Jump to content


Photo

here we go again....


  • This topic is locked This topic is locked
56 replies to this topic

#1 tiredofmalware1

tiredofmalware1

    Member

  • Full Member
  • Pip
  • 86 posts

Posted 08 February 2013 - 11:16 PM

Last year it seems like I kept getting infected with a virus/trojan every 3-6 months. Two days ago when I turned on the computer, my antivirus program has been disabled. I didn't disable it, so experience tells me that I may have gotten yet another virus. Here are my logs: Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.02.07.02 Windows Vista Service Pack 1 x86 NTFS (Safe Mode/Networking) Internet Explorer 7.0.6001.18000 lisa :: [administrator] 2/6/2013 11:37:42 PM mbam-log-2013-02-06 (23-37-42).txt Scan type: Full scan (C:\|E:\|Q:\|S:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 379103 Time elapsed: 50 minute(s), 47 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK Internet Explorer: 7.0.6001.18639 Run by lisa at 20:38:51 on 2013-02-08 Microsoft® Windows Vista Home Basic 6.0.6001.1.1252.1.1033.18.989.461 [GMT -5:00] . AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\Explorer.EXE C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.yahoo.com/ uSearch Bar = hxxp://search.netzero.net/search?action=minisearch&source=minisearch_wir uSearch Page = hxxp://search.netzero.net/search?action=minisearch&source=minisearch_wir uSearchURL,(Default) = hxxp://search.netzero.net/search?action=minisearch&source=minisearch_wir&mn=0 uURLSearchHooks: {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll BHO: IePasswordManagerHelper Class: {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: NetZero Broadband Toolbar Helper: {FE3098B3-04A3-41fd-8CA9-BEA39CB14C87} - c:\program files\netzero dsl\UcReg.dll TB: NetZero Broadband: {8E613EAF-E16E-415C-BD39-F71D6A3B5518} - c:\program files\netzero dsl\Toolbar.dll uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [cdloader] "c:\users\linda\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK uRun: [Logitech Vid] "c:\program files\logitech\vid hd\Vid.exe" -bootmode mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [TpShocks] TpShocks.exe mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\LVOSDSVC.exe mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatchTray10.exe" mRun: [RoxioDragToDisc] "c:\program files\lenovo\drag-to-disc\DrgToDsc.exe" mRun: [AMSG] c:\program files\thinkvantage\amsg\Amsg.exe /startup mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BTVLogEx.DLL,StartBattLog mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe mRun: [ACWlIcon] c:\program files\thinkpad\connectutilities\ACWlIcon.exe mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui mRun: [NetZeroDSL] "c:\program files\netzero dsl\ConnectionCenter.exe" mRun: [Clearwire Connection Manager] "c:\program files\connection manager\ClearwireCM.exe" -a mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide uPolicies-Explorer: NoDriveTypeAutoRun = dword:36 uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: NameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{31059A55-7218-49B1-B9B7-AE3BA4F507AE} : DHCPNameServer = 192.168.5.1 TCP: Interfaces\{B3153CBC-4491-4F1D-9859-82E008188C6F} : DHCPNameServer = 66.233.174.12 75.94.255.12 TCP: Interfaces\{E0CCB94B-8B1B-43C9-A419-B206FF0414D5} : DHCPNameServer = 209.18.47.61 209.18.47.62 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Notify: igfxcui - igfxdev.dll SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg . ============= SERVICES / DRIVERS =============== . R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2008-5-14 19496] S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-1-30 738504] S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-1-30 361032] S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2008-5-19 13480] S1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2008-5-24 48192] S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-1-30 21256] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-1-30 58680] S2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-1-30 44808] S2 clearwireDeviceDiagnosticsService;Clearwire Device Diagnostics Service;c:\program files\connection manager\clearwireDeviceDiagnosticsService.exe [2011-3-29 407552] S2 DDNIService;DDNIService;c:\program files\ddni\dibs\DDNIService.exe [2009-11-1 163680] S2 LFKAS;Service of LFKA;c:\program files\lenovo\atk hotkey\LFKAS.exe [2009-1-15 208896] S2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2009-1-15 66848] S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\roxio\digital home 10\RoxioUpnpService10.exe [2008-4-25 362992] S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2008-4-25 309744] S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2008-4-25 166384] S2 SessionLauncher;SessionLauncher;c:\users\admini~1\appdata\local\temp\dx9\sessionlauncher.exe --> c:\users\admini~1\appdata\local\temp\dx9\SessionLauncher.exe [?] S2 SMSI Device Launch Service;Clearwire Device Launch Service;c:\program files\connection manager\DeviceLaunchSvc.exe [2011-12-13 102400] S2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2008-9-23 53325] S2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2008-5-24 520192] S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\lenovo\rescue and recovery\UpdateMonitor.exe [2008-5-24 253952] S2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2012-1-18 450848] S3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [2011-5-19 340992] S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [2011-5-19 48768] S3 CACLEARWIRE;Clearwire Con App Svc;c:\program files\connection manager\ConAppsSvc.exe [2011-12-13 118784] S3 CLEARWIRERcAppSvc;Clearwire RcAppSvc;c:\program files\connection manager\RcAppSvc.exe [2011-12-13 114688] S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-1-15 112128] S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\roxio\digital home 10\RoxioUPnPRenderer10.exe [2008-4-25 313840] S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-4-25 1120752] . =============== Created Last 30 ================ . . ==================== Find3M ==================== . 2012-12-25 16:38:33 477168 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-12-25 16:38:33 473072 ----a-w- c:\windows\system32\deployJava1.dll 2012-12-23 03:34:59 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-12-23 03:34:59 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-12-14 21:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys . ============= FINISH: 20:39:43.79 ===============

#2 tiredofmalware1

tiredofmalware1

    Member

  • Full Member
  • Pip
  • 86 posts

Posted 08 February 2013 - 11:56 PM

I did a scan using hijackthis however it will NOT save a logfile. This is strange because that has never happened before. It will also not save a logfile for AVAST antivirus. I will do an ESET scan next and post the results if it wil let me.

 

EDIT: It is not clear what you did with that first post, but it is essentially unreadable...  Please make sure you don't have Word Wrap on in Notepad and post the log again...  Thanks... 


Edited by Budfred, 09 February 2013 - 01:23 AM.


#3 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 13,621 posts

Posted 10 February 2013 - 11:00 AM

Hi tiredofmalware1, and welcome back.

Here are your corrected logs. As Budfred said, please make sure you have Word Wrap turned off in Notepad.


Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Database version: v2013.02.07.02
Windows Vista Service Pack 1 x86 NTFS (Safe Mode/Networking)
Internet Explorer 7.0.6001.18000
lisa :: [administrator]
2/6/2013 11:37:42 PM
mbam-log-2013-02-06 (23-37-42).txt
Scan type: Full scan (C:\|E:\|Q:\|S:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 379103
Time elapsed: 50 minute(s), 47 second(s)
Memory Processes Detected: 0 (No malicious items detected)
Memory Modules Detected: 0 (No malicious items detected)
Registry Keys Detected: 0 (No malicious items detected)
Registry Values Detected: 0 (No malicious items detected)
Registry Data Items Detected: 0 (No malicious items detected)
Folders Detected: 0 (No malicious items detected)
Files Detected: 0 (No malicious items detected)
(end)




DDS (Ver_2012-11-20.01) - NTFS_x86
NETWORK Internet Explorer: 7.0.6001.18639
Run by lisa at 20:38:51 on 2013-02-08
Microsoft® Windows Vista Home Basic 6.0.6001.1.1252.1.1033.18.989.461 [GMT -5:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\Explorer.EXE C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearch Bar = hxxp://search.netzero.net/search?action=minisearch&source=minisearch_wir
uSearch Page = hxxp://search.netzero.net/search?action=minisearch&source=minisearch_wir
uSearchURL,(Default) = hxxp://search.netzero.net/search?action=minisearch&source=minisearch_wir&mn=0
uURLSearchHooks: {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} -
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: IePasswordManagerHelper Class: {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: NetZero Broadband Toolbar Helper: {FE3098B3-04A3-41fd-8CA9-BEA39CB14C87} - c:\program files\netzero dsl\UcReg.dll
TB: NetZero Broadband: {8E613EAF-E16E-415C-BD39-F71D6A3B5518} - c:\program files\netzero dsl\Toolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [cdloader] "c:\users\linda\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [Logitech Vid] "c:\program files\logitech\vid hd\Vid.exe" -bootmode
mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TpShocks] TpShocks.exe mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\LVOSDSVC.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatchTray10.exe"
mRun: [RoxioDragToDisc] "c:\program files\lenovo\drag-to-disc\DrgToDsc.exe"
mRun: [AMSG] c:\program files\thinkvantage\amsg\Amsg.exe /startup
mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BTVLogEx.DLL,StartBattLog
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [ACWlIcon] c:\program files\thinkpad\connectutilities\ACWlIcon.exe
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [NetZeroDSL] "c:\program files\netzero dsl\ConnectionCenter.exe"
mRun: [Clearwire Connection Manager] "c:\program files\connection manager\ClearwireCM.exe" -a
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
uPolicies-Explorer: NoDriveTypeAutoRun = dword:36
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{31059A55-7218-49B1-B9B7-AE3BA4F507AE} : DHCPNameServer = 192.168.5.1
TCP: Interfaces\{B3153CBC-4491-4F1D-9859-82E008188C6F} : DHCPNameServer = 66.233.174.12 75.94.255.12
TCP: Interfaces\{E0CCB94B-8B1B-43C9-A419-B206FF0414D5} : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
============= SERVICES / DRIVERS =============== .
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2008-5-14 19496]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-1-30 738504]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-1-30 361032]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2008-5-19 13480]
S1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2008-5-24 48192]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-1-30 21256]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-1-30 58680]
S2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-1-30 44808]
S2 clearwireDeviceDiagnosticsService;Clearwire Device Diagnostics Service;c:\program files\connection manager\clearwireDeviceDiagnosticsService.exe [2011-3-29 407552]
S2 DDNIService;DDNIService;c:\program files\ddni\dibs\DDNIService.exe [2009-11-1 163680]
S2 LFKAS;Service of LFKA;c:\program files\lenovo\atk hotkey\LFKAS.exe [2009-1-15 208896]
S2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2009-1-15 66848]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\roxio\digital home 10\RoxioUpnpService10.exe [2008-4-25 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2008-4-25 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2008-4-25 166384]
S2 SessionLauncher;SessionLauncher;c:\users\admini~1\appdata\local\temp\dx9\sessionlauncher.exe --> c:\users\admini~1\appdata\local\temp\dx9\SessionLauncher.exe [?]
S2 SMSI Device Launch Service;Clearwire Device Launch Service;c:\program files\connection manager\DeviceLaunchSvc.exe [2011-12-13 102400]
S2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2008-9-23 53325]
S2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2008-5-24 520192]
S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\lenovo\rescue and recovery\UpdateMonitor.exe [2008-5-24 253952]
S2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2012-1-18 450848]
S3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [2011-5-19 340992]
S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [2011-5-19 48768]
S3 CACLEARWIRE;Clearwire Con App Svc;c:\program files\connection manager\ConAppsSvc.exe [2011-12-13 118784]
S3 CLEARWIRERcAppSvc;Clearwire RcAppSvc;c:\program files\connection manager\RcAppSvc.exe [2011-12-13 114688]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-1-15 112128]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\roxio\digital home 10\RoxioUPnPRenderer10.exe [2008-4-25 313840]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-4-25 1120752]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-12-25 16:38:33 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-12-25 16:38:33 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-23 03:34:59 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-23 03:34:59 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-14 21:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 20:39:43.79 ===============


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#4 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 13,621 posts

Posted 10 February 2013 - 11:05 AM

I suggest printing out each set of instructions and reading the entire post before proceeding. It will make following them easier. Please follow the directions in the order listed and avoid installing other software until we are finished. As you said that your antivirus was not running, I would not recommend browsing the web until it's running again. At this point I would only use your browser to download or access the tools requested as your system will be at further risk.

Please see the Instructions for posting requested logs and also post the log from Security check.

 

 

Please scan your system with ESET Online Scanner

  • Click the "Run ESET Online Scanner" button.
    • For browsers other then Internet Explorer such as Firefox, Chrome, or Opera (Microsoft Internet Explorer users can skip this step) another page will open to download the ESET Smart Installer
    • Click on esetsmartinstaller_enu.exe
    • Save it to your desktop, and double-click to run it.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

 

Please post the log from ESET Online Scanner and Security Check in your next reply.


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#5 tiredofmalware1

tiredofmalware1

    Member

  • Full Member
  • Pip
  • 86 posts

Posted 10 February 2013 - 11:54 AM

ok. i just did a eset.com scan but not the one you just listed and not before coming back to this site. It found no threats. I will do another one with these instructions.

#6 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 13,621 posts

Posted 10 February 2013 - 12:42 PM

If it was an ESET online scan, it was likely the same scanner, although you may have had a different link to get to it.. I wouldn't bother with a new scan.
 
Still need the log from Security Check though.
 
Download TDSSKiller from here and save it to your Desktop. Go here for information.

  • Right-click on TDSSKiller.exe and select "Run as administrator".
  • Choose "Change Parameters"
    • Check "Detect TDLFS file system"
    • Hit OK
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
  • If a suspicious file is detected, the default action will be Skip, click on Continue
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.
  • Please post the log from TDSSkiller.log in your next reply. Please check to see if anything was cut off by the maximum post length, and if it was, look for where it was cut off and post the remainder. It may take multiple replies to post the entire log.

Please post the logs from TDSSKiller and Security Check, and note any errors encountered.


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#7 tiredofmalware1

tiredofmalware1

    Member

  • Full Member
  • Pip
  • 86 posts

Posted 10 February 2013 - 04:48 PM

Results of screen317's Security Check version 0.99.57
Windows Vista Service Pack 1 x86 (UAC is enabled)
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.70.0.1100
Java™ 6 Update 38
Java™ 6 Update 7
Java version out of Date!
Adobe Reader 8 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 9 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````


This is in safemode. Ok did the tdsskiller scan which found no threats. I am unable to post the report for that scan also. So this makes DDS, ESET, and Tdsskiller scans where I can't post the logs. This has never happened before.

Btw the ESET did quarantine 3 files. I had to write them down. Here they are:
ESET
c:documents&settings\lisa\desktop\youtubedownloadersetup35.exe
c:documents&settings\lisa\appdata\local\temp\0.6675992985425411
c:documents&settings\lisa\appdata\local\low\sun\java\deployment\cache\6.0\2ac74c85-19b5a24a

#8 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 13,621 posts

Posted 10 February 2013 - 07:04 PM

What do you mean you can't post the logs? What's the problem? Is it that they look like the first log you posted?

If that's the problem, to turn Word Wrap off in Notepad, go to the Format drop-down menu at the top of the window and remove the check mark from Word Wrap. If that doesn't fix the problem, this one time please attach the log from TDSSKiller.

 

I assume you deleted or quarantined those three files? Did you write down what ESET said the infection was?

 

There may be a very good reason you are repeatedly being infected, your version or Windows isn't up-to-date, it's missing the latest Service Pack. Also, your Internet Explorer is very outdated. That alone makes the system vulnerable, not to mention the outdated Java. Is there some reason you've never updated your copy of Windows Vista to the current Service Pack? Don't do that now, we need to remove any infections first.


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#9 tiredofmalware1

tiredofmalware1

    Member

  • Full Member
  • Pip
  • 86 posts

Posted 11 February 2013 - 07:28 PM

The reason why I can"t post the logs is because after I highlight the report,when I right click in order to cut and paste, nothing happens.It's not allowing me. The window showing cut, paste, and copy doesn't show. After the scan,a window pops up saying that Hijack this cannot find the logfile do i want to create one? When I click yes I get an empty notepad file. I see the report but the notepad file doesn't show up. The 3 files are quarantined. Should I delete them? Is there another way i can copy the tdss log?

#10 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 13,621 posts

Posted 11 February 2013 - 10:51 PM

The reason why I can"t post the logs is because after I highlight the report,when I right click in order to cut and paste, nothing happens.It's not allowing me. The window showing cut, paste, and copy doesn't show.

 

After you highlight the text you want to copy, hit CTRL-C (while the Control button is depressed, hit C to copy). Then if you don't get a menu to paste in the board reply window, click the mouse in the window where you want to past it and hit CTRL-V (while the Control button is depressed, hit V to paste).
 

 

After the scan,a window pops up saying that Hijack this cannot find the logfile do i want to create one?

 

 

You don't want to post a HijackThis log, HijackThis isn't really that effective against today's malware, and its not compatible with Windows 7.

 

The 3 files are quarantined. Should I delete them?

 

They can be deleted.


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#11 tiredofmalware1

tiredofmalware1

    Member

  • Full Member
  • Pip
  • 86 posts

Posted 12 February 2013 - 08:46 PM

Thank you for giving me the instructions on how to manually cut and paste. Here is the log for tdsskiller. Do you need me to post any other logs? BTW the avast antivirus program is no longer disabled. this may have something to do with one of the files that was quarantined.

20:33:13.0234 0992 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
20:33:13.0967 0992 ============================================================
20:33:13.0967 0992 Current date / time: 2013/02/12 20:33:13.0967
20:33:13.0967 0992 SystemInfo:
20:33:13.0967 0992
20:33:13.0967 0992 OS Version: 6.0.6001 ServicePack: 1.0
20:33:13.0967 0992 Product type: Workstation
20:33:13.0967 0992 ComputerName:
20:33:13.0967 0992 UserName: lisa
20:33:13.0967 0992 Windows directory: C:\Windows
20:33:13.0967 0992 System windows directory: C:\Windows
20:33:13.0967 0992 Processor architecture: Intel x86
20:33:13.0967 0992 Number of processors: 2
20:33:13.0967 0992 Page size: 0x1000
20:33:13.0967 0992 Boot type: Normal boot
20:33:13.0967 0992 ============================================================
20:33:15.0683 0992 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:33:15.0730 0992 ============================================================
20:33:15.0730 0992 \Device\Harddisk0\DR0:
20:33:15.0730 0992 MBR partitions:
20:33:15.0730 0992 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2EE000
20:33:15.0730 0992 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x113A27F8
20:33:15.0730 0992 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x11691000, BlocksNum 0x1388000
20:33:15.0730 0992 ============================================================
20:33:15.0808 0992 C: <-> \Device\Harddisk0\DR0\Partition2
20:33:15.0870 0992 S: <-> \Device\Harddisk0\DR0\Partition1
20:33:15.0948 0992 Q: <-> \Device\Harddisk0\DR0\Partition3
20:33:16.0198 0992 ============================================================
20:33:16.0198 0992 Initialize success
20:33:16.0198 0992 ============================================================
20:33:30.0737 3244 ============================================================
20:33:30.0737 3244 Scan started
20:33:30.0737 3244 Mode: Manual; TDLFS;
20:33:30.0737 3244 ============================================================
20:33:33.0654 3244 ================ Scan system memory ========================
20:33:33.0654 3244 System memory - ok
20:33:33.0654 3244 ================ Scan services =============================
20:33:33.0982 3244 [ FCB8C7210F0135E24C6580F7F649C73C ] ACPI C:\Windows\system32\drivers\acpi.sys
20:33:33.0997 3244 ACPI - ok
20:33:34.0091 3244 [ F297DEF80AEDDAD06B16F45AB89DE99E ] AcPrfMgrSvc C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
20:33:34.0106 3244 AcPrfMgrSvc - ok
20:33:34.0138 3244 [ BC4F98D595EED0A21E498C35A2424A49 ] AcSvc C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
20:33:34.0138 3244 AcSvc - ok
20:33:34.0184 3244 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
20:33:34.0200 3244 adp94xx - ok
20:33:34.0262 3244 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
20:33:34.0262 3244 adpahci - ok
20:33:34.0294 3244 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
20:33:34.0309 3244 adpu160m - ok
20:33:34.0356 3244 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
20:33:34.0356 3244 adpu320 - ok
20:33:34.0418 3244 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:33:34.0434 3244 AeLookupSvc - ok
20:33:34.0481 3244 [ 48EB99503533C27AC6135648E5474457 ] AFD C:\Windows\system32\drivers\afd.sys
20:33:34.0496 3244 AFD - ok
20:33:34.0559 3244 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
20:33:34.0559 3244 agp440 - ok
20:33:34.0606 3244 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
20:33:34.0652 3244 aic78xx - ok
20:33:34.0715 3244 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
20:33:34.0715 3244 ALG - ok
20:33:34.0746 3244 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
20:33:34.0746 3244 aliide - ok
20:33:34.0793 3244 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
20:33:34.0793 3244 amdagp - ok
20:33:34.0824 3244 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
20:33:34.0824 3244 amdide - ok
20:33:34.0886 3244 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
20:33:34.0886 3244 AmdK7 - ok
20:33:34.0918 3244 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
20:33:34.0918 3244 AmdK8 - ok
20:33:34.0949 3244 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
20:33:34.0964 3244 Appinfo - ok
20:33:35.0011 3244 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
20:33:35.0011 3244 arc - ok
20:33:35.0058 3244 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
20:33:35.0058 3244 arcsas - ok
20:33:35.0136 3244 [ 5A055A4777CBBC8845DD598CB2EEBF69 ] ASLDRService C:\Program Files\Lenovo\ATK Hotkey\ASLDRSrv.exe
20:33:35.0152 3244 ASLDRService - ok
20:33:35.0198 3244 [ 7B4D08D2017AC06689D422E06C43F0AA ] ASMMAP C:\Program Files\Lenovo\ATK Hotkey\ASMMAP.sys
20:33:35.0198 3244 ASMMAP - ok
20:33:35.0245 3244 [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
20:33:35.0245 3244 aswFsBlk - ok
20:33:35.0308 3244 [ 62F9DCEC95F91B8E0203E85D344A7E65 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
20:33:35.0308 3244 aswMonFlt - ok
20:33:35.0339 3244 [ 7C9F0A2AB17D52261A9252A2EB320884 ] aswRdr C:\Windows\system32\drivers\aswRdr.sys
20:33:35.0339 3244 aswRdr - ok
20:33:35.0401 3244 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
20:33:35.0448 3244 aswSnx - ok
20:33:35.0495 3244 [ 67B558895695545FB0568B7541F3BCA7 ] aswSP C:\Windows\system32\drivers\aswSP.sys
20:33:35.0495 3244 aswSP - ok
20:33:35.0542 3244 [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
20:33:35.0557 3244 aswTdi - ok
20:33:35.0588 3244 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:33:35.0588 3244 AsyncMac - ok
20:33:35.0635 3244 [ 2D9C903DC76A66813D350A562DE40ED9 ] atapi C:\Windows\system32\drivers\atapi.sys
20:33:35.0635 3244 atapi - ok
20:33:35.0698 3244 [ 4DF523F49694B2884F8E5D870BF3E253 ] athr C:\Windows\system32\DRIVERS\athr.sys
20:33:35.0729 3244 athr - ok
20:33:35.0760 3244 [ 0110D75B791B0758E6C81CA8CACE31F8 ] ATKGFNEXSrv C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe
20:33:35.0760 3244 ATKGFNEXSrv - ok
20:33:35.0807 3244 [ 42076E29AAFA0830A2C5D4E310F58DD1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:33:35.0807 3244 AudioEndpointBuilder - ok
20:33:35.0838 3244 [ 42076E29AAFA0830A2C5D4E310F58DD1 ] Audiosrv C:\Windows\System32\Audiosrv.dll
20:33:35.0838 3244 Audiosrv - ok
20:33:35.0900 3244 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
20:33:35.0916 3244 avast! Antivirus - ok
20:33:35.0978 3244 [ 17C31F71F8173D1A440F0016270E2AC7 ] bcm C:\Windows\system32\DRIVERS\drxvi314.sys
20:33:35.0994 3244 bcm - ok
20:33:36.0041 3244 [ 3331D13AECBFCCE1BC53EBE9D3D85CCB ] bcmbusctr C:\Windows\system32\DRIVERS\BcmBusCtr.sys
20:33:36.0041 3244 bcmbusctr - ok
20:33:36.0103 3244 [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
20:33:36.0134 3244 BcmSqlStartupSvc - ok
20:33:36.0181 3244 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
20:33:36.0197 3244 Beep - ok
20:33:36.0228 3244 [ 8582E233C346AEFE759833E8A30DD697 ] BFE C:\Windows\System32\bfe.dll
20:33:36.0244 3244 BFE - ok
20:33:36.0322 3244 [ 02ED7B4DBC2A3232A389106DA7515C3D ] BITS C:\Windows\system32\qmgr.dll
20:33:36.0353 3244 BITS - ok
20:33:36.0400 3244 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
20:33:36.0400 3244 blbdrive - ok
20:33:36.0478 3244 [ 8153396D5551276227FA146900F734E6 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:33:36.0478 3244 bowser - ok
20:33:36.0493 3244 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
20:33:36.0509 3244 BrFiltLo - ok
20:33:36.0540 3244 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
20:33:36.0540 3244 BrFiltUp - ok
20:33:36.0587 3244 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
20:33:36.0602 3244 Browser - ok
20:33:36.0665 3244 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
20:33:36.0665 3244 Brserid - ok
20:33:36.0696 3244 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
20:33:36.0696 3244 BrSerWdm - ok
20:33:36.0727 3244 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
20:33:36.0743 3244 BrUsbMdm - ok
20:33:36.0774 3244 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
20:33:36.0774 3244 BrUsbSer - ok
20:33:36.0821 3244 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
20:33:36.0821 3244 BTHMODEM - ok
20:33:36.0899 3244 [ 7E1B739DBA60C69C331186BD8772E917 ] CACLEARWIRE C:\Program Files\Connection Manager\ConAppsSvc.exe
20:33:36.0899 3244 CACLEARWIRE - ok
20:33:37.0008 3244 catchme - ok
20:33:37.0039 3244 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:33:37.0039 3244 cdfs - ok
20:33:37.0086 3244 [ 1EC25CEA0DE6AC4718BF89F9E1778B57 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:33:37.0117 3244 cdrom - ok
20:33:37.0164 3244 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] CertPropSvc C:\Windows\System32\certprop.dll
20:33:37.0164 3244 CertPropSvc - ok
20:33:37.0242 3244 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
20:33:37.0242 3244 circlass - ok
20:33:37.0351 3244 [ C4ED9E7A82270CA1ADB522A69CE50523 ] clearwireDeviceDiagnosticsService C:\Program Files\Connection Manager\clearwireDeviceDiagnosticsService.exe
20:33:37.0382 3244 clearwireDeviceDiagnosticsService - ok
20:33:37.0429 3244 [ 41C7010FAC971260B309700A8EA5998D ] CLEARWIRERcAppSvc C:\Program Files\Connection Manager\RcAppSvc.exe
20:33:37.0507 3244 CLEARWIRERcAppSvc - ok
20:33:37.0601 3244 [ 465745561C832B29F7C48B488AAB3842 ] CLFS C:\Windows\system32\CLFS.sys
20:33:37.0616 3244 CLFS - ok
20:33:37.0726 3244 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:33:37.0741 3244 clr_optimization_v2.0.50727_32 - ok
20:33:37.0804 3244 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:33:37.0804 3244 CmBatt - ok
20:33:37.0835 3244 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:33:37.0835 3244 cmdide - ok
20:33:37.0897 3244 [ 2E3E4579B4299C528DE109B3CE4294AC ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT32.sys
20:33:37.0928 3244 CnxtHdAudService - ok
20:33:37.0975 3244 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:33:37.0975 3244 Compbatt - ok
20:33:37.0991 3244 COMSysApp - ok
20:33:38.0006 3244 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
20:33:38.0006 3244 crcdisk - ok
20:33:38.0053 3244 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
20:33:38.0069 3244 Crusoe - ok
20:33:38.0131 3244 [ 6DE363F9F99334514C46AEC02D3E3678 ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:33:38.0131 3244 CryptSvc - ok
20:33:38.0194 3244 [ 301AE00E12408650BADDC04DBC832830 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:33:38.0225 3244 DcomLaunch - ok
20:33:38.0303 3244 [ A767A85632556477021D43259397B21A ] DDNIService C:\Program Files\DDNI\DIBS\DDNIService.exe
20:33:38.0303 3244 DDNIService - ok
20:33:38.0334 3244 [ A3E9FA213F443AC77C7746119D13FEEC ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:33:38.0334 3244 DfsC - ok
20:33:38.0459 3244 [ FA3463F25F9CC9C3BCF1E7912FEFF099 ] DFSR C:\Windows\system32\DFSR.exe
20:33:38.0584 3244 DFSR - ok
20:33:38.0630 3244 [ 43A988A9C10333476CB5FB667CBD629D ] Dhcp C:\Windows\System32\dhcpcsvc.dll
20:33:38.0646 3244 Dhcp - ok
20:33:38.0708 3244 [ 64109E623ABD6955C8FB110B592E68B7 ] disk C:\Windows\system32\drivers\disk.sys
20:33:38.0724 3244 disk - ok
20:33:38.0771 3244 [ 5B149CCFE275F4DE0B4B8EC6B9F6821E ] DLABMFSM C:\Windows\system32\DLA\DLABMFSM.SYS
20:33:38.0786 3244 DLABMFSM - ok
20:33:38.0833 3244 [ AD4CB3D783634C90A9D0CE360933A63C ] DLABOIOM C:\Windows\system32\DLA\DLABOIOM.SYS
20:33:38.0833 3244 DLABOIOM - ok
20:33:38.0896 3244 [ 5230CDB7E715F3A3B4A882E254CDD35D ] DLACDBHM C:\Windows\system32\Drivers\DLACDBHM.SYS
20:33:38.0896 3244 DLACDBHM - ok
20:33:38.0927 3244 [ 93D03238CC3F0EE3C0B3985D110EC575 ] DLADResM C:\Windows\system32\DLA\DLADResM.SYS
20:33:38.0927 3244 DLADResM - ok
20:33:38.0974 3244 [ 6A82F77C4A6F5235BF352F0028E2EF52 ] DLAIFS_M C:\Windows\system32\DLA\DLAIFS_M.SYS
20:33:38.0989 3244 DLAIFS_M - ok
20:33:39.0020 3244 [ 0E6052C0ADA37504896A847231A3907D ] DLAOPIOM C:\Windows\system32\DLA\DLAOPIOM.SYS
20:33:39.0020 3244 DLAOPIOM - ok
20:33:39.0036 3244 [ 29670BB4E2B973C5B55A76107D4910B2 ] DLAPoolM C:\Windows\system32\DLA\DLAPoolM.SYS
20:33:39.0052 3244 DLAPoolM - ok
20:33:39.0067 3244 [ 77FE51F0F8D86804CB81F6EF6BFB86DD ] DLARTL_M C:\Windows\system32\Drivers\DLARTL_M.SYS
20:33:39.0067 3244 DLARTL_M - ok
20:33:39.0114 3244 [ 6B087732B86C1D866D69DBBE463EA90A ] DLAUDFAM C:\Windows\system32\DLA\DLAUDFAM.SYS
20:33:39.0161 3244 DLAUDFAM - ok
20:33:39.0208 3244 [ BBEECB95F2841AE4A3E3690D46D7153D ] DLAUDF_M C:\Windows\system32\DLA\DLAUDF_M.SYS
20:33:39.0208 3244 DLAUDF_M - ok
20:33:39.0254 3244 [ 4805D9A6D281C7A7DEFD9094DEC6AF7D ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:33:39.0270 3244 Dnscache - ok
20:33:39.0317 3244 [ 5AF620A08C614E24206B79E8153CF1A8 ] dot3svc C:\Windows\System32\dot3svc.dll
20:33:39.0317 3244 dot3svc - ok
20:33:39.0348 3244 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
20:33:39.0364 3244 DPS - ok
20:33:39.0395 3244 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:33:39.0395 3244 drmkaud - ok
20:33:39.0442 3244 [ 83106585494D5EB96F59187200C144BD ] DRVMCDB C:\Windows\system32\Drivers\DRVMCDB.SYS
20:33:39.0457 3244 DRVMCDB - ok
20:33:39.0473 3244 [ FFC371525AA55D1BAE18715EBCB8797C ] DRVNDDM C:\Windows\system32\Drivers\DRVNDDM.SYS
20:33:39.0473 3244 DRVNDDM - ok
20:33:39.0551 3244 [ 85F33880B8CFB554BD3D9CCDB486845A ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:33:39.0613 3244 DXGKrnl - ok
20:33:39.0676 3244 [ 908ED85B7806E8AF3AF5E9B74F7809D4 ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys
20:33:39.0691 3244 e1express - ok
20:33:39.0722 3244 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
20:33:39.0722 3244 E1G60 - ok
20:33:39.0800 3244 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
20:33:39.0800 3244 EapHost - ok
20:33:39.0832 3244 [ DD2CD259D83D8B72C02C5F2331FF9D68 ] Ecache C:\Windows\system32\drivers\ecache.sys
20:33:39.0847 3244 Ecache - ok
20:33:39.0941 3244 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
20:33:39.0956 3244 elxstor - ok
20:33:40.0019 3244 [ 70B1A86DF0C8EAD17D2BC332EDAE2C7C ] EMDMgmt C:\Windows\system32\emdmgmt.dll
20:33:40.0034 3244 EMDMgmt - ok
20:33:40.0081 3244 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:33:40.0081 3244 ErrDev - ok
20:33:40.0159 3244 [ 3CB3343D720168B575133A0A20DC2465 ] EventSystem C:\Windows\system32\es.dll
20:33:40.0175 3244 EventSystem - ok
20:33:40.0222 3244 [ 0D858EB20589A34EFB25695ACAA6AA2D ] exfat C:\Windows\system32\drivers\exfat.sys
20:33:40.0222 3244 exfat - ok
20:33:40.0284 3244 [ 3C489390C2E2064563727752AF8EAB9E ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:33:40.0284 3244 fastfat - ok
20:33:40.0315 3244 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:33:40.0331 3244 fdc - ok
20:33:40.0362 3244 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
20:33:40.0362 3244 fdPHost - ok
20:33:40.0393 3244 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
20:33:40.0393 3244 FDResPub - ok
20:33:40.0424 3244 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:33:40.0440 3244 FileInfo - ok
20:33:40.0487 3244 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:33:40.0487 3244 Filetrace - ok
20:33:40.0534 3244 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:33:40.0565 3244 flpydisk - ok
20:33:40.0596 3244 [ 05EA53AFE985443011E36DAB07343B46 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:33:40.0596 3244 FltMgr - ok
20:33:40.0674 3244 [ C9BE08664611DDAF98E2331E9288B00B ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:33:40.0721 3244 FontCache3.0.0.0 - ok
20:33:40.0768 3244 [ 65EA8B77B5851854F0C55C43FA51A198 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:33:40.0814 3244 Fs_Rec - ok
20:33:40.0877 3244 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
20:33:40.0877 3244 gagp30kx - ok
20:33:40.0939 3244 [ D9F1113D9401185245573350712F92FC ] gpsvc C:\Windows\System32\gpsvc.dll
20:33:40.0970 3244 gpsvc - ok
20:33:41.0017 3244 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:33:41.0033 3244 HdAudAddService - ok
20:33:41.0064 3244 [ C87B1EE051C0464491C1A7B03FA0BC99 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
20:33:41.0064 3244 HDAudBus - ok
20:33:41.0095 3244 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
20:33:41.0095 3244 HidBth - ok
20:33:41.0126 3244 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
20:33:41.0126 3244 HidIr - ok
20:33:41.0173 3244 [ 8FA640195279ACE21BEA91396A0054FC ] hidserv C:\Windows\System32\hidserv.dll
20:33:41.0173 3244 hidserv - ok
20:33:41.0204 3244 [ E2B5BD48AFCC0F0974FB44641B223250 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:33:41.0220 3244 HidUsb - ok
20:33:41.0267 3244 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:33:41.0267 3244 hkmsvc - ok
20:33:41.0329 3244 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
20:33:41.0345 3244 HpCISSs - ok
20:33:41.0423 3244 [ 682358F730B84B63E09C6B4EDC1DE7AE ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
20:33:41.0423 3244 hpqcxs08 - ok
20:33:41.0454 3244 [ 2E7BEE4AA776CF1C37836B26D1D29403 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
20:33:41.0485 3244 hpqddsvc - ok
20:33:41.0594 3244 [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS
20:33:41.0688 3244 HSFHWAZL - ok
20:33:41.0782 3244 [ FADD7095163CB3CB4073793EBB50FE75 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
20:33:41.0828 3244 HSF_DPV - ok
20:33:41.0844 3244 [ 058783BEDD17615D1FECE09F77960436 ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
20:33:41.0860 3244 HSXHWAZL - ok
20:33:41.0969 3244 [ 33B02459E86D0A2B86A6B9FE19139390 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:33:42.0000 3244 HTTP - ok
20:33:42.0047 3244 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
20:33:42.0047 3244 i2omp - ok
20:33:42.0094 3244 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
20:33:42.0094 3244 i8042prt - ok
20:33:42.0156 3244 [ 707C1692214B1C290271067197F075F6 ] iaStor C:\Windows\system32\drivers\iastor.sys
20:33:42.0156 3244 iaStor - ok
20:33:42.0203 3244 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
20:33:42.0218 3244 iaStorV - ok
20:33:42.0265 3244 [ 4A8AB38FDF3649C1FE3E9D16BF79927D ] IBMPMDRV C:\Windows\system32\DRIVERS\ibmpmdrv.sys
20:33:42.0312 3244 IBMPMDRV - ok
20:33:42.0343 3244 [ BB5CB196922C9F57598AE98C036DE246 ] IBMPMSVC C:\Windows\system32\ibmpmsvc.exe
20:33:42.0343 3244 IBMPMSVC - ok
20:33:42.0406 3244 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
20:33:42.0437 3244 IDriverT - ok
20:33:42.0546 3244 [ 7B630ACAED64FEF0C3E1CF255CB56686 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:33:42.0593 3244 idsvc - ok
20:33:42.0952 3244 [ 8266AE06DF974E5BA047B3E9E9E70B3F ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
20:33:45.0058 3244 igfx - ok
20:33:45.0104 3244 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
20:33:45.0120 3244 iirsp - ok
20:33:45.0292 3244 [ A3BC480A2BF8AA8E4DABD2D5DCE0AFAC ] IKEEXT C:\Windows\System32\ikeext.dll
20:33:45.0323 3244 IKEEXT - ok
20:33:45.0432 3244 [ 092A78E9C6F71BF0E22379503B90E800 ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
20:33:45.0479 3244 IntcHdmiAddService - ok
20:33:45.0557 3244 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
20:33:45.0604 3244 intelide - ok
20:33:45.0635 3244 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:33:45.0697 3244 intelppm - ok
20:33:45.0806 3244 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:33:45.0947 3244 IPBusEnum - ok
20:33:46.0025 3244 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:33:46.0040 3244 IpFilterDriver - ok
20:33:46.0103 3244 [ 6A35D233693EDC29A12742049BC5E37F ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:33:46.0150 3244 iphlpsvc - ok
20:33:46.0165 3244 IpInIp - ok
20:33:46.0243 3244 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
20:33:46.0243 3244 IPMIDRV - ok
20:33:46.0274 3244 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
20:33:46.0306 3244 IPNAT - ok
20:33:46.0337 3244 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:33:46.0368 3244 IRENUM - ok
20:33:46.0430 3244 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:33:46.0446 3244 isapnp - ok
20:33:46.0508 3244 [ F247EEC28317F6C739C16DE420097301 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
20:33:46.0524 3244 iScsiPrt - ok
20:33:46.0571 3244 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
20:33:46.0571 3244 iteatapi - ok
20:33:46.0618 3244 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
20:33:46.0618 3244 iteraid - ok
20:33:46.0696 3244 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
20:33:46.0696 3244 IviRegMgr - ok
20:33:46.0742 3244 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:33:46.0742 3244 kbdclass - ok
20:33:46.0805 3244 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
20:33:46.0805 3244 kbdhid - ok
20:33:46.0852 3244 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] KeyIso C:\Windows\system32\lsass.exe
20:33:46.0867 3244 KeyIso - ok
20:33:46.0930 3244 [ 7A0CF7908B6824D6A2A1D313E5AE3DCA ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:33:46.0945 3244 KSecDD - ok
20:33:47.0023 3244 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
20:33:47.0039 3244 KtmRm - ok
20:33:47.0101 3244 [ 1925E63C91CF1610AE41BFD539062079 ] LanmanServer C:\Windows\System32\srvsvc.dll
20:33:47.0164 3244 LanmanServer - ok
20:33:47.0273 3244 [ 2AE2E1628C5D3F1C0A46A67C9FA1DF15 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:33:47.0288 3244 LanmanWorkstation - ok
20:33:47.0335 3244 [ 3C3F7F424E324C6971632C5DE5FF458F ] lenovo.smi C:\Windows\system32\DRIVERS\smiif32.sys
20:33:47.0335 3244 lenovo.smi - ok
20:33:47.0366 3244 [ 2F21D22F994D6B40ABFD9C7745A11E4E ] LFKAS C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe
20:33:47.0366 3244 LFKAS - ok
20:33:47.0413 3244 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:33:47.0413 3244 lltdio - ok
20:33:47.0460 3244 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:33:47.0476 3244 lltdsvc - ok
20:33:47.0538 3244 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:33:47.0538 3244 lmhosts - ok
20:33:47.0632 3244 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
20:33:47.0678 3244 LSI_FC - ok
20:33:47.0756 3244 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
20:33:47.0756 3244 LSI_SAS - ok
20:33:47.0803 3244 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
20:33:47.0819 3244 LSI_SCSI - ok
20:33:47.0850 3244 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
20:33:47.0850 3244 luafv - ok
20:33:47.0928 3244 [ ED643E777BA3F7151EF3F0FB6BE4F7F0 ] LVRS C:\Windows\system32\DRIVERS\lvrs.sys
20:33:47.0944 3244 LVRS - ok
20:33:48.0193 3244 [ 5BC80451109A8DD7F2DDD35BCE2929A3 ] LVUVC C:\Windows\system32\DRIVERS\lvuvc.sys
20:33:48.0505 3244 LVUVC - ok
20:33:48.0536 3244 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
20:33:48.0552 3244 mdmxsdk - ok
20:33:48.0599 3244 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
20:33:48.0599 3244 megasas - ok
20:33:48.0646 3244 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
20:33:48.0661 3244 MegaSR - ok
20:33:48.0739 3244 [ 7C4C76B39D5525C4A465E0BE32528E19 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
20:33:48.0739 3244 Microsoft Office Groove Audit Service - ok
20:33:48.0802 3244 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
20:33:48.0833 3244 MMCSS - ok
20:33:48.0880 3244 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
20:33:48.0911 3244 Modem - ok
20:33:48.0989 3244 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:33:49.0036 3244 monitor - ok
20:33:49.0098 3244 [ FE80C18BA448DDD76B7BEAD9EB203D37 ] motmodem C:\Windows\system32\DRIVERS\motmodem.sys
20:33:49.0098 3244 motmodem - ok
20:33:49.0145 3244 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:33:49.0145 3244 mouclass - ok
20:33:49.0192 3244 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:33:49.0192 3244 mouhid - ok
20:33:49.0223 3244 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
20:33:49.0238 3244 MountMgr - ok
20:33:49.0270 3244 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
20:33:49.0270 3244 mpio - ok
20:33:49.0348 3244 MpKsl150dfa64 - ok
20:33:49.0394 3244 MpKsl82e61415 - ok
20:33:49.0410 3244 MpKsl8dab591e - ok
20:33:49.0426 3244 MpKslf75a6d20 - ok
20:33:49.0457 3244 MpKslfe0e3919 - ok
20:33:49.0504 3244 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:33:49.0504 3244 mpsdrv - ok
20:33:49.0566 3244 [ D1639BA315B0D79DEC49A4B0E1FB929B ] MpsSvc C:\Windows\system32\mpssvc.dll
20:33:49.0597 3244 MpsSvc - ok
20:33:49.0644 3244 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
20:33:49.0660 3244 Mraid35x - ok
20:33:49.0691 3244 [ AE3DE84536B6799D2267443CEC8EDBB9 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:33:49.0706 3244 MRxDAV - ok
20:33:49.0769 3244 [ 5734A0F2BE7E495F7D3ED6EFD4B9F5A1 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:33:49.0769 3244 mrxsmb - ok
20:33:49.0847 3244 [ 6B5FA5ADFACAC9DBBE0991F4566D7D55 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:33:49.0862 3244 mrxsmb10 - ok
20:33:49.0894 3244 [ 5C80D8159181C7ABF1B14BA703B01E0B ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:33:49.0894 3244 mrxsmb20 - ok
20:33:49.0940 3244 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
20:33:49.0940 3244 msahci - ok
20:33:49.0987 3244 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:33:49.0987 3244 msdsm - ok
20:33:50.0018 3244 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
20:33:50.0034 3244 MSDTC - ok
20:33:50.0065 3244 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:33:50.0065 3244 Msfs - ok
20:33:50.0096 3244 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:33:50.0112 3244 msisadrv - ok
20:33:50.0159 3244 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:33:50.0174 3244 MSiSCSI - ok
20:33:50.0174 3244 msiserver - ok
20:33:50.0206 3244 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:33:50.0221 3244 MSKSSRV - ok
20:33:50.0252 3244 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:33:50.0268 3244 MSPCLOCK - ok
20:33:50.0284 3244 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:33:50.0284 3244 MSPQM - ok
20:33:50.0315 3244 [ B5614AECB05A9340AA0FB55BF561CC63 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:33:50.0346 3244 MsRPC - ok
20:33:50.0408 3244 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
20:33:50.0408 3244 mssmbios - ok
20:33:50.0502 3244 MSSQL$MSSMLBIZ - ok
20:33:50.0564 3244 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
20:33:50.0611 3244 MSSQLServerADHelper - ok
20:33:50.0642 3244 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:33:50.0658 3244 MSTEE - ok
20:33:50.0705 3244 [ 97AFFA9D95FFE20EEE6229BC6BE166CF ] MTsensor C:\Windows\system32\DRIVERS\A0101V32.sys
20:33:50.0705 3244 MTsensor - ok
20:33:50.0752 3244 [ 6DFD1D322DE55B0B7DB7D21B90BEC49C ] Mup C:\Windows\system32\Drivers\mup.sys
20:33:50.0752 3244 Mup - ok
20:33:50.0830 3244 [ C43B25863FBD65B6D2A142AF3AE320CA ] napagent C:\Windows\system32\qagentRT.dll
20:33:50.0876 3244 napagent - ok
20:33:50.0939 3244 [ 3C21CE48FF529BB73DADB98770B54025 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:33:50.0939 3244 NativeWifiP - ok
20:33:51.0017 3244 [ C8560010A542B5DCA94C62468DC20784 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:33:51.0079 3244 NDIS - ok
20:33:51.0142 3244 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:33:51.0142 3244 NdisTapi - ok
20:33:51.0157 3244 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:33:51.0157 3244 Ndisuio - ok
20:33:51.0204 3244 [ 3D14C3B3496F88890D431E8AA022A411 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:33:51.0220 3244 NdisWan - ok
20:33:51.0251 3244 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:33:51.0251 3244 NDProxy - ok
20:33:51.0298 3244 [ 51C6D8BFBD4EA5B62A1BA7F4469250D3 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
20:33:51.0313 3244 Net Driver HPZ12 - ok
20:33:51.0376 3244 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:33:51.0376 3244 NetBIOS - ok
20:33:51.0407 3244 [ 7C5FEE5B1C5728507CD96FB4A13E7A02 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
20:33:51.0422 3244 netbt - ok
20:33:51.0454 3244 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] Netlogon C:\Windows\system32\lsass.exe
20:33:51.0469 3244 Netlogon - ok
20:33:51.0532 3244 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
20:33:51.0547 3244 Netman - ok
20:33:51.0594 3244 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
20:33:51.0610 3244 netprofm - ok
20:33:51.0656 3244 [ 0AD5876EF4E9EB77C8F93EB5B2FFF386 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:33:51.0672 3244 NetTcpPortSharing - ok
20:33:51.0719 3244 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
20:33:51.0719 3244 nfrd960 - ok
20:33:51.0781 3244 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:33:51.0812 3244 NlaSvc - ok
20:33:51.0875 3244 [ ECB5003F484F9ED6C608D6D6C7886CBB ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:33:51.0890 3244 Npfs - ok
20:33:51.0968 3244 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
20:33:51.0968 3244 nsi - ok
20:33:52.0078 3244 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:33:52.0156 3244 nsiproxy - ok
20:33:52.0530 3244 [ B4EFFE29EB4F15538FD8A9681108492D ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:33:52.0592 3244 Ntfs - ok
20:33:52.0655 3244 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
20:33:52.0655 3244 ntrigdigi - ok
20:33:52.0686 3244 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
20:33:52.0686 3244 Null - ok
20:33:52.0733 3244 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:33:52.0764 3244 nvraid - ok
20:33:52.0795 3244 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:33:52.0795 3244 nvstor - ok
20:33:52.0858 3244 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:33:52.0873 3244 nv_agp - ok
20:33:52.0889 3244 NwlnkFlt - ok
20:33:52.0904 3244 NwlnkFwd - ok
20:33:53.0014 3244 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:33:53.0060 3244 odserv - ok
20:33:53.0107 3244 [ 790E27C3DB53410B40FF9EF2FD10A1D9 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
20:33:53.0123 3244 ohci1394 - ok
20:33:53.0154 3244 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:33:53.0201 3244 ose - ok
20:33:53.0279 3244 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2pimsvc C:\Windows\system32\p2psvc.dll
20:33:53.0310 3244 p2pimsvc - ok
20:33:53.0341 3244 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2psvc C:\Windows\system32\p2psvc.dll
20:33:53.0372 3244 p2psvc - ok
20:33:53.0404 3244 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
20:33:53.0419 3244 Parport - ok
20:33:53.0466 3244 [ 3B38467E7C3DAED009DFE359E17F139F ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:33:53.0466 3244 partmgr - ok
20:33:53.0497 3244 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
20:33:53.0528 3244 Parvdm - ok
20:33:53.0575 3244 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
20:33:53.0575 3244 PcaSvc - ok
20:33:53.0622 3244 [ 01B94418DEB235DFF777CC80076354B4 ] pci C:\Windows\system32\drivers\pci.sys
20:33:53.0622 3244 pci - ok
20:33:53.0653 3244 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
20:33:53.0653 3244 pciide - ok
20:33:53.0700 3244 [ B7C5A8769541900F6DFA6FE0C5E4D513 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
20:33:53.0716 3244 pcmcia - ok
20:33:53.0762 3244 [ 1E715247EFFFDDA938C085913045D599 ] PCTINDIS5 C:\Windows\system32\PCTINDIS5.SYS
20:33:53.0778 3244 PCTINDIS5 - ok
20:33:53.0825 3244 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:33:53.0856 3244 PEAUTH - ok
20:33:54.0012 3244 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
20:33:54.0059 3244 pla - ok
20:33:54.0090 3244 [ 78F975CB6D18265BE6F492EDB2D7BC7B ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:33:54.0106 3244 PlugPlay - ok
20:33:54.0152 3244 [ 79834AA2FBF9FE81EEBB229024F6F7FC ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
20:33:54.0152 3244 Pml Driver HPZ12 - ok
20:33:54.0199 3244 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
20:33:54.0230 3244 PNRPAutoReg - ok
20:33:54.0262 3244 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPsvc C:\Windows\system32\p2psvc.dll
20:33:54.0293 3244 PNRPsvc - ok
20:33:54.0340 3244 [ 47B8F37AA18B74D8C2E1BC1A7A2C8F8A ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:33:54.0386 3244 PolicyAgent - ok
20:33:54.0496 3244 [ A087F23A766242BC05A14B9242BED71D ] Power Manager DBC Service C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
20:33:54.0496 3244 Power Manager DBC Service - ok
20:33:54.0527 3244 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:33:54.0527 3244 PptpMiniport - ok
20:33:54.0574 3244 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
20:33:54.0574 3244 Processor - ok
20:33:54.0620 3244 [ B627E4FC8585E8843C5905D4D3587A90 ] ProfSvc C:\Windows\system32\profsvc.dll
20:33:54.0636 3244 ProfSvc - ok
20:33:54.0652 3244 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:33:54.0667 3244 ProtectedStorage - ok
20:33:54.0698 3244 [ F8A25F1DD8B2C332CBC663E3579566E7 ] psadd C:\Windows\system32\DRIVERS\psadd.sys
20:33:54.0698 3244 psadd - ok
20:33:54.0745 3244 [ BFEF604508A0ED1EAE2A73E872555FFB ] PSched C:\Windows\system32\DRIVERS\pacer.sys
20:33:54.0761 3244 PSched - ok
20:33:54.0808 3244 [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
20:33:54.0839 3244 PxHelp20 - ok
20:33:54.0917 3244 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
20:33:54.0948 3244 ql2300 - ok
20:33:55.0026 3244 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
20:33:55.0026 3244 ql40xx - ok
20:33:55.0073 3244 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
20:33:55.0088 3244 QWAVE - ok
20:33:55.0120 3244 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:33:55.0120 3244 QWAVEdrv - ok
20:33:55.0151 3244 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:33:55.0151 3244 RasAcd - ok
20:33:55.0244 3244 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
20:33:55.0276 3244 RasAuto - ok
20:33:55.0338 3244 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:33:55.0338 3244 Rasl2tp - ok
20:33:55.0369 3244 [ 6E7C284FC5C4EC07AD164D93810385A6 ] RasMan C:\Windows\System32\rasmans.dll
20:33:55.0385 3244 RasMan - ok
20:33:55.0400 3244 [ 3E9D9B048107B40D87B97DF2E48E0744 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:33:55.0432 3244 RasPppoe - ok
20:33:55.0478 3244 [ A7D141684E9500AC928A772ED8E6B671 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:33:55.0478 3244 RasSstp - ok
20:33:55.0556 3244 [ 6E1C5D0457622F9EE35F683110E93D14 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:33:55.0556 3244 rdbss - ok
20:33:55.0603 3244 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:33:55.0634 3244 RDPCDD - ok
20:33:55.0681 3244 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
20:33:55.0697 3244 rdpdr - ok
20:33:55.0712 3244 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:33:55.0712 3244 RDPENCDD - ok
20:33:55.0775 3244 [ E1C18F4097A5ABCEC941DC4B2F99DB7E ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:33:55.0790 3244 RDPWD - ok
20:33:55.0853 3244 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:33:55.0868 3244 RemoteAccess - ok
20:33:55.0931 3244 [ CC4E32400F3C7253400CF8F3F3A0B676 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:33:55.0946 3244 RemoteRegistry - ok
20:33:56.0009 3244 [ A5B12A4B3B774432DB9B9FA221190E59 ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
20:33:56.0009 3244 rimmptsk - ok
20:33:56.0040 3244 [ C398BCA91216755B098679A8DA8A2300 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
20:33:56.0040 3244 rimsptsk - ok
20:33:56.0056 3244 [ 2A2554CB24506E0A0508FC395C4A1B42 ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
20:33:56.0071 3244 rismxdp - ok
20:33:56.0149 3244 [ ADA991D7A02130FA78413281A134330B ] Roxio UPnP Renderer 10 C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
20:33:56.0149 3244 Roxio UPnP Renderer 10 - ok
20:33:56.0180 3244 [ 11F07111105072F81C03A437423E88EE ] Roxio Upnp Server 10 C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
20:33:56.0196 3244 Roxio Upnp Server 10 - ok
20:33:56.0290 3244 [ 7C334636B539FBFA65BD3B6DA75B9D30 ] RoxLiveShare10 C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
20:33:56.0321 3244 RoxLiveShare10 - ok
20:33:56.0399 3244 [ EB9EEB379848F356797EB9EF31114CA5 ] RoxMediaDB10 C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
20:33:56.0508 3244 RoxMediaDB10 - ok
20:33:56.0617 3244 [ 640E33EFB13278BEDD3699DFA88185E5 ] RoxWatch10 C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
20:33:56.0648 3244 RoxWatch10 - ok
20:33:56.0695 3244 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
20:33:56.0695 3244 RpcLocator - ok
20:33:56.0914 3244 [ 301AE00E12408650BADDC04DBC832830 ] RpcSs C:\Windows\System32\rpcss.dll
20:33:56.0945 3244 RpcSs - ok
20:33:57.0023 3244 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:33:57.0038 3244 rspndr - ok
20:33:57.0101 3244 [ 7157E70A90CCE49DEB8885D23A073A39 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
20:33:57.0132 3244 RTL8169 - ok
20:33:57.0179 3244 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] SamSs C:\Windows\system32\lsass.exe
20:33:57.0194 3244 SamSs - ok
20:33:57.0226 3244 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:33:57.0241 3244 sbp2port - ok
20:33:57.0304 3244 [ 11387E32642269C7E62E8B52C060B3C6 ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:33:57.0319 3244 SCardSvr - ok
20:33:57.0382 3244 [ 7B587B8A6D4A99F79D2902D0385F29BD ] Schedule C:\Windows\system32\schedsvc.dll
20:33:57.0413 3244 Schedule - ok
20:33:57.0444 3244 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] SCPolicySvc C:\Windows\System32\certprop.dll
20:33:57.0444 3244 SCPolicySvc - ok
20:33:57.0491 3244 [ 488C41CF591719C935F341D62B518BCE ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
20:33:57.0491 3244 sdbus - ok
20:33:57.0538 3244 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:33:57.0553 3244 SDRSVC - ok
20:33:57.0584 3244 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:33:57.0584 3244 secdrv - ok
20:33:57.0600 3244 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
20:33:57.0616 3244 seclogon - ok
20:33:57.0647 3244 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
20:33:57.0662 3244 SENS - ok
20:33:57.0694 3244 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
20:33:57.0694 3244 Serenum - ok
20:33:57.0740 3244 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
20:33:57.0740 3244 Serial - ok
20:33:57.0772 3244 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
20:33:57.0787 3244 sermouse - ok
20:33:57.0865 3244 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
20:33:57.0881 3244 SessionEnv - ok
20:33:57.0943 3244 SessionLauncher - ok
20:33:58.0006 3244 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:33:58.0037 3244 sffdisk - ok
20:33:58.0099 3244 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:33:58.0099 3244 sffp_mmc - ok
20:33:58.0130 3244 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:33:58.0130 3244 sffp_sd - ok
20:33:58.0162 3244 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
20:33:58.0162 3244 sfloppy - ok
20:33:58.0224 3244 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:33:58.0240 3244 SharedAccess - ok
20:33:58.0302 3244 [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:33:58.0318 3244 ShellHWDetection - ok
20:33:58.0349 3244 [ 1310C5E81966E86B2CED7AE8CE3D74F1 ] Shockprf C:\Windows\system32\DRIVERS\Apsx86.sys
20:33:58.0380 3244 Shockprf - ok
20:33:58.0442 3244 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
20:33:58.0442 3244 sisagp - ok
20:33:58.0489 3244 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
20:33:58.0489 3244 SiSRaid2 - ok
20:33:58.0536 3244 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
20:33:58.0536 3244 SiSRaid4 - ok
20:33:58.0676 3244 [ 0BA91E1358AD25236863039BB2609A2E ] slsvc C:\Windows\system32\SLsvc.exe
20:33:58.0832 3244 slsvc - ok
20:33:58.0879 3244 [ 7C6DC44CA0BFA6291629AB764200D1D4 ] SLUINotify C:\Windows\system32\SLUINotify.dll
20:33:58.0879 3244 SLUINotify - ok
20:33:58.0957 3244 [ 031E6BCD53C9B2B9ACE111EAFEC347B6 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:33:58.0957 3244 Smb - ok
20:33:59.0020 3244 [ 878EB622A0DEC3FCCE16704D1D70E454 ] SMSI Device Launch Service C:\Program Files\Connection Manager\DeviceLaunchSvc.exe
20:33:59.0035 3244 SMSI Device Launch Service - ok
20:33:59.0098 3244 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:33:59.0098 3244 SNMPTRAP - ok
20:33:59.0144 3244 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
20:33:59.0144 3244 spldr - ok
20:33:59.0191 3244 [ 3665F79026A3F91FBCA63F2C65A09B19 ] Spooler C:\Windows\System32\spoolsv.exe
20:33:59.0191 3244 Spooler - ok
20:33:59.0222 3244 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
20:33:59.0222 3244 SQLBrowser - ok
20:33:59.0285 3244 [ D89083C4EB02DACA8F944B0E05E57F9D ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
20:33:59.0285 3244 SQLWriter - ok
20:33:59.0332 3244 [ 2252AEF839B1093D16761189F45AF885 ] srv C:\Windows\system32\DRIVERS\srv.sys
20:33:59.0347 3244 srv - ok
20:33:59.0394 3244 [ B7FF59408034119476B00A81BB53D5D1 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:33:59.0410 3244 srv2 - ok
20:33:59.0441 3244 [ 2ACCC9B12AF02030F531E6CCA6F8B76E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:33:59.0441 3244 srvnet - ok
20:33:59.0488 3244 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:33:59.0503 3244 SSDPSRV - ok
20:33:59.0534 3244 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:33:59.0550 3244 SstpSvc - ok
20:33:59.0581 3244 [ 7DD08A597BC56051F320DA0BAF69E389 ] stisvc C:\Windows\System32\wiaservc.dll
20:33:59.0612 3244 stisvc - ok
20:33:59.0675 3244 [ 1D0063597C3666404FCF97698ABEB019 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
20:33:59.0706 3244 stllssvr - ok
20:33:59.0768 3244 [ C2191C1A5DFED0795E3D3B68905B195B ] SUService C:\Program Files\Lenovo\System Update\SUService.exe
20:33:59.0768 3244 SUService - ok
20:33:59.0815 3244 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
20:33:59.0815 3244 swenum - ok
20:33:59.0893 3244 [ B36C7CDB86F7F7A8E884479219766950 ] swprv C:\Windows\System32\swprv.dll
20:33:59.0909 3244 swprv - ok
20:33:59.0940 3244 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
20:33:59.0940 3244 Symc8xx - ok
20:33:59.0971 3244 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
20:33:59.0971 3244 Sym_hi - ok
20:34:00.0002 3244 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
20:34:00.0002 3244 Sym_u3 - ok
20:34:00.0065 3244 [ F92350E343B056A83093BC0D8F750F05 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
20:34:00.0080 3244 SynTP - ok
20:34:00.0143 3244 [ 8710A92D0024B03B5FB9540DF1F71F1D ] SysMain C:\Windows\system32\sysmain.dll
20:34:00.0174 3244 SysMain - ok
20:34:00.0190 3244 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:34:00.0205 3244 TabletInputService - ok
20:34:00.0268 3244 [ 680916BB09EE0F3A6ACA7C274B0D633F ] TapiSrv C:\Windows\System32\tapisrv.dll
20:34:00.0283 3244 TapiSrv - ok
20:34:00.0314 3244 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
20:34:00.0330 3244 TBS - ok
20:34:00.0392 3244 [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:34:00.0424 3244 Tcpip - ok
20:34:00.0470 3244 [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
20:34:00.0486 3244 Tcpip6 - ok
20:34:00.0533 3244 [ D4A2E4A4B011F3A883AF77315A5AE76B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:34:00.0533 3244 tcpipreg - ok
20:34:00.0580 3244 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:34:00.0580 3244 TDPIPE - ok
20:34:00.0611 3244 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:34:00.0611 3244 TDTCP - ok
20:34:00.0642 3244 [ D09276B1FAB033CE1D40DCBDF303D10F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:34:00.0658 3244 tdx - ok
20:34:00.0673 3244 [ A048056F5E1A96A9BF3071B91741A5AA ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
20:34:00.0673 3244 TermDD - ok
20:34:00.0736 3244 [ D605031E225AACCBCEB5B76A4F1603A6 ] TermService C:\Windows\System32\termsrv.dll
20:34:00.0767 3244 TermService - ok
20:34:00.0814 3244 [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] Themes C:\Windows\system32\shsvcs.dll
20:34:00.0814 3244 Themes - ok
20:34:00.0907 3244 [ EB90A37AABAEFD7B4F4F92BEFEA8C2E2 ] ThinkVantage Registry Monitor Service c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
20:34:00.0923 3244 ThinkVantage Registry Monitor Service - ok
20:34:00.0985 3244 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
20:34:01.0001 3244 THREADORDER - ok
20:34:01.0016 3244 [ D7A29E343632E2FC5F7EBFC886F12675 ] TPDIGIMN C:\Windows\system32\DRIVERS\ApsHM86.sys
20:34:01.0032 3244 TPDIGIMN - ok
20:34:01.0063 3244 [ 51B679F627A43A25EF9444AD23BBFF9A ] TPHDEXLGSVC C:\Windows\system32\TPHDEXLG.exe
20:34:01.0079 3244 TPHDEXLGSVC - ok
20:34:01.0110 3244 [ 93CFFC9CB0D4354FDF60C4982DD3D379 ] TPHKSVC C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
20:34:01.0126 3244 TPHKSVC - ok
20:34:01.0204 3244 [ CB258C2F726F1BE73C507022BE33EBB3 ] TPM C:\Windows\system32\drivers\tpm.sys
20:34:01.0235 3244 TPM - ok
20:34:01.0313 3244 [ 1BD5719EF160E0AB739CD0FF3BA5E298 ] TPPWRIF C:\Windows\system32\drivers\Tppwr32v.sys
20:34:01.0344 3244 TPPWRIF - ok
20:34:01.0438 3244 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
20:34:01.0453 3244 TrkWks - ok
20:34:01.0516 3244 [ 16613A1BAD034D4ECF957AF18B7C2FF5 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:34:01.0516 3244 TrustedInstaller - ok
20:34:01.0625 3244 [ 4A4FFDEB90A151B734A0BEA3D420FD3B ] TSSCoreService C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
20:34:01.0640 3244 TSSCoreService - ok
20:34:01.0672 3244 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:34:01.0672 3244 tssecsrv - ok
20:34:01.0703 3244 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
20:34:01.0718 3244 tunmp - ok
20:34:01.0718 3244 [ 6042505FF6FA9AC1EF7684D0E03B6940 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:34:01.0734 3244 tunnel - ok
20:34:01.0812 3244 [ 1A9F115D6F82FC0753D06599E42B2295 ] TVT Backup Protection Service C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
20:34:01.0859 3244 TVT Backup Protection Service - ok
20:34:01.0921 3244 [ 43FFBB6AF7245C97865ADA74B8CEECF9 ] TVT Backup Service C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
20:34:01.0952 3244 TVT Backup Service - ok
20:34:02.0046 3244 [ 58BC366538A8A1F252D2750C1F5193B6 ] TVT Scheduler c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
20:34:02.0093 3244 TVT Scheduler - ok
20:34:02.0155 3244 [ 49258A02A1E8D304ED88B0F1C56B1738 ] tvtfilter C:\Windows\system32\DRIVERS\tvtfilter.sys
20:34:02.0155 3244 tvtfilter - ok
20:34:02.0186 3244 [ 2D1EC233C89416BA8187C9D7D49A075A ] tvtumon C:\Windows\system32\DRIVERS\tvtumon.sys
20:34:02.0186 3244 tvtumon - ok
20:34:02.0233 3244 [ 3152355EA8E8274D4FDA092F454DA7C0 ] TVT_UpdateMonitor C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
20:34:02.0233 3244 TVT_UpdateMonitor - ok
20:34:02.0280 3244 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
20:34:02.0296 3244 uagp35 - ok
20:34:02.0327 3244 [ 8B5088058FA1D1CD897A2113CCFF6C58 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:34:02.0342 3244 udfs - ok
20:34:02.0405 3244 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:34:02.0420 3244 UI0Detect - ok
20:34:02.0452 3244 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:34:02.0452 3244 uliagpkx - ok
20:34:02.0498 3244 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
20:34:02.0498 3244 uliahci - ok
20:34:02.0545 3244 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
20:34:02.0545 3244 UlSata - ok
20:34:02.0592 3244 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
20:34:02.0608 3244 ulsata2 - ok
20:34:02.0639 3244 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
20:34:02.0639 3244 umbus - ok
20:34:02.0748 3244 [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
20:34:02.0764 3244 UMVPFSrv - ok
20:34:02.0810 3244 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
20:34:02.0826 3244 upnphost - ok
20:34:02.0888 3244 [ 292A25BB75A568AE2C67169BA2C6365A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
20:34:02.0888 3244 usbaudio - ok
20:34:02.0935 3244 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:34:02.0951 3244 usbccgp - ok
20:34:02.0982 3244 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:34:02.0998 3244 usbcir - ok
20:34:03.0029 3244 [ CEBE90821810E76320155BEBA722FCF9 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:34:03.0029 3244 usbehci - ok
20:34:03.0060 3244 [ CC6B28E4CE39951357963119CE47B143 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:34:03.0076 3244 usbhub - ok
20:34:03.0091 3244 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
20:34:03.0107 3244 usbohci - ok
20:34:03.0154 3244 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:34:03.0154 3244 usbprint - ok
20:34:03.0216 3244 [ 87BA6B83C5D19B69160968D07D6E2982 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:34:03.0216 3244 USBSTOR - ok
20:34:03.0263 3244 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
20:34:03.0263 3244 usbuhci - ok
20:34:03.0310 3244 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
20:34:03.0325 3244 usbvideo - ok
20:34:03.0372 3244 [ 032A0ACC3909AE7215D524E29D536797 ] UxSms C:\Windows\System32\uxsms.dll
20:34:03.0403 3244 UxSms - ok
20:34:03.0466 3244 [ B13BC395B9D6116628F5AF47E0802AC4 ] vds C:\Windows\System32\vds.exe
20:34:03.0481 3244 vds - ok
20:34:03.0528 3244 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:34:03.0544 3244 vga - ok
20:34:03.0559 3244 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
20:34:03.0559 3244 VgaSave - ok
20:34:03.0606 3244 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
20:34:03.0606 3244 viaagp - ok
20:34:03.0668 3244 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
20:34:03.0668 3244 ViaC7 - ok
20:34:03.0684 3244 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
20:34:03.0700 3244 viaide - ok
20:34:03.0731 3244 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:34:03.0746 3244 volmgr - ok
20:34:03.0762 3244 [ 98F5FFE6316BD74E9E2C97206C190196 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:34:03.0778 3244 volmgrx - ok
20:34:03.0824 3244 [ D8B4A53DD2769F226B3EB374374987C9 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:34:03.0840 3244 volsnap - ok
20:34:03.0871 3244 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
20:34:03.0887 3244 vsmraid - ok
20:34:03.0965 3244 [ D5FB73D19C46ADE183F968E13F186B23 ] VSS C:\Windows\system32\vssvc.exe
20:34:04.0012 3244 VSS - ok
20:34:04.0058 3244 [ 1CF9206966A8458CDA9A8B20DF8AB7D3 ] W32Time C:\Windows\system32\w32time.dll
20:34:04.0074 3244 W32Time - ok
20:34:04.0136 3244 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
20:34:04.0168 3244 WacomPen - ok
20:34:04.0199 3244 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
20:34:04.0199 3244 Wanarp - ok
20:34:04.0214 3244 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:34:04.0214 3244 Wanarpv6 - ok
20:34:04.0277 3244 [ F3A5C2E1A6533192B070D06ECF6BE796 ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:34:04.0292 3244 wcncsvc - ok
20:34:04.0324 3244 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:34:04.0339 3

Edited by tiredofmalware1, 12 February 2013 - 08:55 PM.


#12 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 13,621 posts

Posted 12 February 2013 - 09:16 PM

This is strange. The log was cut off by the maximum post length, but the copy that was mailed to me by the board in the reply notification was the full log. However, the copy mailed to me looked just like your first log, all compressed with all the carrige returns removed, just one solid mass of text.

 

However, the very last line, which is very important, was:

 

Actual detected object count: 0

 

 

Would still like an answer on this:

 

Is there some reason you've never updated your copy of Windows Vista to the current Service Pack?

 

 

Please download Malwarebytes Anti-Rootkit here.
Unzip the contents to a folder on the Desktop.


  • Open the folder where the contents were unzipped and run mbar.exe ( right-click and select Run as administrator for Vista and Windows 7).
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Please post the two logs produced.

Please note: This tool is still in BETA mode, so please ensure you have backed up any important files.


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#13 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 13,621 posts

Posted 12 February 2013 - 10:02 PM

When you open your log files, are you using Notepad? If not, please use Notepad. Please let me know if that was the problem with the formatting.


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#14 tiredofmalware1

tiredofmalware1

    Member

  • Full Member
  • Pip
  • 86 posts

Posted 13 February 2013 - 09:57 PM

I am reading the logs using notepad. For some reason after I cut and paste the logs, at first it looks normal, then it gets all scrambled when I post it. I'm not sure why it is doing that and word wrap isn't on. Weird.

I was able to cut and paste these 2 logs the regular way without using control C and v. I wonder if the rootkits caused these poblems.

Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org

Database version: v2013.02.14.01

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
lisa :: [administrator]

2/13/2013 9:23:44 PM
mbar-log-2013-02-13 (21-23-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 29783
Time elapsed: 24 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 3
c:\Windows\$NtUninstallKB9536$\733875966\L (Backdoor.0Access) -> Delete on reboot.
c:\Windows\$NtUninstallKB9536$\733875966\U (Backdoor.0Access) -> Delete on reboot.
c:\Windows\$NtUninstallKB9536$\733875966 (Backdoor.0Access) -> Delete on reboot.

Files Detected: 0
(No malicious items detected)

(end)


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1020

© Malwarebytes Corporation 2011-2012

OS version: 6.0.6001 Windows Vista Service Pack 1 x86

Account is Administrative

Internet Explorer version: 7.0.6001.18000

Java version: 1.6.0_38

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXED, S:\ DRIVE_FIXED
CPU speed: 1.995000 GHz
Memory total: 1036562432, free: 184496128

------------ Kernel report ------------
02/13/2013 20:58:06
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iastor.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\DRVMCDB.SYS
\SystemRoot\System32\Drivers\PxHelp20.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\DRIVERS\ApsHM86.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\DRIVERS\Apsx86.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igdkmd32.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\athr.sys
\SystemRoot\system32\DRIVERS\Rtlh86.sys
\SystemRoot\system32\DRIVERS\ohci1394.sys
\SystemRoot\system32\DRIVERS\1394BUS.SYS
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\rimmptsk.sys
\SystemRoot\system32\DRIVERS\rimsptsk.sys
\SystemRoot\system32\DRIVERS\rixdptsk.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\ibmpmdrv.sys
\SystemRoot\System32\Drivers\DLACDBHM.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\A0101V32.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\psadd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\CHDRT32.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\HSXHWAZL.sys
\SystemRoot\system32\DRIVERS\HSX_DPV.sys
\SystemRoot\system32\DRIVERS\HSX_CNXT.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\drivers\IntcHdmi.sys
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\Drivers\DLARTL_M.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\Drivers\aswRdr.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\drivers\Tppwr32v.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\smiif32.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\aswMonFlt.sys
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\DRIVERS\tvtfilter.sys
\SystemRoot\System32\Drivers\DRVNDDM.SYS
\SystemRoot\System32\DLA\DLADResM.SYS
\SystemRoot\System32\DLA\DLAIFS_M.SYS
\SystemRoot\System32\DLA\DLAOPIOM.SYS
\SystemRoot\System32\DLA\DLAPoolM.SYS
\SystemRoot\System32\DLA\DLABMFSM.SYS
\SystemRoot\System32\DLA\DLABOIOM.SYS
\SystemRoot\System32\DLA\DLAUDFAM.SYS
\SystemRoot\System32\DLA\DLAUDF_M.SYS
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Program Files\Lenovo\ATK Hotkey\ASMMAP.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\xaudio.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff85807918
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xffffffff8490a028
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
Initialization returned 0x0
Load Function returned 0x0
Downloaded database version: v2013.02.14.01
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff85807918, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff85807150, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8590aa08, DeviceName: Unknown, DriverName: \Driver\Shockprf\
DevicePointer: 0xffffffff85807918, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff84906358, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8490a028, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\Shockprf\
Upper DeviceData: 0xffffffff8c9e3418, 0xffffffff85807918, 0xffffffff855eb7e0
Lower DeviceData: 0xffffffffaf5109f0, 0xffffffff8490a028, 0xffffffff8558d040
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 40B7EFE0

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 3072000
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 3074048 Numsec = 289023992

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 292098048 Numsec = 20480000

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 160041885696 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-312561808-312581808)...
Done!
Performing system, memory and registry scan...
Infected: c:\Windows\$NtUninstallKB9536$\733875966\L --> [Backdoor.0Access]
Infected: c:\Windows\$NtUninstallKB9536$\733875966\U --> [Backdoor.0Access]
Infected: c:\Windows\$NtUninstallKB9536$\733875966 --> [Backdoor.0Access]
Done!
Scan finished
Creating System Restore point...
Scheduling clean up...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal successful. No system shutdown is required.
=======================================

Edited by tiredofmalware1, 13 February 2013 - 09:59 PM.


#15 tiredofmalware1

tiredofmalware1

    Member

  • Full Member
  • Pip
  • 86 posts

Posted 13 February 2013 - 10:04 PM

^^^ these logs became scrambled again after I posted. Once I edited the log, it went back to normal. weird.

#16 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 13,621 posts

Posted 13 February 2013 - 10:44 PM

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Follow the prompts to reboot the computer. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

Download RogueKiller (by tigzy) and save it to your the desktop

  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan. Click on Report and copy/paste the content of the notepad

 

Please post the logs from AdwCleaner and RogueKiller and note any errors encountered.


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#17 tiredofmalware1

tiredofmalware1

    Member

  • Full Member
  • Pip
  • 86 posts

Posted 14 February 2013 - 10:00 PM

I only posted this log because the roguekiller is taking a very, very long time to finish. Meanwhile,today when I started up the system it when to chkdisk. Should I be concerned? Also,in the system tray is an icon saying that windows can't check for updates. I will do the roguekiler overnight and post the log tomorrow.

# AdwCleaner v2.112 - Logfile created 02/14/2013 at 19:27:54
# Updated 10/02/2013 by Xplode
# Operating system : Windows Vista ™ Home Basic Service Pack 1 (32 bits)
# User : lisa -
# Boot Mode : Normal
# Running from : C:\Users\lisa\Desktop\adwcleaner0.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.6001.18639

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://search.netzero.net/search?action=minisearch&source=minisearch_wir --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://search.netzero.net/search?action=minisearch&source=minisearch_wir --> hxxp://www.google.com

*************************

AdwCleaner[S1].txt - [848 octets] - [14/02/2013 19:27:54]

########## EOF - C:\AdwCleaner[S1].txt - [907 octets] ##########

Edited by tiredofmalware1, 14 February 2013 - 10:02 PM.


#18 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 13,621 posts

Posted 15 February 2013 - 07:10 AM

The system may have thought there was an error. It might have simply been from an incomplete shutdown of the system that triggered it.

 

We will have to check on Windows Update once we get further along, there may be some services not running or missing.


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#19 tiredofmalware1

tiredofmalware1

    Member

  • Full Member
  • Pip
  • 86 posts

Posted 17 February 2013 - 11:20 AM

Sorry for the delay. I've been going through some personal problems and haven't had the chance to turn on the computer and do the second scan. As you said, there must have been an error because when I used Roguekiller today, it took less than 5 minutes. Before I was waiting over an hour. Well here is the log:

RogueKiller V8.5.1 [Feb 12 2013] by Tigzy
mail : tigzyRKgmailcom
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6001 Service Pack 1) 32 bits version
Started in : Normal mode
User : lisa [Admin rights]
Mode : Scan -- Date : 02/17/2013 11:13:27
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: HITACHI HTS543216L9SA00 +++++
--- User ---
[MBR] 80aae55a9d3c0ce31ff51f49d8441059
[BSP] e9be46a4e67616ac30830e9175ab7311 : Lenovo tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 141124 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 292098048 | Size: 10000 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_02172013_02d1113.txt >>
RKreport[1]_S_02172013_02d1113.txt

Edited by tiredofmalware1, 17 February 2013 - 11:21 AM.


#20 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 13,621 posts

Posted 17 February 2013 - 12:02 PM

Please scan your system with ESET Online Scanner


  • Click the "Run ESET Online Scanner" button.
    • For browsers other then Internet Explorer such as Firefox, Chrome, or Opera (Microsoft Internet Explorer users can skip this step) another page will open to download the ESET Smart Installer
    • Click on esetsmartinstaller_enu.exe
    • Save it to your desktop, and double-click to run it.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

Please post the log from ESET Online Scanner in your next reply and note any errors encountered.


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#21 tiredofmalware1

tiredofmalware1

    Member

  • Full Member
  • Pip
  • 86 posts

Posted 17 February 2013 - 03:46 PM

The ESET scan has just been completed. No threats were found, except for the same 3 files that were quarantined. I have now deleted them. I can't copy the quarantined files using control C and v but it is the same exact three I posted before. I will repost it.

c:documents&settings\lisa\desktop\youtubedownloadersetup35.exe
c:documents&settings\lisa\appdata\local\temp\0.6675992985425411
c:documents&settings\lisa\appdata\local\low\sun\java\deployment\cache\6.0\2ac74c85-19b5a24a

Edited by tiredofmalware1, 17 February 2013 - 03:47 PM.


#22 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 13,621 posts

Posted 17 February 2013 - 04:24 PM

Let's run one more scan and then we'll check on those Services.

 

Please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:
http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).
Please go here to see a list of programs that need to be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**
**Note 2: If you get a message saying "Illegal operation attempted on a registry key
that has been marked for deletion", please restart your computer.**


Please include the log at C:\ComboFix.txt in your next reply.


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#23 tiredofmalware1

tiredofmalware1

    Member

  • Full Member
  • Pip
  • 86 posts

Posted 17 February 2013 - 06:02 PM

Something is still wrong. The icon for the windows update is in the system tray flashing: Windows can't check for updates.

ComboFix 13-02-15.01 - lisa 02/17/2013 17:04:05.5.2 - x86
Microsoft® Windows Vista Home Basic 6.0.6001.1.1252.1.1033.18.989.301 [GMT -5:00]
Running from: c:\users\lisa\Desktop\ComboFix1.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\a
c:\windows\system32\TPAPSLOG.LOG
c:\windows\system32\TPHDLOG0.LOG
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2013-01-17 to 2013-02-17 )))))))))))))))))))))))))))))))
.
.
2013-02-17 22:25 . 2013-02-17 22:32 -------- d-----w- c:\users\lisa\AppData\Local\temp
2013-02-17 22:25 . 2013-02-17 22:25 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-02-17 22:25 . 2013-02-17 22:25 -------- d-----w- c:\users\Guest\AppData\Local\temp
2013-02-17 22:25 . 2013-02-17 22:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-17 15:57 . 2013-02-17 15:57 15616 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2013-02-15 23:59 . 2013-02-15 23:59 -------- d-----w- C:\D
2013-02-09 04:35 . 2013-02-09 04:35 388096 ----a-r- c:\users\lisa\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-02-09 04:35 . 2013-02-09 04:35 -------- d-----w- c:\program files\Trend Micro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-08 02:05 . 2013-01-08 02:05 53248 ----a-r- c:\users\lisa\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-12-25 16:38 . 2012-12-25 16:39 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-12-25 16:38 . 2011-04-24 13:23 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-23 03:34 . 2012-06-23 02:16 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-23 03:34 . 2012-06-23 02:16 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-14 21:49 . 2010-12-11 20:46 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{FE3098B3-04A3-41fd-8CA9-BEA39CB14C87}]
2012-03-01 17:03 178328 ----a-w- c:\program files\NetZero DSL\UcReg.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 23:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"cdloader"="c:\users\lisa\AppData\Roaming\mjusbsp\cdloader2.exe" [2011-08-23 50592]
"Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-07-30 60192]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-10 1045800]
"TpShocks"="TpShocks.exe" [2008-06-07 181536]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\LVOSDSVC.exe" [2008-03-24 64368]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-06-04 242976]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-05-25 487424]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2008-04-25 244208]
"RoxioDragToDisc"="c:\program files\Lenovo\Drag-to-Disc\DrgToDsc.exe" [2007-03-13 1116920]
"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2007-02-01 419376]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2008-10-26 632096]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BTVLogEx.DLL" [2008-10-26 214576]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2008-10-27 431392]
"ACWlIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWlIcon.exe" [2008-10-27 148768]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2008-06-25 3077432]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"NetZeroDSL"="c:\program files\NetZero DSL\ConnectionCenter.exe" [2012-03-01 1484952]
"Clearwire Connection Manager"="c:\program files\Connection Manager\ClearwireCM.exe" [2012-02-27 315392]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
.
c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-03 c:\windows\Tasks\User_Feed_Synchronization-{16A22622-A361-4E6D-964C-D46BB128FB94}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchURL,(Default) = hxxp://search.netzero.net/search?action=minisearch&source=minisearch_wir&mn=0
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
.
.
**************************************************************************
.

Edited by tiredofmalware1, 17 February 2013 - 06:03 PM.


#24 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 13,621 posts

Posted 17 February 2013 - 09:41 PM

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :dir
    C:\D
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  • Note: The log can also be found on your Desktop entitled SystemLook.txt

 

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


Please post the logs from SystemLook and Farbar Service Scanner and note any errors encountered.


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#25 tiredofmalware1

tiredofmalware1

    Member

  • Full Member
  • Pip
  • 86 posts

Posted 18 February 2013 - 08:20 PM

I am confused about the :dir and c:\d
Am I supposed to enter it all on the same line or seperately? I want to make sure. I already did just c:\d by itself.

Edited by tiredofmalware1, 18 February 2013 - 08:22 PM.


#26 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 13,621 posts

Posted 18 February 2013 - 09:45 PM

I am confused about the :dir and c:\d
Am I supposed to enter it all on the same line or seperately? I want to make sure. I already did just c:\d by itself.

 
:dir on the first line, and C:\D on the next line. Just select the text in the quote box below with your mouse, right-click and select copy, and it will be correct.
 

:dir
C:\D

That tells SystemLook to extract a directory listing of the folder C:\D

 


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#27 tiredofmalware1

tiredofmalware1

    Member

  • Full Member
  • Pip
  • 86 posts

Posted 19 February 2013 - 05:24 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 17:09 on 19/02/2013 by lisa
Administrator - Elevation successful

========== dir ==========

C:\D - Parameters: "(none)"

---Files---
None found.

---Folders---
None found.

-= EOF =-




Farbar Service Scanner Version: 20-02-2013
Ran by lisa (administrator) on 19-02-2013 at 17:17:18
Running from "C:\Users\lisa\Desktop"
Windows Vista ™ Home Basic Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys
[2012-08-01 21:46] - [2012-08-01 21:46] - 0273408 ____A (Microsoft Corporation) 48EB99503533C27AC6135648E5474457

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2010-08-12 18:34] - [2010-06-16 10:59] - 0898952 ____A (Microsoft Corporation) 782568AB6A43160A159B6215B70BCCE9

C:\Windows\system32\dnsrslvr.dll
[2011-04-20 19:33] - [2011-03-02 09:49] - 0086528 ____A (Microsoft Corporation) 4805D9A6D281C7A7DEFD9094DEC6AF7D

C:\Windows\system32\mpssvc.dll
[2008-01-20 21:34] - [2008-01-20 21:34] - 0393216 ____A (Microsoft Corporation) D1639BA315B0D79DEC49A4B0E1FB929B

C:\Windows\system32\bfe.dll
[2008-01-20 21:33] - [2008-01-20 21:33] - 0328704 ____A (Microsoft Corporation) 8582E233C346AEFE759833E8A30DD697

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe
[2008-01-20 21:33] - [2008-01-20 21:33] - 1054720 ____A (Microsoft Corporation) D5FB73D19C46ADE183F968E13F186B23

C:\Windows\system32\wscsvc.dll
[2008-01-20 21:33] - [2008-01-20 21:33] - 0061440 ____A (Microsoft Corporation) 683DD16B590372F2C9661D277F35E49C

C:\Windows\system32\wbem\WMIsvc.dll
[2008-01-20 21:34] - [2008-01-20 21:34] - 0161792 ____A (Microsoft Corporation) 00B79A7C984678F24CF052E5BEB3A2F5

C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll
[2008-01-20 21:34] - [2008-01-20 21:34] - 0758272 ____A (Microsoft Corporation) 02ED7B4DBC2A3232A389106DA7515C3D

C:\Windows\system32\es.dll
[2009-01-15 18:13] - [2009-01-15 18:13] - 0269312 ____A (Microsoft Corporation) 3CB3343D720168B575133A0A20DC2465

C:\Windows\system32\cryptsvc.dll
[2008-01-20 21:34] - [2008-01-20 21:34] - 0128000 ____A (Microsoft Corporation) 6DE363F9F99334514C46AEC02D3E3678

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll
[2009-04-16 19:48] - [2009-03-02 23:39] - 0551424 ____A (Microsoft Corporation) 301AE00E12408650BADDC04DBC832830



**** End of log ****

Edited by tiredofmalware1, 19 February 2013 - 05:27 PM.


#28 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 13,621 posts

Posted 19 February 2013 - 09:12 PM

You can delete the folder C:\D, the folder is empty.

One more scan, and then we'll look at some badly needed updating.

We need to be certain there is no infection before updating Windows with a new Service Pack.

 

Please download Malwarebytes Anti-Rootkit here.
Unzip the contents to a folder on the Desktop.

  • Open the folder where the contents were unzipped and run mbar.exe ( right-click and select Run as administrator for Vista and Windows 7).
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Please post the two logs produced.

Please note: This tool is still in BETA mode, so please ensure you have backed up any important files.


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#29 tiredofmalware1

tiredofmalware1

    Member

  • Full Member
  • Pip
  • 86 posts

Posted 20 February 2013 - 07:29 PM

Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org

Database version: v2013.02.20.08

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
lisa :: [administrator]

2/20/2013 5:57:37 PM
mbar-log-2013-02-20 (17-57-37).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 29335
Time elapsed: 22 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Malwarebytes Anti-Rootkit BETA 1.01.0.1020

© Malwarebytes Corporation 2011-2012

OS version: 6.0.6001 Windows Vista Service Pack 1 x86

Account is Administrative

Internet Explorer version: 7.0.6001.18000

Java version: 1.6.0_38

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXED, S:\ DRIVE_FIXED
CPU speed: 1.995000 GHz
Memory total: 1036562432, free: 184496128

------------ Kernel report ------------
02/13/2013 20:58:06
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iastor.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\DRVMCDB.SYS
\SystemRoot\System32\Drivers\PxHelp20.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\DRIVERS\ApsHM86.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\DRIVERS\Apsx86.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igdkmd32.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\athr.sys
\SystemRoot\system32\DRIVERS\Rtlh86.sys
\SystemRoot\system32\DRIVERS\ohci1394.sys
\SystemRoot\system32\DRIVERS\1394BUS.SYS
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\rimmptsk.sys
\SystemRoot\system32\DRIVERS\rimsptsk.sys
\SystemRoot\system32\DRIVERS\rixdptsk.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\ibmpmdrv.sys
\SystemRoot\System32\Drivers\DLACDBHM.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\A0101V32.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\psadd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\CHDRT32.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\HSXHWAZL.sys
\SystemRoot\system32\DRIVERS\HSX_DPV.sys
\SystemRoot\system32\DRIVERS\HSX_CNXT.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\drivers\IntcHdmi.sys
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\Drivers\DLARTL_M.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\Drivers\aswRdr.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\drivers\Tppwr32v.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\smiif32.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\aswMonFlt.sys
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\DRIVERS\tvtfilter.sys
\SystemRoot\System32\Drivers\DRVNDDM.SYS
\SystemRoot\System32\DLA\DLADResM.SYS
\SystemRoot\System32\DLA\DLAIFS_M.SYS
\SystemRoot\System32\DLA\DLAOPIOM.SYS
\SystemRoot\System32\DLA\DLAPoolM.SYS
\SystemRoot\System32\DLA\DLABMFSM.SYS
\SystemRoot\System32\DLA\DLABOIOM.SYS
\SystemRoot\System32\DLA\DLAUDFAM.SYS
\SystemRoot\System32\DLA\DLAUDF_M.SYS
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Program Files\Lenovo\ATK Hotkey\ASMMAP.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\xaudio.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff85807918
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xffffffff8490a028
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
Initialization returned 0x0
Load Function returned 0x0
Downloaded database version: v2013.02.14.01
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff85807918, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff85807150, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8590aa08, DeviceName: Unknown, DriverName: \Driver\Shockprf\
DevicePointer: 0xffffffff85807918, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff84906358, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8490a028, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\Shockprf\
Upper DeviceData: 0xffffffff8c9e3418, 0xffffffff85807918, 0xffffffff855eb7e0
Lower DeviceData: 0xffffffffaf5109f0, 0xffffffff8490a028, 0xffffffff8558d040
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 40B7EFE0

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 3072000
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 3074048 Numsec = 289023992

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 292098048 Numsec = 20480000

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 160041885696 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-312561808-312581808)...
Done!
Performing system, memory and registry scan...
Infected: c:\Windows\$NtUninstallKB9536$\733875966\L --> [Backdoor.0Access]
Infected: c:\Windows\$NtUninstallKB9536$\733875966\U --> [Backdoor.0Access]
Infected: c:\Windows\$NtUninstallKB9536$\733875966 --> [Backdoor.0Access]
Done!
Scan finished
Creating System Restore point...
Scheduling clean up...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal successful. No system shutdown is required.
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1020

© Malwarebytes Corporation 2011-2012

OS version: 6.0.6001 Windows Vista Service Pack 1 x86

Account is Administrative

Internet Explorer version: 7.0.6001.18000

Java version: 1.6.0_38

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXED, S:\ DRIVE_FIXED
CPU speed: 1.995000 GHz
Memory total: 1036562432, free: 272777216

Removal queue found; removal started
Removing c:\Windows\$NtUninstallKB9536$\733875966\L...
Removing c:\Windows\$NtUninstallKB9536$\733875966\U...
Removing c:\Windows\$NtUninstallKB9536$\733875966...
Removal finished
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1020

© Malwarebytes Corporation 2011-2012

OS version: 6.0.6001 Windows Vista Service Pack 1 x86

Account is Administrative

Internet Explorer version: 7.0.6001.18000

Java version: 1.6.0_38

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXED, S:\ DRIVE_FIXED
CPU speed: 1.995000 GHz
Memory total: 1036562432, free: 128274432

------------ Kernel report ------------
02/20/2013 17:32:42
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iastor.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\DRVMCDB.SYS
\SystemRoot\System32\Drivers\PxHelp20.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\DRIVERS\ApsHM86.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\DRIVERS\Apsx86.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igdkmd32.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\athr.sys
\SystemRoot\system32\DRIVERS\Rtlh86.sys
\SystemRoot\system32\DRIVERS\ohci1394.sys
\SystemRoot\system32\DRIVERS\1394BUS.SYS
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\rimmptsk.sys
\SystemRoot\system32\DRIVERS\rimsptsk.sys
\SystemRoot\system32\DRIVERS\rixdptsk.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\ibmpmdrv.sys
\SystemRoot\System32\Drivers\DLACDBHM.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\A0101V32.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\psadd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\CHDRT32.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\HSXHWAZL.sys
\SystemRoot\system32\DRIVERS\HSX_DPV.sys
\SystemRoot\system32\DRIVERS\HSX_CNXT.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\drivers\IntcHdmi.sys
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\Drivers\DLARTL_M.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\Drivers\aswRdr.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\drivers\Tppwr32v.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\smiif32.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\aswMonFlt.sys
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\DRIVERS\tvtfilter.sys
\SystemRoot\System32\Drivers\DRVNDDM.SYS
\SystemRoot\System32\DLA\DLADResM.SYS
\SystemRoot\System32\DLA\DLAIFS_M.SYS
\SystemRoot\System32\DLA\DLAOPIOM.SYS
\SystemRoot\System32\DLA\DLAPoolM.SYS
\SystemRoot\System32\DLA\DLABMFSM.SYS
\SystemRoot\System32\DLA\DLABOIOM.SYS
\SystemRoot\System32\DLA\DLAUDFAM.SYS
\SystemRoot\System32\DLA\DLAUDF_M.SYS
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\??\C:\Program Files\Lenovo\ATK Hotkey\ASMMAP.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\xaudio.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff857fd310
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xffffffff84909028
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
Initialization returned 0x0
Load Function returned 0x0
Downloaded database version: v2013.02.20.08
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff857fd310, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff85900488, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff85900788, DeviceName: Unknown, DriverName: \Driver\Shockprf\
DevicePointer: 0xffffffff857fd310, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff84906868, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff84909028, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\Shockprf\
Upper DeviceData: 0xffffffffb1072910, 0xffffffff857fd310, 0xffffffff8485c3f8
Lower DeviceData: 0xffffffffb56dec28, 0xffffffff84909028, 0xffffffff841611d0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 40B7EFE0

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 3072000
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 3074048 Numsec = 289023992

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 292098048 Numsec = 20480000

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 160041885696 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-312561808-312581808)...
Done!
Performing system, memory and registry scan...
Done!
Scan finished

Edited by tiredofmalware1, 20 February 2013 - 07:32 PM.


#30 tiredofmalware1

tiredofmalware1

    Member

  • Full Member
  • Pip
  • 86 posts

Posted 20 February 2013 - 07:42 PM

Should I be concerned about the results from the Roguekiller scan? I ask because it found 4 registry changes.

Also, the Windows can't update icon is still in the system tray.

Edited by tiredofmalware1, 20 February 2013 - 07:44 PM.


#31 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 13,621 posts

Posted 21 February 2013 - 07:04 AM

Should I be concerned about the results from the Roguekiller scan? I ask because it found 4 registry changes.

It found 4 registry entries, but there's nothing wrong with them. Not everything it finds is a problem, that's why it doesn't clean automatically.

 

Also, the Windows can't update icon is still in the system tray.

It's actually good that it wasn't able to update yet, you don't want to update an infected system, and Malwarebytes Anti-Rootkit just removed an infection.

 

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


Please post the log from Farbar Service Scanner and note any errors encountered.


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#32 tiredofmalware1

tiredofmalware1

    Member

  • Full Member
  • Pip
  • 86 posts

Posted 21 February 2013 - 09:24 PM

Farbar Service Scanner Version: 20-02-2013
Ran by lisa (administrator) on 21-02-2013 at 21:16:33
Running from "C:\Users\lisa\Desktop"
Windows Vista ™ Home Basic Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys
[2012-08-01 21:46] - [2012-08-01 21:46] - 0273408 ____A (Microsoft Corporation) 48EB99503533C27AC6135648E5474457

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2010-08-12 18:34] - [2010-06-16 10:59] - 0898952 ____A (Microsoft Corporation) 782568AB6A43160A159B6215B70BCCE9

C:\Windows\system32\dnsrslvr.dll
[2011-04-20 19:33] - [2011-03-02 09:49] - 0086528 ____A (Microsoft Corporation) 4805D9A6D281C7A7DEFD9094DEC6AF7D

C:\Windows\system32\mpssvc.dll
[2008-01-20 21:34] - [2008-01-20 21:34] - 0393216 ____A (Microsoft Corporation) D1639BA315B0D79DEC49A4B0E1FB929B

C:\Windows\system32\bfe.dll
[2008-01-20 21:33] - [2008-01-20 21:33] - 0328704 ____A (Microsoft Corporation) 8582E233C346AEFE759833E8A30DD697

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe
[2008-01-20 21:33] - [2008-01-20 21:33] - 1054720 ____A (Microsoft Corporation) D5FB73D19C46ADE183F968E13F186B23

C:\Windows\system32\wscsvc.dll
[2008-01-20 21:33] - [2008-01-20 21:33] - 0061440 ____A (Microsoft Corporation) 683DD16B590372F2C9661D277F35E49C

C:\Windows\system32\wbem\WMIsvc.dll
[2008-01-20 21:34] - [2008-01-20 21:34] - 0161792 ____A (Microsoft Corporation) 00B79A7C984678F24CF052E5BEB3A2F5

C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll
[2008-01-20 21:34] - [2008-01-20 21:34] - 0758272 ____A (Microsoft Corporation) 02ED7B4DBC2A3232A389106DA7515C3D

C:\Windows\system32\es.dll
[2009-01-15 18:13] - [2009-01-15 18:13] - 0269312 ____A (Microsoft Corporation) 3CB3343D720168B575133A0A20DC2465

C:\Windows\system32\cryptsvc.dll
[2008-01-20 21:34] - [2008-01-20 21:34] - 0128000 ____A (Microsoft Corporation) 6DE363F9F99334514C46AEC02D3E3678

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll
[2009-04-16 19:48] - [2009-03-02 23:39] - 0551424 ____A (Microsoft Corporation) 301AE00E12408650BADDC04DBC832830



**** End of log ****

Edited by tiredofmalware1, 21 February 2013 - 09:27 PM.


#33 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 13,621 posts

Posted 22 February 2013 - 01:24 AM

Run the System File Checker

  • Open an elevated command prompt. To do this, click Start, click All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator.
  • If you are prompted for an administrator password or for a confirmation, type the password, or click Allow.
  • At the command prompt, type the following command, and then press ENTER:
    sfc /scannow

    The sfc /scannow command scans all protected system files and replaces incorrect versions with correct Microsoft versions.

After running the System File Checker, Follow these steps:

  • Open an elevated command prompt as described in the previous step 1.
  • At the command prompt, type the following command, and then press ENTER:
    findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcdetails.txt"

You can find those instructions here:

http://support.microsoft.com/kb/929833

 

Please post the log from running the System File Checker (sfcdetails.txt) that should be on your Desktop.


 


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#34 tiredofmalware1

tiredofmalware1

    Member

  • Full Member
  • Pip
  • 86 posts

Posted 24 February 2013 - 05:01 PM

When I type findstr/c:"[SR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcdetails.txt" nothing happens. Is there something missing?

#35 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 13,621 posts

Posted 25 February 2013 - 12:25 AM

There should have been a log sfcdetails.txt created on the Desktop.

Do you see the log Windows\Logs\CBS\CBS.log

If you see that, copy the contents to your next reply.

When you ran the System File Checker, were there any errors detected and fixed? Any errors that could not be fixed?


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#36 tiredofmalware1

tiredofmalware1

    Member

  • Full Member
  • Pip
  • 86 posts

Posted 25 February 2013 - 08:31 PM

 

There should have been a log sfcdetails.txt created on the Desktop.
yes but it is blank

Do you see the log Windows\Logs\CBS\CBS.log

Yes but access is denied.
If you see that, copy the contents to your next reply.
When you ran the System File Checker, were there any errors detected and fixed? Any errors that could not be fixed?

 

there were errors that could not be fixed.Do I need to redo the scan?

#37 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 13,621 posts

Posted 25 February 2013 - 09:51 PM

there were errors that could not be fixed.Do I need to redo the scan?

 

No, we will just copy the file to another location.

  • Go to C:\Windows\Logs\CBS\CBS.log, right-click on the file and Select Copy.
  • Right-click on the Desktop, and select Paste.
  • When asked to provide Administrator Permissions, select Continue (this will copy the file to the Desktop).
  • Double-click on CBS.log on the Desktop to open it, and scroll to the bottom (most recent entries).
  • Locate the entries from the time frame you ran the System file Checker, select them with the mouse, right-click and select Copy.
  • Paste the results into your next reply.

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#38 tiredofmalware1

tiredofmalware1

    Member

  • Full Member
  • Pip
  • 86 posts

Posted 26 February 2013 - 08:05 PM

I followed the instructions and got the file but it contains ALOT of info for 2/24/13. It all looks like mish mosh to me so I included everything for that date. I saved it in notepad and the file is attached.

POQ 0 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\a072c484d512ce016500000024126802._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:218{109}]"\SystemRoot\WinSxS\Temp\PendingRenames\401cd584d512ce016600000024126802.program_files_ffd0cbfc813cc4f1.cdf-ms", Destination = [l:130{65}]"\SystemRoot\WinSxS\FileMaps\program_files_ffd0cbfc813cc4f1.cdf-ms"
2: Move File: Source = [l:244{122}]"\SystemRoot\WinSxS\Temp\PendingRenames\6040dc84d512ce016700000024126802.program_files_common_files_d7a65bb2f0e854e7.cdf-ms", Destination = [l:156{78}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_d7a65bb2f0e854e7.cdf-ms"
3: Move File: Source = [l:278{139}]"\SystemRoot\WinSxS\Temp\PendingRenames\2003e184d512ce016800000024126802.program_files_common_files_microsoft_shared_818c5a0e45020fba.cdf-ms", Destination = [l:190{95}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_818c5a0e45020fba.cdf-ms"
4: Move File: Source = [l:286{143}]"\SystemRoot\WinSxS\Temp\PendingRenames\4027e884d512ce016900000024126802.program_files_common_files_microsoft_shared_ink_3c86e3db0b3b254c.cdf-ms", Destination = [l:198{99}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_3c86e3db0b3b254c.cdf-ms"
5: Move File: Source = [l:292{146}]"\SystemRoot\WinSxS\Temp\PendingRenames\a088ea84d512ce016a00000024126802.program_files_common_files_microsoft_shared_ink_en_7a951cedcb9a5105.cdf-ms", Destination = [l:204{102}]"\SystemRoot\WinSxS\FileMaps\program_files_common_files_microsoft_shared_ink_en_7a951cedcb9a5105.cdf-ms"

POQ 0 ends.
2013-02-24 16:25:51, Info CSI 00000009 [SR] Verify complete
2013-02-24 16:25:52, Info CSI 0000000a [SR] Verifying 100 (0x00000064) components
2013-02-24 16:25:52, Info CSI 0000000b [SR] Beginning Verify and Repair transaction
2013-02-24 16:26:07, Info CSI 0000000c Repair results created:
POQ 1 starts:

POQ 1 ends.
2013-02-24 16:26:07, Info CSI 0000000d [SR] Verify complete
2013-02-24 16:26:10, Info CSI 0000000e [SR] Verifying 100 (0x00000064) components
2013-02-24 16:26:10, Info CSI 0000000f [SR] Beginning Verify and Repair transaction
2013-02-24 16:26:14, Info CSI 00000010 Repair results created:
POQ 2 starts:

POQ 2 ends.
2013-02-24 16:26:14, Info CSI 00000011 [SR] Verify complete
2013-02-24 16:26:15, Info CSI 00000012 [SR] Verifying 100 (0x00000064) components
2013-02-24 16:26:15, Info CSI 00000013 [SR] Beginning Verify and Repair transaction
2013-02-24 16:26:19, Info CSI 00000014 Repair results created:
POQ 3 starts:

POQ 3 ends.
2013-02-24 16:26:19, Info CSI 00000015 [SR] Verify complete
2013-02-24 16:26:20, Info CSI 00000016 [SR] Verifying 100 (0x00000064) components
2013-02-24 16:26:20, Info CSI 00000017 [SR] Beginning Verify and Repair transaction
2013-02-24 16:26:24, Info CSI 00000018 Repair results created:
POQ 4 starts:

POQ 4 ends.
2013-02-24 16:26:24, Info CSI 00000019 [SR] Verify complete
2013-02-24 16:26:26, Info CSI 0000001a [SR] Verifying 100 (0x00000064) components
2013-02-24 16:26:26, Info CSI 0000001b [SR] Beginning Verify and Repair transaction
2013-02-24 16:26:29, Info CSI 0000001c Repair results created:
POQ 5 starts:

POQ 5 ends.
2013-02-24 16:26:29, Info CSI 0000001d [SR] Verify complete
2013-02-24 16:26:30, Info CSI 0000001e [SR] Verifying 100 (0x00000064) components
2013-02-24 16:26:30, Info CSI 0000001f [SR] Beginning Verify and Repair transaction
2013-02-24 16:26:34, Info CSI 00000020 Repair results created:
POQ 6 starts:

POQ 6 ends.
2013-02-24 16:26:34, Info CSI 00000021 [SR] Verify complete
2013-02-24 16:26:35, Info CSI 00000022 [SR] Verifying 100 (0x00000064) components
2013-02-24 16:26:35, Info CSI 00000023 [SR] Beginning Verify and Repair transaction
2013-02-24 16:26:39, Info CSI 00000024 Repair results created:
POQ 7 starts:

POQ 7 ends.
2013-02-24 16:26:39, Info CSI 00000025 [SR] Verify complete
2013-02-24 16:26:40, Info CSI 00000026 [SR] Verifying 100 (0x00000064) components
2013-02-24 16:26:40, Info CSI 00000027 [SR] Beginning Verify and Repair transaction
2013-02-24 16:26:43, Info CSI 00000028 Repair results created:
POQ 8 starts:

POQ 8 ends.
2013-02-24 16:26:43, Info CSI 00000029 [SR] Verify complete
2013-02-24 16:26:44, Info CSI 0000002a [SR] Verifying 100 (0x00000064) components
2013-02-24 16:26:44, Info CSI 0000002b [SR] Beginning Verify and Repair transaction
2013-02-24 16:26:47, Info CSI 0000002c Repair results created:
POQ 9 starts:

POQ 9 ends.
2013-02-24 16:26:47, Info CSI 0000002d [SR] Verify complete
2013-02-24 16:26:48, Info CSI 0000002e [SR] Verifying 100 (0x00000064) components
2013-02-24 16:26:48, Info CSI 0000002f [SR] Beginning Verify and Repair transaction
2013-02-24 16:26:51, Info CSI 00000030 Repair results created:
POQ 10 starts:

POQ 10 ends.
2013-02-24 16:26:51, Info CSI 00000031 [SR] Verify complete
2013-02-24 16:26:52, Info CSI 00000032 [SR] Verifying 100 (0x00000064) components
2013-02-24 16:26:52, Info CSI 00000033 [SR] Beginning Verify and Repair transaction
2013-02-24 16:26:56, Info CSI 00000034 Repair results created:
POQ 11 starts:

POQ 11 ends.
2013-02-24 16:26:56, Info CSI 00000035 [SR] Verify complete
2013-02-24 16:26:56, Info CSI 00000036 [SR] Verifying 100 (0x00000064) components
2013-02-24 16:26:56, Info CSI 00000037 [SR] Beginning Verify and Repair transaction
2013-02-24 16:27:01, Info CSI 00000038 Repair results created:
POQ 12 starts:

POQ 12 ends.
2013-02-24 16:27:01, Info CSI 00000039 [SR] Verify complete
2013-02-24 16:27:02, Info CSI 0000003a [SR] Verifying 100 (0x00000064) components
2013-02-24 16:27:02, Info CSI 0000003b [SR] Beginning Verify and Repair transaction
2013-02-24 16:27:05, Info CSI 0000003c Repair results created:
POQ 13 starts:

POQ 13 ends.
2013-02-24 16:27:05, Info CSI 0000003d [SR] Verify complete
2013-02-24 16:27:07, Info CSI 0000003e [SR] Verifying 100 (0x00000064) components
2013-02-24 16:27:07, Info CSI 0000003f [SR] Beginning Verify and Repair transaction
2013-02-24 16:27:10, Info CSI 00000040 Repair results created:
POQ 14 starts:

POQ 14 ends.
2013-02-24 16:27:10, Info CSI 00000041 [SR] Verify complete
2013-02-24 16:27:11, Info CSI 00000042 [SR] Verifying 100 (0x00000064) components
2013-02-24 16:27:11, Info CSI 00000043 [SR] Beginning Verify and Repair transaction
2013-02-24 16:27:14, Info CSI 00000044 Repair results created:
POQ 15 starts:

POQ 15 ends.
2013-02-24 16:27:14, Info CSI 00000045 [SR] Verify complete
2013-02-24 16:27:15, Info CSI 00000046 [SR] Verifying 100 (0x00000064) components
2013-02-24 16:27:15, Info CSI 00000047 [SR] Beginning Verify and Repair transaction
2013-02-24 16:27:20, Info CSI 00000048 Repair results created:
POQ 16 starts:

POQ 16 ends.
2013-02-24 16:27:20, Info CSI 00000049 [SR] Verify complete
2013-02-24 16:27:21, Info CSI 0000004a [SR] Verifying 100 (0x00000064) components
2013-02-24 16:27:21, Info CSI 0000004b [SR] Beginning Verify and Repair transaction
2013-02-24 16:27:24, Info CSI 0000004c Repair results created:
POQ 17 starts:

POQ 17 ends.
2013-02-24 16:27:24, Info CSI 0000004d [SR] Verify complete
2013-02-24 16:27:25, Info CSI 0000004e [SR] Verifying 100 (0x00000064) components
2013-02-24 16:27:25, Info CSI 0000004f [SR] Beginning Verify and Repair transaction
2013-02-24 16:27:40, Info CSI 00000050 Repair results created:
POQ 18 starts:

POQ 18 ends.
2013-02-24 16:27:40, Info CSI 00000051 [SR] Verify complete
2013-02-24 16:27:42, Info CSI 00000052 [SR] Verifying 100 (0x00000064) components
2013-02-24 16:27:42, Info CSI 00000053 [SR] Beginning Verify and Repair transaction
2013-02-24 16:27:46, Info CSI 00000054 Repair results created:
POQ 19 starts:

POQ 19 ends.
2013-02-24 16:27:46, Info CSI 00000055 [SR] Verify complete
2013-02-24 16:27:47, Info CSI 00000056 [SR] Verifying 100 (0x00000064) components
2013-02-24 16:27:47, Info CSI 00000057 [SR] Beginning Verify and Repair transaction
2013-02-24 16:27:51, Info CSI 00000058 Repair results created:
POQ 20 starts:

POQ 20 ends.
2013-02-24 16:27:51, Info CSI 00000059 [SR] Verify complete
2013-02-24 16:27:52, Info CSI 0000005a [SR] Verifying 100 (0x00000064) components
2013-02-24 16:27:52, Info CSI 0000005b [SR] Beginning Verify and Repair transaction
2013-02-24 16:27:56, Info CSI 0000005c Repair results created:
POQ 21 starts:

POQ 21 ends.
2013-02-24 16:27:56, Info CSI 0000005d [SR] Verify complete
2013-02-24 16:27:57, Info CSI 0000005e [SR] Verifying 100 (0x00000064) components
2013-02-24 16:27:57, Info CSI 0000005f [SR] Beginning Verify and Repair transaction
2013-02-24 16:28:02, Info CSI 00000060 Repair results created:
POQ 22 starts:

POQ 22 ends.
2013-02-24 16:28:02, Info CSI 00000061 [SR] Verify complete
2013-02-24 16:28:04, Info CSI 00000062 [SR] Verifying 100 (0x00000064) components
2013-02-24 16:28:04, Info CSI 00000063 [SR] Beginning Verify and Repair transaction
2013-02-24 16:28:07, Info CSI 00000064 Repair results created:
POQ 23 starts:

POQ 23 ends.
2013-02-24 16:28:07, Info CSI 00000065 [SR] Verify complete
2013-02-24 16:28:08, Info CSI 00000066 [SR] Verifying 100 (0x00000064) components
2013-02-24 16:28:08, Info CSI 00000067 [SR] Beginning Verify and Repair transaction
2013-02-24 16:28:13, Info CSI 00000068 Repair results created:
POQ 24 starts:

POQ 24 ends.
2013-02-24 16:28:13, Info CSI 00000069 [SR] Verify complete
2013-02-24 16:28:15, Info CSI 0000006a [SR] Verifying 100 (0x00000064) components
2013-02-24 16:28:15, Info CSI 0000006b [SR] Beginning Verify and Repair transaction
2013-02-24 16:28:21, Info CSI 0000006c Repair results created:
POQ 25 starts:

POQ 25 ends.
2013-02-24 16:28:21, Info CSI 0000006d [SR] Verify complete
2013-02-24 16:28:22, Info CSI 0000006e [SR] Verifying 100 (0x00000064) components
2013-02-24 16:28:22, Info CSI 0000006f [SR] Beginning Verify and Repair transaction
2013-02-24 16:28:32, Info CSI 00000070 Repair results created:
POQ 26 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\e04901e5d512ce01930a000024126802._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:218{109}]"\SystemRoot\WinSxS\Temp\PendingRenames\60cf0ae5d512ce01940a000024126802.program_files_ffd0cbfc813cc4f1.cdf-ms", Destination = [l:130{65}]"\SystemRoot\WinSxS\FileMaps\program_files_ffd0cbfc813cc4f1.cdf-ms"
2: Create Directory: Directory = [l:48{24}]"\??\C:\Program Files\MSN", Attributes = 00000080

POQ 26 ends.
2013-02-24 16:28:32, Info CSI 00000071 [SR] Verify complete
2013-02-24 16:28:33, Info CSI 00000072 [SR] Verifying 100 (0x00000064) components
2013-02-24 16:28:33, Info CSI 00000073 [SR] Beginning Verify and Repair transaction
2013-02-24 16:28:47, Info CSI 00000074 Repair results created:
POQ 27 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\c003acebd512ce01f90a000024126802._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\4089b5ebd512ce01fa0a000024126802.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
2: Move File: Source = [l:216{108}]"\SystemRoot\WinSxS\Temp\PendingRenames\c00ebfebd512ce01fb0a000024126802.$$_resources_fbee56ab048ab239.cdf-ms", Destination = [l:128{64}]"\SystemRoot\WinSxS\FileMaps\$$_resources_fbee56ab048ab239.cdf-ms"
3: Move File: Source = [l:230{115}]"\SystemRoot\WinSxS\Temp\PendingRenames\c00ebfebd512ce01fc0a000024126802.$$_resources_themes_4d0d4910e83c2273.cdf-ms", Destination = [l:142{71}]"\SystemRoot\WinSxS\FileMaps\$$_resources_themes_4d0d4910e83c2273.cdf-ms"
4: Move File: Source = [l:240{120}]"\SystemRoot\WinSxS\Temp\PendingRenames\80d1c3ebd512ce01fd0a000024126802.$$_resources_themes_aero_3fd78bf4cb5fa2c4.cdf-ms", Destination = [l:152{76}]"\SystemRoot\WinSxS\FileMaps\$$_resources_themes_aero_3fd78bf4cb5fa2c4.cdf-ms"
5: Move File: Source = [l:252{126}]"\SystemRoot\WinSxS\Temp\PendingRenames\e032c6ebd512ce01fe0a000024126802.$$_resources_themes_aero_shell_a91dfa5124b343c4.cdf-ms", Destination = [l:164{82}]"\SystemRoot\WinSxS\FileMaps\$$_resources_themes_aero_shell_a91dfa5124b343c4.cdf-ms"
6: Move File: Source = [l:276{138}]"\SystemRoot\WinSxS\Temp\PendingRenames\4094c8ebd512ce01ff0a000024126802.$$_resources_themes_aero_shell_normalcolor_10be8ec981b35fb6.cdf-ms", Destination = [l:188{94}]"\SystemRoot\WinSxS\FileMaps\$$_resources_themes_aero_shell_normalcolor_10be8ec981b35fb6.cdf-ms"
7: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\a000deebd512ce01000b000024126802.$$_schcache_f995a5d4decb8cc0.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_schcache_f995a5d4decb8cc0.cdf
2013-02-24 16:28:47, Info CSI -ms"
8: Move File: Source = [l:234{117}]"\SystemRoot\WinSxS\Temp\PendingRenames\e0ab97ecd512ce01010b000024126802.$$_help_windows_en-us_b594929e73669c5e.cdf-ms", Destination = [l:146{73}]"\SystemRoot\WinSxS\FileMaps\$$_help_windows_en-us_b594929e73669c5e.cdf-ms"
9: Move File: Source = [l:228{114}]"\SystemRoot\WinSxS\Temp\PendingRenames\c092a3ecd512ce01020b000024126802.$$_help_help_en-us_91e6e7979a9bf9c6.cdf-ms", Destination = [l:140{70}]"\SystemRoot\WinSxS\FileMaps\$$_help_help_en-us_91e6e7979a9bf9c6.cdf-ms"
10: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\a0c634edd512ce01030b000024126802.$$_system32_21f9a9c4a2f8b514.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms"
11: Move File: Source = [l:242{121}]"\SystemRoot\WinSxS\Temp\PendingRenames\00334aedd512ce01040b000024126802.$$_system32_manifeststore_7d35b12f9be4c20e.cdf-ms", Destination = [l:154{77}]"\SystemRoot\WinSxS\FileMaps\$$_system32_manifeststore_7d35b12f9be4c20e.cdf-ms"
12: Move File: Source = [l:212{106}]"\SystemRoot\WinSxS\Temp\PendingRenames\004970edd512ce01050b000024126802.$$_msagent_be90584645cb9b95.cdf-ms", Destination = [l:124{62}]"\SystemRoot\WinSxS\FileMaps\$$_msagent_be90584645cb9b95.cdf-ms"
13: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\20afe9edd512ce01060b000024126802.$$_apppatch_1143992cbbbebcab.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_apppatch_1143992cbbbebcab.cdf-ms"
14: Move File: Source = [l:224{112}]"\SystemRoot\WinSxS\Temp\PendingRenames\803125eed512ce01070b000024126802.$$_msagent_chars_9a5bcb5da392f588.cdf-ms", Destination = [l:136{68}]"\SystemRoot\WinSxS\FileMaps\$$_msagent_chars_9a5bcb5da392f588.cdf-ms"

POQ 27 ends.
2013-02-24 16:28:47, Info CSI 00000075 [SR] Verify complete
2013-02-24 16:28:48, Info CSI 00000076 [SR] Verifying 100 (0x00000064) components
2013-02-24 16:28:48, Info CSI 00000077 [SR] Beginning Verify and Repair transaction
2013-02-24 16:28:58, Info CSI 00000078 Ignoring duplicate ownership for directory [l:64{32}]"\??\C:\Windows\Branding\Shellbrd" in component Microsoft-Windows-Branding-Shell-HomeBasic, Version = 6.0.6000.16386, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2013-02-24 16:28:58, Info CSI 00000079 Repair results created:
POQ 28 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\207abff2d512ce016c0b000024126802._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\409ec6f2d512ce016d0b000024126802.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
2: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\80e6d4f2d512ce016e0b000024126802.$$_branding_1728f5d8b15e5263.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_branding_1728f5d8b15e5263.cdf-ms"
3: Move File: Source = [l:230{115}]"\SystemRoot\WinSxS\Temp\PendingRenames\006cdef2d512ce016f0b000024126802.$$_branding_basebrd_9ee9a176c9fadab4.cdf-ms", Destination = [l:142{71}]"\SystemRoot\WinSxS\FileMaps\$$_branding_basebrd_9ee9a176c9fadab4.cdf-ms"
4: Move File: Source = [l:242{121}]"\SystemRoot\WinSxS\Temp\PendingRenames\40d525f3d512ce01700b000024126802.$$_branding_basebrd_en-us_51c0631d4347f350.cdf-ms", Destination = [l:154{77}]"\SystemRoot\WinSxS\FileMaps\$$_branding_basebrd_en-us_51c0631d4347f350.cdf-ms"
5: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\602579f3d512ce01710b000024126802.$$_system32_21f9a9c4a2f8b514.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms"
6: Move File: Source = [l:244{122}]"\SystemRoot\WinSxS\Temp\PendingRenames\c0918ef3d512ce01720b000024126802.$$_system32_branding_en-us_86fc4588168f7f89.cdf-ms", Destination = [l:156{78}]"\SystemRoot\WinSxS\FileMaps\$$_system32_branding_en-us_86fc4588168f7f89.cdf-ms"
7: Move File: Source = [l:224{112}]"\SystemRoot\WinSxS\Temp\PendingRenames\c041bff4d512ce01730b000024126802.$$_system32_boot_06654401df2fc50e.cdf-ms", Destination = [l:136{68}]"\SystemRoot\WinSxS\FileMaps\$$_system32_boot_06654401df2fc50e.cdf-ms"
8: Move File: Source = [l:232{116}]"\SystemRoot\Wi
2013-02-24 16:28:58, Info CSI nSxS\Temp\PendingRenames\20b9e7f4d512ce01740b000024126802.$$_branding_shellbrd_be1f632087fb0947.cdf-ms", Destination = [l:144{72}]"\SystemRoot\WinSxS\FileMaps\$$_branding_shellbrd_be1f632087fb0947.cdf-ms"

POQ 28 ends.
2013-02-24 16:28:58, Info CSI 0000007a [SR] Verify complete
2013-02-24 16:29:02, Info CSI 0000007b [SR] Verifying 100 (0x00000064) components
2013-02-24 16:29:02, Info CSI 0000007c [SR] Beginning Verify and Repair transaction
2013-02-24 16:29:12, Info CSI 0000007d Ignoring duplicate ownership for directory [ml:14{7},l:12{6}]"\??\C:" in component Microsoft-Windows-Client-Features-Default-Security, Version = 6.0.6000.16386, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2013-02-24 16:29:14, Info CSI 0000007e Repair results created:
POQ 29 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\a0ed0cfdd512ce01d90b000024126802._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\004f0ffdd512ce01da0b000024126802.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
2: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\60b011fdd512ce01db0b000024126802.$$_branding_1728f5d8b15e5263.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_branding_1728f5d8b15e5263.cdf-ms"
3: Move File: Source = [l:232{116}]"\SystemRoot\WinSxS\Temp\PendingRenames\c01114fdd512ce01dc0b000024126802.$$_branding_shellbrd_be1f632087fb0947.cdf-ms", Destination = [l:144{72}]"\SystemRoot\WinSxS\FileMaps\$$_branding_shellbrd_be1f632087fb0947.cdf-ms"
4: Move File: Source = [l:212{106}]"\SystemRoot\WinSxS\Temp\PendingRenames\e06167fdd512ce01dd0b000024126802.$$_schemas_9f2c881475a483d6.cdf-ms", Destination = [l:124{62}]"\SystemRoot\WinSxS\FileMaps\$$_schemas_9f2c881475a483d6.cdf-ms"
5: Move File: Source = [l:204{102}]"\SystemRoot\WinSxS\Temp\PendingRenames\c05e99fdd512ce01de0b000024126802.$$_inf_3f581daba4c8c835.cdf-ms", Destination = [l:116{58}]"\SystemRoot\WinSxS\FileMaps\$$_inf_3f581daba4c8c835.cdf-ms"
6: Move File: Source = [l:216{108}]"\SystemRoot\WinSxS\Temp\PendingRenames\a045a5fdd512ce01df0b000024126802.$$_inf_msdtc_0ef70686e1d9b30c.cdf-ms", Destination = [l:128{64}]"\SystemRoot\WinSxS\FileMaps\$$_inf_msdtc_0ef70686e1d9b30c.cdf-ms"
7: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\6008aafdd512ce01e00b000024126802.$$_inf_msdtc_0000_5b1b81b54f36c82e.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_inf_msdtc_0000_5b1b81b54f36c82e.cdf-ms"
8: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\a09d3dfed512ce01e10b000024126802.$$_inf
2013-02-24 16:29:14, Info CSI _msdtc_0409_5b1b92d34f36ae69.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_inf_msdtc_0409_5b1b92d34f36ae69.cdf-ms"

POQ 29 ends.
2013-02-24 16:29:14, Info CSI 0000007f [SR] Verify complete
2013-02-24 16:29:15, Info CSI 00000080 [SR] Verifying 100 (0x00000064) components
2013-02-24 16:29:15, Info CSI 00000081 [SR] Beginning Verify and Repair transaction
2013-02-24 16:29:25, Info CSI 00000082 Repair results created:
POQ 30 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\e0c64703d612ce01460c000024126802._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\e0c64703d612ce01470c000024126802.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
2: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\c0b86603d612ce01480c000024126802.$$_system32_21f9a9c4a2f8b514.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms"
3: Move File: Source = [l:242{121}]"\SystemRoot\WinSxS\Temp\PendingRenames\20257c03d612ce01490c000024126802.$$_system32_codeintegrity_e9af9308cfc26dc2.cdf-ms", Destination = [l:154{77}]"\SystemRoot\WinSxS\FileMaps\$$_system32_codeintegrity_e9af9308cfc26dc2.cdf-ms"
4: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\408bf503d612ce014a0c000024126802.$$_system32_tasks_5f1dd67a5a1ae70e.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_tasks_5f1dd67a5a1ae70e.cdf-ms"
5: Move File: Source = [l:246{123}]"\SystemRoot\WinSxS\Temp\PendingRenames\004efa03d612ce014b0c000024126802.$$_system32_tasks_microsoft_b7abd682baafefc2.cdf-ms", Destination = [l:158{79}]"\SystemRoot\WinSxS\FileMaps\$$_system32_tasks_microsoft_b7abd682baafefc2.cdf-ms"
6: Move File: Source = [l:218{109}]"\SystemRoot\WinSxS\Temp\PendingRenames\c010ff03d612ce014c0c000024126802.program_files_ffd0cbfc813cc4f1.cdf-ms", Destination = [l:130{65}]"\SystemRoot\WinSxS\FileMaps\program_files_ffd0cbfc813cc4f1.cdf-ms"
7: Move File: Source = [l:252{126}]"\SystemRoot\WinSxS\Temp\PendingRenames\80d30304d612ce014d0c000024126802.program_files_windows_calendar_499855975101431e.cdf-ms", Destination = [l:164{82}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_calendar_499855975101431e.cdf-ms"
8: Move File: Source
2013-02-24 16:29:25, Info CSI = [l:264{132}]"\SystemRoot\WinSxS\Temp\PendingRenames\40a11b04d612ce014e0c000024126802.program_files_windows_calendar_en-us_dd4914c795cbfad6.cdf-ms", Destination = [l:176{88}]"\SystemRoot\WinSxS\FileMaps\program_files_windows_calendar_en-us_dd4914c795cbfad6.cdf-ms"

POQ 30 ends.
2013-02-24 16:29:25, Info CSI 00000083 [SR] Verify complete
2013-02-24 16:29:26, Info CSI 00000084 [SR] Verifying 100 (0x00000064) components
2013-02-24 16:29:26, Info CSI 00000085 [SR] Beginning Verify and Repair transaction
2013-02-24 16:29:36, Info CSI 00000086 Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\th-TH" in component Microsoft-Windows-comdlg32.Resources, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"th-TH", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2013-02-24 16:29:37, Info CSI 00000087 Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\et-EE" in component Microsoft-Windows-comdlg32.Resources, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"et-EE", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2013-02-24 16:29:38, Info CSI 00000088 Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\ja-JP" in component Microsoft-Windows-comdlg32.Resources, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"ja-JP", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2013-02-24 16:29:39, Info CSI 00000089 Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\pl-PL" in component Microsoft-Windows-comdlg32.Resources, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"pl-PL", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2013-02-24 16:29:40, Info CSI 0000008a Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\pt-PT" in component Microsoft-Windows-comdlg32.Resources, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"pt-PT", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2013-02-24 16:29:40, Info CSI 0000008b Ignoring duplicate ownership for directory [l:68{34}]"\??\C:\Windows\System32\sr-Latn-CS" in component Microsoft-Windows-comdlg32.Resources, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:20{10}]"sr-Latn-CS", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2013-02-24 16:29:40, Info CSI 0000008c Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\es-ES" in component Microsoft-Windows-comdlg32.Resources, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"es-ES", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2013-02-24 16:29:43, Info CSI 0000008d Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\nb-NO" in component Microsoft-Windows-comdlg32.Resources, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"nb-NO", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2013-02-24 16:29:45, Info CSI 0000008e Repair results created:
POQ 31 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\80ca2509d612ce01b30c000024126802._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\80ca2509d612ce01b40c000024126802.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
2: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\60bc4409d612ce01b50c000024126802.$$_system32_21f9a9c4a2f8b514.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms"
3: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\00665509d612ce01b60c000024126802.$$_system32_pt-br_5783f3346581bed3.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_pt-br_5783f3346581bed3.cdf-ms"
4: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\80018509d612ce01b70c000024126802.$$_system32_el-gr_429cd0b684dc71bd.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_el-gr_429cd0b684dc71bd.cdf-ms"
5: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\00a8c709d612ce01b80c000024126802.$$_system32_ko-kr_4e039de673c23e4a.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_ko-kr_4e039de673c23e4a.cdf-ms"
6: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\804e0a0ad612ce01b90c000024126802.$$_system32_da-dk_40b64d5e87b63595.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_da-dk_40b64d5e87b63595.cdf-ms"
7: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\4053810ad612ce01ba0c000024126802.$$_system32_ro-ro_5b50dd6a5fce5f0b.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_ro-ro_5b50dd6a5fce5f0b.cdf-ms"
8: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames
2013-02-24 16:29:45, Info CSI \c0eeb00ad612ce01bb0c000024126802.$$_system32_ru-ru_5b50e7f65fce4fdb.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_ru-ru_5b50e7f65fce4fdb.cdf-ms"
9: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\4095f30ad612ce01bc0c000024126802.$$_system32_de-de_40b6416a87b647ef.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_de-de_40b6416a87b647ef.cdf-ms"
10: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\40ab190bd612ce01bd0c000024126802.$$_system32_lt-lt_4fea189870e886c7.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_lt-lt_4fea189870e886c7.cdf-ms"
11: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\40c13f0bd612ce01be0c000024126802.$$_system32_lv-lv_4fea1c1c70e881b7.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_lv-lv_4fea1c1c70e881b7.cdf-ms"
12: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\e075630bd612ce01bf0c000024126802.$$_system32_th-th_5f1dc0505a1b09f7.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_th-th_5f1dc0505a1b09f7.cdf-ms"
13: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\00b0900bd612ce01c00c000024126802.$$_system32_tr-tr_5f1dd1e45a1af0a7.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_tr-tr_5f1dd1e45a1af0a7.cdf-ms"
14: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\400ec50bd612ce01c10c000024126802.$$_system32_et-ee_429cb6e884dc9948.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_et-ee_429cb6e884dc9948.cdf-ms"
15: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\806cf90bd612ce01c20c000024126802.$$_system32_it-it_4a36b1ca7975a0f9.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_it-it_4a36b1ca7975a0f9.cdf-ms"
16: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\2037430c
2013-02-24 16:29:45, Info CSI d612ce01c30c000024126802.$$_system32_fi-fi_448337a68202d703.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_fi-fi_448337a68202d703.cdf-ms"
17: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\e00f6e0cd612ce01c40c000024126802.$$_system32_fr-fr_448347788202c03b.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_fr-fr_448347788202c03b.cdf-ms"
18: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\e025940cd612ce01c50c000024126802.$$_system32_nl-nl_53b6f9bc6b35343b.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_nl-nl_53b6f9bc6b35343b.cdf-ms"
19: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\e03bba0cd612ce01c60c000024126802.$$_system32_ja-jp_4c1d2478769bf2f4.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_ja-jp_4c1d2478769bf2f4.cdf-ms"
20: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\c038ec0cd612ce01c70c000024126802.$$_system32_sk-sk_5d374dfc5cf4b5c5.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_sk-sk_5d374dfc5cf4b5c5.cdf-ms"
21: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\e072190dd612ce01c80c000024126802.$$_system32_hr-hr_485036ac7c4f596f.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_hr-hr_485036ac7c4f596f.cdf-ms"
22: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\e0883f0dd612ce01c90c000024126802.$$_system32_hu-hu_48503bf27c4f51d7.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_hu-hu_48503bf27c4f51d7.cdf-ms"
23: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\60246f0dd612ce01ca0c000024126802.$$_system32_pl-pl_5783e8f06581cd6f.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_pl-pl_5783e8f06581cd6f.cdf-ms"
24: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\20fd990dd612ce01
2013-02-24 16:29:45, Info CSI cb0c000024126802.$$_system32_pt-pt_5783f7006581b92f.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_pt-pt_5783f7006581b92f.cdf-ms"
25: Move File: Source = [l:236{118}]"\SystemRoot\WinSxS\Temp\PendingRenames\00facb0dd612ce01cc0c000024126802.$$_system32_sr-latn-cs_36d1c3d11e65ce00.cdf-ms", Destination = [l:148{74}]"\SystemRoot\WinSxS\FileMaps\$$_system32_sr-latn-cs_36d1c3d11e65ce00.cdf-ms"
26: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\8095fb0dd612ce01cd0c000024126802.$$_system32_es-es_429cd1a084dc7119.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_es-es_429cd1a084dc7119.cdf-ms"
27: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\003c3e0ed612ce01ce0c000024126802.$$_system32_bg-bg_3ce955ba8d69a9ab.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_bg-bg_3ce955ba8d69a9ab.cdf-ms"
28: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\409a720ed612ce01cf0c000024126802.$$_system32_uk-ua_61042a3457416b73.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_uk-ua_61042a3457416b73.cdf-ms"
29: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\c040b50ed612ce01d00c000024126802.$$_system32_cs-cz_3ecfefb68a8fc3f6.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_cs-cz_3ecfefb68a8fc3f6.cdf-ms"
30: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\a03de70ed612ce01d10c000024126802.$$_system32_sv-se_5d37410c5cf4ca56.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_sv-se_5d37410c5cf4ca56.cdf-ms"
31: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\20d9160fd612ce01d20c000024126802.$$_system32_zh-cn_6a8499504900c466.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_zh-cn_6a8499504900c466.cdf-ms"
32: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\e0b1410fd612ce
2013-02-24 16:29:45, Info CSI 01d30c000024126802.$$_system32_zh-hk_6a84939e4900ccf6.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_zh-hk_6a84939e4900ccf6.cdf-ms"
33: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\8066650fd612ce01d40c000024126802.$$_system32_zh-tw_6a84aa664900aad6.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_zh-tw_6a84aa664900aad6.cdf-ms"
34: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\6063970fd612ce01d50c000024126802.$$_system32_he-il_48502d1c7c4f6669.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_he-il_48502d1c7c4f6669.cdf-ms"
35: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\0018bb0fd612ce01d60c000024126802.$$_system32_ar-sa_3b02d130904371b4.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_ar-sa_3b02d130904371b4.cdf-ms"
36: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\c0f0e50fd612ce01d70c000024126802.$$_system32_nb-no_53b700d66b352886.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_nb-no_53b700d66b352886.cdf-ms"
37: Move File: Source = [l:238{119}]"\SystemRoot\WinSxS\Temp\PendingRenames\a0ed1710d612ce01d80c000024126802.$$_system32_msdtc_trace_f33466dc5bf36670.cdf-ms", Destination = [l:150{75}]"\SystemRoot\WinSxS\FileMaps\$$_system32_msdtc_trace_f33466dc5bf36670.cdf-ms"
38: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\00654010d612ce01d90c000024126802.$$_system32_sl-si_5d374a0c5cf4bbc8.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_sl-si_5d374a0c5cf4bbc8.cdf-ms"
39: Move File: Source = [l:222{111}]"\SystemRoot\WinSxS\Temp\PendingRenames\c03d6b10d612ce01da0c000024126802.$$_system32_com_066545e3d047e7c7.cdf-ms", Destination = [l:134{67}]"\SystemRoot\WinSxS\FileMaps\$$_system32_com_066545e3d047e7c7.cdf-ms"
40: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\40e4ad10d612ce
2013-02-24 16:29:45, Info CSI 01db0c000024126802.$$_system32_en-us_429cd25484dc6f94.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_en-us_429cd25484dc6f94.cdf-ms"
41: Set Key Value: Key = [l:162{81}]"\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Cleanup", Value = [l:76{38}]"{6002fb82-02e5-1953-16d3-ec814bdc5adc}", Type = REG_SZ (1), Data = {l:102 b:43003a005c00570069006e0064006f00770073005c00730079007300740065006d00330032005c006d0073006400740063007000720078002e0064006c006c002c00530079007300500072006500700044007400630043006c00650061006e00750070000000}
42: Set Key Value: Key = [l:168{84}]"\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Generalize", Value = [l:76{38}]"{6002fb82-02e5-1953-1eb2-96b7091aa28f}", Type = REG_SZ (1), Data = {l:108 b:43003a005c00570069006e0064006f00770073005c00730079007300740065006d00330032005c006d0073006400740063007000720078002e0064006c006c002c005300790073005000720065007000440074006300470065006e006500720061006c0069007a0065000000}
43: Set Key Value: Key = [l:168{84}]"\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Specialize", Value = [l:76{38}]"{6002fb82-02e5-1953-35a2-cee9227ca977}", Type = REG_SZ (1), Data = {l:108 b:43003a005c00570069006e0064006f00770073005c00730079007300740065006d00330032005c006d0073006400740063007000720078002e0064006c006c002c0053007900730050007200650070004400740063005300700065006300690061006c0069007a0065000000}
44: Set Key Value: Key = [l:168{84}]"\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Specialize", Value = [l:76{38}]"{d4b18d8a-bf11-59ca-594c-604cd9837b21}", Type = REG_SZ (1), Data = {l:96 b:43003a005c00570069006e0064006f00770073005c00730079007300740065006d00330032005c00630061007400730072007600750074002e0064006c006c002c00530079007300700072006500700043006f006d0070006c00750073000000}

POQ 31 ends.
2013-02-24 16:29:45, Info CSI 0000008f [SR] Verify complete
2013-02-24 16:29:46, Info CSI 00000090 [SR] Verifying 100 (0x00000064) components
2013-02-24 16:29:46, Info CSI 00000091 [SR] Beginning Verify and Repair transaction
2013-02-24 16:29:56, Info CSI 00000092 Repair results created:
POQ 32 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\0017a616d612ce01400d000024126802._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\0017a616d612ce01410d000024126802.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
2: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\406ac716d612ce01420d000024126802.$$_system32_21f9a9c4a2f8b514.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms"
3: Move File: Source = [l:206{103}]"\SystemRoot\WinSxS\Temp\PendingRenames\e01eeb16d612ce01430d000024126802.$$_temp_401038c9a18c18c0.cdf-ms", Destination = [l:118{59}]"\SystemRoot\WinSxS\FileMaps\$$_temp_401038c9a18c18c0.cdf-ms"
4: Move File: Source = [l:280{140}]"\SystemRoot\WinSxS\Temp\PendingRenames\e03f2417d612ce01440d000024126802.programdata_microsoft_crypto_dss_machinekeys_43de8c451bf80cb4.cdf-ms", Destination = [l:192{96}]"\SystemRoot\WinSxS\FileMaps\programdata_microsoft_crypto_dss_machinekeys_43de8c451bf80cb4.cdf-ms"
5: Move File: Source = [l:258{129}]"\SystemRoot\WinSxS\Temp\PendingRenames\40a12617d612ce01450d000024126802.programdata_microsoft_crypto_keys_584b284368b25bef.cdf-ms", Destination = [l:170{85}]"\SystemRoot\WinSxS\FileMaps\programdata_microsoft_crypto_keys_584b284368b25bef.cdf-ms"
6: Move File: Source = [l:280{140}]"\SystemRoot\WinSxS\Temp\PendingRenames\60c52d17d612ce01460d000024126802.programdata_microsoft_crypto_rsa_machinekeys_aa739417efae0d58.cdf-ms", Destination = [l:192{96}]"\SystemRoot\WinSxS\FileMaps\programdata_microsoft_crypto_rsa_machinekeys_aa739417efae0d58.cdf-ms"
7: Set Key Value: Key = [l:168{84}]"\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Generalize", Value = [l:76{38}]"{c01f3410-d5ff-e992-c28d-ccc47a787790}", Type = REG_SZ (1), Data =
2013-02-24 16:29:56, Info CSI {l:108 b:43003a005c00570069006e0064006f00770073005c00730079007300740065006d00330032005c006300610070006900730070002e0064006c006c002c00430041005000490053007900730050007200650070005f00470065006e006500720061006c0069007a0065000000}
8: Set Key Value: Key = [l:168{84}]"\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Specialize", Value = [l:76{38}]"{c01f3410-d5ff-e992-b30d-046ffeeb096e}", Type = REG_SZ (1), Data = {l:112 b:43003a005c00570069006e0064006f00770073005c00730079007300740065006d00330032005c006300610070006900730070002e0064006c006c002c00430072007900700074006f0053007900730050007200650070005f005300700065006300690061006c0069007a0065000000}
9: Set Key Value: Key = [l:162{81}]"\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Cleanup", Value = [l:76{38}]"{c01f3410-d5ff-e992-1dcd-fb0609f92d84}", Type = REG_SZ (1), Data = {l:102 b:43003a005c00570069006e0064006f00770073005c00730079007300740065006d00330032005c006300610070006900730070002e0064006c006c002c00430072007900700074006f0053007900730050007200650070005f0043006c00650061006e000000}

POQ 32 ends.
2013-02-24 16:29:56, Info CSI 00000093 [SR] Verify complete
2013-02-24 16:29:57, Info CSI 00000094 [SR] Verifying 100 (0x00000064) components
2013-02-24 16:29:57, Info CSI 00000095 [SR] Beginning Verify and Repair transaction
2013-02-24 16:30:11, Info CSI 00000096 Repair results created:
POQ 33 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\40f0e01cd612ce01ab0d000024126802._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\00b3e51cd612ce01ac0d000024126802.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
2: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\4006071dd612ce01ad0d000024126802.$$_system32_21f9a9c4a2f8b514.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms"
3: Move File: Source = [l:236{118}]"\SystemRoot\WinSxS\Temp\PendingRenames\804e151dd612ce01ae0d000024126802.$$_system32_ime_shared_5a5b3a5824d8fee4.cdf-ms", Destination = [l:148{74}]"\SystemRoot\WinSxS\FileMaps\$$_system32_ime_shared_5a5b3a5824d8fee4.cdf-ms"
4: Move File: Source = [l:244{122}]"\SystemRoot\WinSxS\Temp\PendingRenames\e0af171dd612ce01af0d000024126802.$$_system32_ime_shared_res_791e6438104a0cf8.cdf-ms", Destination = [l:156{78}]"\SystemRoot\WinSxS\FileMaps\$$_system32_ime_shared_res_791e6438104a0cf8.cdf-ms"
5: Move File: Source = [l:230{115}]"\SystemRoot\WinSxS\Temp\PendingRenames\e01dd61dd612ce01b00d000024126802.$$_system32_drivers_dc1b782427b5ee1b.cdf-ms", Destination = [l:142{71}]"\SystemRoot\WinSxS\FileMaps\$$_system32_drivers_dc1b782427b5ee1b.cdf-ms"
6: Move File: Source = [l:240{120}]"\SystemRoot\WinSxS\Temp\PendingRenames\a0e0da1dd612ce01b10d000024126802.$$_system32_drivers_umdf_a531b5dc588477d3.cdf-ms", Destination = [l:152{76}]"\SystemRoot\WinSxS\FileMaps\$$_system32_drivers_umdf_a531b5dc588477d3.cdf-ms"
7: Move File: Source = [l:242{121}]"\SystemRoot\WinSxS\Temp\PendingRenames\a0e0da1dd612ce01b20d000024126802.$$_system32_logfiles_wudf_082845cc19e06817.cdf-ms", Destination = [l:154{77}]"\SystemRoot\WinSxS\FileMaps\$$_system32_logfiles_wudf_082845cc19e06817.cdf-ms"

POQ 33 ends.
2013-02-24 16:30:11, Info CSI 00000097 [SR] Verify complete
2013-02-24 16:30:16, Info CSI 00000098 [SR] Verifying 100 (0x00000064) components
2013-02-24 16:30:16, Info CSI 00000099 [SR] Beginning Verify and Repair transaction
2013-02-24 16:30:26, Info CSI 0000009a Repair results created:
POQ 34 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\c0b0b327d612ce01170e000024126802._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\2012b627d612ce01180e000024126802.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
2: Move File: Source = [l:224{112}]"\SystemRoot\WinSxS\Temp\PendingRenames\c0bbc627d612ce01190e000024126802.$$_digitallocker_c114c0cb179413b0.cdf-ms", Destination = [l:136{68}]"\SystemRoot\WinSxS\FileMaps\$$_digitallocker_c114c0cb179413b0.cdf-ms"
3: Move File: Source = [l:204{102}]"\SystemRoot\WinSxS\Temp\PendingRenames\a026b728d612ce011a0e000024126802.$$_ime_3f581be9a4c8cabd.cdf-ms", Destination = [l:116{58}]"\SystemRoot\WinSxS\FileMaps\$$_ime_3f581be9a4c8cabd.cdf-ms"
4: Move File: Source = [l:232{116}]"\SystemRoot\WinSxS\Temp\PendingRenames\60e9bb28d612ce011b0e000024126802.$$_ime_imejp10_dicts_281006c600450618.cdf-ms", Destination = [l:144{72}]"\SystemRoot\WinSxS\FileMaps\$$_ime_imejp10_dicts_281006c600450618.cdf-ms"
5: Move File: Source = [l:230{115}]"\SystemRoot\WinSxS\Temp\PendingRenames\20acc028d612ce011c0e000024126802.$$_ime_imejp10_help_280ffde19e779392.cdf-ms", Destination = [l:142{71}]"\SystemRoot\WinSxS\FileMaps\$$_ime_imejp10_help_280ffde19e779392.cdf-ms"
6: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\a03cdd28d612ce011d0e000024126802.$$_system32_21f9a9c4a2f8b514.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms"
7: Move File: Source = [l:236{118}]"\SystemRoot\WinSxS\Temp\PendingRenames\c060e428d612ce011e0e000024126802.$$_system32_ime_shared_5a5b3a5824d8fee4.cdf-ms", Destination = [l:148{74}]"\SystemRoot\WinSxS\FileMaps\$$_system32_ime_shared_5a5b3a5824d8fee4.cdf-ms"
8: Move File: Source = [l:238{119}]"\SystemRoot\WinSxS\Temp\PendingRenames\20c
2013-02-24 16:30:26, Info CSI 2e628d612ce011f0e000024126802.$$_system32_ime_imejp10_aead4918eed09977.cdf-ms", Destination = [l:150{75}]"\SystemRoot\WinSxS\FileMaps\$$_system32_ime_imejp10_aead4918eed09977.cdf-ms"
9: Move File: Source = [l:254{127}]"\SystemRoot\WinSxS\Temp\PendingRenames\8023e928d612ce01200e000024126802.$$_system32_ime_imejp10_applets_bad04da37647b46c.cdf-ms", Destination = [l:166{83}]"\SystemRoot\WinSxS\FileMaps\$$_system32_ime_imejp10_applets_bad04da37647b46c.cdf-ms"
10: Set Key Value: Key = [l:168{84}]"\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Generalize", Value = [l:76{38}]"{2e8fcf7a-29a0-d75a-b1a6-321233838362}", Type = REG_SZ (1), Data = {l:110 b:43003a005c00570069006e0064006f00770073005c00530079007300740065006d00330032005c00640068006300700063007300760063002e0064006c006c002c00440068006300700043006c00690065006e0074005f00470065006e006500720061006c0069007a0065000000}

POQ 34 ends.
2013-02-24 16:30:26, Info CSI 0000009b [SR] Verify complete
2013-02-24 16:30:27, Info CSI 0000009c [SR] Verifying 100 (0x00000064) components
2013-02-24 16:30:27, Info CSI 0000009d [SR] Beginning Verify and Repair transaction
2013-02-24 16:30:39, Info CSI 0000009e Repair results created:
POQ 35 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\405eaa30d612ce01850e000024126802._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\a0bfac30d612ce01860e000024126802.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
2: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\0021af30d612ce01870e000024126802.$$_prefetch_1688e4e8b2f89473.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_prefetch_1688e4e8b2f89473.cdf-ms"
3: Move File: Source = [l:234{117}]"\SystemRoot\WinSxS\Temp\PendingRenames\c0e3b330d612ce01880e000024126802.$$_prefetch_readyboot_925024bb73d7b5a6.cdf-ms", Destination = [l:146{73}]"\SystemRoot\WinSxS\FileMaps\$$_prefetch_readyboot_925024bb73d7b5a6.cdf-ms"
4: Move File: Source = [l:204{102}]"\SystemRoot\WinSxS\Temp\PendingRenames\e007bb30d612ce01890e000024126802.$$_inf_3f581daba4c8c835.cdf-ms", Destination = [l:116{58}]"\SystemRoot\WinSxS\FileMaps\$$_inf_3f581daba4c8c835.cdf-ms"
5: Move File: Source = [l:222{111}]"\SystemRoot\WinSxS\Temp\PendingRenames\4069bd30d612ce018a0e000024126802.$$_inf_emdcache_a9f844a112e9fbd9.cdf-ms", Destination = [l:134{67}]"\SystemRoot\WinSxS\FileMaps\$$_inf_emdcache_a9f844a112e9fbd9.cdf-ms"
6: Move File: Source = [l:232{116}]"\SystemRoot\WinSxS\Temp\PendingRenames\a0cabf30d612ce018b0e000024126802.$$_inf_emdcache_0000_1a85a6f345dc1c55.cdf-ms", Destination = [l:144{72}]"\SystemRoot\WinSxS\FileMaps\$$_inf_emdcache_0000_1a85a6f345dc1c55.cdf-ms"
7: Set Key Value: Key = [l:162{81}]"\Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Sysprep\Cleanup", Value = [l:76{38}]"{f6fc276d-9f52-9e32-d0e0-b84048427b38}", Type = REG_SZ (1), Data = {l:94 b:43003a005c00570069006e0064006f00770073005c00530079007300740065006d00330032005c0065006d0064006d0067006d0074002e0064006c006c002c
2013-02-24 16:30:39, Info CSI 0045004d0044004d0067006d00740053007900730050007200650070000000}

POQ 35 ends.
2013-02-24 16:30:39, Info CSI 0000009f [SR] Verify complete
2013-02-24 16:30:40, Info CSI 000000a0 [SR] Verifying 100 (0x00000064) components
2013-02-24 16:30:40, Info CSI 000000a1 [SR] Beginning Verify and Repair transaction
2013-02-24 16:30:51, Info CSI 000000a2 Ignoring duplicate ownership for directory [l:58{29}]"\??\C:\Windows\System32\en-US" in component Microsoft-Windows-Foundation-Default-Security.Resources, Version = 6.0.6000.16386, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"en-US", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2013-02-24 16:30:52, Info CSI 000000a3 Ignoring duplicate ownership for directory [l:120{60}]"\??\C:\Program Files\Common Files\microsoft shared\ink\en-US" in component Microsoft-Windows-Foundation-Default-Security.Resources, Version = 6.0.6000.16386, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture = [l:10{5}]"en-US", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral

2013-02-24 16:30:57, Info CSI 000000a4 Repair results created:
POQ 36 starts:
0: Move File: Source = [l:192{96}]"\SystemRoot\WinSxS\Temp\PendingRenames\c01c4836d612ce01f00e000024126802._0000000000000000.cdf-ms", Destination = [l:104{52}]"\SystemRoot\WinSxS\FileMaps\_0000000000000000.cdf-ms"
1: Move File: Source = [l:162{81}]"\SystemRoot\WinSxS\Temp\PendingRenames\c01c4836d612ce01f10e000024126802.$$.cdf-ms", Destination = [l:74{37}]"\SystemRoot\WinSxS\FileMaps\$$.cdf-ms"
2: Move File: Source = [l:238{119}]"\SystemRoot\WinSxS\Temp\PendingRenames\e0404f36d612ce01f20e000024126802.$$_provisioning_schemas_e5f1fed287ff6c79.cdf-ms", Destination = [l:150{75}]"\SystemRoot\WinSxS\FileMaps\$$_provisioning_schemas_e5f1fed287ff6c79.cdf-ms"
3: Move File: Source = [l:214{107}]"\SystemRoot\WinSxS\Temp\PendingRenames\40b87736d612ce01f30e000024126802.$$_system32_21f9a9c4a2f8b514.cdf-ms", Destination = [l:126{63}]"\SystemRoot\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms"
4: Move File: Source = [l:212{106}]"\SystemRoot\WinSxS\Temp\PendingRenames\a0b38437d612ce01f40e000024126802.$$_msagent_be90584645cb9b95.cdf-ms", Destination = [l:124{62}]"\SystemRoot\WinSxS\FileMaps\$$_msagent_be90584645cb9b95.cdf-ms"
5: Move File: Source = [l:224{112}]"\SystemRoot\WinSxS\Temp\PendingRenames\60768937d612ce01f50e000024126802.$$_msagent_en-us_9a5bd997a394de81.cdf-ms", Destination = [l:136{68}]"\SystemRoot\WinSxS\FileMaps\$$_msagent_en-us_9a5bd997a394de81.cdf-ms"
6: Move File: Source = [l:224{112}]"\SystemRoot\WinSxS\Temp\PendingRenames\c0d78b37d612ce01f60e000024126802.$$_digitallocker_c114c0cb179413b0.cdf-ms", Destination = [l:136{68}]"\SystemRoot\WinSxS\FileMaps\$$_digitallocker_c114c0cb179413b0.cdf-ms"
7: Move File: Source = [l:236{118}]"\SystemRoot\WinSxS\Temp\PendingRenames\e0fb9237d612ce01f70e000024126802.$$_digitallocker_en-us_ff53d45933582902.cdf-ms", Destination = [l:148{74}]"\SystemRoot\WinSxS\FileMaps\$$_digitallocker_en-us_ff53d45933582902.cdf-ms"
8: Move File: Source = [l:204{102}]"\SystemRoot\WinSxS\Temp\PendingRen
2013-02-24 16:30:57, Info CSI ames\a0be9737d612ce01f80e000024126802.$$_ime_3f581be9a4c8cabd.cdf-ms", Destination = [l:116{58}]"\SystemRoot\WinSxS\FileMaps\$$_ime_3f581be9a4c8cabd.cdf-ms"
9: Move File: Source = [l:216{108}]"\SystemRoot\WinSxS\Temp\PendingRenames\60819c37d612ce01f90e000024126802.$$_ime_en-us_0d349188e45a5789.cdf-ms", Destination = [l:128{64}]"\SystemRoot\WinSxS\FileMaps\$$_ime_en-us_0d349188e45a5789.cdf-ms"
10: Move File: Source = [l:236{118}]"\SystemRoot\WinSxS\Temp\PendingRenames\2044a137d612ce01fa0e000024126802.$$_windowsmobile_en-us_f08024b04092b0cd.cdf-ms", Destination = [l:148{74}]"\SystemRoot\WinSxS\FileMaps\$$_windowsmobile_en-us_f08024b04092b0cd.cdf-ms"
11: Move File: Source = [l:204{102}]"\SystemRoot\WinSxS\Temp\PendingRenames\4068a837d612ce01fb0e000024126802.$$_inf_3f581daba4c8c835.cdf-ms", Destination = [l:116{58}]"\SystemRoot\WinSxS\FileMaps\$$_inf_3f581daba4c8c835.cdf-ms"
12: Move File: Source = [l:216{108}]"\SystemRoot\WinSxS\Temp\PendingRenames\002bad37d612ce01fc0e000024126802.$$_inf_en-us_0ef70046e1d1b811.cdf-ms", Destination = [l:128{64}]"\SystemRoot\WinSxS\FileMaps\$$_inf_en-us_0ef70046e1d1b811.cdf-ms"
13: Move File: Source = [l:230{115}]"\SystemRoot\WinSxS\Temp\PendingRenames\80b0b637d612ce01fd0e000024126802.$$_inf_remoteaccess_110554180baafc8b.cdf-ms", Destination = [l:142{71}]"\SystemRoot\WinSxS\FileMaps\$$_inf_remoteaccess_110554180baafc8b.cdf-ms"
14: Move File: Source = [l:240{120}]"\SystemRoot\WinSxS\Temp\PendingRenames\4073bb37d612ce01fe0e000024126802.$$_inf_remoteaccess_0409_86bc979ae65d5e96.cdf-ms", Destination = [l:152{76}]"\SystemRoot\WinSxS\FileMaps\$$_inf_remoteaccess_0409_86bc979ae65d5e96.cdf-ms"
15: Move File: Source = [l:208{104}]"\SystemRoot\WinSxS\Temp\PendingRenames\a0d4bd37d612ce01ff0e000024126802.$$_en-us_40104e69a1d105cc.cdf-ms", Destination = [l:120{60}]"\SystemRoot\WinSxS\FileMaps\$$_en-us_40104e69a1d105cc.cdf-ms"
16: Move File: Source = [l:232{116}]"\SystemRoot\WinSxS\Temp\PendingRenames\c0f8c437d612ce01000f000024126802.$$_policydefinitions_8913
2013-02-24 16:30:57, Info CSI 0cdfc4d9c27c.cdf-ms", Destination = [l:144{72}]"\SystemRoot\WinSxS\FileMaps\$$_policydefinitions_89130cdfc4d9c27c.cdf-ms"
17: Move File: Source = [l:244{122}]"\SystemRoot\WinSxS\Temp\PendingRenames\205ac737d612ce01010f000024126802.$$_policydefinitions_en-us_3b1c5b998da0d4ae.cdf-ms", Destination = [l:156{78}]"\SystemRoot\WinSxS\FileMaps\$$_policydefinitions_en-us_3b1c5b998da0d4ae.cdf-ms"
18: Move File: Source = [l:224{112}]"\SystemRoot\WinSxS\Temp\PendingRenames\80d1ef37d612ce01020f000024126802.$$_system32_oobe_06655c95df2fa06f.cdf-ms", Destination = [l:136{68}]"\SystemRoot\WinSxS\FileMaps\$$_system32_oobe_06655c95df2fa06f.cdf-ms"
19: Move File: Source = [l:236{118}]"\SystemRoot\WinSxS\Temp\PendingRenames\e032f237d612ce01030f000024126802.$$_system32_oobe_en-us_e44fe14df02b3595.cdf-ms", Destination = [l:148{74}]"\SystemRoot\WinSxS\FileMaps\$$_system32_oobe_en-us_e44fe14df02b3595.cdf-ms"
20: Move File: Source = [l:230{115}]"\SystemRoot\WinSxS\Temp\PendingRenames\a0f5f637d612ce01040f000024126802.$$_system32_sysprep_f7b45b8dfed1b768.cdf-ms", Destination = [l:142{71}]"\SystemRoot\WinSxS\FileMaps\$$_system32_sysprep_f7b45b8dfed1b768.cdf-ms"
21: Move File: Source = [l:242{121}]"\SystemRoot\WinSxS\Temp\PendingRenames\0057f937d612ce01050f000024126802.$$_system32_sysprep_en-us_ed807a30a752749a.cdf-ms", Destination = [l:154{77}]"\SystemRoot\WinSxS\FileMaps\$$_system32_sysprep_en-us_ed807a30a752749a.cdf-ms"
22: Move File: Source = [l:224{112}]"\SystemRoot\WinSxS\Temp\PendingRenames\c019fe37d612ce01060f000024126802.$$_system32_0409_06652563df2ff0c1.cdf-ms", Destination = [l:136{68}]"\SystemRoot\WinSxS\FileMaps\$$_system32_0409_06652563df2ff0c1.cdf-ms"
23: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\207b0038d612ce01070f000024126802.$$_system32_setup_5d3758a05cf4a445.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_setup_5d3758a05cf4a445.cdf-ms"
24: Move File: Source = [l:238{119}]"\SystemRoot\WinSxS\Temp\PendingRenames\207b0038d612ce01
2013-02-24 16:30:57, Info CSI 080f000024126802.$$_system32_setup_en-us_afa35959583f5dbd.cdf-ms", Destination = [l:150{75}]"\SystemRoot\WinSxS\FileMaps\$$_system32_setup_en-us_afa35959583f5dbd.cdf-ms"
25: Move File: Source = [l:234{117}]"\SystemRoot\WinSxS\Temp\PendingRenames\a0000a38d612ce01090f000024126802.$$_system32_migration_927a21df1acd7c18.cdf-ms", Destination = [l:146{73}]"\SystemRoot\WinSxS\FileMaps\$$_system32_migration_927a21df1acd7c18.cdf-ms"
26: Move File: Source = [l:246{123}]"\SystemRoot\WinSxS\Temp\PendingRenames\00620c38d612ce010a0f000024126802.$$_system32_migration_en-us_815d10948a0810a2.cdf-ms", Destination = [l:158{79}]"\SystemRoot\WinSxS\FileMaps\$$_system32_migration_en-us_815d10948a0810a2.cdf-ms"
27: Move File: Source = [l:226{113}]"\SystemRoot\WinSxS\Temp\PendingRenames\006d1f38d612ce010b0f000024126802.$$_system32_en-us_429cd25484dc6f94.cdf-ms", Destination = [l:138{69}]"\SystemRoot\WinSxS\FileMaps\$$_system32_en-us_429cd25484dc6f94.cdf-ms"
28: Move File: Source = [l:244{122}]"\SystemRoot\WinSxS\Temp\PendingRenames\40b52d38d612ce010c0f000024126802.$$_system32_en-us_licenses_205e682c4ad0fe50.cdf-ms", Destination = [l:156{78}]"\SystemRoot\WinSxS\FileMaps\$$_system32_en-us_licenses_205e682c4ad0fe50.cdf-ms"
29: Move File: Source = [l:230{115}]"\SystemRoot\WinSxS\Temp\PendingRenames\c03a3738d612ce010d0f000024126802.$$_system32_drivers_dc1b782427b5ee1b.cdf-ms", Destination = [l:142{71}]"\SystemRoot\WinSxS\FileMaps\$$_system32_drivers_dc1b782427b5ee1b.cdf-ms"
30: Move File: Source = [l:242{121}]"\SystemRoot\WinSxS\Temp\PendingRenames\60e44738d612ce010e0f000024126802.$$_system32_drivers_en-us_4bb913fc5eb96bcf.cdf-ms", Destination = [l:154{77}]"\SystemRoot\WinSxS\FileMaps\$$_system32_drivers_en-us_4bb913fc5eb96bcf.cdf-ms"
31: Move File: Source = [l:240{120}]"\SystemRoot\WinSxS\Temp\PendingRenames\e0695138d612ce010f0f000024126802.$$_system32_drivers_umdf_a531b5dc588477d3.cdf-ms", Destination = [l:152{76}]"\SystemRoot\WinSxS\FileMaps\$$_system32_drivers_umdf_a531b5dc588477d3.cdf-ms"
32: Move
2013-02-24 16:30:57, Info CSI File: Source = [l:252{126}]"\SystemRoot\WinSxS\Temp\PendingRenames\40cb5338d612ce01100f000024126802.$$_system32_drivers_umdf_en-us_b8ba9f5b7f1c3933.cdf-ms", Destination = [l:164{82}]"\SystemRoot\WinSxS\FileMaps\$$_system32_drivers_umdf_en-us_b8ba9f5b7f1c3933.cdf-ms"
33: Move File: Source = [l:240{120}]"\SystemRoot\WinSxS\Temp\PendingRenames\60ef5a38d612ce01110f000024126802.$$_system32_mui_dispspec_d93de566344a36d0.cdf-ms", Destination = [l:152{76}]"\SystemRoot\WinSxS\FileMaps\$$_system32_mui_dispspec_d93de566344a36d0.cdf-ms"
34: Move File: Source = [l:232{116}]"\SystemRoot\WinSxS\Temp\PendingRenames\20b25f38d612ce01120f000024126802.$$_system32_mui_0409_ecc96e0e9498d62e.cdf-ms", Destina

Edited by tiredofmalware1, 26 February 2013 - 08:31 PM.


#39 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 13,621 posts

Posted 26 February 2013 - 09:49 PM

It certainly was a LOT of information, but it looks like the only file that did not match it's expected contents and could not be repaired was an .ini file, a configuration file, I don't think that's a problem.

 

Please download Windows Repair (all in one) from here.
 

  • Install the program.
  • Please proceed to run it.
  • Go to Step 2 and allow it to run CheckDisk by clicking on the Do It button:

    p22001645.gif
  • Once that is done please go to Step 3 and allow it to run the System File Check by clicking on the Do It button:

    p22001646.gif
  • Go to Step 4 and under System Restore click on the Create button:

    p22001644.gif
  • Next, go to the Start Repairs tab and click the Start button.

    p22001166.gif
  • Please ensure that ONLY items I've listed below are checked (they're all checked by default):
    Note: Only check these, NOT as shown in the graphic.

    Reset Registry Permissions
    Reset File Permissions
    Repair File Permissions
    Register System Files
    Repair Windows Firewall
    Remove Policies Set by Infections
    Remove Temp Files
    Set Windows Services to Default Startup

    p22001647.gif
  • Place a checkmark in the box for Restart/Shutdown System When Finished
  • Select Restart System. Then click on Start.

 

 

As far back as the end of 2010, you've been told that you needed to update Windows and install the current Service Pack. Windows Vista Service Pack 1 support ended on 12/07/2011. How come you've never done this? Was Windows Update not working all this time? Is your copy of Windows registered?

 

Go to Start > Control Panel > System.
Then scroll all the way down to the bottom and you should see a section called Windows activation.
Does it say Windows is Activated like this?

 


genuinemicrosoftsoftware.png?76e51b

 

 


 

 


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#40 tiredofmalware1

tiredofmalware1

    Member

  • Full Member
  • Pip
  • 86 posts

Posted 01 March 2013 - 12:42 AM

 

As far back as the end of 2010, you've been told that you needed to update Windows and install the current Service Pack. Windows Vista Service Pack 1 support ended on 12/07/2011. How come you've never done this? Was Windows Update not working all this time? Is your copy of Windows registered?

I never updated because I moved long distance then went back, and did a great deal of traveling for the past two years. I just made sure that I kept the antivirus programs up to date, but that of course wasn't enough.


 
Go to Start > Control Panel > System.
Then scroll all the way down to the bottom and you should see a section called Windows activation.
Does it say Windows is Activated like this?
 

[url="http://s.helpdeskgee...png?76e51b[/url]
 
 

 
 

 

Windows is activated


Yes my version of windows is activated and has a product key and everything.

Did you want me to post a log of the windows repairs that were done?

jucheck.exe has been prompting me to update Java, is it a legitimate Java program or a virus? I ask because I have never seen jucheck.exe before and want to make sure.

#41 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 13,621 posts

Posted 01 March 2013 - 01:21 AM

It's likely the actual Java prompting you, but update it this way rather than through the prompt.

 

Your Java is outdated and vulnerable.

Updating Java:

  • Download the latest version of Java Runtime Environment (JRE) 7.
  • In the box labeled "Java Platform, Standard Edition", click the "Download JRE" button to the right.
  • In the Window that opens, click the "Accept License Agreement" button.
  • Download the file for Windows x86 Offline (jre-7u13-windows-i586.exe).
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add or Remove Programs and remove all older versions of Java.
    • Java™ 6 Update 38
    • Java™ 6 Update 7
  • Then from your Desktop double-click on the new version you downloaded and install it.
  • Even better with all the recent Java vulnerabilities would be to not reinstall if you don't have any requirement for Java.
  • If you do reinstall it, I recommend you go to Control Panel > Java, and when the Java Control Panel opens, click the Security tab and uncheck the box for :Enable Java content in the browser".

 

Go to Start > Control Panel > Windows Update, check for updates, and start updating Windows. The place to start would be with the Service Pack selected by itself, and rebooting afterwards. Redo this until you have selected all the updates and installed them.

 

After that, please re-run Security Check and post the new log, and note any errors encountered.


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#42 tiredofmalware1

tiredofmalware1

    Member

  • Full Member
  • Pip
  • 86 posts

Posted 03 March 2013 - 04:53 PM

Sorry for the delay. I want to make sure I download the right software. You want me to download: jre-7u13-windows-i586.exe but what I see is : jre-7u15-windows-i586.exe. Which one is it?

#43 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 13,621 posts

Posted 03 March 2013 - 07:16 PM

Sorry, that was a typo, it should be jre-7u15-windows-i586.exe.


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#44 tiredofmalware1

tiredofmalware1

    Member

  • Full Member
  • Pip
  • 86 posts

Posted 03 March 2013 - 09:32 PM

ok, I just wanted to make sure. I will try to post the results later, if not then tomorrow.

#45 tiredofmalware1

tiredofmalware1

    Member

  • Full Member
  • Pip
  • 86 posts

Posted 05 March 2013 - 09:30 PM

Ok which one is security check again? The posts are so long that my computer freezes up and I can't find it. Also, since I have used so many programs it has all become a blur.

#46 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 13,621 posts

Posted 05 March 2013 - 10:02 PM

You need to update Java again. It was just updated again yesterday to fix vulnerabilities. The current version is now jre-7u17-windows-i586.exe (Version 7, Update 17).

 

After that, Security Check should have been saved on your Desktop as SecurityCheck.exe. Please run that after updating Java again and post the log in your next reply.


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#47 tiredofmalware1

tiredofmalware1

    Member

  • Full Member
  • Pip
  • 86 posts

Posted 06 March 2013 - 12:11 AM

BTW I will do the windows updates overnight since it will take awhile.

Results of screen317's Security Check version 0.99.57
Windows Vista Service Pack 1 x86 (UAC is enabled)
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.70.0.1100
Java 7 Update 17
Java version out of Date!
Adobe Reader 8 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
lisa Desktop antivirus programs SecurityCheck.exe
Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 9 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````





#48 tiredofmalware1

tiredofmalware1

    Member

  • Full Member
  • Pip
  • 86 posts

Posted 07 March 2013 - 08:51 PM

I did another security check andhere are the results:

Results of screen317's Security Check version 0.99.57
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.70.0.1100
Java 7 Update 17
Java version out of Date!
Adobe Reader 8 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
lisa Desktop antivirus programs SecurityCheck.exe
Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 4 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````


#49 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Administrators
  • PipPipPipPipPip
  • 7,162 posts

Posted 07 March 2013 - 09:02 PM

Hello tiredofmalware1.

The Joker has been called away, I will be helping you to finish up.

After you have finished installing all the Windows updates, please delete the Security Check on your Desktop, and download a new version then run Security Check again and post its log back here to me.


Rocket Grannie
 


a51.gif

 
My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.


#50 tiredofmalware1

tiredofmalware1

    Member

  • Full Member
  • Pip
  • 86 posts

Posted 09 March 2013 - 04:09 PM

ok this is weird. I left the computer connected to the internet. Then it began installing some Windows updates between last night and today. The next thing I know, I have IE 9 when I didn't install it on the computer. Is this because of windows updates or has my computer been taken over? :S


Edited by tiredofmalware1, 09 March 2013 - 04:10 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button