Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Unable to run malewarebytes and/or update windows [Solved]


  • This topic is locked This topic is locked

#1
Tegros08

Tegros08

    Member

  • Member
  • PipPip
  • 11 posts
I've had this issue in the past as well and didn't know what else to do but reformat. I sort of lost my windows CD so reformatting isn't an option right now. My mother's laptop has the same issue at the moment so it would be nice to knock both of these issues out at once. Though, my mother's laptop cannot even access the internet, sadly.

My issue is:
a) A (as far as I can tell) fake windows firewall screen pops up and closes all of my browsers telling me I have an infection.
a 1) I've tried to run windows updater and even use the start up menu link but all I get is the same 'fake' firewall popup.
a 2) I have Male-ware Bytes installed but when I try to run it, you guessed it, firewall popup.

I don't know how else to explain this nor what other information to give other than what I posted above since I'm not very computer smart. I'd be happy to give some more information if asked by a trusted member. But for now, I'm afraid to log in to anything just in case this thing is waiting for me to do just that.. stalking like the prom date I once had.. ick.
  • 0

Advertisements


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello Tegros08 and welcome to my office here at G2G! :)

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

OK. First we will try to clean you PC after that we'll take care of mothers notebook. Don't do cleaning on both systems at the same time! Let's start with your PC:

Step 1

We need to disable malware processes on your system first
  • Download TheKiller to your Desktop
  • Note that TheKiller is renamed as explorer.exe
  • Run it by double click (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
  • Press OK button after program finish
  • Do not restart your system after this step
NOTE: If malware blocks TheKiller from running please try to run it several more times

Step 2

Download OTL to your Desktop

  • Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
    . Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

Step 3

Please don't forget to include these items in your reply:

  • OTL log
  • OTL Extras log
It would be helpful if you could post each log in separate post
  • 0

#3
Tegros08

Tegros08

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
OTL Extras logfile created on: 12/16/2011 10:41:07 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Dave\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.24 Gb Total Physical Memory | 2.83 Gb Available Physical Memory | 87.30% Memory free
5.08 Gb Paging File | 4.81 Gb Available in Paging File | 94.69% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 32.78 Gb Free Space | 29.32% Space Free | Partition Type: NTFS

Computer Name: HOME-35EF3B8602 | User Name: Dave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"57716:TCP" = 57716:TCP:*:Enabled:Pando Media Booster
"57716:UDP" = 57716:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"57716:TCP" = 57716:TCP:*:Enabled:Pando Media Booster
"57716:UDP" = 57716:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\BioWare\Star Wars - The Old Republic\launcher.exe" = C:\Program Files\BioWare\Star Wars - The Old Republic\launcher.exe:*:Enabled:Star Wars - The Old Republic
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\Electronic Arts\Dragon Age\bin_ship\daupdatersvc.service.exe" = C:\Program Files\Electronic Arts\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins Updater

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher
"C:\Program Files\World of Warcraft\Launcher.patch.exe" = C:\Program Files\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher
"C:\Program Files\Xfire\Xfire.exe" = C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire -- (Xfire Inc.)
"C:\Program Files\World of Warcraft\Blizzard Downloader.exe" = C:\Program Files\World of Warcraft\Blizzard Downloader.exe:*:Enabled:Blizzard Downloader
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Documents and Settings\Dave\Local Settings\Apps\2.0\V564CJ7P.JKM\CMO6NHOQ.ZH2\curs..tion_eee711038731a406_0004.0000_1829574f2226d088\CurseClient.exe" = C:\Documents and Settings\Dave\Local Settings\Apps\2.0\V564CJ7P.JKM\CMO6NHOQ.ZH2\curs..tion_eee711038731a406_0004.0000_1829574f2226d088\CurseClient.exe:*:Enabled:Curse Client 4.0
"C:\Program Files\Steam\steamapps\common\grand theft auto iv\GTAIV\GTAIV.exe" = C:\Program Files\Steam\steamapps\common\grand theft auto iv\GTAIV\GTAIV.exe:*:Enabled:Grand Theft Auto IV
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe" = C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher
"C:\Program Files\Steam\steamapps\common\grand theft auto iv episodes from liberty city\EFLC\EFLC.exe" = C:\Program Files\Steam\steamapps\common\grand theft auto iv episodes from liberty city\EFLC\EFLC.exe:*:Enabled:Grand Theft Auto : Episodes from Liberty City
"D:\EasySetupAssistant\EasySetupAssistant.exe" = D:\EasySetupAssistant\EasySetupAssistant.exe:*:Enabled:TP-LINK Easy Setup Assistant
"C:\Ruby19\bin\ruby.exe" = C:\Ruby19\bin\ruby.exe:*:Enabled:Ruby interpreter (CUI) 1.9.1.0 [i386-mingw32]
"C:\Documents and Settings\Dave\Local Settings\Temp\Blizzard Installer Bootstrap - 02f0e015\Installer.exe" = C:\Documents and Settings\Dave\Local Settings\Temp\Blizzard Installer Bootstrap - 02f0e015\Installer.exe:*:Enabled:Blizzard Downloader
"C:\Program Files\World of Warcraft\WoW-x.x.x.x-4.0.0.12911-Downloader.exe" = C:\Program Files\World of Warcraft\WoW-x.x.x.x-4.0.0.12911-Downloader.exe:*:Enabled:Blizzard Downloader
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:BackgroundDownloader.exe
"C:\Program Files\Cryptic Studios\Champions Online\Live\GameClient.exe" = C:\Program Files\Cryptic Studios\Champions Online\Live\GameClient.exe:*:Enabled:GameClient -- ()
"C:\Program Files\BioWare\Star Wars - The Old Republic\launcher.exe" = C:\Program Files\BioWare\Star Wars - The Old Republic\launcher.exe:*:Enabled:TOR Launcher
"C:\Program Files\Cryptic Studios\Champions Online\Playtest\GameClient.exe" = C:\Program Files\Cryptic Studios\Champions Online\Playtest\GameClient.exe:*:Enabled:GameClient -- ()
"C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Steam\steamapps\common\vampire the masquerade - bloodlines\vampire.exe" = C:\Program Files\Steam\steamapps\common\vampire the masquerade - bloodlines\vampire.exe:*:Enabled:Vampire: The Masquerade - Bloodlines -- ()
"C:\Program Files\Steam\steamapps\common\torchlight\Torchlight.exe" = C:\Program Files\Steam\steamapps\common\torchlight\Torchlight.exe:*:Enabled:Torchlight -- (Runic Games, Inc.)
"C:\Program Files\SecondLifeViewer2\SLVoice.exe" = C:\Program Files\SecondLifeViewer2\SLVoice.exe:*:Enabled:SLVoice
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\Steam\steamapps\montuso\team fortress 2\hl2.exe" = C:\Program Files\Steam\steamapps\montuso\team fortress 2\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\Electronic Arts\Dragon Age\bin_ship\EACoreServer.exe" = C:\Program Files\Electronic Arts\Dragon Age\bin_ship\EACoreServer.exe:*:Enabled:EA Core Server Application
"C:\Program Files\Steam\steamapps\common\dungeon defenders\Binaries\Win32\DunDefGame.exe" = C:\Program Files\Steam\steamapps\common\dungeon defenders\Binaries\Win32\DunDefGame.exe:*:Enabled:DunDefGame -- (Trendy Entertainment LLC)
"C:\Program Files\Steam\steamapps\common\dungeon defenders\Binaries\Win32\DungeonDefenders.exe" = C:\Program Files\Steam\steamapps\common\dungeon defenders\Binaries\Win32\DungeonDefenders.exe:*:Enabled:Dungeon Defenders -- (Trendy Entertainment LLC)
"C:\Program Files\Steam\steamapps\common\skyrim\SkyrimLauncher.exe" = C:\Program Files\Steam\steamapps\common\skyrim\SkyrimLauncher.exe:*:Enabled:The Elder Scrolls V: Skyrim -- (Bethesda Softworks)
"C:\Program Files\Steam\steamapps\common\trackmania nations forever\TmForever.exe" = C:\Program Files\Steam\steamapps\common\trackmania nations forever\TmForever.exe:*:Enabled:TrackMania Nations Forever -- ()
"C:\Program Files\Steam\steamapps\common\trackmania nations forever\TmForeverLauncher.exe" = C:\Program Files\Steam\steamapps\common\trackmania nations forever\TmForeverLauncher.exe:*:Enabled:TrackMania Nations Forever -- ()
"C:\Program Files\Steam\steamapps\common\bloodline champions\Binary\BloodlineChampions.exe" = C:\Program Files\Steam\steamapps\common\bloodline champions\Binary\BloodlineChampions.exe:*:Enabled:Bloodline Champions


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{107254A0-0ADF-11D4-9397-00D0B7020B38}" =
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1A69935D-7AA8-C8E3-66FB-920279E0583A}" = Catalyst Control Center
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20D9C678-A895-4F76-8AC2-22EDFF5F9C91}" = American McGee presents Scrapland
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 24
"{294BB21B-0091-492F-87D2-A9192DA3E448}" = System Requirements Lab for Intel
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{520C1D80-935C-42B9-9340-E883849D804F}_is1" = DriverTuner 3.0.1.0
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.12.0
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8F747F2A-B5C7-5DA8-E686-7B343EFCFA48}" = Catalyst Control Center InstallProxy
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions
"{92482FB3-C05B-41C6-89E7-75D985602A6E}" = System Requirements Lab
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5ED7EC9-7C4D-AF4F-6C36-55DCDC6F4117}" = Catalyst Control Center Graphics Previews Common
"{C86492CA-DDD8-A358-75D8-7E86D5A4DE72}" = ccc-utility
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D08A5DFE-F0C2-74FC-DD56-A3B371E9344D}" = EA Shared Game Component: Activation
"{D9CC869F-DA2B-3E9B-EF47-29F831A41619}" = AMD Catalyst Install Manager
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}" = Razer DeathAdder™ Mouse
"{EEEC1285-F4B2-BD99-C895-BED9881795CC}" = CCC Help English
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7BDD6421B73797179E9A97E5C7DE019FBC77147F" = Windows Driver Package - Razer (HidUsb) HIDClass (04/04/2009 1.0.5.0)
"85C2153E6B3ED760F8F06C23A83E8CC3C4680D6C" = Windows Driver Package - Cypress (CYUSB) USB (06/05/2009 3.4.1.20)
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AudioCS" = Creative Audio Console
"CCleaner" = CCleaner
"Champions Online" = Champions Online
"com.ea.Activation.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Shared Game Component: Activation
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"DA73216D935E3CBA996AFD6E6513ECC587E0C3C1" = Windows Driver Package - Razer (HidUsb) HIDClass (02/02/2007 1.0.5.0)
"DivX Setup" = DivX Setup
"HDMI" = Intel® Graphics Media Accelerator Driver
"HECI" = Intel® Management Engine Interface
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"McAfee Security Scan" = McAfee Security Scan Plus
"MESOL" = Intel® Active Management Technology
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 8.0.1 (x86 en-US)" = Mozilla Firefox 8.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MultiRes (remove only)" = MultiRes (remove only)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notepad++" = Notepad++
"Origin" = Origin
"Pidgin" = Pidgin
"Radeon Omega Drivers for Windows XP/2kv4.8.442" = Radeon Omega Drivers v4.8.442 Setup Files and Tools
"RGF HotSpot_is1" = RGF HotSpot version 0.6b
"Steam App 11020" = TrackMania Nations Forever
"Steam App 2600" = Vampire: The Masquerade - Bloodlines
"Steam App 41500" = Torchlight
"Steam App 65800" = Dungeon Defenders
"Steam App 72850" = The Elder Scrolls V: Skyrim
"uTorrent" = µTorrent
"Winamp" = Winamp
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/16/2011 9:37:44 AM | Computer Name = HOME-35EF3B8602 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 12/16/2011 9:37:44 AM | Computer Name = HOME-35EF3B8602 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 12/16/2011 11:17:44 AM | Computer Name = HOME-35EF3B8602 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 12/16/2011 11:17:44 AM | Computer Name = HOME-35EF3B8602 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 12/16/2011 11:18:44 AM | Computer Name = HOME-35EF3B8602 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 12/16/2011 11:18:44 AM | Computer Name = HOME-35EF3B8602 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 12/16/2011 11:35:49 AM | Computer Name = HOME-35EF3B8602 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 12/16/2011 11:35:49 AM | Computer Name = HOME-35EF3B8602 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 12/16/2011 11:35:49 AM | Computer Name = HOME-35EF3B8602 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 12/16/2011 11:35:49 AM | Computer Name = HOME-35EF3B8602 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

[ System Events ]
Error - 12/16/2011 11:32:28 AM | Computer Name = HOME-35EF3B8602 | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.

Error - 12/16/2011 11:36:19 AM | Computer Name = HOME-35EF3B8602 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 12/16/2011 11:36:19 AM | Computer Name = HOME-35EF3B8602 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 12/16/2011 11:36:19 AM | Computer Name = HOME-35EF3B8602 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 12/16/2011 11:36:19 AM | Computer Name = HOME-35EF3B8602 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 12/16/2011 11:36:19 AM | Computer Name = HOME-35EF3B8602 | Source = Service Control Manager | ID = 7031
Description = The Print Spooler service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 12/16/2011 11:36:19 AM | Computer Name = HOME-35EF3B8602 | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.

Error - 12/16/2011 11:39:40 AM | Computer Name = HOME-35EF3B8602 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 12/16/2011 11:44:19 AM | Computer Name = HOME-35EF3B8602 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 12/16/2011 11:45:44 AM | Computer Name = HOME-35EF3B8602 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127


< End of report >
  • 0

#4
Tegros08

Tegros08

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
It's not letting me add the second report right now. My browser (IE and Firefox) both complain of lossing connection to the page.
  • 0

#5
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Please try to ZIP that report and attach it to your next reply. After that:

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#6
Tegros08

Tegros08

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Added to a .zip per request. I'm downloading the next program as we speak.

Attached Files

  • Attached File  OTL.zip   11.28KB   37 downloads

  • 0

#7
Tegros08

Tegros08

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Included is the Combofix log that was requested. Right now my computer seems to be running smoothly; I can open and run windows update without issue, Male ware Bytes runs just fine and I've yet to see the 'firewall' prompt. Before running Combofix I did hear some ads playing on my computer even without a browser open, but I had read that was an issue with Windows itself and can be taken care of with their Malicious software. I've yet to hear said ads since running Combofix. I know I haven't thanked you and this site for the help and I feel bad for that. So thank you very very much for your help and I will -always- use this site for any further issues that may occur! Thank you thank you!
  • 0

#8
Tegros08

Tegros08

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Oops, forgot the log file.

Attached Files


  • 0

#9
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
As I expected you have very nasty infection. Combofix did great job and removed it. There is still some leftovers we need to take care of.

Step 1

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2011/12/16 10:32:29 | 000,017,372 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\786687y7c168q428n153s8xbl4s1
    [2011/12/16 10:32:28 | 000,017,372 | -HS- | M] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\786687y7c168q428n153s8xbl4s1
    [2011/12/16 09:13:02 | 000,078,848 | ---- | M] () -- C:\WINDOWS\System32\HhU0X.exe_
    [2011/12/16 09:13:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\HhU0X.exe.b
    [2011/12/15 18:15:05 | 000,333,824 | ---- | M] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\qvp.exe
    [2011/12/15 18:15:05 | 000,333,824 | ---- | M] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\psm.exe
    [2011/12/16 09:07:49 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\WDnmEO.dat

    :Files
    C:\WINDOWS\tasks\At*.job
    ipconfig /flushdns /c

    :Commands
    [purity]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Step 3

Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post

Step 4

Please don't forget to include these items in your reply:

  • OTL fix log
  • Malwarebytes log
  • VRT log
It would be helpful if you could post each log in separate post
  • 0

#10
Tegros08

Tegros08

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Logs per request. The VRT log seems to have erased what threats were found since I closed the program. Either that or I cannot find it.

Attached Files

  • Attached File  MBAM.zip   689bytes   35 downloads
  • Attached File  _OTL.zip   37.76KB   30 downloads

Edited by Tegros08, 16 December 2011 - 08:31 PM.

  • 0

Advertisements


#11
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi Tegros08,

Step 1

Please read carefully and follow these steps.

Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
  • Extract the zip file to its own folder.
  • Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
  • Click Start scan to start scanning.
  • If infection is detected, the default setting for "action" should be Cure
    • (If suspicious file is detected please click on it and change it to Skip).
  • Click Continue button
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
Step 2


Download aswMBR.exe ( 511KB ) to your desktop.


  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply
Step 3


Please don't forget to include these items in your reply:

  • TDSSKiller log
  • aswMBR log
It would be helpful if you could post each log in separate post
  • 0

#12
Tegros08

Tegros08

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
10:57:31.0531 1144 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
10:57:31.0843 1144 ============================================================
10:57:31.0843 1144 Current date / time: 2011/12/17 10:57:31.0843
10:57:31.0843 1144 SystemInfo:
10:57:31.0843 1144
10:57:31.0843 1144 OS Version: 5.1.2600 ServicePack: 3.0
10:57:31.0843 1144 Product type: Workstation
10:57:31.0843 1144 ComputerName: HOME-35EF3B8602
10:57:31.0843 1144 UserName: Dave
10:57:31.0843 1144 Windows directory: C:\WINDOWS
10:57:31.0843 1144 System windows directory: C:\WINDOWS
10:57:31.0843 1144 Processor architecture: Intel x86
10:57:31.0843 1144 Number of processors: 4
10:57:31.0843 1144 Page size: 0x1000
10:57:31.0843 1144 Boot type: Normal boot
10:57:31.0843 1144 ============================================================
10:57:32.0750 1144 Initialize success
10:57:42.0312 2816 ============================================================
10:57:42.0312 2816 Scan started
10:57:42.0312 2816 Mode: Manual;
10:57:42.0312 2816 ============================================================
10:57:44.0000 2816 Abiosdsk - ok
10:57:44.0218 2816 abp480n5 - ok
10:57:44.0468 2816 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:57:44.0593 2816 ACPI - ok
10:57:44.0796 2816 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
10:57:44.0812 2816 ACPIEC - ok
10:57:44.0875 2816 adpu160m - ok
10:57:44.0921 2816 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
10:57:44.0921 2816 aec - ok
10:57:44.0968 2816 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
10:57:44.0968 2816 AFD - ok
10:57:44.0984 2816 Aha154x - ok
10:57:45.0000 2816 aic78u2 - ok
10:57:45.0000 2816 aic78xx - ok
10:57:45.0015 2816 AliIde - ok
10:57:45.0078 2816 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
10:57:45.0140 2816 Ambfilt - ok
10:57:45.0140 2816 amsint - ok
10:57:45.0203 2816 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
10:57:45.0203 2816 Arp1394 - ok
10:57:45.0218 2816 asc - ok
10:57:45.0218 2816 asc3350p - ok
10:57:45.0234 2816 asc3550 - ok
10:57:45.0265 2816 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:57:45.0265 2816 AsyncMac - ok
10:57:45.0281 2816 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
10:57:45.0281 2816 atapi - ok
10:57:45.0296 2816 Atdisk - ok
10:57:45.0531 2816 ati2mtag (f27a0b0d1373d36d866f29b434b7aa92) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
10:57:45.0750 2816 ati2mtag - ok
10:57:45.0765 2816 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:57:45.0765 2816 Atmarpc - ok
10:57:45.0796 2816 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
10:57:45.0796 2816 audstub - ok
10:57:45.0828 2816 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
10:57:45.0828 2816 Beep - ok
10:57:45.0828 2816 catchme - ok
10:57:45.0875 2816 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
10:57:45.0875 2816 cbidf2k - ok
10:57:45.0890 2816 cd20xrnt - ok
10:57:45.0921 2816 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
10:57:45.0921 2816 Cdaudio - ok
10:57:45.0953 2816 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
10:57:45.0953 2816 Cdfs - ok
10:57:45.0984 2816 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:57:45.0984 2816 Cdrom - ok
10:57:46.0000 2816 Changer - ok
10:57:46.0015 2816 CmdIde - ok
10:57:46.0031 2816 Cpqarray - ok
10:57:46.0093 2816 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
10:57:46.0093 2816 cpudrv - ok
10:57:46.0203 2816 cpuz132 - ok
10:57:46.0328 2816 ctsfm2k (fcbb8ea6fe935d2c531d3a4dee9f985b) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
10:57:46.0328 2816 ctsfm2k - ok
10:57:46.0406 2816 CTUSFSYN (12a7b253f9128b3b68a9979827047b76) C:\WINDOWS\system32\drivers\ctusfsyn.sys
10:57:46.0406 2816 CTUSFSYN - ok
10:57:46.0437 2816 dac2w2k - ok
10:57:46.0468 2816 dac960nt - ok
10:57:46.0546 2816 DAdderFltr (cb90f77e21109ccfd114a17bd87a42a7) C:\WINDOWS\system32\drivers\dadder.sys
10:57:46.0546 2816 DAdderFltr - ok
10:57:46.0609 2816 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
10:57:46.0609 2816 Disk - ok
10:57:46.0671 2816 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
10:57:46.0671 2816 dmboot - ok
10:57:46.0703 2816 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
10:57:46.0703 2816 dmio - ok
10:57:46.0718 2816 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
10:57:46.0718 2816 dmload - ok
10:57:46.0750 2816 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
10:57:46.0750 2816 DMusic - ok
10:57:46.0765 2816 dpti2o - ok
10:57:46.0796 2816 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
10:57:46.0812 2816 drmkaud - ok
10:57:46.0843 2816 e1express (34aaa3b298a852b3663e6e0d94d12945) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
10:57:46.0859 2816 e1express - ok
10:57:46.0890 2816 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
10:57:46.0890 2816 Fastfat - ok
10:57:46.0921 2816 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
10:57:46.0921 2816 Fdc - ok
10:57:46.0937 2816 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
10:57:46.0937 2816 Fips - ok
10:57:46.0953 2816 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
10:57:46.0953 2816 Flpydisk - ok
10:57:47.0000 2816 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
10:57:47.0000 2816 FltMgr - ok
10:57:47.0015 2816 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:57:47.0015 2816 Fs_Rec - ok
10:57:47.0031 2816 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:57:47.0031 2816 Ftdisk - ok
10:57:47.0046 2816 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:57:47.0046 2816 Gpc - ok
10:57:47.0062 2816 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
10:57:47.0062 2816 HDAudBus - ok
10:57:47.0093 2816 HECI (c865d1f6d03595df213dc3c67e4e4c58) C:\WINDOWS\system32\DRIVERS\HECI.sys
10:57:47.0093 2816 HECI - ok
10:57:47.0140 2816 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:57:47.0140 2816 hidusb - ok
10:57:47.0140 2816 hpn - ok
10:57:47.0203 2816 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
10:57:47.0203 2816 HTTP - ok
10:57:47.0218 2816 i2omgmt - ok
10:57:47.0234 2816 i2omp - ok
10:57:47.0250 2816 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
10:57:47.0250 2816 i8042prt - ok
10:57:47.0421 2816 ialm (c5db546f9028cd00e64335091860d8f3) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
10:57:47.0484 2816 ialm - ok
10:57:47.0500 2816 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
10:57:47.0515 2816 Imapi - ok
10:57:47.0515 2816 ini910u - ok
10:57:47.0890 2816 IntcAzAudAddService (55920481a44fa7bdde5fc1b9e02c7c2a) C:\WINDOWS\system32\drivers\RtkHDAud.sys
10:57:48.0328 2816 IntcAzAudAddService - ok
10:57:48.0343 2816 IntelIde - ok
10:57:48.0359 2816 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:57:48.0359 2816 intelppm - ok
10:57:48.0375 2816 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
10:57:48.0375 2816 Ip6Fw - ok
10:57:48.0421 2816 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:57:48.0421 2816 IpFilterDriver - ok
10:57:48.0437 2816 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:57:48.0437 2816 IpInIp - ok
10:57:48.0468 2816 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:57:48.0468 2816 IpNat - ok
10:57:48.0484 2816 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:57:48.0484 2816 IPSec - ok
10:57:48.0500 2816 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
10:57:48.0500 2816 IRENUM - ok
10:57:48.0531 2816 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:57:48.0531 2816 isapnp - ok
10:57:48.0546 2816 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:57:48.0546 2816 Kbdclass - ok
10:57:48.0562 2816 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
10:57:48.0562 2816 kbdhid - ok
10:57:48.0609 2816 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
10:57:48.0609 2816 kmixer - ok
10:57:48.0640 2816 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
10:57:48.0640 2816 KSecDD - ok
10:57:48.0656 2816 lbrtfdc - ok
10:57:48.0671 2816 MBAMSwissArmy - ok
10:57:48.0703 2816 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
10:57:48.0703 2816 mnmdd - ok
10:57:48.0734 2816 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
10:57:48.0734 2816 Modem - ok
10:57:48.0796 2816 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
10:57:48.0828 2816 Monfilt - ok
10:57:48.0859 2816 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:57:48.0859 2816 Mouclass - ok
10:57:48.0906 2816 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:57:48.0906 2816 mouhid - ok
10:57:48.0937 2816 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
10:57:48.0937 2816 MountMgr - ok
10:57:48.0937 2816 mraid35x - ok
10:57:48.0968 2816 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:57:48.0968 2816 MRxDAV - ok
10:57:49.0015 2816 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:57:49.0031 2816 MRxSmb - ok
10:57:49.0046 2816 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
10:57:49.0046 2816 Msfs - ok
10:57:49.0093 2816 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:57:49.0093 2816 MSKSSRV - ok
10:57:49.0109 2816 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:57:49.0109 2816 MSPCLOCK - ok
10:57:49.0125 2816 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
10:57:49.0125 2816 MSPQM - ok
10:57:49.0156 2816 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:57:49.0156 2816 mssmbios - ok
10:57:49.0187 2816 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
10:57:49.0187 2816 Mup - ok
10:57:49.0218 2816 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
10:57:49.0218 2816 NDIS - ok
10:57:49.0250 2816 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:57:49.0250 2816 NdisTapi - ok
10:57:49.0281 2816 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:57:49.0281 2816 Ndisuio - ok
10:57:49.0296 2816 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:57:49.0296 2816 NdisWan - ok
10:57:49.0343 2816 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
10:57:49.0359 2816 NDProxy - ok
10:57:49.0375 2816 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
10:57:49.0375 2816 NetBIOS - ok
10:57:49.0390 2816 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
10:57:49.0390 2816 NetBT - ok
10:57:49.0406 2816 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
10:57:49.0406 2816 NIC1394 - ok
10:57:49.0421 2816 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
10:57:49.0421 2816 Npfs - ok
10:57:49.0453 2816 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
10:57:49.0484 2816 Ntfs - ok
10:57:49.0515 2816 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
10:57:49.0515 2816 Null - ok
10:57:49.0546 2816 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:57:49.0546 2816 NwlnkFlt - ok
10:57:49.0562 2816 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:57:49.0562 2816 NwlnkFwd - ok
10:57:49.0578 2816 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
10:57:49.0578 2816 ohci1394 - ok
10:57:49.0609 2816 ossrv (3649eefa90990249267dd6c7808cbc86) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
10:57:49.0609 2816 ossrv - ok
10:57:49.0687 2816 P17 (576b19c67e792c2545336ccc4e080ea3) C:\WINDOWS\system32\drivers\P17.sys
10:57:49.0718 2816 P17 - ok
10:57:49.0781 2816 P17xfi (06902b5f2a17dddf1282ff402b5bd51b) C:\WINDOWS\system32\drivers\P17xfi.sys
10:57:49.0828 2816 P17xfi - ok
10:57:49.0890 2816 p17xfilt (a782e03a3b54c13fa7c29d33e1c9a044) C:\WINDOWS\system32\drivers\p17xfilt.sys
10:57:49.0953 2816 p17xfilt - ok
10:57:50.0000 2816 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
10:57:50.0000 2816 Parport - ok
10:57:50.0015 2816 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
10:57:50.0015 2816 PartMgr - ok
10:57:50.0046 2816 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
10:57:50.0046 2816 ParVdm - ok
10:57:50.0062 2816 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
10:57:50.0062 2816 PCI - ok
10:57:50.0078 2816 PCIDump - ok
10:57:50.0093 2816 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
10:57:50.0093 2816 PCIIde - ok
10:57:50.0125 2816 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
10:57:50.0125 2816 Pcmcia - ok
10:57:50.0140 2816 PDCOMP - ok
10:57:50.0140 2816 PDFRAME - ok
10:57:50.0156 2816 PDRELI - ok
10:57:50.0171 2816 PDRFRAME - ok
10:57:50.0171 2816 perc2 - ok
10:57:50.0187 2816 perc2hib - ok
10:57:50.0218 2816 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:57:50.0218 2816 PptpMiniport - ok
10:57:50.0250 2816 prodrv06 (18d9789a4664bf417eea944d2776091a) C:\WINDOWS\System32\drivers\prodrv06.sys
10:57:50.0265 2816 prodrv06 - ok
10:57:50.0312 2816 prohlp02 (8cc9671a7ed2902e747ee0892e1c8575) C:\WINDOWS\system32\drivers\prohlp02.sys
10:57:50.0312 2816 prohlp02 - ok
10:57:50.0343 2816 prosync1 (960bce3ed38761b446aabac06c76badf) C:\WINDOWS\system32\drivers\prosync1.sys
10:57:50.0343 2816 prosync1 - ok
10:57:50.0359 2816 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
10:57:50.0359 2816 PSched - ok
10:57:50.0390 2816 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:57:50.0390 2816 Ptilink - ok
10:57:50.0406 2816 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
10:57:50.0406 2816 PxHelp20 - ok
10:57:50.0421 2816 ql1080 - ok
10:57:50.0437 2816 Ql10wnt - ok
10:57:50.0437 2816 ql12160 - ok
10:57:50.0453 2816 ql1240 - ok
10:57:50.0468 2816 ql1280 - ok
10:57:50.0500 2816 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:57:50.0500 2816 RasAcd - ok
10:57:50.0531 2816 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:57:50.0546 2816 Rasl2tp - ok
10:57:50.0546 2816 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:57:50.0562 2816 RasPppoe - ok
10:57:50.0562 2816 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
10:57:50.0562 2816 Raspti - ok
10:57:50.0593 2816 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:57:50.0593 2816 Rdbss - ok
10:57:50.0609 2816 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:57:50.0609 2816 RDPCDD - ok
10:57:50.0625 2816 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:57:50.0625 2816 rdpdr - ok
10:57:50.0671 2816 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
10:57:50.0671 2816 RDPWD - ok
10:57:50.0703 2816 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
10:57:50.0703 2816 redbook - ok
10:57:50.0750 2816 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:57:50.0750 2816 Secdrv - ok
10:57:50.0765 2816 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
10:57:50.0765 2816 serenum - ok
10:57:50.0781 2816 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
10:57:50.0781 2816 Serial - ok
10:57:50.0843 2816 sfhlp01 (462aee0ea0481ea8bd45cac876a4ccc4) C:\WINDOWS\system32\drivers\sfhlp01.sys
10:57:50.0843 2816 sfhlp01 - ok
10:57:50.0859 2816 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
10:57:50.0859 2816 Sfloppy - ok
10:57:50.0875 2816 Simbad - ok
10:57:50.0875 2816 Sparrow - ok
10:57:50.0906 2816 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
10:57:50.0921 2816 splitter - ok
10:57:50.0921 2816 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
10:57:50.0937 2816 sr - ok
10:57:50.0968 2816 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
10:57:50.0968 2816 Srv - ok
10:57:51.0000 2816 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
10:57:51.0000 2816 swenum - ok
10:57:51.0015 2816 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
10:57:51.0015 2816 swmidi - ok
10:57:51.0031 2816 symc810 - ok
10:57:51.0046 2816 symc8xx - ok
10:57:51.0046 2816 sym_hi - ok
10:57:51.0062 2816 sym_u3 - ok
10:57:51.0109 2816 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
10:57:51.0109 2816 sysaudio - ok
10:57:51.0156 2816 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:57:51.0171 2816 Tcpip - ok
10:57:51.0203 2816 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
10:57:51.0203 2816 TDPIPE - ok
10:57:51.0218 2816 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
10:57:51.0218 2816 TDTCP - ok
10:57:51.0250 2816 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
10:57:51.0250 2816 TermDD - ok
10:57:51.0265 2816 TosIde - ok
10:57:51.0281 2816 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
10:57:51.0281 2816 Udfs - ok
10:57:51.0296 2816 ultra - ok
10:57:51.0328 2816 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
10:57:51.0328 2816 Update - ok
10:57:51.0359 2816 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:57:51.0359 2816 usbccgp - ok
10:57:51.0390 2816 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:57:51.0390 2816 usbehci - ok
10:57:51.0421 2816 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:57:51.0421 2816 usbhub - ok
10:57:51.0437 2816 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:57:51.0437 2816 usbuhci - ok
10:57:51.0468 2816 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
10:57:51.0468 2816 VgaSave - ok
10:57:51.0500 2816 vHidDev (949aa00a83b0c4d7a3010035d8af93d9) C:\WINDOWS\system32\DRIVERS\vHidDev.sys
10:57:51.0500 2816 vHidDev - ok
10:57:51.0500 2816 ViaIde - ok
10:57:51.0531 2816 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
10:57:51.0546 2816 VolSnap - ok
10:57:51.0562 2816 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:57:51.0562 2816 Wanarp - ok
10:57:51.0578 2816 WDICA - ok
10:57:51.0625 2816 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
10:57:51.0625 2816 wdmaud - ok
10:57:51.0671 2816 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
10:57:51.0671 2816 WS2IFSL - ok
10:57:51.0703 2816 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:57:51.0703 2816 WudfPf - ok
10:57:51.0734 2816 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
10:57:51.0734 2816 WudfRd - ok
10:57:51.0765 2816 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
10:57:51.0921 2816 \Device\Harddisk0\DR0 - ok
10:57:51.0921 2816 Boot (0x1200) (7e169321329111cd4d48b459670fc257) \Device\Harddisk0\DR0\Partition0
10:57:51.0921 2816 \Device\Harddisk0\DR0\Partition0 - ok
10:57:51.0921 2816 ============================================================
10:57:51.0921 2816 Scan finished
10:57:51.0921 2816 ============================================================
10:57:51.0937 1140 Detected object count: 0
10:57:51.0937 1140 Actual detected object count: 0
  • 0

#13
Tegros08

Tegros08

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-17 10:59:35
-----------------------------
10:59:35.640 OS Version: Windows 5.1.2600 Service Pack 3
10:59:35.640 Number of processors: 4 586 0x170A
10:59:35.640 ComputerName: HOME-35EF3B8602 UserName: Dave
10:59:36.078 Initialize success
10:59:54.968 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-14
10:59:54.968 Disk 0 Vendor: ST3120026AS 3.18 Size: 114473MB BusType: 3
10:59:56.984 Disk 0 MBR read successfully
10:59:56.984 Disk 0 MBR scan
10:59:56.984 Disk 0 Windows XP default MBR code
10:59:56.984 Disk 0 scanning sectors +234420480
10:59:57.031 Disk 0 scanning C:\WINDOWS\system32\drivers
11:00:02.546 Service scanning
11:00:03.515 Modules scanning
11:00:07.296 Disk 0 trace - called modules:
11:00:07.312 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll prosync1.sys atapi.sys pciide.sys PCIIDEX.SYS
11:00:07.312 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8acb5878]
11:00:07.312 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000072[0x8ac819e8]
11:00:07.312 5 ACPI.sys[b9a5d620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-14[0x8ac43b00]
11:00:07.656 \Driver\atapi[0x8ac48c28] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> prosync1.sys[0xba5b06c1]
11:00:07.656 Scan finished successfully
11:00:38.781 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Dave\Desktop\MBR.dat"
11:00:38.781 The log file has been saved successfully to "C:\Documents and Settings\Dave\Desktop\aswMBR.txt"
  • 0

#14
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Logs looking good. How is your system now? Any problems?
  • 0

#15
Tegros08

Tegros08

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
It's working pretty good so far. No issues that I've noticed. So, thank you once again for the help!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP