Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Computer operating slowly, pop-up IE windows, virus scan software find

Started by boredcrow , Jan 29 2012 11:45 PM

Page 6 of 11
4
5
6
7
8

This topic is locked

#76
boredcrow

Posted 13 February 2012 - 10:53 PM

Member

Topic Starter
Member
69 posts

All right, startup successful. Mouse and keyboard back to not working. And I can't get Microsoft Security Essentials to turn realtime protection back on. It keeps timing out.

Computer does seem to be running a bit slow, but not terribly.

#77
CompCav

Posted 13 February 2012 - 11:03 PM

Member 5k

Expert
12,454 posts

Step 2.

Please download Farbar Service Scanner and run it on the computer.
Posted Image

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

#78
boredcrow

Posted 13 February 2012 - 11:23 PM

Member

Topic Starter
Member
69 posts

Farbar Service Scanner Version: 13-02-2012
Ran by Sabrina (administrator) on 13-02-2012 at 21:19:01
Running from "C:\Users\Sabrina\Desktop"
Microsoft® Windows Vista™ Business Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.

Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking LEGACY_MpsSvc: Attention! Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
============

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open WinDefend registry key. The service key does not exist.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2011-08-10 17:54] - [2011-06-17 12:13] - 0913296 ____A (Microsoft Corporation) 6647FCE6FC4970DAAFE5C64C794513D3

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

#79
CompCav

Posted 13 February 2012 - 11:38 PM

Member 5k

Expert
12,454 posts

This will need a reg fix my next post needs to be approved by my instructor. It will be tomorrow.

#80
CompCav

Posted 14 February 2012 - 03:08 PM

Member 5k

Expert
12,454 posts

Step 1.

We need to run ComboFix again. Please delete your current copy and download a fresh copy and run it.

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

NetSvc::
AdobeActiveFileMonitor6.0

Driver::
AdobeActiveFileMonitor6.0

File::
C:\Windows\System32\pdlndlpb.dll

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Step 2.

TDSSKiller

Delete old copy and download a new copy of TDSSKiller.exe

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 3.

Please download attached zip file to your desktop:

MpsSvc.zip 1.61KB 117 downloads
Please go to Start=>Run (alternatively use Windows key+R), type regedit and click OK.
Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root
Right-Click Root and select Permissions...
Under Security type while Everyone is selected put a check mark in the box under Allow next to Full Control.
Click Apply and OK.

Unzip the file.
You'll find three files inside.
Right click on legacy_mpssvc.reg file, click "Merge".
Allow registry merge.
Right click on mpssvc.reg file, click "Merge".
Allow registry merge.

Please go to Start=>Run (alternatively use Windows key+R), type regedit and click OK.
Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root
Right-Click Root and select Permissions...
Under Security type while Everyone is selected remove the check mark in the box under Allow next to Full Control.
Click Apply and OK.

Restart computer.

In a set of files you downloaded in previous step find start_services.bat.
Right click on it, click "Run As Administrator" to run the fix.

Check on firewall issue.

Step 4.

Download OTL to your Desktop
Double click on the icon to run it.
Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top, make sure Standard output is selected.
Select Scan all users
Check the boxes beside LOP Check and Purity Check.
Under the Custom Scans/Fixes box copy and paste this in:

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
i8042prt.sys
consrv.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
C:\Windows\assembly\tmp\U\*.* /s
C:\Program Files\Common Files\ComObjects\*.* /s
C:\windows\*. /RP /s
CREATERESTOREPOINT
Click the QuickScan button. Do not change any settings unless otherwise told to do so. The scan won't take long.

When the scan completes, it will open OTL.Txt in Notepad window on the task bar.
Please copy (Edit->Select All, Edit->Copy) the content of this file and post it with your next reply.

Step 5.

Please post:

Combofix.txt
TDSSKiller log
OTL.txt

Is the firewall working now? Can you enable MS Security Essentials?

What are the other symptoms?

#81
boredcrow

Posted 14 February 2012 - 04:23 PM

Member

Topic Starter
Member
69 posts

Tried to run ComboFix in normal mode, it failed with the same problem as before (XCALCS stops working). Should I quit the current run and try running it in safe mode again?

#82
CompCav

Posted 14 February 2012 - 04:26 PM

Member 5k

Expert
12,454 posts

Yes please do and remember when it needs to reboot you need to make sure it reboots into safe mode by tapping F8 when it restarts so that it goes back into safe mode to finish.

#83
boredcrow

Posted 14 February 2012 - 05:09 PM

Member

Topic Starter
Member
69 posts

After Combofix finishes (and I make sure it restarts in safe mode) should I run the other programs in safe mode or normal mode?

#84
CompCav

Posted 14 February 2012 - 05:13 PM

Member 5k

Expert
12,454 posts

Normal if you can. :thumbsup:

#85
boredcrow

Posted 14 February 2012 - 05:58 PM

Member

Topic Starter
Member
69 posts

All right, I made extra sure that Microsoft Security Essentials was off, and I restarted in safe mode. Still no log. It got to the point of telling me that there was rootkit activity on my computer and that it needed to restart - at the same time, it told me my recycle bin was corrupt. Upon restart, the combofix folder is on my C drive, but no file named combofix.txt. The only notification to pop up was the one still saying my recycle bin is corrupted.

Would it help to uninstall MS Essentials for the duration of the fix? Is that what's causing all the trouble?

#86
CompCav

Posted 14 February 2012 - 07:08 PM

Member 5k

Expert
12,454 posts

Let's try running it with the /nombr switch first.

Go back into safe mode.

Get the run box to come up (Windows Key + R)and type this in:

Combofix /nombr "C:\Users\Sabrina\Desktop\CFScript.txt"

There needs to be a single space between x and / , r and "

After you type it in click OK

Then click Yes, if asked to, for it to begin. Several of our logs have required this step to get a good completion.

If this works then paste the file in and go to the next tool. :thumbsup:

HOWEVER

If that does not do it then please uninstall your antivirus (MS security Essentials)

Then we can rule it out by uninstalling it for one run. Please uninstall it until we complete this second run then reinstall it.

#87
boredcrow

Posted 14 February 2012 - 09:12 PM

Member

Topic Starter
Member
69 posts

The first run didn't work (ComboFix didn't even start properly). So I uninstalled MS Essentials, and ran Combofix in Safe Mode. And it worked!

Off to go reinstall MS Essetials... and then I should still run the other instructions in that post, right?

ComboFix 12-02-13.01 - Sabrina 02/14/2012 18:39:39.2.2 - x86 MINIMAL
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.3573.3120 [GMT -8:00]
Running from: c:\users\Sabrina\Desktop\ComboFix.exe
Command switches used :: c:\users\Sabrina\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\System32\pdlndlpb.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\GroupPolicy\Machine\Registry.pol
c:\windows\system32\Settings
c:\windows\system32\Settings\Settings.ini
.
Infected copy of c:\windows\system32\drivers\tdx.sys was found and disinfected
Restored copy from - The cat found it

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_.afd
-------\Service_.cdrom
-------\Service_.netbt
-------\Service_AdobeActiveFileMonitor6.0
.
.
((((((((((((((((((((((((( Files Created from 2012-01-15 to 2012-02-15 )))))))))))))))))))))))))))))))
.
.
2012-02-15 02:58 . 2012-02-15 02:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-14 01:18 . 2009-04-11 04:47 273920 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-14 01:18 . 2008-01-21 02:25 66560 ----a-w- c:\windows\system32\drivers\smb.sys
2012-02-11 19:59 . 2008-01-21 02:23 54784 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2012-02-11 19:59 . 2009-04-11 04:45 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2012-02-11 19:59 . 2009-04-11 04:39 67072 ----a-w- c:\windows\system32\drivers\cdrom.sys
2012-02-11 19:59 . 2008-01-21 02:25 184320 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-02-10 00:12 . 2012-02-10 05:45 -------- d-----w- C:\FRST
2012-02-08 04:58 . 2012-02-09 21:47 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-06 03:58 . 2012-02-06 03:58 -------- d-----w- C:\_OTL
2012-01-26 01:39 . 2012-01-26 01:39 -------- d-----w- C:\found.001
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-31 12:44 . 2009-10-02 19:02 237072 ------w- c:\windows\system32\MpSigStub.exe
2011-12-10 23:24 . 2011-12-08 04:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-10 421736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-08-18 02:10 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\C:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2007-09-24 09:27 159744 ----a-w- c:\program files\DellTPad\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-04-13 09:29 47392 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-06-18 18:05 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-04-22 06:11 166424 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-11 05:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-04-22 06:11 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-10-10 01:06 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
2010-05-10 22:12 439568 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2007-12-21 15:58 184320 ------w- c:\program files\Dell\MediaDirect\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-04-22 06:11 133656 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 21:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2008-01-02 04:37 405504 ----a-w- c:\program files\Sigmatel\C-Major Audio\WDM\sttray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 21:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-04-27 15:58 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2008-01-02 73728]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-09 21:28]
.
2012-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-09 21:28]
.
2012-02-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4058585062-3446566008-1817747084-1003Core.job
- c:\users\Sabrina\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-21 21:33]
.
2012-02-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4058585062-3446566008-1817747084-1003UA.job
- c:\users\Sabrina\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-21 21:33]
.
2012-02-02 c:\windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-02-07 23:02]
.
2012-02-14 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-02-07 23:02]
.
2012-02-15 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-02-07 23:02]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-23134009.sys
MSConfigStartUp-MSC - c:\program files\Microsoft Security Client\msseces.exe
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\.smb]
"ImagePath"="\?"
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\.tdx]
"ImagePath"="\?"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,67,41,44,5b,85,a4,1b,49,8e,78,e2,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,67,41,44,5b,85,a4,1b,49,8e,78,e2,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2016)
c:\windows\system32\btncopy.dll
.
Completion time: 2012-02-14 19:08:24 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-15 03:07
ComboFix2.txt 2012-02-09 01:46
.
Pre-Run: 17,452,937,216 bytes free
Post-Run: 17,118,523,392 bytes free
.
- - End Of File - - DC9303B315DE45A3F49A748F9A5724C1

#88
CompCav

Posted 14 February 2012 - 09:20 PM

Member 5k

Expert
12,454 posts

Yeah!!!

And yes please do run the others in order!

#89
CompCav

Posted 14 February 2012 - 09:41 PM

Member 5k

Expert
12,454 posts

If you have no internet on the sick computer you can download the definition file to your healthy machine and copy it over with a USB flash drive to the desktop of the sick computer and run it from there.

Here is the link to get the file and the instructions for Security Essentials.

#90
boredcrow

Posted 14 February 2012 - 11:28 PM

Member

Topic Starter
Member
69 posts

Hm, so the system won't let me change the permissions under the root folder; it says access is denied. My account is an Administrator, so I dont know why it wouldn't work.Haven't done OTL yet.

Internet is up, mouse and keyboard down, here's the TDSS file:

19:27:57.0760 6108 TDSS rootkit removing tool 2.7.12.0 Feb 11 2012 16:58:52
19:27:58.0368 6108 ============================================================
19:27:58.0368 6108 Current date / time: 2012/02/14 19:27:58.0368
19:27:58.0368 6108 SystemInfo:
19:27:58.0368 6108
19:27:58.0368 6108 OS Version: 6.0.6002 ServicePack: 2.0
19:27:58.0368 6108 Product type: Workstation
19:27:58.0368 6108 ComputerName: CODII
19:27:58.0368 6108 UserName: Sabrina
19:27:58.0368 6108 Windows directory: C:\Windows
19:27:58.0368 6108 System windows directory: C:\Windows
19:27:58.0368 6108 Processor architecture: Intel x86
19:27:58.0368 6108 Number of processors: 2
19:27:58.0368 6108 Page size: 0x1000
19:27:58.0368 6108 Boot type: Normal boot
19:27:58.0368 6108 ============================================================
19:28:03.0565 6108 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:28:03.0581 6108 \Device\Harddisk0\DR0:
19:28:03.0581 6108 MBR used
19:28:03.0581 6108 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2F800, BlocksNum 0x1400000
19:28:03.0581 6108 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x142F800, BlocksNum 0x23AFE7F8
19:28:03.0815 6108 Initialize success
19:28:03.0815 6108 ============================================================
19:28:50.0810 4568 ============================================================
19:28:50.0810 4568 Scan started
19:28:50.0810 4568 Mode: Manual; SigCheck; TDLFS;
19:28:50.0810 4568 ============================================================
19:28:51.0746 4568 .smb - ok
19:28:51.0762 4568 .tdx - ok
19:28:51.0980 4568 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
19:28:52.0729 4568 ACPI - ok
19:28:52.0994 4568 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
19:28:53.0181 4568 adp94xx - ok
19:28:53.0353 4568 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
19:28:53.0556 4568 adpahci - ok
19:28:53.0680 4568 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
19:28:54.0164 4568 adpu160m - ok
19:28:54.0242 4568 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
19:28:54.0663 4568 adpu320 - ok
19:28:54.0788 4568 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
19:28:55.0240 4568 AFD - ok
19:28:55.0350 4568 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
19:28:55.0584 4568 agp440 - ok
19:28:55.0630 4568 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
19:28:55.0913 4568 aic78xx - ok
19:28:56.0069 4568 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
19:28:56.0147 4568 aliide - ok
19:28:56.0225 4568 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
19:28:56.0490 4568 amdagp - ok
19:28:56.0522 4568 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
19:28:56.0662 4568 amdide - ok
19:28:57.0192 4568 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
19:28:57.0364 4568 AmdK7 - ok
19:28:58.0019 4568 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
19:28:58.0316 4568 AmdK8 - ok
19:28:58.0534 4568 ApfiltrService (350f19eb5fe4ec37a2414df56cde1aa8) C:\Windows\system32\DRIVERS\Apfiltr.sys
19:28:58.0690 4568 ApfiltrService - ok
19:28:59.0080 4568 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
19:28:59.0267 4568 arc - ok
19:28:59.0657 4568 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
19:28:59.0844 4568 arcsas - ok
19:29:00.0047 4568 ASPI (e54e27976e2c5a6465d44c10b1d87ac0) C:\Windows\System32\DRIVERS\ASPI32.sys
19:29:00.0250 4568 ASPI ( UnsignedFile.Multi.Generic ) - warning
19:29:00.0250 4568 ASPI - detected UnsignedFile.Multi.Generic (1)
19:29:00.0297 4568 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
19:29:00.0515 4568 AsyncMac - ok
19:29:00.0609 4568 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
19:29:00.0734 4568 atapi - ok
19:29:00.0843 4568 b57nd60x (32795e299c3aba589a5e04c83d531cdf) C:\Windows\system32\DRIVERS\b57nd60x.sys
19:29:01.0436 4568 b57nd60x - ok
19:29:01.0670 4568 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
19:29:01.0779 4568 Beep - ok
19:29:02.0013 4568 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
19:29:02.0231 4568 blbdrive - ok
19:29:02.0450 4568 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
19:29:02.0762 4568 bowser - ok
19:29:03.0074 4568 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
19:29:03.0214 4568 BrFiltLo - ok
19:29:03.0292 4568 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
19:29:03.0448 4568 BrFiltUp - ok
19:29:03.0635 4568 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
19:29:03.0885 4568 Brserid - ok
19:29:04.0010 4568 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
19:29:04.0384 4568 BrSerWdm - ok
19:29:04.0571 4568 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
19:29:04.0805 4568 BrUsbMdm - ok
19:29:05.0133 4568 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
19:29:05.0351 4568 BrUsbSer - ok
19:29:05.0492 4568 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
19:29:05.0679 4568 BthEnum - ok
19:29:05.0788 4568 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
19:29:06.0100 4568 BTHMODEM - ok
19:29:06.0272 4568 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
19:29:06.0459 4568 BthPan - ok
19:29:06.0615 4568 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
19:29:06.0786 4568 BTHPORT - ok
19:29:07.0036 4568 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
19:29:07.0270 4568 BTHUSB - ok
19:29:07.0457 4568 btwaudio (4a28e7bd365377d0512b7ef8c7596d2c) C:\Windows\system32\drivers\btwaudio.sys
19:29:07.0894 4568 btwaudio - ok
19:29:07.0956 4568 btwavdt (5ffde57253d665067b0886612817eb11) C:\Windows\system32\drivers\btwavdt.sys
19:29:08.0268 4568 btwavdt - ok
19:29:08.0300 4568 btwrchid (ab07dc8b05c31a4f95fc73019be9db15) C:\Windows\system32\DRIVERS\btwrchid.sys
19:29:08.0393 4568 btwrchid - ok
19:29:08.0612 4568 catchme - ok
19:29:08.0752 4568 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
19:29:09.0065 4568 cdfs - ok
19:29:09.0299 4568 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
19:29:09.0689 4568 cdrom - ok
19:29:09.0751 4568 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
19:29:09.0985 4568 circlass - ok
19:29:10.0095 4568 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
19:29:10.0313 4568 CLFS - ok
19:29:10.0407 4568 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
19:29:10.0563 4568 CmBatt - ok
19:29:10.0609 4568 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
19:29:10.0687 4568 cmdide - ok
19:29:10.0734 4568 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
19:29:10.0843 4568 Compbatt - ok
19:29:10.0875 4568 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
19:29:10.0968 4568 crcdisk - ok
19:29:11.0015 4568 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
19:29:11.0233 4568 Crusoe - ok
19:29:11.0514 4568 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
19:29:11.0733 4568 disk - ok
19:29:12.0014 4568 DisplayLinkUsbPort (adccc97ad9af22d019428b6773f23150) C:\Windows\system32\DRIVERS\DisplayLinkUsbPort_5.6.31854.0.sys
19:29:12.0217 4568 DisplayLinkUsbPort - ok
19:29:12.0389 4568 dlkmd (b19e212ef403999dadd5f337746dd21d) C:\Windows\system32\drivers\dlkmd.sys
19:29:13.0091 4568 dlkmd - ok
19:29:13.0278 4568 dlkmdldr (4b9c06a5a539a46aaaface8bdb65218c) C:\Windows\system32\drivers\dlkmdldr.sys
19:29:13.0418 4568 dlkmdldr - ok
19:29:13.0543 4568 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
19:29:13.0684 4568 Dot4 - ok
19:29:13.0730 4568 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
19:29:13.0855 4568 Dot4Print - ok
19:29:13.0918 4568 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
19:29:14.0106 4568 dot4usb - ok
19:29:14.0215 4568 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
19:29:14.0293 4568 drmkaud - ok
19:29:14.0418 4568 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
19:29:14.0621 4568 DXGKrnl - ok
19:29:14.0683 4568 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
19:29:14.0948 4568 e1express - ok
19:29:15.0011 4568 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
19:29:15.0229 4568 E1G60 - ok
19:29:15.0369 4568 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
19:29:15.0588 4568 Ecache - ok
19:29:15.0666 4568 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
19:29:15.0806 4568 elxstor - ok
19:29:15.0853 4568 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
19:29:15.0947 4568 ErrDev - ok
19:29:16.0087 4568 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
19:29:16.0227 4568 exfat - ok
19:29:16.0274 4568 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
19:29:16.0430 4568 fastfat - ok
19:29:16.0477 4568 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
19:29:16.0695 4568 fdc - ok
19:29:16.0773 4568 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
19:29:16.0898 4568 FileInfo - ok
19:29:17.0148 4568 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
19:29:17.0382 4568 Filetrace - ok
19:29:17.0850 4568 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
19:29:18.0037 4568 flpydisk - ok
19:29:18.0177 4568 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
19:29:18.0365 4568 FltMgr - ok
19:29:18.0411 4568 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
19:29:18.0552 4568 Fs_Rec - ok
19:29:18.0599 4568 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
19:29:18.0786 4568 gagp30kx - ok
19:29:18.0864 4568 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
19:29:19.0020 4568 GEARAspiWDM - ok
19:29:19.0269 4568 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:29:19.0581 4568 HDAudBus - ok
19:29:19.0675 4568 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
19:29:19.0925 4568 HidBth - ok
19:29:20.0018 4568 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
19:29:20.0252 4568 HidIr - ok
19:29:20.0580 4568 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
19:29:20.0705 4568 HidUsb - ok
19:29:20.0845 4568 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
19:29:20.0985 4568 HpCISSs - ok
19:29:21.0219 4568 HSF_DPV (e9e589c9ab799f52e18f057635a2b362) C:\Windows\system32\DRIVERS\HSX_DPV.sys
19:29:21.0469 4568 HSF_DPV - ok
19:29:21.0594 4568 HSXHWAZL (7845d2385f4dc7dfb3ccaf0c2fa4948e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
19:29:21.0781 4568 HSXHWAZL - ok
19:29:21.0875 4568 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
19:29:22.0233 4568 HTTP - ok
19:29:22.0358 4568 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
19:29:22.0467 4568 i2omp - ok
19:29:22.0561 4568 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\drivers\iastor.sys
19:29:22.0670 4568 iaStor - ok
19:29:22.0733 4568 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
19:29:22.0904 4568 iaStorV - ok
19:29:23.0372 4568 igfx (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys
19:29:23.0903 4568 igfx - ok
19:29:24.0043 4568 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
19:29:24.0183 4568 iirsp - ok
19:29:24.0324 4568 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys
19:29:24.0433 4568 intelide - ok
19:29:24.0495 4568 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
19:29:24.0698 4568 intelppm - ok
19:29:24.0839 4568 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:29:25.0041 4568 IpFilterDriver - ok
19:29:25.0166 4568 IpInIp - ok
19:29:25.0494 4568 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
19:29:25.0665 4568 IPMIDRV - ok
19:29:25.0899 4568 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
19:29:26.0040 4568 IPNAT - ok
19:29:26.0165 4568 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
19:29:26.0321 4568 IRENUM - ok
19:29:26.0367 4568 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
19:29:26.0539 4568 isapnp - ok
19:29:26.0601 4568 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
19:29:26.0742 4568 iScsiPrt - ok
19:29:26.0804 4568 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
19:29:26.0960 4568 iteatapi - ok
19:29:26.0991 4568 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
19:29:27.0132 4568 iteraid - ok
19:29:27.0194 4568 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
19:29:27.0350 4568 kbdclass - ok
19:29:27.0491 4568 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
19:29:27.0647 4568 kbdhid - ok
19:29:27.0881 4568 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
19:29:28.0130 4568 KSecDD - ok
19:29:28.0224 4568 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
19:29:28.0505 4568 lltdio - ok
19:29:28.0614 4568 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
19:29:28.0863 4568 LSI_FC - ok
19:29:28.0973 4568 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
19:29:29.0176 4568 LSI_SAS - ok
19:29:29.0239 4568 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
19:29:29.0473 4568 LSI_SCSI - ok
19:29:29.0520 4568 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
19:29:29.0832 4568 luafv - ok
19:29:30.0190 4568 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
19:29:30.0315 4568 MBAMProtector - ok
19:29:30.0502 4568 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
19:29:30.0627 4568 mdmxsdk - ok
19:29:30.0721 4568 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
19:29:30.0846 4568 megasas - ok
19:29:30.0908 4568 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
19:29:31.0158 4568 MegaSR - ok
19:29:31.0220 4568 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
19:29:31.0407 4568 Modem - ok
19:29:31.0454 4568 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
19:29:31.0672 4568 monitor - ok
19:29:31.0719 4568 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
19:29:31.0875 4568 mouclass - ok
19:29:31.0906 4568 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
19:29:32.0141 4568 mouhid - ok
19:29:32.0188 4568 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
19:29:32.0407 4568 MountMgr - ok
19:29:32.0485 4568 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
19:29:32.0765 4568 MpFilter - ok
19:29:32.0828 4568 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
19:29:33.0109 4568 mpio - ok
19:29:33.0452 4568 MpKsl6d8aa0a3 (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C47A905C-19F2-4C1F-B552-FB18C18680DA}\MpKsl6d8aa0a3.sys
19:29:33.0545 4568 MpKsl6d8aa0a3 - ok
19:29:33.0717 4568 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
19:29:33.0811 4568 MpNWMon - ok
19:29:33.0904 4568 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
19:29:34.0076 4568 mpsdrv - ok
19:29:34.0310 4568 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
19:29:34.0481 4568 Mraid35x - ok
19:29:34.0637 4568 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
19:29:34.0778 4568 MRxDAV - ok
19:29:34.0840 4568 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:29:35.0074 4568 mrxsmb - ok
19:29:35.0293 4568 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:29:35.0511 4568 mrxsmb10 - ok
19:29:35.0605 4568 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:29:35.0885 4568 mrxsmb20 - ok
19:29:36.0073 4568 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
19:29:36.0166 4568 msahci - ok
19:29:36.0509 4568 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
19:29:36.0572 4568 msdsm - ok
19:29:36.0697 4568 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
19:29:36.0884 4568 Msfs - ok
19:29:36.0931 4568 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
19:29:37.0024 4568 msisadrv - ok
19:29:37.0087 4568 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
19:29:37.0258 4568 MSKSSRV - ok
19:29:37.0399 4568 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
19:29:37.0523 4568 MSPCLOCK - ok
19:29:37.0617 4568 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
19:29:37.0773 4568 MSPQM - ok
19:29:37.0835 4568 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
19:29:38.0069 4568 MsRPC - ok
19:29:38.0163 4568 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
19:29:38.0350 4568 mssmbios - ok
19:29:38.0444 4568 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
19:29:38.0537 4568 MSTEE - ok
19:29:38.0600 4568 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
19:29:38.0818 4568 Mup - ok
19:29:38.0943 4568 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
19:29:39.0115 4568 NativeWifiP - ok
19:29:39.0208 4568 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
19:29:39.0551 4568 NDIS - ok
19:29:39.0707 4568 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
19:29:39.0879 4568 NdisTapi - ok
19:29:40.0004 4568 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
19:29:40.0160 4568 Ndisuio - ok
19:29:40.0269 4568 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
19:29:40.0487 4568 NdisWan - ok
19:29:40.0534 4568 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
19:29:40.0877 4568 NDProxy - ok
19:29:40.0940 4568 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
19:29:41.0174 4568 NetBIOS - ok
19:29:41.0408 4568 NETw4v32 (6522dd40a5f67ced020bd81b856613fb) C:\Windows\system32\DRIVERS\NETw4v32.sys
19:29:41.0704 4568 NETw4v32 - ok
19:29:42.0032 4568 NETwLv32 (d4ef7a9767c05905500ec312cb29ef46) C:\Windows\system32\DRIVERS\NETwLv32.sys
19:29:42.0905 4568 NETwLv32 - ok
19:29:43.0046 4568 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
19:29:43.0202 4568 nfrd960 - ok
19:29:43.0529 4568 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:29:43.0763 4568 NisDrv - ok
19:29:43.0888 4568 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
19:29:44.0091 4568 Npfs - ok
19:29:44.0231 4568 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
19:29:44.0465 4568 nsiproxy - ok
19:29:44.0559 4568 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
19:29:45.0714 4568 Ntfs - ok
19:29:45.0839 4568 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
19:29:46.0058 4568 ntrigdigi - ok
19:29:46.0136 4568 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
19:29:46.0292 4568 Null - ok
19:29:46.0354 4568 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
19:29:46.0605 4568 nvraid - ok
19:29:46.0636 4568 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
19:29:46.0776 4568 nvstor - ok
19:29:46.0823 4568 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
19:29:46.0995 4568 nv_agp - ok
19:29:47.0026 4568 NwlnkFlt - ok
19:29:47.0041 4568 NwlnkFwd - ok
19:29:47.0166 4568 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
19:29:47.0385 4568 ohci1394 - ok
19:29:47.0495 4568 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
19:29:47.0869 4568 Parport - ok
19:29:47.0994 4568 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
19:29:48.0197 4568 partmgr - ok
19:29:48.0353 4568 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
19:29:48.0571 4568 Parvdm - ok
19:29:48.0712 4568 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
19:29:48.0790 4568 pci - ok
19:29:48.0868 4568 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
19:29:48.0961 4568 pciide - ok
19:29:49.0164 4568 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
19:29:49.0320 4568 pcmcia - ok
19:29:49.0585 4568 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
19:29:50.0240 4568 PEAUTH - ok
19:29:50.0662 4568 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
19:29:50.0958 4568 PptpMiniport - ok
19:29:51.0114 4568 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
19:29:51.0254 4568 Processor - ok
19:29:51.0395 4568 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
19:29:51.0707 4568 PSched - ok
19:29:51.0847 4568 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys
19:29:52.0003 4568 PxHelp20 - ok
19:29:52.0112 4568 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
19:29:52.0487 4568 ql2300 - ok
19:29:52.0627 4568 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
19:29:52.0970 4568 ql40xx - ok
19:29:53.0111 4568 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
19:29:53.0298 4568 QWAVEdrv - ok
19:29:53.0501 4568 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
19:29:54.0173 4568 R300 - ok
19:29:54.0297 4568 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
19:29:54.0438 4568 RasAcd - ok
19:29:54.0516 4568 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:29:54.0843 4568 Rasl2tp - ok
19:29:54.0984 4568 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
19:29:55.0187 4568 RasPppoe - ok
19:29:55.0249 4568 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
19:29:55.0514 4568 RasSstp - ok
19:29:55.0623 4568 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
19:29:55.0982 4568 rdbss - ok
19:29:56.0123 4568 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:29:56.0232 4568 RDPCDD - ok
19:29:56.0357 4568 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
19:29:56.0871 4568 rdpdr - ok
19:29:56.0949 4568 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
19:29:57.0074 4568 RDPENCDD - ok
19:29:57.0137 4568 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
19:29:57.0417 4568 RDPWD - ok
19:29:57.0573 4568 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
19:29:57.0870 4568 RFCOMM - ok
19:29:57.0917 4568 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys
19:29:58.0182 4568 rimmptsk - ok
19:29:58.0307 4568 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys
19:29:58.0541 4568 rimsptsk - ok
19:29:58.0603 4568 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
19:29:58.0806 4568 rismxdp - ok
19:29:58.0884 4568 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
19:29:59.0227 4568 rspndr - ok
19:29:59.0289 4568 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
19:29:59.0586 4568 sbp2port - ok
19:29:59.0711 4568 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
19:29:59.0898 4568 sdbus - ok
19:30:00.0163 4568 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:30:00.0444 4568 secdrv - ok
19:30:00.0756 4568 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
19:30:01.0021 4568 Serenum - ok
19:30:01.0146 4568 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
19:30:01.0380 4568 Serial - ok
19:30:01.0411 4568 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
19:30:01.0645 4568 sermouse - ok
19:30:01.0754 4568 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
19:30:01.0895 4568 sffdisk - ok
19:30:01.0957 4568 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
19:30:02.0066 4568 sffp_mmc - ok
19:30:02.0175 4568 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
19:30:02.0285 4568 sffp_sd - ok
19:30:02.0331 4568 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
19:30:02.0565 4568 sfloppy - ok
19:30:02.0675 4568 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
19:30:03.0018 4568 sisagp - ok
19:30:03.0049 4568 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
19:30:03.0252 4568 SiSRaid2 - ok
19:30:03.0299 4568 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
19:30:03.0533 4568 SiSRaid4 - ok
19:30:03.0673 4568 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
19:30:03.0767 4568 spldr - ok
19:30:03.0891 4568 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
19:30:04.0125 4568 srv - ok
19:30:04.0172 4568 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
19:30:04.0359 4568 srv2 - ok
19:30:04.0437 4568 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
19:30:04.0656 4568 srvnet - ok
19:30:04.0781 4568 STHDA (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys
19:30:04.0952 4568 STHDA - ok
19:30:05.0249 4568 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
19:30:05.0373 4568 StillCam - ok
19:30:05.0561 4568 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
19:30:05.0654 4568 swenum - ok
19:30:05.0763 4568 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
19:30:05.0904 4568 Symc8xx - ok
19:30:06.0107 4568 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
19:30:06.0231 4568 Sym_hi - ok
19:30:06.0278 4568 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
19:30:06.0387 4568 Sym_u3 - ok
19:30:06.0684 4568 Tcpip (6647fce6fc4970daafe5c64c794513d3) C:\Windows\system32\drivers\tcpip.sys
19:30:06.0871 4568 Tcpip - ok
19:30:06.0980 4568 Tcpip6 (6647fce6fc4970daafe5c64c794513d3) C:\Windows\system32\DRIVERS\tcpip.sys
19:30:07.0136 4568 Tcpip6 - ok
19:30:07.0386 4568 tcpipreg (36606b165d04a397bdf613096986d85d) C:\Windows\system32\drivers\tcpipreg.sys
19:30:07.0573 4568 tcpipreg - ok
19:30:07.0869 4568 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
19:30:08.0041 4568 TDPIPE - ok
19:30:08.0181 4568 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
19:30:08.0353 4568 TDTCP - ok
19:30:08.0447 4568 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
19:30:08.0868 4568 tdx - ok
19:30:09.0102 4568 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
19:30:09.0305 4568 TermDD - ok
19:30:09.0554 4568 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:30:09.0757 4568 tssecsrv - ok
19:30:09.0819 4568 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
19:30:09.0929 4568 tunmp - ok
19:30:10.0022 4568 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
19:30:10.0163 4568 tunnel - ok
19:30:10.0209 4568 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
19:30:10.0443 4568 uagp35 - ok
19:30:10.0490 4568 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
19:30:10.0615 4568 udfs - ok
19:30:10.0709 4568 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
19:30:10.0911 4568 uliagpkx - ok
19:30:10.0943 4568 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
19:30:11.0411 4568 uliahci - ok
19:30:11.0551 4568 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
19:30:11.0676 4568 UlSata - ok
19:30:11.0801 4568 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
19:30:11.0972 4568 ulsata2 - ok
19:30:12.0019 4568 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
19:30:12.0269 4568 umbus - ok
19:30:12.0409 4568 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
19:30:12.0565 4568 USBAAPL - ok
19:30:12.0768 4568 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
19:30:12.0939 4568 usbaudio - ok
19:30:13.0033 4568 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
19:30:13.0298 4568 usbccgp - ok
19:30:13.0423 4568 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
19:30:13.0797 4568 usbcir - ok
19:30:14.0172 4568 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
19:30:14.0359 4568 usbehci - ok
19:30:14.0562 4568 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
19:30:14.0796 4568 usbhub - ok
19:30:14.0858 4568 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
19:30:15.0139 4568 usbohci - ok
19:30:15.0233 4568 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
19:30:15.0451 4568 usbprint - ok
19:30:15.0529 4568 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
19:30:15.0701 4568 usbscan - ok
19:30:15.0810 4568 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:30:16.0122 4568 USBSTOR - ok
19:30:16.0215 4568 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
19:30:16.0356 4568 usbuhci - ok
19:30:16.0434 4568 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
19:30:16.0605 4568 vga - ok
19:30:16.0652 4568 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
19:30:16.0824 4568 VgaSave - ok
19:30:16.0871 4568 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
19:30:17.0058 4568 viaagp - ok
19:30:17.0229 4568 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
19:30:17.0370 4568 ViaC7 - ok
19:30:17.0463 4568 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
19:30:17.0541 4568 viaide - ok
19:30:17.0573 4568 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
19:30:17.0744 4568 volmgr - ok
19:30:17.0822 4568 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
19:30:17.0994 4568 volmgrx - ok
19:30:18.0134 4568 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
19:30:18.0290 4568 volsnap - ok
19:30:18.0353 4568 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
19:30:18.0509 4568 vsmraid - ok
19:30:18.0602 4568 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
19:30:18.0836 4568 WacomPen - ok
19:30:18.0883 4568 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:30:19.0179 4568 Wanarp - ok
19:30:19.0195 4568 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:30:19.0367 4568 Wanarpv6 - ok
19:30:19.0507 4568 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
19:30:19.0616 4568 Wd - ok
19:30:19.0694 4568 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
19:30:19.0850 4568 Wdf01000 - ok
19:30:20.0022 4568 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
19:30:20.0349 4568 WimFltr - ok
19:30:20.0427 4568 winachsf (4daca8f07537d4d7e3534bb99294aa26) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
19:30:20.0739 4568 winachsf - ok
19:30:21.0067 4568 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
19:30:21.0207 4568 WmiAcpi - ok
19:30:21.0410 4568 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
19:30:21.0582 4568 ws2ifsl - ok
19:30:21.0722 4568 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
19:30:21.0831 4568 WSDPrintDevice - ok
19:30:21.0925 4568 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
19:30:21.0987 4568 XAudio - ok
19:30:22.0081 4568 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
19:30:22.0362 4568 \Device\Harddisk0\DR0 - ok
19:30:22.0393 4568 Boot (0x1200) (4617723ff8a272f626a14b3bfeb623da) \Device\Harddisk0\DR0\Partition0
19:30:22.0393 4568 \Device\Harddisk0\DR0\Partition0 - ok
19:30:22.0409 4568 Boot (0x1200) (eafe597acfc21bd173b76a926b50be2b) \Device\Harddisk0\DR0\Partition1
19:30:22.0409 4568 \Device\Harddisk0\DR0\Partition1 - ok
19:30:22.0424 4568 ============================================================
19:30:22.0424 4568 Scan finished
19:30:22.0424 4568 ============================================================
19:30:22.0627 2460 Detected object count: 1
19:30:22.0627 2460 Actual detected object count: 1
19:32:34.0797 2460 ASPI ( UnsignedFile.Multi.Generic ) - skipped by user
19:32:34.0797 2460 ASPI ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:39:43.0049 4576 Deinitialize success