   mdmxsdk - ok
16:50:53.0768 5636   megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
16:50:53.0784 5636   megasas - ok
16:50:54.0704 5636   MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
16:50:54.0704 5636   MegaSR - ok
16:50:55.0297 5636   Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
16:50:55.0313 5636   Modem - ok
16:50:55.0859 5636   monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
16:50:55.0859 5636   monitor - ok
16:50:56.0280 5636   mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
16:50:56.0280 5636   mouclass - ok
16:50:56.0826 5636   mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
16:50:56.0841 5636   mouhid - ok
16:50:57.0403 5636   MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
16:50:57.0403 5636   MountMgr - ok
16:50:57.0855 5636   mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
16:50:57.0871 5636   mpio - ok
16:50:58.0292 5636   mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
16:50:58.0292 5636   mpsdrv - ok
16:50:58.0885 5636   Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
16:50:58.0885 5636   Mraid35x - ok
16:50:59.0478 5636   MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
16:50:59.0478 5636   MRxDAV - ok
16:50:59.0946 5636   mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:50:59.0946 5636   mrxsmb - ok
16:51:00.0383 5636   mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:51:00.0398 5636   mrxsmb10 - ok
16:51:00.0960 5636   mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:51:00.0960 5636   mrxsmb20 - ok
16:51:01.0365 5636   msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
16:51:01.0365 5636   msahci - ok
16:51:02.0067 5636   msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
16:51:02.0067 5636   msdsm - ok
16:51:02.0520 5636   Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
16:51:02.0520 5636   Msfs - ok
16:51:02.0957 5636   msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
16:51:02.0957 5636   msisadrv - ok
16:51:03.0456 5636   MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
16:51:03.0456 5636   MSKSSRV - ok
16:51:04.0111 5636   MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
16:51:04.0111 5636   MSPCLOCK - ok
16:51:04.0641 5636   MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
16:51:04.0641 5636   MSPQM - ok
16:51:05.0094 5636   MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
16:51:05.0094 5636   MsRPC - ok
16:51:05.0562 5636   mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
16:51:05.0562 5636   mssmbios - ok
16:51:06.0123 5636   MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
16:51:06.0123 5636   MSTEE - ok
16:51:06.0560 5636   MTsensor (97affa9d95ffe20eee6229bc6be166cf) C:\Windows\system32\DRIVERS\A0101V32.sys
16:51:06.0560 5636   MTsensor - ok
16:51:07.0091 5636   Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
16:51:07.0091 5636   Mup - ok
16:51:07.0527 5636   NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
16:51:07.0543 5636   NativeWifiP - ok
16:51:08.0027 5636   NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
16:51:08.0027 5636   NDIS - ok
16:51:08.0619 5636   NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
16:51:08.0619 5636   NdisTapi - ok
16:51:09.0119 5636   Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
16:51:09.0119 5636   Ndisuio - ok
16:51:09.0524 5636   NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
16:51:09.0524 5636   NdisWan - ok
16:51:09.0977 5636   NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
16:51:09.0977 5636   NDProxy - ok
16:51:10.0460 5636   NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
16:51:10.0460 5636   NetBIOS - ok
16:51:10.0991 5636   netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
16:51:10.0991 5636   netbt - ok
16:51:11.0474 5636   nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
16:51:11.0474 5636   nfrd960 - ok
16:51:12.0067 5636   Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
16:51:12.0067 5636   Npfs - ok
16:51:12.0722 5636   nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
16:51:12.0722 5636   nsiproxy - ok
16:51:13.0143 5636   Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
16:51:13.0159 5636   Ntfs - ok
16:51:13.0674 5636   ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
16:51:13.0674 5636   ntrigdigi - ok
16:51:14.0220 5636   Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
16:51:14.0220 5636   Null - ok
16:51:14.0828 5636   nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
16:51:14.0828 5636   nvraid - ok
16:51:15.0390 5636   nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
16:51:15.0390 5636   nvstor - ok
16:51:15.0920 5636   nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
16:51:15.0936 5636   nv_agp - ok
16:51:16.0513 5636   NwlnkFlt - ok
16:51:16.0997 5636   NwlnkFwd - ok
16:51:17.0480 5636   ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
16:51:17.0496 5636   ohci1394 - ok
16:51:18.0198 5636   Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
16:51:18.0198 5636   Parport - ok
16:51:18.0635 5636   partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
16:51:18.0635 5636   partmgr - ok
16:51:19.0165 5636   Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
16:51:19.0165 5636   Parvdm - ok
16:51:19.0649 5636   pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
16:51:19.0649 5636   pci - ok
16:51:20.0351 5636   pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
16:51:20.0351 5636   pciide - ok
16:51:20.0834 5636   pcmcia (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys
16:51:20.0834 5636   pcmcia - ok
16:51:21.0443 5636   PCTCore (995e6bc3bb92bb4a9eb49a663c43b6cb) C:\Windows\system32\drivers\PCTCore.sys
16:51:21.0443 5636   PCTCore - ok
16:51:21.0973 5636   pctDS (f820b4c61d1e591325b679d479d4eea4) C:\Windows\system32\drivers\pctDS.sys
16:51:21.0973 5636   pctDS - ok
16:51:22.0519 5636   pctEFA (acc8c15f3d59f17c5d903ff1de3b43d3) C:\Windows\system32\drivers\pctEFA.sys
16:51:22.0535 5636   pctEFA - ok
16:51:23.0096 5636   PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
16:51:23.0112 5636   PEAUTH - ok
16:51:23.0705 5636   PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
16:51:23.0705 5636   PptpMiniport - ok
16:51:24.0219 5636   Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
16:51:24.0219 5636   Processor - ok
16:51:24.0797 5636   psadd (f8a25f1dd8b2c332cbc663e3579566e7) C:\Windows\system32\DRIVERS\psadd.sys
16:51:24.0812 5636   psadd - ok
16:51:25.0483 5636   PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
16:51:25.0483 5636   PSched - ok
16:51:25.0904 5636   PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
16:51:25.0904 5636   PxHelp20 - ok
16:51:26.0528 5636   ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
16:51:26.0544 5636   ql2300 - ok
16:51:27.0137 5636   ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
16:51:27.0137 5636   ql40xx - ok
16:51:27.0636 5636   QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
16:51:27.0636 5636   QWAVEdrv - ok
16:51:28.0073 5636   RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
16:51:28.0073 5636   RasAcd - ok
16:51:28.0619 5636   Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:51:28.0619 5636   Rasl2tp - ok
16:51:29.0133 5636   RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
16:51:29.0149 5636   RasPppoe - ok
16:51:29.0648 5636   RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
16:51:29.0648 5636   RasSstp - ok
16:51:30.0179 5636   rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
16:51:30.0179 5636   rdbss - ok
16:51:30.0709 5636   RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:51:30.0709 5636   RDPCDD - ok
16:51:31.0271 5636   rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
16:51:31.0271 5636   rdpdr - ok
16:51:31.0832 5636   RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
16:51:31.0832 5636   RDPENCDD - ok
16:51:32.0363 5636   RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
16:51:32.0363 5636   RDPWD - ok
16:51:32.0893 5636   rimmptsk (a5b12a4b3b774432db9b9fa221190e59) C:\Windows\system32\DRIVERS\rimmptsk.sys
16:51:32.0893 5636   rimmptsk - ok
16:51:33.0392 5636   rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys
16:51:33.0392 5636   rimsptsk - ok
16:51:33.0923 5636   rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
16:51:33.0923 5636   rismxdp - ok
16:51:34.0469 5636   rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
16:51:34.0469 5636   rspndr - ok
16:51:35.0077 5636   RTL8169 (7157e70a90cce49deb8885d23a073a39) C:\Windows\system32\DRIVERS\Rtlh86.sys
16:51:35.0077 5636   RTL8169 - ok
16:51:35.0249 5636   SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
16:51:35.0264 5636   SASDIFSV - ok
16:51:35.0280 5636   SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
16:51:35.0280 5636   SASKUTIL - ok
16:51:35.0732 5636   sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
16:51:35.0732 5636   sbp2port - ok
16:51:36.0341 5636   sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
16:51:36.0341 5636   sdbus - ok
16:51:36.0809 5636   secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
16:51:36.0809 5636   secdrv - ok
16:51:37.0448 5636   Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
16:51:37.0448 5636   Serenum - ok
16:51:38.0228 5636   Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
16:51:38.0228 5636   Serial - ok
16:51:38.0837 5636   sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
16:51:38.0837 5636   sermouse - ok
16:51:39.0273 5636   sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
16:51:39.0273 5636   sffdisk - ok
16:51:39.0757 5636   sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
16:51:39.0757 5636   sffp_mmc - ok
16:51:40.0225 5636   sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
16:51:40.0225 5636   sffp_sd - ok
16:51:40.0740 5636   sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
16:51:40.0740 5636   sfloppy - ok
16:51:41.0255 5636   Shockprf (1310c5e81966e86b2ced7ae8ce3d74f1) C:\Windows\system32\DRIVERS\Apsx86.sys
16:51:41.0255 5636   Shockprf - ok
16:51:41.0613 5636   sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
16:51:41.0613 5636   sisagp - ok
16:51:42.0050 5636   SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
16:51:42.0050 5636   SiSRaid2 - ok
16:51:42.0549 5636   SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
16:51:42.0549 5636   SiSRaid4 - ok
16:51:43.0049 5636   Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
16:51:43.0049 5636   Smb - ok
16:51:43.0548 5636   spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
16:51:43.0548 5636   spldr - ok
16:51:44.0063 5636   srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
16:51:44.0063 5636   srv - ok
16:51:44.0437 5636   srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
16:51:44.0453 5636   srv2 - ok
16:51:44.0827 5636   srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
16:51:44.0827 5636   srvnet - ok
16:51:45.0248 5636   swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
16:51:45.0248 5636   swenum - ok
16:51:45.0654 5636   Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
16:51:45.0654 5636   Symc8xx - ok
16:51:46.0200 5636   Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
16:51:46.0200 5636   Sym_hi - ok
16:51:46.0559 5636   Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
16:51:46.0559 5636   Sym_u3 - ok
16:51:47.0073 5636   SynTP (f92350e343b056a83093bc0d8f750f05) C:\Windows\system32\DRIVERS\SynTP.sys
16:51:47.0073 5636   SynTP - ok
16:51:47.0682 5636   Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
16:51:47.0682 5636   Tcpip - ok
16:51:48.0134 5636   Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
16:51:48.0150 5636   Tcpip6 - ok
16:51:48.0587 5636   tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
16:51:48.0587 5636   tcpipreg - ok
16:51:48.0977 5636   TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
16:51:48.0992 5636   TDPIPE - ok
16:51:49.0491 5636   TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
16:51:49.0491 5636   TDTCP - ok
16:51:49.0944 5636   tdx - ok
16:51:50.0271 5636   TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
16:51:50.0271 5636   TermDD - ok
16:51:50.0849 5636   TPDIGIMN (d7a29e343632e2fc5f7ebfc886f12675) C:\Windows\system32\DRIVERS\ApsHM86.sys
16:51:50.0849 5636   TPDIGIMN - ok
16:51:51.0176 5636   TPM (cb258c2f726f1be73c507022be33ebb3) C:\Windows\system32\drivers\tpm.sys
16:51:51.0176 5636   TPM - ok
16:51:51.0535 5636   TPPWRIF (1bd5719ef160e0ab739cd0ff3ba5e298) C:\Windows\system32\drivers\Tppwr32v.sys
16:51:51.0535 5636   TPPWRIF - ok
16:51:51.0987 5636   tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:51:51.0987 5636   tssecsrv - ok
16:51:52.0393 5636   tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
16:51:52.0393 5636   tunmp - ok
16:51:52.0783 5636   tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
16:51:52.0783 5636   tunnel - ok
16:51:53.0189 5636   tvtfilter (49258a02a1e8d304ed88b0f1c56b1738) C:\Windows\system32\DRIVERS\tvtfilter.sys
16:51:53.0189 5636   tvtfilter - ok
16:51:53.0610 5636   tvtumon (fc4d5a1ea9d736907cb547085248199f) C:\Windows\system32\DRIVERS\tvtumon.sys
16:51:53.0610 5636   tvtumon - ok
16:51:54.0140 5636   uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
16:51:54.0140 5636   uagp35 - ok
16:51:54.0717 5636   udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
16:51:54.0717 5636   udfs - ok
16:51:55.0185 5636   uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
16:51:55.0185 5636   uliagpkx - ok
16:51:55.0981 5636   uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
16:51:55.0981 5636   uliahci - ok
16:51:56.0418 5636   UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
16:51:56.0418 5636   UlSata - ok
16:51:56.0917 5636   ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
16:51:56.0917 5636   ulsata2 - ok
16:51:57.0369 5636   umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
16:51:57.0369 5636   umbus - ok
16:51:57.0947 5636   USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
16:51:57.0947 5636   USBAAPL - ok
16:51:58.0571 5636   usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
16:51:58.0571 5636   usbccgp - ok
16:51:59.0039 5636   usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
16:51:59.0039 5636   usbcir - ok
16:51:59.0553 5636   usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
16:51:59.0553 5636   usbehci - ok
16:52:00.0193 5636   usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
16:52:00.0193 5636   usbhub - ok
16:52:00.0895 5636   usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
16:52:00.0911 5636   usbohci - ok
16:52:01.0332 5636   usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
16:52:01.0332 5636   usbprint - ok
16:52:01.0878 5636   usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
16:52:01.0878 5636   usbscan - ok
16:52:02.0549 5636   USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:52:02.0549 5636   USBSTOR - ok
16:52:03.0126 5636   usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
16:52:03.0173 5636   usbuhci - ok
16:52:03.0719 5636   usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
16:52:03.0719 5636   usbvideo - ok
16:52:04.0374 5636   vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
16:52:04.0452 5636   vga - ok
16:52:05.0123 5636   VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
16:52:05.0123 5636   VgaSave - ok
16:52:05.0825 5636   viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
16:52:05.0825 5636   viaagp - ok
16:52:06.0293 5636   ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
16:52:06.0293 5636   ViaC7 - ok
16:52:06.0979 5636   viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
16:52:06.0979 5636   viaide - ok
16:52:07.0681 5636   volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
16:52:07.0681 5636   volmgr - ok
16:52:08.0274 5636   volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
16:52:08.0274 5636   volmgrx - ok
16:52:08.0898 5636   volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
16:52:08.0898 5636   volsnap - ok
16:52:09.0428 5636   vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
16:52:09.0428 5636   vsmraid - ok
16:52:09.0974 5636   WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
16:52:09.0990 5636   WacomPen - ok
16:52:10.0442 5636   Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:52:10.0442 5636   Wanarp - ok
16:52:10.0505 5636   Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:52:10.0505 5636   Wanarpv6 - ok
16:52:11.0004 5636   Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
16:52:11.0004 5636   Wd - ok
16:52:11.0503 5636   Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
16:52:11.0519 5636   Wdf01000 - ok
16:52:12.0174 5636   WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
16:52:12.0174 5636   WimFltr - ok
16:52:12.0954 5636   winachsf (bb9cbaf6ac20452b245c324f1f50ee81) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
16:52:12.0969 5636   winachsf - ok
16:52:13.0593 5636   WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:52:13.0593 5636   WmiAcpi - ok
16:52:14.0233 5636   WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
16:52:14.0233 5636   WpdUsb - ok
16:52:14.0888 5636   ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
16:52:14.0888 5636   ws2ifsl - ok
16:52:15.0356 5636   WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:52:15.0356 5636   WUDFRd - ok
16:52:15.0980 5636   XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
16:52:15.0980 5636   XAudio - ok
16:52:16.0074 5636   MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
16:52:16.0152 5636   \Device\Harddisk0\DR0 - ok
16:52:16.0152 5636   MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
16:52:16.0167 5636   \Device\Harddisk1\DR1 - ok
16:52:16.0167 5636   Boot (0x1200) (db22cc3cf933e4bbdc879e17b323bf87) \Device\Harddisk0\DR0\Partition0
16:52:16.0167 5636   \Device\Harddisk0\DR0\Partition0 - ok
16:52:16.0214 5636   Boot (0x1200) (2e8e2d73dfe7b63ffe913ceae517bade) \Device\Harddisk0\DR0\Partition1
16:52:16.0245 5636   \Device\Harddisk0\DR0\Partition1 - ok
16:52:16.0277 5636   Boot (0x1200) (01aec9517935ec23d2e9c0dd7359e4ed) \Device\Harddisk0\DR0\Partition2
16:52:16.0277 5636   \Device\Harddisk0\DR0\Partition2 - ok
16:52:16.0277 5636   Boot (0x1200) (b8f1d9319df78927e391e24460fdfb2a) \Device\Harddisk1\DR1\Partition0
16:52:16.0277 5636   \Device\Harddisk1\DR1\Partition0 - ok
16:52:16.0292 5636   ============================================================
16:52:16.0292 5636   Scan finished
16:52:16.0292 5636   ============================================================
16:52:16.0308 4768   Detected object count: 0
16:52:16.0308 4768   Actual detected object count: 0

SuperDave · « **Reply #32 on:** February 11, 2012, 11:17:00 AM »

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

•Click the

button.
•Accept any security warnings from your browser.
•Check

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push

•Push

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the

button.
•Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

MtlHab39 · « **Reply #33 on:** February 11, 2012, 11:28:55 AM »

Hi Dave
I am still unable to access online with the laptop and I have been using a USB stick back and forth ; what would be the best way to have ESET saved as a file onto stick and then opened on laptop's desktop; would I update the file while opening on the desktop or would it then subject the desktop to a scan?

SuperDave · « **Reply #34 on:** February 11, 2012, 01:16:54 PM »

Quote

what would be the best way to have ESET saved as a file onto stick and then opened on laptop's desktop; would I update the file while opening on the desktop or would it then subject the desktop to a scan?

That won't work. It needs a connection in order to scan your computer.

Please download MiniToolBox to Desktop and run it.

Checkmark the following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
List content of Hosts
List IP Configuration
Lst Last 10 Event Viewer Errors
List Users, Partitions and Memory Size
[/b]
Click Go and copy/paste the log (Result.txt) into your next post.
***************************************************************
Please download Farbar Service Scanner and run it on the computer with the issue.

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

MtlHab39 · « **Reply #35 on:** February 11, 2012, 04:01:24 PM »

MiniToolBox note

MiniToolBox by Farbar Version: 18-01-2012
Ran by Costa (administrator) on 11-02-2012 at 17:56:13
Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86)
Boot Mode: Nerwork
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Could not flush the DNS Resolver Cache: Function failed during execution.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
ProxyServer: http=127.0.0.1:52162

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0) = Local Area Connection (Media disconnected)
11b/g Wireless LAN Mini PCI Express Adapter III = Maddiechat (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global

popd
# End of IPv4 configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : Costa-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Mixed
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Maddiechat:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 11b/g Wireless LAN Mini PCI Express Adapter III
Physical Address. . . . . . . . . : 00-24-2C-E4-E8-84
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : vaniercollege.intra
Description . . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
Physical Address. . . . . . . . . : 00-24-8C-B3-B1-19
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.vaniercollege.intra
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 14:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{47E42986-067B-4D6D-A977-3BFE22D64C3F}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host bleepingcomputer.com. Please check the name and try again.

Pinging with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for :

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
11 ...00 24 2c e4 e8 84 ...... 11b/g Wireless LAN Mini PCI Express Adapter III
10 ...00 24 8c b3 b1 19 ...... Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
1 ........................... Software Loopback Interface 1
14 ...00 00 00 00 00 00 00 e0 isatap.vaniercollege.intra
12 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
15 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
16 ...00 00 00 00 00 00 00 e0 isatap.{47E42986-067B-4D6D-A977-3BFE22D64C3F}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/11/2012 05:53:18 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/11/2012 05:52:50 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (02/10/2012 10:49:46 PM) (Source: Microsoft-Windows-SpoolerSpoolss) (User: SYSTEM)SYSTEM
Description: 0x80072af9

Error: (02/10/2012 10:48:29 PM) (Source: Application Error) (User: )
Description: Faulting application jusched.exe, version 2.0.3.1, time stamp 0x4ccb4165, faulting module USER32.dll, version 6.0.6002.18005, time stamp 0x49e0380e, exception code 0xc0000005, fault offset 0x00015703,
process id 0x834, application start time 0xjusched.exe0.

Error: (02/10/2012 10:47:46 PM) (Source: Microsoft-Windows-SpoolerSpoolss) (User: SYSTEM)SYSTEM
Description: 0x80072af9

Error: (02/10/2012 10:44:43 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/10/2012 10:43:23 PM) (Source: Microsoft-Windows-SpoolerSpoolss) (User: SYSTEM)SYSTEM
Description: 0x80072af9

Error: (02/10/2012 10:31:37 PM) (Source: Application Error) (User: )
Description: Faulting application jusched.exe, version 2.0.3.1, time stamp 0x4ccb4165, faulting module USER32.dll, version 6.0.6002.18005, time stamp 0x49e0380e, exception code 0xc0000005, fault offset 0x00015703,
process id 0xfa8, application start time 0xjusched.exe0.

Error: (02/10/2012 10:28:00 PM) (Source: Microsoft-Windows-SpoolerSpoolss) (User: SYSTEM)SYSTEM
Description: 0x80072af9

Error: (02/10/2012 10:26:59 PM) (Source: Microsoft-Windows-SpoolerSpoolss) (User: SYSTEM)SYSTEM
Description: 0x80072af9

System errors:
=============
Error: (02/11/2012 05:53:20 PM) (Source: Service Control Manager) (User: )
Description: lenovo.smi
SASDIFSV
SASKUTIL
spldr
tdx
TPPWRIF
tvtumon
Wanarpv6

Error: (02/11/2012 05:53:20 PM) (Source: Service Control Manager) (User: )
Description: Internet Connection Sharing (ICS)BFE%%2

Error: (02/11/2012 05:53:20 PM) (Source: Service Control Manager) (User: )
Description: IPsec Policy AgentBFE%%2

Error: (02/11/2012 05:53:20 PM) (Source: Service Control Manager) (User: )
Description: IKE and AuthIP IPsec Keying ModulesBFE%%2

Error: (02/11/2012 05:53:20 PM) (Source: Service Control Manager) (User: )
Description: BFE%%2

Error: (02/11/2012 05:53:20 PM) (Source: Service Control Manager) (User: )
Description: Computer BrowserServer%%1068

Error: (02/11/2012 05:53:20 PM) (Source: Service Control Manager) (User: )
Description: DNS ClientNetIO Legacy TDI Support Driver%%31

Error: (02/11/2012 05:53:20 PM) (Source: Service Control Manager) (User: )
Description: DHCP ClientNetIO Legacy TDI Support Driver%%31

Error: (02/11/2012 05:53:02 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (02/11/2012 05:52:49 PM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Microsoft Office Sessions:
=========================
Error: (10/06/2010 09:10:43 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5531 seconds with 2280 seconds of active time. This session ended with a crash.

========================= Memory info: ===================================

Percentage of memory in use: 20%
Total physical RAM: 2012.54 MB
Available physical RAM: 1605.28 MB
Total Pagefile: 4262.32 MB
Available Pagefile: 4011.8 MB
Total Virtual: 2047.88 MB
Available Virtual: 1965.53 MB

========================= Partitions: =====================================

1 Drive c: (SW_Preload) (Fixed) (Total:137.82 GB) (Free:80.35 GB) NTFS
3 Drive e: () (Removable) (Total:7.45 GB) (Free:7.36 GB) FAT32
4 Drive q: (Lenovo) (Fixed) (Total:9.77 GB) (Free:4.1 GB) NTFS
5 Drive s: (SERVICEV003) (Fixed) (Total:1.46 GB) (Free:0.69 GB) NTFS

========================= Users: ========================================

User accounts for \\COSTA-PC

Administrator Costa Guest

**** End of log ****

Here is FarBar result

Farbar Service Scanner Version: 10-02-2012
Ran by Costa (administrator) on 11-02-2012 at 17:57:47
Running from "E:\FarBar"
Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86)
Boot Mode: Nerwork
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

tdx Service is not running. Checking service configuration:
The start type of tdx service is OK.
The ImagePath of tdx service is OK.

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys
[2011-06-16 08:17] - [2011-04-21 08:58] - 0273408 ____A (Microsoft Corporation)

Attention! C:\Windows\system32\Drivers\tdx.sys is missing.
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

MtlHab39 · « **Reply #36 on:** February 11, 2012, 04:13:46 PM »

Rescanned with farbar but checked off all choices except defender

Farbar Service Scanner Version: 10-02-2012
Ran by Costa (administrator) on 11-02-2012 at 18:11:09
Running from "E:\FarBar"
Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86)
Boot Mode: Nerwork
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

tdx Service is not running. Checking service configuration:
The start type of tdx service is OK.
The ImagePath of tdx service is OK.

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.

Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking LEGACY_MpsSvc: Attention! Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

bfe Service is not running. Checking service configuration:
The start type of bfe service is set to Demand. The default start type is Auto.
The ImagePath of bfe: "NADA".
Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.
Checking LEGACY_bfe: Attention! Unable to open LEGACY_bfe\0000 registry key. The key does not exist.

Firewall Disabled Policy:
==================

System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.
Checking LEGACY_SDRSVC: Attention! Unable to open LEGACY_SDRSVC\0000 registry key. The key does not exist.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.

System Restore Disabled Policy:
========================

Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.
Checking LEGACY_BITS: Attention! Unable to open LEGACY_BITS\0000 registry key. The key does not exist.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
Attention! C:\Windows\system32\Drivers\tdx.sys is missing.
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

SuperDave · « **Reply #37 on:** February 11, 2012, 05:07:45 PM »

Please download SystemLook from one of the links below and save it to your desktop.

Link # 1
Link # 2

Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double-click SystemLook.exe to run it.

Copy the contents of the following codebox into the main textfield.

Code: [Select]

:filefind
tdx.sys

Click the Look button to start the scan.

Note: The scan may take some time so please just let it do its work and be patient (or do something else unrelated to the computer).

When finished, a notepad window will open with the results of the scan. Please post the log. The log can also be found on your desktop entitled SystemLook.txt

MtlHab39 · « **Reply #38 on:** February 12, 2012, 08:41:38 AM »

Here is SystemLook

SystemLook 30.07.11 by jpshortstuff
Log created at 10:11 on 12/02/2012 by Costa
Administrator - Elevation successful

========== filefind ==========

Searching for "tdx.sys"
C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6001.18000_none_ea3dc84bdc15a8b7\tdx.sys --a---- 71680 bytes [02:34 21/01/2008] [02:34 21/01/2008] D09276B1FAB033CE1D40DCBDF303D10F

-= EOF =-

SuperDave · « **Reply #39 on:** February 12, 2012, 11:03:33 AM »

Do you have your Windows OS disk or can you borrow one? It must be Vista™ Home Basic.

MtlHab39 · « **Reply #40 on:** February 12, 2012, 11:30:26 AM »

Would it have been included with the Lenovo?

MtlHab39 · « **Reply #41 on:** February 12, 2012, 11:33:19 AM »

Is it called Windows Live Installer?

SuperDave · « **Reply #42 on:** February 12, 2012, 06:51:41 PM »

Quote

Would it have been included with the Lenovo?

I'm not sure what Lenovo's policy is regarding OS disks. If it's like most Vista installations there should be a Recovery Console on the computer. In your case, it looks like there might be one on the Q drive. You can verify this by clicking on Windows Explorer and clicking on My Computer of Computer. There you should see the C drive and all the other drives. One should be named Recovery Console. In your case it should be the Q drive.

Run the Vista Recovery Console.

1. Eject and remove any discs or memory cards from your computer.

2. Click the "Start" button on the desktop to open the Start menu, click the small arrow icon to the right of the lock icon and select "Restart".

3. Hold the "F8" key on your computer's keyboard as Windows Vista reboots.

4. Highlight and select "Repair your computer" choose your keyboard type and click "Next".

5. Choose your user name, type your password if prompted and click "OK" to access the System Recovery Options menu.

MtlHab39 · « **Reply #43 on:** February 14, 2012, 03:16:16 PM »

Hi Dave
Was able to access System Recovery Options window

Asks me to choose a recovery tool; operating system Microsoft Windows Vista on (D:) SW_Preload

choices are

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
Lenovo Product Recovery

Which one do I access?

SuperDave · « **Reply #44 on:** February 14, 2012, 04:23:38 PM »

Let's start out with Startup Repair.

MtlHab39 · « **Reply #45 on:** February 14, 2012, 04:41:11 PM »

Done and completed within ~10 seconds.
Opened diagnosis and repair details

Last successful boot time: 2/14/2012 10:58:55 PM (GMT)

Session details
System disk= device/harddisk0
Windows directory= D:/Windows
AutoChk Run = 0
Number of root causes = 1

Lists several tests (check for updates, system disk test, disk failure diagnosis, disk metadata test, target OS test, volume content check, Boot manager diagnosis, system boot log diagnosis, event log diagnosis, internal state check, boot status test) that were all completed successfully.

Last comment is

Root cause found:
Boot status indicates that the OS booted successfully.

That is it.

SuperDave · « **Reply #46 on:** February 14, 2012, 05:03:34 PM »

Ok. Please try running the FarBar Service Scanner in Reply # 34

MtlHab39 · « **Reply #47 on:** February 15, 2012, 04:32:09 PM »

Guess it still can't find that 'file'

Farbar Service Scanner Version: 10-02-2012
Ran by Costa (administrator) on 15-02-2012 at 18:24:33
Running from "E:\FarBar"
Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86)
Boot Mode: Nerwork
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

tdx Service is not running. Checking service configuration:
The start type of tdx service is OK.
The ImagePath of tdx service is OK.

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.

Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking LEGACY_MpsSvc: Attention! Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

bfe Service is not running. Checking service configuration:
The start type of bfe service is set to Demand. The default start type is Auto.
The ImagePath of bfe: "NADA".
Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.
Checking LEGACY_bfe: Attention! Unable to open LEGACY_bfe\0000 registry key. The key does not exist.

Firewall Disabled Policy:
==================

System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.
Checking LEGACY_SDRSVC: Attention! Unable to open LEGACY_SDRSVC\0000 registry key. The key does not exist.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.

System Restore Disabled Policy:
========================

Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.
Checking LEGACY_BITS: Attention! Unable to open LEGACY_BITS\0000 registry key. The key does not exist.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
Attention! C:\Windows\system32\Drivers\tdx.sys is missing.
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

SuperDave · « **Reply #48 on:** February 15, 2012, 05:34:50 PM »

Let's try to find this file again.You should already have this program on your desktop.

Please download SystemLook from one of the links below and save it to your desktop.

Link # 1
Link # 2

Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double-click SystemLook.exe to run it.

Copy the contents of the following codebox into the main textfield.

Code: [Select]

:filefind
tdx.sys

Click the Look button to start the scan.

Note: The scan may take some time so please just let it do its work and be patient (or do something else unrelated to the computer).

When finished, a notepad window will open with the results of the scan. Please post the log. The log can also be found on your desktop entitled SystemLook.txt

MtlHab39 · « **Reply #49 on:** February 15, 2012, 09:56:57 PM »

SystemLook 30.07.11 by jpshortstuff
System Look tonight

Log created at 23:11 on 15/02/2012 by Costa
Administrator - Elevation successful

========== filefind ==========

Searching for "tdx.sys"
C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6001.18000_none_ea3dc84bdc15a8b7\tdx.sys --a---- 71680 bytes [02:34 21/01/2008] [02:34 21/01/2008] D09276B1FAB033CE1D40DCBDF303D10F

-= EOF =-

SuperDave · « **Reply #50 on:** February 16, 2012, 10:42:18 AM »

Could you please check your Device Manager to see if there are any yellow warning flags?
Please delete ComboFix from your desktop, download a new version and run another scan. The instructions are in Reply # 7.

MtlHab39 · « **Reply #51 on:** February 16, 2012, 04:46:22 PM »

Clicked on Device manager; everything is listed; no yellow flags anywhere

MtlHab39 · « **Reply #52 on:** February 16, 2012, 10:02:40 PM »

Trying to run new combofix.
Once autoscan opens up; first info tells me 'failed to get data for 'enableLVA'
second separate window again pops up with

You are infected with Rootkit.ZeroAccess!It has inserted itself into the tcp/ip stack. This is a particularly difficult infection. If for any reason that you're unable to connect to the internet, log off and reboot machine and rerun combofix.

I left it alone and autoscan continues; its been 3 hrs on another pop up "detected rootkit activity and need to reboot" - finally x'ed it and then machine rebooted; placed it in safe mode (previous combofix attempt was in regular mode).

Am leaving the laptop on to see what will happen with Rootkit box opened.

Side question: my Java is outdated and reading around seems to pose a risk for intruders
should I uninstall it?

Thanks

Geek-9pm · « **Reply #53 on:** February 16, 2012, 10:11:35 PM »

Dear OP:

Quote

You are infected with Rootkit.ZeroAccess!It has inserted itself into the tcp/ip stack. This is a particularly difficult infection. If for any reason that you're unable to connect to the internet, log off and reboot machine and rerun combofix.

That kind of warning is extremely serious.
There are no shortcuts around it.
Please pay attention to the experts who are trying to help you.

SuperDave · « **Reply #54 on:** February 17, 2012, 08:03:27 AM »

Quote

Side question: my Java is outdated and reading around seems to pose a risk for intruders
should I uninstall it?

No. Just update it.

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
*************************************************************
Let's try ComboFix with this:

Delete your copy of ComboFix; download a fresh copy, except before you download it, rename it to blackpudding.bat

Navigate to Start --> Run, and enter the following command exactly as shown:

"%userprofile%\desktop\blackpudding.bat" /killall

See if ComboFix will run now

MtlHab39 · « **Reply #55 on:** February 18, 2012, 08:19:24 AM »

Did rename prior to downloading on PC; brought to laptop with USB; deleted old combofix on desktop; zipped new pudding name/file onto desktop; cut and paste the command and laptop is telling me that it cannot find it!!!

After that no-go, am trying to run combofix via pudding from USB-pudding file, so far same discovery of rootkit message, another box opened with 'Rootkit is detected. Be patient as this may take some moments' message. Two loud beeps and now box 'Combofix has detected the presence of rootkit activity and needs to reboot the machine'

Will wait and see what happens and update a post.
Have to say you must be one patient fellow; have felt numerous times to zing this laptop into the dumpster!!!!!!!!!!!!!!!!

Also for Java, can I download onto the USB via desktop the latest version-link and carry it to laptop with USB?

SuperDave · « **Reply #56 on:** February 18, 2012, 11:19:11 AM »

Quote

Also for Java, can I download onto the USB via desktop the latest version-link and carry it to laptop with USB?

That should work. Don't forget to uninstall the old versions.

MtlHab39 · « **Reply #57 on:** February 18, 2012, 11:55:07 AM »

Quote from: MtlHab39 on February 18, 2012, 08:19:24 AM

Did rename prior to downloading on PC; brought to laptop with USB; deleted old combofix on desktop; zipped new pudding name/file onto desktop; cut and paste the command and laptop is telling me that it cannot find it!!!

After that no-go, am trying to run combofix via pudding from USB-pudding file, so far same discovery of rootkit message, another box opened with 'Rootkit is detected. Be patient as this may take some moments' message. Two loud beeps and now box 'Combofix has detected the presence of rootkit activity and needs to reboot the machine'

Will wait and see what happens and update a post.

That box has remained on desktop for 3 hrs now.

SuperDave · « **Reply #58 on:** February 18, 2012, 06:25:20 PM »

Quote

That box has remained on desktop for 3 hrs now.

That's too long. You can abort that operation. I'm running out of tools to run on this computer. Soon we will have to look at saving your important data and running the Recovery Console to restore your computer back to the day you purchased it.

Download BootKit Remover to your Desktop.

•You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip

•After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator.

•It will show a Black screen with some data on it.

•Right click on the screen and click Select All.

•Press Enter

•Open a Notepad and press CTRL V

•Post the output back here.

MtlHab39 · « **Reply #59 on:** February 18, 2012, 08:52:52 PM »

This is a bootkit debug log; don't think you needed this but the file was there

.\debug.cpp(238) : Debug log started at 19.02.2012 - 03:38:14
.\boot_cleaner.cpp(527) : Bootkit Remover
.\boot_cleaner.cpp(528) : (c) 2009 Esage Lab
.\boot_cleaner.cpp(529) : www.esagelab.com
.\boot_cleaner.cpp(533) : Program version: 1.2.0.1
.\boot_cleaner.cpp(540) : OS Version: Microsoft Windows Vista Home Basic Edition Service Pack 2 (build 6002), 32-bit
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x8304a000 0x003ba000 "\SystemRoot\system32\ntkrnlpa.exe"
.\debug.cpp(256) : 0x83017000 0x00033000 "\SystemRoot\system32\hal.dll"
.\debug.cpp(256) : 0x80409000 0x00007000 "\SystemRoot\system32\kdcom.dll"
.\debug.cpp(256) : 0x80410000 0x00070000 "\SystemRoot\system32\mcupdate_GenuineIntel.dll"
.\debug.cpp(256) : 0x80480000 0x00011000 "\SystemRoot\system32\PSHED.dll"
.\debug.cpp(256) : 0x80491000 0x00008000 "\SystemRoot\system32\BOOTVID.dll"
.\debug.cpp(256) : 0x80499000 0x00041000 "\SystemRoot\system32\CLFS.SYS"
.\debug.cpp(256) : 0x804da000 0x000e0000 "\SystemRoot\system32\CI.dll"
.\debug.cpp(256) : 0x8060f000 0x0007c000 "\SystemRoot\system32\drivers\Wdf01000.sys"
.\debug.cpp(256) : 0x8068b000 0x0000d000 "\SystemRoot\system32\drivers\WDFLDR.SYS"
.\debug.cpp(256) : 0x80698000 0x00032000 "\SystemRoot\system32\drivers\fltmgr.sys"
.\debug.cpp(256) : 0x806ca000 0x00046000 "\SystemRoot\system32\drivers\acpi.sys"
.\debug.cpp(256) : 0x80710000 0x00009000 "\SystemRoot\system32\drivers\WMILIB.SYS"
.\debug.cpp(256) : 0x80719000 0x00008000 "\SystemRoot\system32\drivers\msisadrv.sys"
.\debug.cpp(256) : 0x80721000 0x00027000 "\SystemRoot\system32\drivers\pci.sys"
.\debug.cpp(256) : 0x80748000 0x0000f000 "\SystemRoot\System32\drivers\partmgr.sys"
.\debug.cpp(256) : 0x80757000 0x00003000 "\SystemRoot\system32\DRIVERS\compbatt.sys"
.\debug.cpp(256) : 0x8075a000 0x0000a000 "\SystemRoot\system32\DRIVERS\BATTC.SYS"
.\debug.cpp(256) : 0x80764000 0x0000f000 "\SystemRoot\system32\drivers\volmgr.sys"
.\debug.cpp(256) : 0x80773000 0x0004a000 "\SystemRoot\System32\drivers\volmgrx.sys"
.\debug.cpp(256) : 0x807bd000 0x00010000 "\SystemRoot\System32\drivers\mountmgr.sys"
.\debug.cpp(256) : 0x8360d000 0x000da000 "\SystemRoot\system32\drivers\iastor.sys"
.\debug.cpp(256) : 0x836e7000 0x00010000 "\SystemRoot\system32\drivers\fileinfo.sys"
.\debug.cpp(256) : 0x836f7000 0x0003d000 "\SystemRoot\system32\drivers\PCTCore.sys"
.\debug.cpp(256) : 0x83734000 0x00057000 "\SystemRoot\system32\drivers\pctDS.sys"
.\debug.cpp(256) : 0x8900e000 0x000a5000 "\SystemRoot\system32\drivers\pctEFA.sys"
.\debug.cpp(256) : 0x890b3000 0x00017000 "\SystemRoot\System32\Drivers\DRVMCDB.SYS"
.\debug.cpp(256) : 0x890ca000 0x0000a000 "\SystemRoot\System32\Drivers\PxHelp20.sys"
.\debug.cpp(256) : 0x890d4000 0x00072000 "\SystemRoot\System32\Drivers\ksecdd.sys"
.\debug.cpp(256) : 0x8920b000 0x0010b000 "\SystemRoot\system32\drivers\ndis.sys"
.\debug.cpp(256) : 0x89316000 0x0002b000 "\SystemRoot\system32\drivers\msrpc.sys"
.\debug.cpp(256) : 0x89341000 0x0003b000 "\SystemRoot\system32\drivers\NETIO.SYS"
.\debug.cpp(256) : 0x8940a000 0x000ea000 "\SystemRoot\System32\drivers\tcpip.sys"
.\debug.cpp(256) : 0x894f4000 0x0001b000 "\SystemRoot\System32\drivers\fwpkclnt.sys"
.\debug.cpp(256) : 0x89608000 0x00110000 "\SystemRoot\System32\Drivers\Ntfs.sys"
.\debug.cpp(256) : 0x89718000 0x00039000 "\SystemRoot\system32\drivers\volsnap.sys"
.\debug.cpp(256) : 0x89751000 0x00008000 "\SystemRoot\System32\DRIVERS\ApsHM86.sys"
.\debug.cpp(256) : 0x89761000 0x0001e000 "\SystemRoot\System32\DRIVERS\Apsx86.sys"
.\debug.cpp(256) : 0x8977f000 0x0000f000 "\SystemRoot\System32\Drivers\mup.sys"
.\debug.cpp(256) : 0x8978e000 0x00027000 "\SystemRoot\System32\drivers\ecache.sys"
.\debug.cpp(256) : 0x897b5000 0x00011000 "\SystemRoot\system32\drivers\disk.sys"
.\debug.cpp(256) : 0x897c6000 0x00021000 "\SystemRoot\system32\drivers\CLASSPNP.SYS"
.\debug.cpp(256) : 0x897e7000 0x00009000 "\SystemRoot\system32\drivers\crcdisk.sys"
.\debug.cpp(256) : 0x895e9000 0x0000b000 "\SystemRoot\system32\DRIVERS\tunnel.sys"
.\debug.cpp(256) : 0x895f4000 0x00009000 "\SystemRoot\system32\DRIVERS\tunmp.sys"
.\debug.cpp(256) : 0x8937c000 0x0000b000 "\SystemRoot\system32\DRIVERS\usbuhci.sys"
.\debug.cpp(256) : 0x89387000 0x0003e000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS"
.\debug.cpp(256) : 0x893c5000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbehci.sys"
.\debug.cpp(256) : 0x89146000 0x0008d000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys"
.\debug.cpp(256) : 0x8d40a000 0x000e4000 "\SystemRoot\system32\DRIVERS\athr.sys"
.\debug.cpp(256) : 0x8d4ee000 0x00021000 "\SystemRoot\system32\DRIVERS\Rtlh86.sys"
.\debug.cpp(256) : 0x8d50f000 0x00010000 "\SystemRoot\system32\DRIVERS\ohci1394.sys"
.\debug.cpp(256) : 0x8d51f000 0x0000e000 "\SystemRoot\system32\DRIVERS\1394BUS.SYS"
.\debug.cpp(256) : 0x8d52d000 0x00011000 "\SystemRoot\system32\DRIVERS\rimmptsk.sys"
.\debug.cpp(256) : 0x8d53e000 0x00014000 "\SystemRoot\system32\DRIVERS\rimsptsk.sys"
.\debug.cpp(256) : 0x8d552000 0x00052000 "\SystemRoot\system32\DRIVERS\rixdptsk.sys"
.\debug.cpp(256) : 0x8d5a4000 0x00013000 "\SystemRoot\system32\DRIVERS\i8042prt.sys"
.\debug.cpp(256) : 0x8d5b7000 0x0000b000 "\SystemRoot\system32\DRIVERS\kbdclass.sys"
.\debug.cpp(256) : 0x8d5c2000 0x00030000 "\SystemRoot\system32\DRIVERS\SynTP.sys"
.\debug.cpp(256) : 0x8d5f2000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS"
.\debug.cpp(256) : 0x8d5f4000 0x0000b000 "\SystemRoot\system32\DRIVERS\mouclass.sys"
.\debug.cpp(256) : 0x8d400000 0x00004000 "\SystemRoot\system32\DRIVERS\ibmpmdrv.sys"
.\debug.cpp(256) : 0x8d404000 0x00002000 "\SystemRoot\System32\Drivers\DLACDBHM.SYS"
.\debug.cpp(256) : 0x893d4000 0x00018000 "\SystemRoot\system32\DRIVERS\cdrom.sys"
.\debug.cpp(256) : 0x89600000 0x00006000 "\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys"
.\debug.cpp(256) : 0x89759000 0x00008000 "\SystemRoot\system32\DRIVERS\A0101V32.sys"
.\debug.cpp(256) : 0x8378b000 0x0002f000 "\SystemRoot\system32\DRIVERS\msiscsi.sys"
.\debug.cpp(256) : 0x837ba000 0x00041000 "\SystemRoot\system32\DRIVERS\storport.sys"
.\debug.cpp(256) : 0x893ec000 0x0000b000 "\SystemRoot\system32\DRIVERS\TDI.SYS"
.\debug.cpp(256) : 0x891d3000 0x00017000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys"
.\debug.cpp(256) : 0x89200000 0x0000b000 "\SystemRoot\system32\DRIVERS\ndistapi.sys"
.\debug.cpp(256) : 0x807cd000 0x00023000 "\SystemRoot\system32\DRIVERS\ndiswan.sys"
.\debug.cpp(256) : 0x891ea000 0x0000f000 "\SystemRoot\system32\DRIVERS\raspppoe.sys"
.\debug.cpp(256) : 0x805ba000 0x00014000 "\SystemRoot\system32\DRIVERS\raspptp.sys"
.\debug.cpp(256) : 0x805ce000 0x00015000 "\SystemRoot\system32\DRIVERS\rassstp.sys"
.\debug.cpp(256) : 0x807f0000 0x00010000 "\SystemRoot\system32\DRIVERS\termdd.sys"
.\debug.cpp(256) : 0x8d406000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys"
.\debug.cpp(256) : 0x8dc05000 0x0002a000 "\SystemRoot\system32\DRIVERS\ks.sys"
.\debug.cpp(256) : 0x8dc2f000 0x0000a000 "\SystemRoot\system32\DRIVERS\mssmbios.sys"
.\debug.cpp(256) : 0x8dc39000 0x0000d000 "\SystemRoot\system32\DRIVERS\umbus.sys"
.\debug.cpp(256) : 0x8dc46000 0x00035000 "\SystemRoot\system32\DRIVERS\usbhub.sys"
.\debug.cpp(256) : 0x8dc7b000 0x00011000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
.\debug.cpp(256) : 0x8dc8c000 0x00009000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS"
.\debug.cpp(256) : 0x8dc95000 0x00007000 "\SystemRoot\System32\Drivers\Null.SYS"
.\debug.cpp(256) : 0x8dc9c000 0x00007000 "\SystemRoot\System32\Drivers\Beep.SYS"
.\debug.cpp(256) : 0x8dca3000 0x00006000 "\SystemRoot\System32\Drivers\DLARTL_M.SYS"
.\debug.cpp(256) : 0x8dca9000 0x0000c000 "\SystemRoot\System32\drivers\vga.sys"
.\debug.cpp(256) : 0x8dcb5000 0x00021000 "\SystemRoot\System32\drivers\VIDEOPRT.SYS"
.\debug.cpp(256) : 0x8dcd6000 0x0000c000 "\SystemRoot\System32\drivers\watchdog.sys"
.\debug.cpp(256) : 0x8dce2000 0x00008000 "\SystemRoot\system32\drivers\rdpencdd.sys"
.\debug.cpp(256) : 0x8dcea000 0x0000b000 "\SystemRoot\System32\Drivers\Msfs.SYS"
.\debug.cpp(256) : 0x8dcf5000 0x0000e000 "\SystemRoot\System32\Drivers\Npfs.SYS"
.\debug.cpp(256) : 0x8dd03000 0x00009000 "\SystemRoot\System32\DRIVERS\rasacd.sys"
.\debug.cpp(256) : 0x8dd0c000 0x00014000 "\SystemRoot\system32\DRIVERS\smb.sys"
.\debug.cpp(256) : 0x8dd20000 0x00048000 "\SystemRoot\system32\drivers\afd.sys"
.\debug.cpp(256) : 0x8dd68000 0x00032000 "\SystemRoot\System32\DRIVERS\netbt.sys"
.\debug.cpp(256) : 0x8dd9a000 0x00009000 "\SystemRoot\system32\drivers\ws2ifsl.sys"
.\debug.cpp(256) : 0x8dda3000 0x00016000 "\SystemRoot\system32\DRIVERS\pacer.sys"
.\debug.cpp(256) : 0x8ddb9000 0x0000e000 "\SystemRoot\system32\DRIVERS\netbios.sys"
.\debug.cpp(256) : 0x8e003000 0x0003c000 "\SystemRoot\system32\DRIVERS\rdbss.sys"
.\debug.cpp(256) : 0x8e03f000 0x0000a000 "\SystemRoot\system32\drivers\nsiproxy.sys"
.\debug.cpp(256) : 0x8e049000 0x00017000 "\SystemRoot\System32\Drivers\dfsc.sys"
.\debug.cpp(256) : 0x8e060000 0x00017000 "\SystemRoot\system32\DRIVERS\usbccgp.sys"
.\debug.cpp(256) : 0x8e077000 0x00009000 "\SystemRoot\system32\DRIVERS\hidusb.sys"
.\debug.cpp(256) : 0x8e080000 0x00010000 "\SystemRoot\system32\DRIVERS\HIDCLASS.SYS"
.\debug.cpp(256) : 0x8e090000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS"
.\debug.cpp(256) : 0x8e097000 0x00009000 "\SystemRoot\system32\DRIVERS\kbdhid.sys"
.\debug.cpp(256) : 0x8e0a0000 0x00008000 "\SystemRoot\system32\DRIVERS\mouhid.sys"
.\debug.cpp(256) : 0x8e0a8000 0x0000d000 "\SystemRoot\System32\Drivers\crashdmp.sys"
.\debug.cpp(256) : 0x8e0b5000 0x000da000 "\SystemRoot\System32\Drivers\dump_iaStor.sys"
.\debug.cpp(256) : 0x93ee0000 0x00204000 "\SystemRoot\System32\win32k.sys"
.\debug.cpp(256) : 0x8e18f000 0x0000a000 "\SystemRoot\System32\drivers\Dxapi.sys"
.\debug.cpp(256) : 0x940f0000 0x00017000 "\SystemRoot\System32\drivers\dxg.sys"
.\debug.cpp(256) : 0x94120000 0x00009000 "\SystemRoot\System32\TSDDD.dll"
.\debug.cpp(256) : 0x941a0000 0x00008000 "\SystemRoot\System32\framebuf.dll"
.\debug.cpp(256) : 0x8e199000 0x0002a000 "\SystemRoot\system32\DRIVERS\nwifi.sys"
.\debug.cpp(256) : 0x8e1c3000 0x0000a000 "\SystemRoot\system32\DRIVERS\ndisuio.sys"
.\debug.cpp(256) : 0x8e1cd000 0x00019000 "\SystemRoot\system32\DRIVERS\bowser.sys"
.\debug.cpp(256) : 0x8ddc7000 0x0001f000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys"
.\debug.cpp(256) : 0x8950f000 0x00039000 "\SystemRoot\system32\DRIVERS\mrxsmb10.sys"
.\debug.cpp(256) : 0x8e1e6000 0x00018000 "\SystemRoot\system32\DRIVERS\mrxsmb20.sys"
.\debug.cpp(256) : 0x8dde6000 0x00016000 "\SystemRoot\system32\DRIVERS\cdfs.sys"
.\debug.cpp(256) : 0x8955d000 0x00028000 "\SystemRoot\System32\Drivers\fastfat.SYS"
.\debug.cpp(256) : 0x89585000 0x00015000 "\SystemRoot\system32\DRIVERS\USBSTOR.SYS"
.\debug.cpp(256) : 0x770c0000 0x00128000 "\Windows\System32\ntdll.dll"
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
.\debug.cpp(400) : Destination "\Device\Ndis"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
.\debug.cpp(400) : Destination "\Device\Video0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000038"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
.\debug.cpp(400) : Destination "\Device\Video1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&14bae781&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000039"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000036"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0E#2&daba3ff&3#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\0000004a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&2f6d72dd&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-7"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{368ABA44-F30B-4B9B-B006-B5A2DB131DBF}"
.\debug.cpp(400) : Destination "\Device\NDMP13"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E34CD445-D9B5-45AC-8C30-61A9E6C9AE11}"
.\debug.cpp(400) : Destination "\Device\NDMP12"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000001"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy1"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\E:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000037"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ATKACPI"
.\debug.cpp(400) : Destination "\Device\ATKACPI"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy2"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIAdminDevice"
.\debug.cpp(400) : Destination "\Device\WMIAdminDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&Signature901C13D0Offset22D2200000Length 271000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{601A5F35-E01E-4A22-A307-3541312908BA}"
.\debug.cpp(400) : Destination "\Device\NDMP11"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0014#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000004"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tun0"
.\debug.cpp(400) : Destination "\Device\Tun0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000001"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy3"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VolMgrControl"
.\debug.cpp(400) : Destination "\Device\VolMgrControl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy4"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{28192cc9-44a0-11de-aff2-806e6f6e6963}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&b460f2&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy5"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CompositeBattery"
.\debug.cpp(400) : Destination "\Device\CompositeBattery"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_0781&PID_556B#200607749213F9337288#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-9"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
.\debug.cpp(400) : Destination "\Device\WMIDataDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_045E&PID_0745&MI_01&Col01#7&f8f2aa4&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\00000072"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_293C&SUBSYS_20F117AA&REV_03#3&11583659&0&D7#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0006"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TUNMP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000005"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IBMPmDrv"
.\debug.cpp(400) : Destination "\Device\PMDRV"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy6"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Q:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&Signature901C13D0Offset5DD00000Length22 744FF000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_293A&SUBSYS_20F117AA&REV_03#3&11583659&0&EF#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0015"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy7"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy7"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
.\debug.cpp(400) : Destination "\Device\NamedPipe"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy8"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy8"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
.\debug.cpp(400) : Destination "\Device\Mup"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_045E&PID_0745&MI_02&Col02#7&2752b6e9&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\00000075"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Psched"
.\debug.cpp(400) : Destination "\Device\Psched"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GEARAspiWDMDevice"
.\debug.cpp(400) : Destination "\Device\GEARAspiWDMDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy9"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy9"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
.\debug.cpp(400) : Destination "\Device\USBFDO-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgrMsg"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2936&SUBSYS_20F017AA&REV_03#3&11583659&0&EA#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0014"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
.\debug.cpp(400) : Destination "\Device\USBFDO-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\pctEFA"
.\debug.cpp(400) : Destination "\Device\pctEFA"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
.\debug.cpp(400) : Destination "\DosDevices\LPT1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
.\debug.cpp(400) : Destination "\Device\Harddisk0\DR0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2"
.\debug.cpp(400) : Destination "\Device\USBFDO-2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TUNMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000005"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive1"
.\debug.cpp(400) : Destination "\Device\Harddisk1\DR2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#UMBUS#0000#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
.\debug.cpp(400) : Destination "\Device\00000041"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
.\debug.cpp(400) : Destination "\Device\FsWrap"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3"
.\debug.cpp(400) : Destination "\Device\USBFDO-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{bc73035e-449a-11de-93e7-00248cb3b119}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\S:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\0000003a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4"
.\debug.cpp(400) : Destination "\Device\USBFDO-4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#volmgr#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000042"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\pctDS"
.\debug.cpp(400) : Destination "\Device\pctDS"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_045E&PID_0745&MI_02&Col03#7&2752b6e9&0&0002#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\00000076"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000036"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ISCSIPRT#0000#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000008"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD5"
.\debug.cpp(400) : Destination "\Device\USBFDO-5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
.\debug.cpp(400) : Destination "\GLOBAL??"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LOG:"
.\debug.cpp(400) : Destination "\clfs"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&2a2a2ff4&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000003b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD6"
.\debug.cpp(400) : Destination "\Device\USBFDO-6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E11515E1-E1A9-47CC-A452-7F766AD61B50}"
.\debug.cpp(400) : Destination "\Device\NDMP2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_045E&PID_0745&MI_02&Col01#7&2752b6e9&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\00000074"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD7"
.\debug.cpp(400) : Destination "\Device\USBFDO-7"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_168C&DEV_001C&SUBSYS_0035168C&REV_01#4&2f9c0b34&0&00E1#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0019"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy10"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy10"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0D#2&daba3ff&3#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\0000004b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#THRM#{4afa3d51-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000048"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{AE8C233E-0FF8-4B63-A88F-C59B54A2A7A5}"
.\debug.cpp(400) : Destination "\Device\NDMP3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy11"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy11"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&Signature901C13D0Offset100000Length5DC0 0000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy12"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy12"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{28192ccc-44a0-11de-aff2-806e6f6e6963}"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\nativewifip"
.\debug.cpp(400) : Destination "\Device\nativewifip"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#LEN0013#4&19087a06&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000056"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000039"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2934&SUBSYS_20F017AA&REV_03#3&11583659&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0012"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy20"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy20"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy13"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy13"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\0000003b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{31D45F66-1FBA-464A-A198-F953D26B3D9E}"
.\debug.cpp(400) : Destination "\Device\NDMP6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{47E42986-067B-4D6D-A977-3BFE22D64C3F}"
.\debug.cpp(400) : Destination "\Device\NDMP5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0014#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000004"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy21"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy21"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy14"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy14"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Shockpf0"
.\debug.cpp(400) : Destination "\Device\Shockpf0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
.\debug.cpp(400) : Destination "\Device\MountPointManager"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000037"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000035"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2939&SUBSYS_20F017AA&REV_03#3&11583659&0&D2#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0005"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy22"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy22"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy15"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy15"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&_??_USBSTOR#Disk&Ven_SanDisk&Prod_Cruzer_Edge&Rev_1.20#200607749213F9337288&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Nsi"
.\debug.cpp(400) : Destination "\Device\Nsi"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&39baf81a&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2938&SUBSYS_20F017AA&REV_03#3&11583659&0&D1#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0004"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy23"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy23"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy16"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy16"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2929&SUBSYS_20F817AA&REV_03#3&11583659&0&FA#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0018"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PartmgrControl"
.\debug.cpp(400) : Destination "\Device\PartmgrControl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#VolumeSnapshot#HarddiskVolumeSnapshot27#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy27"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_SanDisk&Prod_Cruzer_Edge&Rev_1.20#200607749213F9337288&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\0000007c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000035"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ShockMgr"
.\debug.cpp(400) : Destination "\Device\ShockMgr"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{850EA409-FC82-49A7-9DEB-BABC66146CA7}"
.\debug.cpp(400) : Destination "\Device\NDMP7"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1180&DEV_0843&SUBSYS_210B17AA&REV_12#4&7ee979b&0&02F0#{ba39d8e2-30c9-11d4-b3cd-d916bda91711}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0023"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy24"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy24"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy17"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy17"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NXTIPSECDevice"
.\debug.cpp(400) : Destination "\Device\NXTIPSEC"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{f32bd873-5a4d-11e1-a7d8-00248cb3b119}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy27"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_045E&PID_0745&MI_02&Col04#7&2752b6e9&0&0003#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\00000077"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&2a372ade&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
.\debug.cpp(400) : Destination "\Device\NDMP9"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2935&SUBSYS_20F017AA&REV_03#3&11583659&0&E9#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0013"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0011#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000003"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy25"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy25"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy18"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy18"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WFPDev"
.\debug.cpp(400) : Destination "\Device\WFP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
.\debug.cpp(400) : Destination "\Device\Ide\iaStor0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHL-DT-ST_DVDRAM_GSA-T50N________________RE05____#4&1ec7b392&0&0.1.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IAAStorageDevice-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1180&DEV_0832&SUBSYS_210917AA&REV_05#4&7ee979b&0&00F0#{6bdd1fc1-810f-11d0-bec7-08002be2092f}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0021"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{BB1484E4-9D4E-41BC-8D7D-D59FC7747231}"
.\debug.cpp(400) : Destination "\Device\NDMP4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{402F775A-9265-4754-A371-C34AE3D84EBA}"
.\debug.cpp(400) : Destination "\Device\NDMP1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy26"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy26"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy19"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy19"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&3#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\0000004c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_045E&PID_0745&MI_01&Col01#7&f8f2aa4&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000072"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\1394BUS0"
.\debug.cpp(400) : Destination "\Device\1394BUS0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy27"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy27"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHL-DT-ST_DVDRAM_GSA-T50N________________RE05____#4&1ec7b392&0&0.1.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IAAStorageDevice-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000003a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2937&SUBSYS_20F017AA&REV_03#3&11583659&0&D0#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0003"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0011#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000003"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{7f71fc5e-4d29-11e1-96c8-00248cb3b119}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{bc730357-449a-11de-93e7-00248cb3b119}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
.\debug.cpp(400) : Destination "\Device\RaidPort0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskHITACHI_HTS543216L9SA00_________________FB2ZC4EC#4&1ec7b392&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IAAStorageDevice-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
.\debug.cpp(400) : Destination "\Device\NdisWan"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANBH"
.\debug.cpp(400) : Destination "\Device\NDMP8"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10EC&DEV_8168&SUBSYS_210817AA&REV_02#FFFFFFFF00#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0020"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10EC&DEV_8168&SUBSYS_210817AA&REV_02#FFFFFFFF00#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0020"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1180&DEV_0852&SUBSYS_210D17AA&REV_12#4&7ee979b&0&04F0#{58b90d02-b4b0-4504-9bea-52b93082ddf6}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0025"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\drvmcdb"
.\debug.cpp(400) : Destination "\Device\drvmcdb"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_045E&PID_0745&MI_00#7&33666866&0&0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000071"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
.\debug.cpp(400) : Destination "\Device\VolMgrControl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgr"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
.\debug.cpp(400) : Destination "\Device\MailSlot"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_045E&PID_0745#5&26fbe77f&0&2#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-8"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
.\debug.cpp(400) : Destination "\DosDevices\COM1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&7b13611&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIPV6"
.\debug.cpp(400) : Destination "\Device\NDMP10"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCTCoreDriver"
.\debug.cpp(400) : Destination "\Device\PCTCoreDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio"
.\debug.cpp(400) : Destination "\Device\Ndisuio"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&19087a06&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000055"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\0000003d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
.\debug.cpp(400) : Destination "\Device\Null"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&244bafa7&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SstpDrv"
.\debug.cpp(400) : Destination "\Device\SstpDrv"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
.\debug.cpp(400) : Destination ""
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_045E&PID_0745&MI_00#7&33666866&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\00000071"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\0000003c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_168C&DEV_001C&SUBSYS_0035168C&REV_01#4&2f9c0b34&0&00E1#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0019"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SYNTP"
.\debug.cpp(400) : Destination "\Device\SynTP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WfpAle"
.\debug.cpp(400) : Destination "\Device\WfpAle"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_045E&PID_0745&MI_01&Col02#7&f8f2aa4&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\00000073"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000038"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1180&DEV_0592&SUBSYS_210C17AA&REV_12#4&7ee979b&0&03F0#{d2d3b8e3-2400-448c-8c0d-79abecfcfda3}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0024"
.\debug.cpp(409) : --
.\debug.cpp(453) : **********************************************
.\boot_cleaner.cpp(565) : System volume is \\.\C:
.\boot_cleaner.cpp(600) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000
.\boot_cleaner.cpp(276) : Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826
.\boot_cleaner.cpp(1061) :
.\boot_cleaner.cpp(1062) : Size Device Name MBR Status
.\boot_cleaner.cpp(1063) : --------------------------------------------
.\boot_cleaner.cpp(1107) : 149 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)
.\boot_cleaner.cpp(1113) :
.\boot_cleaner.cpp(1152) : Done;

MtlHab39 · « **Reply #60 on:** February 18, 2012, 08:54:57 PM »

Here is the cntrlV post; I hope I did this correctly; the black screen opened up as you said but even if I had the 7z file within the USB not sure if it ever acted upon the unzip file; sorry if I screwed up.

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows Vista Home Basic Edition Service Pack 2 (build 600
2), 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000
Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)

Done;
Press any key to quit...

SuperDave · « **Reply #61 on:** February 19, 2012, 11:49:50 AM »

One last thing to try.

Following steps involve registry editing. Please create new restore point before proceeding!!!

How to:
XP - Create new Restore Point
Vista and Seven - Create a new Restore Point

Download XP.zip file from here: XP.zip
Unzip the file.
You'll find six files inside.
Right click on MpsSvc.reg file, click "Merge".
Allow registry merge.
Restart computer and see if internet works.

If not ask please post fresh Farbar Service Scanner log.

MtlHab39 · « **Reply #62 on:** February 19, 2012, 12:45:02 PM »

Hi Dave
Sorry for the confusion but should it be vista.zip since the laptop is a vista? or the XPzip?
Thanks

SuperDave · « **Reply #63 on:** February 19, 2012, 04:06:24 PM »

Sorry. Choose the Vista zip.

MtlHab39 · « **Reply #64 on:** February 19, 2012, 04:33:21 PM »

Device manager is telling me that it cannot support a system restore point because of
0x80070032 could not support it.

Should I still go ahead with the Vista MpsSvc.reg file "Merge?

Also noticed when I went into device manager that there is a yellow caution sign besides Microsoft ASATAP adapter.

Should I have been trying the above under safe mode?

SuperDave · « **Reply #65 on:** February 19, 2012, 07:04:49 PM »

Quote

Also noticed when I went into device manager that there is a yellow caution sign besides Microsoft ASATAP adapter.

Here's some information about that.

Quote

Should I still go ahead with the Vista MpsSvc.reg file "Merge?

Yes, please.

MtlHab39 · « **Reply #66 on:** February 20, 2012, 03:58:44 PM »

Did the merge and no change.
Here is latest Farbar.
Dave, perhaps let me know how to restart at initial settings (anything important has been on USB and is safe at work) unless you feel that some of my attempts were not perfectly done (could be).

Farbar Service Scanner Version: 10-02-2012
Ran by Costa (administrator) on 20-02-2012 at 17:54:41
Running from "E:\FarBar"
Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86)
Boot Mode: Nerwork
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

tdx Service is not running. Checking service configuration:
The start type of tdx service is OK.
The ImagePath of tdx service is OK.

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.

Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.
Checking LEGACY_MpsSvc: Attention! Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

bfe Service is not running. Checking service configuration:
The start type of bfe service is set to Demand. The default start type is Auto.
The ImagePath of bfe: "NADA".
Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.
Checking LEGACY_bfe: Attention! Unable to open LEGACY_bfe\0000 registry key. The key does not exist.

Firewall Disabled Policy:
==================

System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.
Checking LEGACY_SDRSVC: Attention! Unable to open LEGACY_SDRSVC\0000 registry key. The key does not exist.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.

System Restore Disabled Policy:
========================

Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.
Checking LEGACY_BITS: Attention! Unable to open LEGACY_BITS\0000 registry key. The key does not exist.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.

Windows Defender:
=============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
Attention! C:\Windows\system32\Drivers\tdx.sys is missing.
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll
[2008-01-20 21:33] - [2008-01-20 21:33] - 0272952 ____A (Microsoft Corporation) 4575AA12561C5648483403541D0D7F2B

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

SuperDave · « **Reply #67 on:** February 21, 2012, 11:37:44 AM »

Quote

Dave, perhaps let me know how to restart at initial settings

Do you mean to do a complete Recovery?

Quote

unless you feel that some of my attempts were not perfectly done (could be).

No. I don't have a problem with how you performed the work at your end. It's just that C:\Windows\system32\Drivers\tdx.sys is missing.
ComboFix said it replaced that file but for some reason it's still showing as MIA. If all your important data has been saved, perhaps a Recovery would be the best thing to do at this point. You can find the instructions in Reply # 42. Instead of Repair you should choose Windows Complete PC Restore

MtlHab39 · « **Reply #68 on:** February 22, 2012, 07:28:59 PM »

Murphys Law has dictated that

A valid backup location could not be found. Attach the backup hard disk or insert the final DVD from a backup set and retry.

AAgghh

SuperDave · « **Reply #69 on:** February 23, 2012, 11:42:22 AM »

The only thing I can think of now is to find a Vista Home Basic disk to do the Restore.

MtlHab39 · « **Reply #70 on:** March 01, 2012, 08:29:23 AM »

Hi SuperDave

I want to thank you for all your help.
Will try to find a disk somewhere; difficult to keep up as the desktop hard drive just crashed as well
Thanks again
MtlHab

SuperDave · « **Reply #71 on:** March 01, 2012, 11:55:56 AM »

Quote from: MtlHab39 on March 01, 2012, 08:29:23 AM

Hi SuperDave

I want to thank you for all your help.
Will try to find a disk somewhere; difficult to keep up as the desktop hard drive just crashed as well
Thanks again
MtlHab

You're welcome and good luck getting into the playoffs.

jimlucey · « **Reply #72 on:** March 09, 2012, 06:43:18 AM »

Your comment has been removed. Please do not post malware advice, or post here in the malware forum, unless you need help. If you want to help, please go here. Superdave.

MtlHab39 · « **Reply #73 on:** March 12, 2012, 10:03:34 AM »

Hi SuperDave
Which link in these forums is best for establishing security for 'new' HP lptop for teenager's usage, in terms of spyware, malware, etc?

The desktop has been Spybot and Avast protected so far.

BTW, Markov is back, the city is abuzz with the what-if??

Thanks again
Mtl

SuperDave · « **Reply #74 on:** March 12, 2012, 12:36:30 PM »

In reviewing your thread I just realized that there appears to be no Anti-Virus on your computer. If this is, in fact, to be true please download and install one of these free AV's, then run a full scan. We also should do some cleanup

Remember to only install one antivirus!

1) Avast! Home Edition
2) AVG Free Edition
3) Avira AntiVir Personal
4) Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
4-a) Microsoft Security Essentials for Windows XP
5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
6) PC Tools AntiVirus Free Edition
7) ThreatFire

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.
***********************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
**********************************************
Download this program and run it Uninstall ComboFix .It will remove ComboFix for you

***********************************************
Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

Computer Hope Forum

News:

Author Topic: VistaAntispyware 2012 ??? (Read 29978 times)

MtlHab39

Allan

SuperDave

MtlHab39

SuperDave

MtlHab39

MtlHab39

SuperDave

MtlHab39

MtlHab39

SuperDave

MtlHab39

MtlHab39

SuperDave

MtlHab39

SuperDave

MtlHab39

SuperDave

MtlHab39

SuperDave

MtlHab39

SuperDave

MtlHab39

MtlHab39

SuperDave

MtlHab39

SuperDave

MtlHab39

SuperDave

MtlHab39

MtlHab39

MtlHab39

SuperDave

MtlHab39

SuperDave

MtlHab39

MtlHab39

SuperDave

MtlHab39

SuperDave

MtlHab39

MtlHab39

SuperDave

MtlHab39

SuperDave

MtlHab39

SuperDave

MtlHab39

SuperDave

MtlHab39

SuperDave

MtlHab39

MtlHab39

Geek-9pm

SuperDave

MtlHab39

SuperDave

MtlHab39

SuperDave

MtlHab39

MtlHab39

SuperDave

MtlHab39

SuperDave

MtlHab39

SuperDave

MtlHab39

SuperDave

MtlHab39

SuperDave

MtlHab39

SuperDave

jimlucey

MtlHab39