Jump to content


Photo

"System Check" Malware


  • This topic is locked This topic is locked
22 replies to this topic

#1 briang8r

briang8r

    Member

  • Full Member
  • Pip
  • 15 posts

Posted 10 February 2012 - 09:22 PM

Hello:

My girlfriend's laptop has some sort of virus that I can't get rid of. It keeps posting a bunch of bogus hard drive and RAM errors. It will not let me launch task manager or even install malwarebytes. I think it did something to permissions on the machine, but I am not sure how or what. So, unfortunately I cannot post a log. This fake "system check" application keeps coming up with fake diagnostic tools in it. I can get to the internet from the machine, but that is about it for now. If you can help, I would really appreciate it.

Thank you,

Brian

Edit: Please read the Instructions and post the requested logs.
We need the information in order to help you.

Edited by cnm, 10 February 2012 - 09:55 PM.


#2 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,476 posts

Posted 11 February 2012 - 12:22 PM

Please read the Instructions and post the requested logs. We need the information in order to help you.

Are you unable to download files?
This is an automated message. It does not count as help.

#3 briang8r

briang8r

    Member

  • Full Member
  • Pip
  • 15 posts

Posted 11 February 2012 - 04:17 PM

Please read the Instructions and post the requested logs. We need the information in order to help you.

Are you unable to download files?


Hello:
Thank you for replying. Unfortunately, the answer is yes, I am unable to install files currently. I tried to install and run the apps from the instructions, but could not. I am able to download the executables, but not able to run them. When the executable gets ready to finish, I get an error saying that access denied, and it rolls back the install. It does this in safe mode as well. It is an XP machine. I am unsure how to allow myself permissions to install programs. This thing also redirects all of the web searches, but you can get to the intended page through the history.

#4 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,058 posts

Posted 11 February 2012 - 05:30 PM

Open the group policy if possible: http://www.microsoft...p.mspx?mfr=true

If you were able to do that, Set permissions for Software Installation

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#5 briang8r

briang8r

    Member

  • Full Member
  • Pip
  • 15 posts

Posted 11 February 2012 - 06:07 PM

Open the group policy if possible: http://www.microsoft...p.mspx?mfr=true

If you were able to do that, Set permissions for Software Installation


OK I was able to add the Group Policy to the MMC, however, I don't see the Security tab when I right click "Local Computer Policy" and go to "Properties". It only has a "General" tab (screen shot attached). Did I miss a step? I think I am able to do more screenshots out of safe mode if that would help at all. I appreciate your patience.

#6 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,058 posts

Posted 11 February 2012 - 06:14 PM

Please see How to attach a screen shot. That would help.

Please use the Posted Image button when replying. I don't need to see my own posts. Thank you!

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#7 briang8r

briang8r

    Member

  • Full Member
  • Pip
  • 15 posts

Posted 12 February 2012 - 08:41 AM

OK sorry about that. I have added two screen shots to show what I was talking about (No Security Tab. This thing has also stripped out the programs from the start menu, so I am launching them from the command prompt or from Program Files.

mmc.PNG

properties.PNG

#8 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,058 posts

Posted 14 February 2012 - 12:31 PM

Sorry briang8r, I missed your reply.

Looks like you have 'Local Computer Policy' instead of 'Group Policy'.
Follow the steps 'How to Start the Group Policy Editor' in http://support.microsoft.com/kb/307882

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#9 briang8r

briang8r

    Member

  • Full Member
  • Pip
  • 15 posts

Posted 15 February 2012 - 10:07 PM

Thank you. I followed those instructions, but is there a specific group policy object that I am trying to browse to (step 6 under How to Start the Group Policy Editor)? I have attached the screen shot of where I am stuck. I am sorry for the confusion on my part. I know what the group policy screen I am supposed to be seeing is, but I am not able to get there for some reason.

gpo.PNG

#10 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,058 posts

Posted 16 February 2012 - 04:33 PM

What happens if you click 'OK'?

What version of Windows are you running? If it's Vista or Win 7, is it 32-bit or 64-bit?
So far I know nothing at all about your PC or what is running on it..

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#11 briang8r

briang8r

    Member

  • Full Member
  • Pip
  • 15 posts

Posted 16 February 2012 - 07:35 PM

I'm sorry, the computer is on Windows XP (SP2).

If I click OK on that screen, it brings me back to the "Group Policy Wizard", which is the screen that pops up after I select "Group Policy Object Editor" out of the list of available snap-ins and click "Add".

#12 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,058 posts

Posted 16 February 2012 - 08:23 PM

The best thing would be for you to create and boot from an external disk, and disinfect independently of Windows.


Read all of these directions before proceeding. It isn't nearly as complicated as it looks. :) And there are helpful pictures.

When you have the .ISO file downloaded, you need to create a bootable disk or flash drive with it, using a clean PC to do that. The .ISO file is a disk image. It should NOT be burned as a regular file. You need a program like BurnAware Free or ImgBurn that can burn an .ISO image. I think a CD is best as there is no way anything can write on it after it is made, but the USB may be more convenient and easier.

Be sure to read these:
Download Kaspersky Rescue Disk 10
How to record Kaspersky Rescue Disk 10 to an USB device and boot my computer from it?
How to record Kaspersky Rescue Disk 10 to a CD/DVD and boot my computer from the disk?


Summarizing:
  • Go to a clean PC.
  • Download the .iso image file.
  • Create a CD (or flash drive if you prefer).
  • At the infected PC: put the disk in the drive and reboot.

Follow the directions here, but you will find some differences.

Familiarize yourself with How to create a report file in Kaspersky Rescue Disk 10?

Print the following directions:

Boot from Kaspersky Rescue Disk 10:
Restart your computer and put the disk in the drive while booting.
Press any key. A loading wizard will start (you will see the menu to select the required language). If you do not press any key in 10 seconds, the computer boots from hard drive automatically.
Select the required interface language using the arrow-keys on your keyboard.
Press the Enter key on the keyboard.
In the start up wizard window that opens, select the Kaspersky Rescue Disk. Graphic Mode
Click Enter.
Click 'A' to accept the agreement.
Select operating system from dropdown menu (select Windows whatever)
Select Objects to scan: check Disk boot sectors, Hidden startup objects, C:
Click My Update Center and update if any available
Back to other tab and click Start Object Scan.
(It took 3 hours to scan my 47G)
When scan has completed save a report:

On the upper part of the Kaspersky Rescue Disk window, click on the Report link.
On the bottom right hand corner of the Protection status - Kaspersky Rescue Disk window, click on the Detailed Report button.
On the upper right hand corner of the Detailed report window, click on the Save button.
After clicking Detailed Report and 'SAVE', a browse window opens.
Double-click on the \
Click 'disks'.
All your drives will be shown and you can easily double-click C and save the report to C:\KasperskyRescueDisk10.txt.
Click on the Save button.
The report has been saved to the file.

Remove the disk from the drive (or disconnect USB) and reboot normally.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#13 briang8r

briang8r

    Member

  • Full Member
  • Pip
  • 15 posts

Posted 21 February 2012 - 10:41 PM

OK, sorry for the delay, but here is the text from the report. It looks like there definitely is some ugly stuff on her machine:

Objects Scan: completed 4 minutes ago (events: 62, objects: 352392, time: 02:56:48)
2/21/12 7:26 PM Task started
2/21/12 7:28 PM Detected: Rootkit.Boot.SST.a /dev/sda
2/21/12 7:28 PM Untreated: Rootkit.Boot.SST.a /dev/sda Postponed
2/21/12 7:28 PM Detected: Trojan-Clicker.WMA.Agent.d C:/Documents and Settings/Administrator/.housecall6.6/Quarantine/Christy Moore I.R.A.- Grace.wma.bac_a00360/CryptFF.b
2/21/12 7:28 PM Untreated: Trojan-Clicker.WMA.Agent.d C:/Documents and Settings/Administrator/.housecall6.6/Quarantine/Christy Moore I.R.A.- Grace.wma.bac_a00360/CryptFF.b Postponed
2/21/12 7:28 PM Detected: Hoax.HTML.FakeAntivirus.a (analysis according to the database of dangerous URLs) C:/Documents and Settings/Administrator/.housecall6.6/Quarantine/destrub[1].js.bac_a00360/CryptFF.b
2/21/12 7:28 PM Untreated: Hoax.HTML.FakeAntivirus.a (analysis according to the database of dangerous URLs) C:/Documents and Settings/Administrator/.housecall6.6/Quarantine/destrub[1].js.bac_a00360/CryptFF.b Postponed
2/21/12 7:28 PM Detected: Net-Worm.Win32.Koobface.bjq C:/Documents and Settings/Administrator/.housecall6.6/Quarantine/ld14.exe.bac_a00360/CryptFF.b
2/21/12 7:28 PM Untreated: Net-Worm.Win32.Koobface.bjq C:/Documents and Settings/Administrator/.housecall6.6/Quarantine/ld14.exe.bac_a00360/CryptFF.b Postponed
2/21/12 7:28 PM Detected: Trojan.Win32.Small.abay C:/Documents and Settings/Administrator/.housecall6.6/Quarantine/pp.11[1].exe.bac_a00360/CryptFF.b
2/21/12 7:28 PM Untreated: Trojan.Win32.Small.abay C:/Documents and Settings/Administrator/.housecall6.6/Quarantine/pp.11[1].exe.bac_a00360/CryptFF.b Postponed
2/21/12 7:28 PM Detected: Trojan-FakeAV.Win32.AntiSpyWare2009.b C:/Documents and Settings/Administrator/.housecall6.6/Quarantine/wini10894.exe.bac_a00360/CryptFF.b
2/21/12 7:28 PM Detected: Trojan-Dropper.Win32.Agent.aaje C:/Documents and Settings/Administrator/.housecall6.6/Quarantine/wJQs.exe.bac_a00360/CryptFF.b
2/21/12 7:28 PM Untreated: Trojan-FakeAV.Win32.AntiSpyWare2009.b C:/Documents and Settings/Administrator/.housecall6.6/Quarantine/wini10894.exe.bac_a00360/CryptFF.b Postponed
2/21/12 7:28 PM Untreated: Trojan-Dropper.Win32.Agent.aaje C:/Documents and Settings/Administrator/.housecall6.6/Quarantine/wJQs.exe.bac_a00360/CryptFF.b Postponed
2/21/12 7:30 PM Detected: HEUR:Trojan.Win32.Generic C:/Documents and Settings/All Users/Application Data/qsjYdvrhRprI.exe
2/21/12 7:30 PM Detected: HEUR:Trojan.Win32.Generic C:/Documents and Settings/All Users/Application Data/cr6gGzslP2ZViE.exe
2/21/12 7:30 PM Untreated: HEUR:Trojan.Win32.Generic C:/Documents and Settings/All Users/Application Data/qsjYdvrhRprI.exe Postponed
2/21/12 7:30 PM Untreated: HEUR:Trojan.Win32.Generic C:/Documents and Settings/All Users/Application Data/cr6gGzslP2ZViE.exe Postponed
2/21/12 7:31 PM Detected: Trojan.Win32.Pakes.tfv C:/Documents and Settings/Kelli/Application Data/3AF2EA.exe/UPX
2/21/12 7:31 PM Untreated: Trojan.Win32.Pakes.tfv C:/Documents and Settings/Kelli/Application Data/3AF2EA.exe/UPX Postponed
2/21/12 7:40 PM Detected: Trojan-Downloader.JS.Expack.cb C:/Documents and Settings/Kelli/Local Settings/Application Data/Mozilla/Firefox/Profiles/fm6nk5ky.default/Cache.Trash/C/D5/7EEE6d01/Cache
2/21/12 7:40 PM Untreated: Trojan-Downloader.JS.Expack.cb C:/Documents and Settings/Kelli/Local Settings/Application Data/Mozilla/Firefox/Profiles/fm6nk5ky.default/Cache.Trash/C/D5/7EEE6d01/Cache Postponed
2/21/12 7:40 PM Detected: Trojan.Win32.FakeAv.kwlt C:/Documents and Settings/Kelli/Local Settings/Temp/10.tmp
2/21/12 7:40 PM Detected: HEUR:Trojan.Win32.Generic C:/Documents and Settings/Kelli/Local Settings/Temp/C0.tmp
2/21/12 7:40 PM Untreated: Trojan.Win32.FakeAv.kwlt C:/Documents and Settings/Kelli/Local Settings/Temp/10.tmp Postponed
2/21/12 7:40 PM Untreated: HEUR:Trojan.Win32.Generic C:/Documents and Settings/Kelli/Local Settings/Temp/C0.tmp Postponed
2/21/12 7:40 PM Detected: Exploit.JS.Pdfka.fmg C:/Documents and Settings/Kelli/Local Settings/Temp/Acr7173.tmp/data0000
2/21/12 7:40 PM Untreated: Exploit.JS.Pdfka.fmg C:/Documents and Settings/Kelli/Local Settings/Temp/Acr7173.tmp/data0000 Postponed
2/21/12 7:41 PM Detected: Trojan.Win32.FakeAv.kvuw C:/Documents and Settings/Kelli/Local Settings/Temp/12.tmp
2/21/12 7:41 PM Untreated: Trojan.Win32.FakeAv.kvuw C:/Documents and Settings/Kelli/Local Settings/Temp/12.tmp Postponed
2/21/12 7:42 PM Detected: Trojan-Spy.Win32.SpyEyes.aduj C:/Documents and Settings/Kelli/Local Settings/Temporary Internet Files/Content.IE5/BFGYA8X7/readme[1].exe
2/21/12 7:42 PM Untreated: Trojan-Spy.Win32.SpyEyes.aduj C:/Documents and Settings/Kelli/Local Settings/Temporary Internet Files/Content.IE5/BFGYA8X7/readme[1].exe Postponed
2/21/12 7:42 PM Detected: Trojan.Win32.FakeAv.kvuw C:/Documents and Settings/Kelli/Local Settings/Temporary Internet Files/Content.IE5/G1CAZO6Y/info[1].exe
2/21/12 7:42 PM Untreated: Trojan.Win32.FakeAv.kvuw C:/Documents and Settings/Kelli/Local Settings/Temporary Internet Files/Content.IE5/G1CAZO6Y/info[1].exe Postponed
2/21/12 7:58 PM Detected: Trojan.Win32.Pakes.tfv C:/Documents and Settings/Kelli/My Documents/Downloads/Ticket.zip/Ticket.exe/UPX
2/21/12 7:58 PM Untreated: Trojan.Win32.Pakes.tfv C:/Documents and Settings/Kelli/My Documents/Downloads/Ticket.zip/Ticket.exe/UPX Postponed
2/21/12 8:02 PM Detected: Trojan-Clicker.WMA.Agent.d C:/Documents and Settings/Kelli/My Documents/My Music/iTunes/iTunes Music/Limewire2/Three Days Grace - Home.wma
2/21/12 8:02 PM Untreated: Trojan-Clicker.WMA.Agent.d C:/Documents and Settings/Kelli/My Documents/My Music/iTunes/iTunes Music/Limewire2/Three Days Grace - Home.wma Postponed
2/21/12 8:02 PM Detected: Trojan-Downloader.WMA.Wimad.x C:/Documents and Settings/Kelli/My Documents/My Music/iTunes/iTunes Music/Limewire2/New Folder/002 mickey mouse theme.wma
2/21/12 8:02 PM Untreated: Trojan-Downloader.WMA.Wimad.x C:/Documents and Settings/Kelli/My Documents/My Music/iTunes/iTunes Music/Limewire2/New Folder/002 mickey mouse theme.wma Postponed
2/21/12 8:02 PM Detected: Trojan-Downloader.WMA.Wimad.x C:/Documents and Settings/Kelli/My Documents/My Music/iTunes/iTunes Music/Limewire2/New Folder/001 the wiggles.wma
2/21/12 8:02 PM Detected: Trojan-Downloader.WMA.Wimad.x C:/Documents and Settings/Kelli/My Documents/My Music/iTunes/iTunes Music/Limewire2/New Folder/002 jacks big music show theme.wma
2/21/12 8:02 PM Untreated: Trojan-Downloader.WMA.Wimad.x C:/Documents and Settings/Kelli/My Documents/My Music/iTunes/iTunes Music/Limewire2/New Folder/001 the wiggles.wma Postponed
2/21/12 8:02 PM Untreated: Trojan-Downloader.WMA.Wimad.x C:/Documents and Settings/Kelli/My Documents/My Music/iTunes/iTunes Music/Limewire2/New Folder/002 jacks big music show theme.wma Postponed
2/21/12 8:02 PM Detected: Trojan-Downloader.WMA.Wimad.x C:/Documents and Settings/Kelli/My Documents/My Music/iTunes/iTunes Music/Limewire2/New Folder/row row row your boat - live.wma
2/21/12 8:02 PM Untreated: Trojan-Downloader.WMA.Wimad.x C:/Documents and Settings/Kelli/My Documents/My Music/iTunes/iTunes Music/Limewire2/New Folder/row row row your boat - live.wma Postponed
2/21/12 8:02 PM Detected: Trojan-Downloader.WMA.Wimad.x C:/Documents and Settings/Kelli/My Documents/My Music/iTunes/iTunes Music/Limewire2/New Folder/row row row your boat - CD rip.wma
2/21/12 8:02 PM Untreated: Trojan-Downloader.WMA.Wimad.x C:/Documents and Settings/Kelli/My Documents/My Music/iTunes/iTunes Music/Limewire2/New Folder/row row row your boat - CD rip.wma Postponed
2/21/12 8:02 PM Detected: Trojan-Downloader.WMA.Wimad.x C:/Documents and Settings/Kelli/My Documents/My Music/iTunes/iTunes Music/Limewire2/New Folder/wonder pets theme (complete).wma
2/21/12 8:02 PM Untreated: Trojan-Downloader.WMA.Wimad.x C:/Documents and Settings/Kelli/My Documents/My Music/iTunes/iTunes Music/Limewire2/New Folder/wonder pets theme (complete).wma Postponed
2/21/12 9:14 PM Detected: Trojan-Spy.Win32.SpyEyes.aduj C:/Fonts/6DFBBA77EDB.exe
2/21/12 9:14 PM Untreated: Trojan-Spy.Win32.SpyEyes.aduj C:/Fonts/6DFBBA77EDB.exe Postponed
2/21/12 9:15 PM Detected: HEUR:Trojan.Win32.Generic C:/Documents and Settings/All Users/Application Data/qsjYdvrhRprI.exe
2/21/12 9:15 PM Untreated: HEUR:Trojan.Win32.Generic C:/Documents and Settings/All Users/Application Data/qsjYdvrhRprI.exe Postponed
2/21/12 9:15 PM Detected: Trojan-Spy.Win32.SpyEyes.aduj C:/Fonts/6DFBBA77EDB.exe
2/21/12 9:15 PM Untreated: Trojan-Spy.Win32.SpyEyes.aduj C:/Fonts/6DFBBA77EDB.exe Postponed
2/21/12 9:16 PM Detected: Trojan.Win32.Pakes.tfv C:/Documents and Settings/Kelli/Application Data/3AF2EA.exe/UPX
2/21/12 9:16 PM Untreated: Trojan.Win32.Pakes.tfv C:/Documents and Settings/Kelli/Application Data/3AF2EA.exe/UPX Postponed
2/21/12 9:18 PM Detected: Trojan-Clicker.WMA.Agent.d C:/Documents and Settings/Administrator/.housecall6.6/Quarantine/Christy Moore I.R.A.- Grace.wma.bac_a00360/CryptFF.b
2/21/12 10:23 PM Cannot be backed up: Trojan-Clicker.WMA.Agent.d C:/Documents and Settings/Administrator/.housecall6.6/Quarantine/Christy Moore I.R.A.- Grace.wma.bac_a00360
2/21/12 10:23 PM Task completed

#14 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,058 posts

Posted 21 February 2012 - 11:17 PM

Yes. A lot of those were already quarantined, in housecall6.6/Quarantine.
But there were lots of other detections.

I don't understand "postponed". Were they eventually fixed?

Please read these directions again: http://www.malwarehe...-disk-2011.html

Please boot the disk again. Be sure to get any updates (My Update Center).
Configure it as in those directions.
Then Start Objects Scan.
When you see this, select 'Delete' and check the 'Apply to all objects' box:
Posted Image

Create a new report and post it.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#15 briang8r

briang8r

    Member

  • Full Member
  • Pip
  • 15 posts

Posted 22 February 2012 - 08:12 PM

I re-ran the system scan after downloading the update and putting the security on the highest level. There are still quite a few "postponed" items. The new report is below. Thank you.


Objects Scan: completed 1 minute ago (events: 127, objects: 352575, time: 11:17:22)
2/22/12 8:13 AM Task started
2/22/12 8:14 AM Detected: Rootkit.Boot.SST.a /dev/sda
2/22/12 8:14 AM Untreated: Rootkit.Boot.SST.a /dev/sda Postponed
2/22/12 8:15 AM Detected: Trojan-Clicker.WMA.Agent.d C:/Documents and Settings/Administrator/.housecall6.6/Quarantine/Christy Moore I.R.A.- Grace.wma.bac_a00360/CryptFF.b
2/22/12 8:15 AM Detected: Hoax.HTML.FakeAntivirus.a (analysis according to the database of dangerous URLs) C:/Documents and Settings/Administrator/.housecall6.6/Quarantine/destrub[1].js.bac_a00360/CryptFF.b
2/22/12 8:15 AM Untreated: Trojan-Clicker.WMA.Agent.d C:/Documents and Settings/Administrator/.housecall6.6/Quarantine/Christy Moore I.R.A.- Grace.wma.bac_a00360/CryptFF.b Postponed
2/22/12 8:15 AM Untreated: Hoax.HTML.FakeAntivirus.a (analysis according to the database of dangerous URLs) C:/Documents and Settings/Administrator/.housecall6.6/Quarantine/destrub[1].js.bac_a00360/CryptFF.b Postponed
2/22/12 8:15 AM Detected: Net-Worm.Win32.Koobface.bjq C:/Documents and Settings/Administrator/.housecall6.6/Quarantine/ld14.exe.bac_a00360/CryptFF.b
2/22/12 8:15 AM Untreated: Net-Worm.Win32.Koobface.bjq C:/Documents and Settings/Administrator/.housecall6.6/Quarantine/ld14.exe.bac_a00360/CryptFF.b Postponed
2/22/12 8:15 AM Detected: Trojan.Win32.Small.abay C:/Documents and Settings/Administrator/.housecall6.6/Quarantine/pp.11[1].exe.bac_a00360/CryptFF.b
2/22/12 8:15 AM Untreated: Trojan.Win32.Small.abay C:/Documents and Settings/Administrator/.housecall6.6/Quarantine/pp.11[1].exe.bac_a00360/CryptFF.b Postponed
2/22/12 8:15 AM Detected: Trojan-Dropper.Win32.Agent.aaje C:/Documents and Settings/Administrator/.housecall6.6/Quarantine/wJQs.exe.bac_a00360/CryptFF.b
2/22/12 8:15 AM Detected: Trojan-FakeAV.Win32.AntiSpyWare2009.b C:/Documents and Settings/Administrator/.housecall6.6/Quarantine/wini10894.exe.bac_a00360/CryptFF.b
2/22/12 8:15 AM Untreated: Trojan-Dropper.Win32.Agent.aaje C:/Documents and Settings/Administrator/.housecall6.6/Quarantine/wJQs.exe.bac_a00360/CryptFF.b Postponed
2/22/12 8:15 AM Untreated: Trojan-FakeAV.Win32.AntiSpyWare2009.b C:/Documents and Settings/Administrator/.housecall6.6/Quarantine/wini10894.exe.bac_a00360/CryptFF.b Postponed
2/22/12 8:16 AM Detected: HEUR:Trojan.Win32.Generic C:/Documents and Settings/All Users/Application Data/cr6gGzslP2ZViE.exe
2/22/12 8:16 AM Untreated: HEUR:Trojan.Win32.Generic C:/Documents and Settings/All Users/Application Data/cr6gGzslP2ZViE.exe Postponed
2/22/12 8:16 AM Detected: Trojan.Win32.Jorik.Fraud.njp C:/Documents and Settings/All Users/Application Data/F4D55F0E000166B3012B00EB2830AC72/F4D55F0E000166B3012B00EB2830AC72.exe
2/22/12 8:16 AM Untreated: Trojan.Win32.Jorik.Fraud.njp C:/Documents and Settings/All Users/Application Data/F4D55F0E000166B3012B00EB2830AC72/F4D55F0E000166B3012B00EB2830AC72.exe Postponed
2/22/12 8:19 AM Detected: Trojan.Win32.Pakes.tfv C:/Documents and Settings/Kelli/Application Data/3AF2EA.exe/UPX
2/22/12 8:19 AM Untreated: Trojan.Win32.Pakes.tfv C:/Documents and Settings/Kelli/Application Data/3AF2EA.exe/UPX Postponed
2/22/12 8:28 AM Detected: HEUR:Trojan.Win32.Generic C:/Documents and Settings/Kelli/Local Settings/Temp/C0.tmp
2/22/12 8:28 AM Untreated: HEUR:Trojan.Win32.Generic C:/Documents and Settings/Kelli/Local Settings/Temp/C0.tmp Postponed
2/22/12 8:28 AM Detected: HEUR:Trojan.Win32.Generic C:/Documents and Settings/Kelli/Local Settings/Temp/q5oRiLWuZphjO0.exe.tmp
2/22/12 8:28 AM Untreated: HEUR:Trojan.Win32.Generic C:/Documents and Settings/Kelli/Local Settings/Temp/q5oRiLWuZphjO0.exe.tmp Postponed
2/22/12 8:28 AM Detected: Trojan.Win32.FakeAv.kwlt C:/Documents and Settings/Kelli/Local Settings/Temp/10.tmp
2/22/12 8:28 AM Untreated: Trojan.Win32.FakeAv.kwlt C:/Documents and Settings/Kelli/Local Settings/Temp/10.tmp Postponed
2/22/12 8:28 AM Detected: Trojan.Win32.FakeAv.kvuw C:/Documents and Settings/Kelli/Local Settings/Temp/12.tmp
2/22/12 8:28 AM Untreated: Trojan.Win32.FakeAv.kvuw C:/Documents and Settings/Kelli/Local Settings/Temp/12.tmp Postponed
2/22/12 8:28 AM Detected: Trojan.Win32.FakeAV.kxnr C:/Documents and Settings/Kelli/Local Settings/Temp/4.tmp
2/22/12 8:28 AM Untreated: Trojan.Win32.FakeAV.kxnr C:/Documents and Settings/Kelli/Local Settings/Temp/4.tmp Postponed
2/22/12 8:28 AM Detected: Trojan.Win32.Jorik.Fraud.njp C:/Documents and Settings/Kelli/Local Settings/Temp/3.tmp
2/22/12 8:28 AM Untreated: Trojan.Win32.Jorik.Fraud.njp C:/Documents and Settings/Kelli/Local Settings/Temp/3.tmp Postponed
2/22/12 8:28 AM Detected: Exploit.JS.Pdfka.fmg C:/Documents and Settings/Kelli/Local Settings/Temp/Acr7173.tmp/data0000
2/22/12 8:28 AM Untreated: Exploit.JS.Pdfka.fmg C:/Documents and Settings/Kelli/Local Settings/Temp/Acr7173.tmp/data0000 Postponed
2/22/12 8:29 AM Detected: Trojan-Spy.Win32.SpyEyes.aduj C:/Documents and Settings/Kelli/Local Settings/Temporary Internet Files/Content.IE5/BFGYA8X7/readme[1].exe
2/22/12 8:29 AM Untreated: Trojan-Spy.Win32.SpyEyes.aduj C:/Documents and Settings/Kelli/Local Settings/Temporary Internet Files/Content.IE5/BFGYA8X7/readme[1].exe Postponed
2/22/12 8:29 AM Detected: Trojan.Win32.FakeAv.kvuw C:/Documents and Settings/Kelli/Local Settings/Temporary Internet Files/Content.IE5/G1CAZO6Y/info[1].exe
2/22/12 8:29 AM Untreated: Trojan.Win32.FakeAv.kvuw C:/Documents and Settings/Kelli/Local Settings/Temporary Internet Files/Content.IE5/G1CAZO6Y/info[1].exe Postponed
2/22/12 8:47 AM Detected: Trojan.Win32.Pakes.tfv C:/Documents and Settings/Kelli/My Documents/Downloads/Ticket.zip/Ticket.exe/UPX
2/22/12 8:47 AM Untreated: Trojan.Win32.Pakes.tfv C:/Documents and Settings/Kelli/My Documents/Downloads/Ticket.zip/Ticket.exe/UPX Postponed
2/22/12 8:52 AM Detected: Trojan-Clicker.WMA.Agent.d C:/Documents and Settings/Kelli/My Documents/My Music/iTunes/iTunes Music/Limewire2/Three Days Grace - Home.wma
2/22/12 8:52 AM Untreated: Trojan-Clicker.WMA.Agent.d C:/Documents and Settings/Kelli/My Documents/My Music/iTunes/iTunes Music/Limewire2/Three Days Grace - Home.wma Postponed
2/22/12 8:52 AM Detected: Trojan-Downloader.WMA.Wimad.x C:/Documents and Settings/Kelli/My Documents/My Music/iTunes/iTunes Music/Limewire2/New Folder/002 mickey mouse theme.wma
2/22/12 8:52 AM Detected: Trojan-Downloader.WMA.Wimad.x C:/Documents and Settings/Kelli/My Documents/My Music/iTunes/iTunes Music/Limewire2/New Folder/001 the wiggles.wma
2/22/12 8:52 AM Untreated: Trojan-Downloader.WMA.Wimad.x C:/Documents and Settings/Kelli/My Documents/My Music/iTunes/iTunes Music/Limewire2/New Folder/002 mickey mouse theme.wma Postponed
2/22/12 8:52 AM Untreated: Trojan-Downloader.WMA.Wimad.x C:/Documents and Settings/Kelli/My Documents/My Music/iTunes/iTunes Music/Limewire2/New Folder/001 the wiggles.wma Postponed
2/22/12 8:52 AM Detected: Trojan-Downloader.WMA.Wimad.x C:/Documents and Settings/Kelli/My Documents/My Music/iTunes/iTunes Music/Limewire2/New Folder/002 jacks big music show theme.wma
2/22/12 8:52 AM Untreated: Trojan-Downloader.WMA.Wimad.x C:/Documents and Settings/Kelli/My Documents/My Music/iTunes/iTunes Music/Limewire2/New Folder/002 jacks big music show theme.wma Postponed
2/22/12 8:52 AM Detected: Trojan-Downloader.WMA.Wimad.x C:/Documents and Settings/Kelli/My Documents/My Music/iTunes/iTunes Music/Limewire2/New Folder/row row row your boat - CD rip.wma
2/22/12 8:52 AM Untreated: Trojan-Downloader.WMA.Wimad.x C:/Documents and Settings/Kelli/My Documents/My Music/iTunes/iTunes Music/Limewire2/New Folder/row row row your boat - CD rip.wma Postponed
2/22/12 8:52 AM Detected: Trojan-Downloader.WMA.Wimad.x C:/Documents and Settings/Kelli/My Documents/My Music/iTunes/iTunes Music/Limewire2/New Folder/row row row your boat - live.wma
2/22/12 8:52 AM Untreated: Trojan-Downloader.WMA.Wimad.x C:/Documents and Settings/Kelli/My Documents/My Music/iTunes/iTunes Music/Limewire2/New Folder/row row row your boat - live.wma Postponed
2/22/12 8:52 AM Detected: Trojan-Downloader.WMA.Wimad.x C:/Documents and Settings/Kelli/My Documents/My Music/iTunes/iTunes Music/Limewire2/New Folder/wonder pets theme (complete).wma
2/22/12 8:52 AM Untreated: Trojan-Downloader.WMA.Wimad.x C:/Documents and Settings/Kelli/My Documents/My Music/iTunes/iTunes Music/Limewire2/New Folder/wonder pets theme (complete).wma Postponed
2/22/12 9:44 AM Detected: HEUR:Trojan.Win32.Generic C:/System Volume Information/_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}/RP1190/A0300537.exe
2/22/12 9:44 AM Untreated: HEUR:Trojan.Win32.Generic C:/System Volume Information/_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}/RP1190/A0300537.exe Postponed
2/22/12 10:09 AM Detected: Trojan-Spy.Win32.SpyEyes.aduj C:/Fonts/6DFBBA77EDB.exe
2/22/12 10:09 AM Untreated: Trojan-Spy.Win32.SpyEyes.aduj C:/Fonts/6DFBBA77EDB.exe Postponed
2/22/12 10:10 AM Detected: Trojan-Spy.Win32.SpyEyes.aduj C:/Fonts/6DFBBA77EDB.exe
2/22/12 10:10 AM Untreated: Trojan-Spy.Win32.SpyEyes.aduj C:/Fonts/6DFBBA77EDB.exe Postponed
2/22/12 10:10 AM Detected: Trojan.Win32.FakeAV.kxnr C:/Documents and Settings/Kelli/Local Settings/Temp/4.tmp
2/22/12 10:10 AM Untreated: Trojan.Win32.FakeAV.kxnr C:/Documents and Settings/Kelli/Local Settings/Temp/4.tmp Postponed
2/22/12 10:11 AM Detected: Trojan.Win32.Pakes.tfv C:/Documents and Settings/Kelli/Application Data/3AF2EA.exe/UPX
2/22/12 10:11 AM Untreated: Trojan.Win32.Pakes.tfv C:/Documents and Settings/Kelli/Application Data/3AF2EA.exe/UPX Postponed
2/22/12 10:13 AM Detected: Trojan-Clicker.WMA.Agent.d C:/Documents and Settings/Administrator/.housecall6.6/Quarantine/Christy Moore I.R.A.- Grace.wma.bac_a00360/CryptFF.b
2/22/12 7:15 PM Deleted: Trojan-Clicker.WMA.Agent.d C:/Documents and Settings/Administrator/.housecall6.6/Quarantine/Christy Moore I.R.A.- Grace.wma.bac_a00360
2/22/12 7:15 PM Detected: Hoax.HTML.FakeAntivirus.a (analysis according to the database of dangerous URLs) C:/Documents and Settings/Administrator/.housecall6.6/Quarantine/destrub[1].js.bac_a00360/CryptFF.b
2/22/12 7:15 PM Deleted: Hoax.HTML.FakeAntivirus.a (analysis according to the database of dangerous URLs) C:/Documents and Settings/Administrator/.housecall6.6/Quarantine/destrub[1].js.bac_a00360
2/22/12 7:15 PM Detected: Net-Worm.Win32.Koobface.bjq C:/Documents and Settings/Administrator/.housecall6.6/Quarantine/ld14.exe.bac_a00360/CryptFF.b
2/22/12 7:15 PM Deleted: Net-Worm.Win32.Koobface.bjq C:/Documents and Settings/Administrator/.housecall6.6/Quarantine/ld14.exe.bac_a00360
2/22/12 7:15 PM Detected: Trojan.Win32.Small.abay C:/Documents and Settings/Administrator/.housecall6.6/Quarantine/pp.11[1].exe.bac_a00360/CryptFF.b
2/22/12 7:15 PM Deleted: Trojan.Win32.Small.abay C:/Documents and Settings/Administrator/.housecall6.6/Quarantine/pp.11[1].exe.bac_a00360
2/22/12 7:15 PM Detected: Trojan-Dropper.Win32.Agent.aaje C:/Documents and Settings/Administrator/.housecall6.6/Quarantine/wJQs.exe.bac_a00360/CryptFF.b
2/22/12 7:15 PM Deleted: Trojan-Dropper.Win32.Agent.aaje C:/Documents and Settings/Administrator/.housecall6.6/Quarantine/wJQs.exe.bac_a00360
2/22/12 7:15 PM Detected: Trojan-FakeAV.Win32.AntiSpyWare2009.b C:/Documents and Settings/Administrator/.housecall6.6/Quarantine/wini10894.exe.bac_a00360/CryptFF.b
2/22/12 7:15 PM Deleted: Trojan-FakeAV.Win32.AntiSpyWare2009.b C:/Documents and Settings/Administrator/.housecall6.6/Quarantine/wini10894.exe.bac_a00360
2/22/12 7:15 PM Detected: Trojan.Win32.Jorik.Fraud.njp C:/Documents and Settings/All Users/Application Data/F4D55F0E000166B3012B00EB2830AC72/F4D55F0E000166B3012B00EB2830AC72.exe
2/22/12 7:15 PM Deleted: Trojan.Win32.Jorik.Fraud.njp C:/Documents and Settings/All Users/Application Data/F4D55F0E000166B3012B00EB2830AC72/F4D55F0E000166B3012B00EB2830AC72.exe
2/22/12 7:15 PM Detected: HEUR:Trojan.Win32.Generic C:/Documents and Settings/All Users/Application Data/cr6gGzslP2ZViE.exe
2/22/12 7:15 PM Deleted: HEUR:Trojan.Win32.Generic C:/Documents and Settings/All Users/Application Data/cr6gGzslP2ZViE.exe
2/22/12 7:15 PM Detected: Trojan.Win32.Pakes.tfv C:/Documents and Settings/Kelli/Application Data/3AF2EA.exe/UPX
2/22/12 7:16 PM Disinfected: Trojan.Win32.Pakes.tfv HKEY_USERS\S-1-5-21-3362995187-2699454723-101668266-1006\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run/Trolltech
2/22/12 7:17 PM Deleted: Trojan.Win32.Pakes.tfv C:/Documents and Settings/Kelli/Application Data/3AF2EA.exe
2/22/12 7:17 PM Detected: Trojan.Win32.FakeAv.kwlt C:/Documents and Settings/Kelli/Local Settings/Temp/10.tmp
2/22/12 7:24 PM Deleted: Trojan.Win32.FakeAv.kwlt C:/Documents and Settings/Kelli/Local Settings/Temp/10.tmp
2/22/12 7:24 PM Detected: Trojan.Win32.FakeAv.kvuw C:/Documents and Settings/Kelli/Local Settings/Temp/12.tmp
2/22/12 7:24 PM Deleted: Trojan.Win32.FakeAv.kvuw C:/Documents and Settings/Kelli/Local Settings/Temp/12.tmp
2/22/12 7:24 PM Detected: Trojan.Win32.Jorik.Fraud.njp C:/Documents and Settings/Kelli/Local Settings/Temp/3.tmp
2/22/12 7:24 PM Deleted: Trojan.Win32.Jorik.Fraud.njp C:/Documents and Settings/Kelli/Local Settings/Temp/3.tmp
2/22/12 7:24 PM Detected: Trojan.Win32.FakeAV.kxnr C:/Documents and Settings/Kelli/Local Settings/Temp/4.tmp
2/22/12 7:25 PM Disinfected: Trojan.Win32.FakeAV.kxnr HKEY_USERS\S-1-5-21-3362995187-2699454723-101668266-1006\Software\Microsoft\Windows\CurrentVersion\RunOnce/4
2/22/12 7:26 PM Deleted: Trojan.Win32.FakeAV.kxnr C:/Documents and Settings/Kelli/Local Settings/Temp/4.tmp
2/22/12 7:26 PM Detected: Exploit.JS.Pdfka.fmg C:/Documents and Settings/Kelli/Local Settings/Temp/Acr7173.tmp/data0000
2/22/12 7:26 PM Deleted: Exploit.JS.Pdfka.fmg C:/Documents and Settings/Kelli/Local Settings/Temp/Acr7173.tmp
2/22/12 7:26 PM Detected: HEUR:Trojan.Win32.Generic C:/Documents and Settings/Kelli/Local Settings/Temp/C0.tmp
2/22/12 7:26 PM Deleted: HEUR:Trojan.Win32.Generic C:/Documents and Settings/Kelli/Local Settings/Temp/C0.tmp
2/22/12 7:26 PM Detected: HEUR:Trojan.Win32.Generic C:/Documents and Settings/Kelli/Local Settings/Temp/q5oRiLWuZphjO0.exe.tmp
2/22/12 7:26 PM Deleted: HEUR:Trojan.Win32.Generic C:/Documents and Settings/Kelli/Local Settings/Temp/q5oRiLWuZphjO0.exe.tmp
2/22/12 7:26 PM Detected: Trojan-Spy.Win32.SpyEyes.aduj C:/Documents and Settings/Kelli/Local Settings/Temporary Internet Files/Content.IE5/BFGYA8X7/readme[1].exe
2/22/12 7:26 PM Deleted: Trojan-Spy.Win32.SpyEyes.aduj C:/Documents and Settings/Kelli/Local Settings/Temporary Internet Files/Content.IE5/BFGYA8X7/readme[1].exe
2/22/12 7:26 PM Detected: Trojan.Win32.FakeAv.kvuw C:/Documents and Settings/Kelli/Local Settings/Temporary Internet Files/Content.IE5/G1CAZO6Y/info[1].exe
2/22/12 7:26 PM Deleted: Trojan.Win32.FakeAv.kvuw C:/Documents and Settings/Kelli/Local Settings/Temporary Internet Files/Content.IE5/G1CAZO6Y/info[1].exe
2/22/12 7:26 PM Detected: Trojan.Win32.Pakes.tfv C:/Documents and Settings/Kelli/My Documents/Downloads/Ticket.zip/Ticket.exe/UPX
2/22/12 7:26 PM Untreated: Trojan.Win32.Pakes.tfv C:/Documents and Settings/Kelli/My Documents/Downloads/Ticket.zip/Ticket.exe/UPX Write not supported
2/22/12 7:26 PM Detected: Trojan-Downloader.WMA.Wimad.x C:/Documents and Settings/Kelli/My Documents/My Music/iTunes/iTunes Music/Limewire2/New Folder/001 the wiggles.wma
2/22/12 7:26 PM Deleted: Trojan-Downloader.WMA.Wimad.x C:/Documents and Settings/Kelli/My Documents/My Music/iTunes/iTunes Music/Limewire2/New Folder/001 the wiggles.wma
2/22/12 7:26 PM Detected: Trojan-Downloader.WMA.Wimad.x C:/Documents and Settings/Kelli/My Documents/My Music/iTunes/iTunes Music/Limewire2/New Folder/002 jacks big music show theme.wma
2/22/12 7:27 PM Deleted: Trojan-Downloader.WMA.Wimad.x C:/Documents and Settings/Kelli/My Documents/My Music/iTunes/iTunes Music/Limewire2/New Folder/002 jacks big music show theme.wma
2/22/12 7:27 PM Detected: Trojan-Downloader.WMA.Wimad.x C:/Documents and Settings/Kelli/My Documents/My Music/iTunes/iTunes Music/Limewire2/New Folder/002 mickey mouse theme.wma
2/22/12 7:27 PM Deleted: Trojan-Downloader.WMA.Wimad.x C:/Documents and Settings/Kelli/My Documents/My Music/iTunes/iTunes Music/Limewire2/New Folder/002 mickey mouse theme.wma
2/22/12 7:27 PM Detected: Trojan-Downloader.WMA.Wimad.x C:/Documents and Settings/Kelli/My Documents/My Music/iTunes/iTunes Music/Limewire2/New Folder/row row row your boat - CD rip.wma
2/22/12 7:27 PM Deleted: Trojan-Downloader.WMA.Wimad.x C:/Documents and Settings/Kelli/My Documents/My Music/iTunes/iTunes Music/Limewire2/New Folder/row row row your boat - CD rip.wma
2/22/12 7:27 PM Detected: Trojan-Downloader.WMA.Wimad.x C:/Documents and Settings/Kelli/My Documents/My Music/iTunes/iTunes Music/Limewire2/New Folder/row row row your boat - live.wma
2/22/12 7:27 PM Deleted: Trojan-Downloader.WMA.Wimad.x C:/Documents and Settings/Kelli/My Documents/My Music/iTunes/iTunes Music/Limewire2/New Folder/row row row your boat - live.wma
2/22/12 7:27 PM Detected: Trojan-Downloader.WMA.Wimad.x C:/Documents and Settings/Kelli/My Documents/My Music/iTunes/iTunes Music/Limewire2/New Folder/wonder pets theme (complete).wma
2/22/12 7:27 PM Deleted: Trojan-Downloader.WMA.Wimad.x C:/Documents and Settings/Kelli/My Documents/My Music/iTunes/iTunes Music/Limewire2/New Folder/wonder pets theme (complete).wma
2/22/12 7:27 PM Detected: Trojan-Clicker.WMA.Agent.d C:/Documents and Settings/Kelli/My Documents/My Music/iTunes/iTunes Music/Limewire2/Three Days Grace - Home.wma
2/22/12 7:27 PM Deleted: Trojan-Clicker.WMA.Agent.d C:/Documents and Settings/Kelli/My Documents/My Music/iTunes/iTunes Music/Limewire2/Three Days Grace - Home.wma
2/22/12 7:27 PM Detected: Trojan-Spy.Win32.SpyEyes.aduj C:/Fonts/6DFBBA77EDB.exe
2/22/12 7:27 PM Disinfected: Trojan-Spy.Win32.SpyEyes.aduj HKEY_USERS\S-1-5-21-3362995187-2699454723-101668266-1006\Software\Microsoft\Windows\CurrentVersion\Run/1Y5U7AYUVGXY3U3VYGUXFAHKUU
2/22/12 7:28 PM Deleted: Trojan-Spy.Win32.SpyEyes.aduj C:/Fonts/6DFBBA77EDB.exe
2/22/12 7:28 PM Detected: HEUR:Trojan.Win32.Generic C:/System Volume Information/_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}/RP1190/A0300537.exe
2/22/12 7:30 PM Detected: Rootkit.Boot.SST.a /dev/sda
2/22/12 7:30 PM Disinfected: Rootkit.Boot.SST.a /dev/sda
2/22/12 7:30 PM Disinfected: Rootkit.Boot.SST.a /dev/sda
2/22/12 7:30 PM Task completed

#16 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,058 posts

Posted 22 February 2012 - 08:22 PM

Strange. What is it waiting for, I wonder.

Have we made enough headway so that you can run programs?

Please download tdsskiller.exe and save it to your Desktop. Go here for information.

  • Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
  • If a suspicious file is detected, the default action will be Skip, click on Continue
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file in your next reply.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Let me know exact error message, if any. See How to create and attach a screen shot.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#17 briang8r

briang8r

    Member

  • Full Member
  • Pip
  • 15 posts

Posted 23 February 2012 - 07:43 AM

It didn't find anything. I pasted the log below. FYI the "System Check" application still has icons on the desktop and application bar. I checked and the target executables look to still be there (path: "C:\Documents and Settings\All Users\Application Data\cr6gGzslP2ZViE.exe").

07:34:47.0897 3516 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
07:34:48.0475 3516 ============================================================
07:34:48.0475 3516 Current date / time: 2012/02/23 07:34:48.0475
07:34:48.0475 3516 SystemInfo:
07:34:48.0475 3516
07:34:48.0475 3516 OS Version: 5.1.2600 ServicePack: 2.0
07:34:48.0475 3516 Product type: Workstation
07:34:48.0475 3516 ComputerName: KELLILAPTOP
07:34:48.0475 3516 UserName: Kelli
07:34:48.0475 3516 Windows directory: C:\WINDOWS
07:34:48.0475 3516 System windows directory: C:\WINDOWS
07:34:48.0475 3516 Processor architecture: Intel x86
07:34:48.0475 3516 Number of processors: 2
07:34:48.0475 3516 Page size: 0x1000
07:34:48.0475 3516 Boot type: Normal boot
07:34:48.0475 3516 ============================================================
07:34:50.0616 3516 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
07:34:50.0616 3516 \Device\Harddisk0\DR0:
07:34:50.0616 3516 MBR used
07:34:50.0616 3516 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x87AA5D7
07:34:50.0850 3516 Initialize success
07:34:50.0850 3516 ============================================================
07:34:53.0632 3672 ============================================================
07:34:53.0632 3672 Scan started
07:34:53.0632 3672 Mode: Manual;
07:34:53.0632 3672 ============================================================
07:34:54.0975 3672 Abiosdsk - ok
07:34:55.0147 3672 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
07:34:55.0147 3672 abp480n5 - ok
07:34:55.0210 3672 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
07:34:55.0225 3672 ACPI - ok
07:34:55.0257 3672 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
07:34:55.0257 3672 ACPIEC - ok
07:34:55.0288 3672 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
07:34:55.0288 3672 adpu160m - ok
07:34:55.0350 3672 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
07:34:55.0350 3672 aec - ok
07:34:55.0460 3672 AegisP (91f3df93f40a74d222cd166fe95db633) C:\WINDOWS\system32\DRIVERS\AegisP.sys
07:34:55.0460 3672 AegisP - ok
07:34:55.0569 3672 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
07:34:55.0585 3672 AFD - ok
07:34:55.0647 3672 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
07:34:55.0647 3672 agp440 - ok
07:34:55.0678 3672 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
07:34:55.0678 3672 agpCPQ - ok
07:34:55.0694 3672 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
07:34:55.0710 3672 Aha154x - ok
07:34:55.0803 3672 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
07:34:55.0803 3672 aic78u2 - ok
07:34:55.0835 3672 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
07:34:55.0835 3672 aic78xx - ok
07:34:55.0928 3672 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
07:34:55.0928 3672 AliIde - ok
07:34:55.0960 3672 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys
07:34:55.0960 3672 alim1541 - ok
07:34:55.0991 3672 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys
07:34:55.0991 3672 amdagp - ok
07:34:56.0038 3672 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
07:34:56.0038 3672 amsint - ok
07:34:56.0100 3672 AnyDVD (486cf73f183e7adc5575fcd47f9fb1af) C:\WINDOWS\system32\Drivers\AnyDVD.sys
07:34:56.0100 3672 AnyDVD - ok
07:34:56.0178 3672 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
07:34:56.0178 3672 APPDRV - ok
07:34:56.0288 3672 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
07:34:56.0288 3672 Arp1394 - ok
07:34:56.0335 3672 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
07:34:56.0335 3672 asc - ok
07:34:56.0428 3672 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
07:34:56.0444 3672 asc3350p - ok
07:34:56.0460 3672 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
07:34:56.0460 3672 asc3550 - ok
07:34:56.0522 3672 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
07:34:56.0522 3672 ASCTRM - ok
07:34:56.0616 3672 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
07:34:56.0616 3672 AsyncMac - ok
07:34:56.0647 3672 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
07:34:56.0647 3672 atapi - ok
07:34:56.0663 3672 Atdisk - ok
07:34:56.0725 3672 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
07:34:56.0725 3672 Atmarpc - ok
07:34:56.0788 3672 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
07:34:56.0788 3672 audstub - ok
07:34:56.0897 3672 bcm4sbxp (6489310d11971f6ba6c7f49be0baf6e0) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
07:34:56.0897 3672 bcm4sbxp - ok
07:34:57.0116 3672 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
07:34:57.0116 3672 Beep - ok
07:34:57.0241 3672 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
07:34:57.0241 3672 cbidf - ok
07:34:57.0272 3672 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
07:34:57.0272 3672 cbidf2k - ok
07:34:57.0288 3672 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
07:34:57.0288 3672 cd20xrnt - ok
07:34:57.0335 3672 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
07:34:57.0335 3672 Cdaudio - ok
07:34:57.0413 3672 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
07:34:57.0428 3672 Cdfs - ok
07:34:57.0460 3672 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
07:34:57.0460 3672 Cdrom - ok
07:34:57.0475 3672 Changer - ok
07:34:57.0600 3672 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
07:34:57.0600 3672 CmBatt - ok
07:34:57.0663 3672 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
07:34:57.0663 3672 CmdIde - ok
07:34:57.0725 3672 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
07:34:57.0725 3672 Compbatt - ok
07:34:57.0788 3672 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
07:34:57.0788 3672 Cpqarray - ok
07:34:57.0991 3672 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
07:34:57.0991 3672 ctsfm2k - ok
07:34:58.0069 3672 CTUSFSYN (4ee8822adb764edd28ce44e808097995) C:\WINDOWS\system32\drivers\ctusfsyn.sys
07:34:58.0069 3672 CTUSFSYN - ok
07:34:58.0132 3672 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
07:34:58.0147 3672 dac2w2k - ok
07:34:58.0257 3672 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
07:34:58.0257 3672 dac960nt - ok
07:34:58.0319 3672 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
07:34:58.0319 3672 Disk - ok
07:34:58.0428 3672 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
07:34:58.0475 3672 dmboot - ok
07:34:58.0553 3672 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
07:34:58.0553 3672 dmio - ok
07:34:58.0616 3672 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
07:34:58.0616 3672 dmload - ok
07:34:58.0678 3672 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
07:34:58.0678 3672 DMusic - ok
07:34:58.0741 3672 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
07:34:58.0741 3672 dpti2o - ok
07:34:58.0788 3672 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
07:34:58.0788 3672 drmkaud - ok
07:34:58.0835 3672 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
07:34:58.0835 3672 drvmcdb - ok
07:34:58.0960 3672 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
07:34:58.0975 3672 drvnddm - ok
07:34:59.0116 3672 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
07:34:59.0116 3672 DSproct - ok
07:34:59.0241 3672 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
07:34:59.0257 3672 E100B - ok
07:34:59.0319 3672 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
07:34:59.0335 3672 ElbyCDIO - ok
07:34:59.0428 3672 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
07:34:59.0428 3672 Fastfat - ok
07:34:59.0460 3672 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
07:34:59.0460 3672 Fdc - ok
07:34:59.0491 3672 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
07:34:59.0491 3672 Fips - ok
07:34:59.0647 3672 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
07:34:59.0647 3672 Flpydisk - ok
07:34:59.0725 3672 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
07:34:59.0725 3672 FltMgr - ok
07:34:59.0757 3672 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
07:34:59.0757 3672 Fs_Rec - ok
07:34:59.0772 3672 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
07:34:59.0788 3672 Ftdisk - ok
07:34:59.0835 3672 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
07:34:59.0835 3672 GEARAspiWDM - ok
07:34:59.0882 3672 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
07:34:59.0882 3672 Gpc - ok
07:35:00.0022 3672 HDAudBus (e31363d186b3e1d7c4e9117884a6aee5) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
07:35:00.0038 3672 HDAudBus - ok
07:35:00.0147 3672 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
07:35:00.0147 3672 HidUsb - ok
07:35:00.0241 3672 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
07:35:00.0241 3672 hpn - ok
07:35:00.0350 3672 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
07:35:00.0460 3672 HSF_DPV - ok
07:35:00.0522 3672 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
07:35:00.0522 3672 HSXHWAZL - ok
07:35:00.0600 3672 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
07:35:00.0616 3672 HTTP - ok
07:35:00.0678 3672 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
07:35:00.0678 3672 i2omgmt - ok
07:35:00.0725 3672 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys
07:35:00.0725 3672 i2omp - ok
07:35:00.0788 3672 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
07:35:00.0788 3672 i8042prt - ok
07:35:00.0897 3672 ialm (cc449157474d5e43daea7e20f52c635a) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
07:35:00.0975 3672 ialm - ok
07:35:01.0038 3672 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
07:35:01.0038 3672 Imapi - ok
07:35:01.0100 3672 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
07:35:01.0100 3672 ini910u - ok
07:35:01.0194 3672 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
07:35:01.0194 3672 IntelIde - ok
07:35:01.0210 3672 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
07:35:01.0210 3672 intelppm - ok
07:35:01.0241 3672 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
07:35:01.0241 3672 Ip6Fw - ok
07:35:01.0413 3672 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
07:35:01.0413 3672 IpFilterDriver - ok
07:35:01.0491 3672 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
07:35:01.0507 3672 IpInIp - ok
07:35:01.0725 3672 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
07:35:01.0725 3672 IpNat - ok
07:35:01.0835 3672 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
07:35:01.0835 3672 IPSec - ok
07:35:01.0944 3672 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
07:35:01.0944 3672 IRENUM - ok
07:35:02.0007 3672 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
07:35:02.0007 3672 isapnp - ok
07:35:02.0038 3672 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
07:35:02.0038 3672 Kbdclass - ok
07:35:02.0100 3672 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
07:35:02.0100 3672 kmixer - ok
07:35:02.0132 3672 KSecDD (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys
07:35:02.0147 3672 KSecDD - ok
07:35:02.0163 3672 lbrtfdc - ok
07:35:02.0257 3672 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
07:35:02.0257 3672 mdmxsdk - ok
07:35:02.0397 3672 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys
07:35:02.0397 3672 mferkdk - ok
07:35:02.0444 3672 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys
07:35:02.0460 3672 mfesmfk - ok
07:35:02.0553 3672 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
07:35:02.0553 3672 MHNDRV - ok
07:35:02.0632 3672 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
07:35:02.0647 3672 mnmdd - ok
07:35:02.0678 3672 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
07:35:02.0678 3672 Modem - ok
07:35:02.0835 3672 monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\monfilt.sys
07:35:02.0913 3672 monfilt - ok
07:35:02.0960 3672 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
07:35:02.0960 3672 Mouclass - ok
07:35:03.0100 3672 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
07:35:03.0100 3672 mouhid - ok
07:35:03.0178 3672 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
07:35:03.0178 3672 MountMgr - ok
07:35:03.0225 3672 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
07:35:03.0225 3672 mraid35x - ok
07:35:03.0272 3672 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
07:35:03.0288 3672 MRxDAV - ok
07:35:03.0397 3672 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
07:35:03.0428 3672 MRxSmb - ok
07:35:03.0569 3672 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
07:35:03.0569 3672 Msfs - ok
07:35:03.0632 3672 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
07:35:03.0632 3672 MSKSSRV - ok
07:35:03.0725 3672 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
07:35:03.0725 3672 MSPCLOCK - ok
07:35:03.0835 3672 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
07:35:03.0850 3672 MSPQM - ok
07:35:03.0913 3672 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
07:35:03.0928 3672 mssmbios - ok
07:35:03.0944 3672 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
07:35:03.0944 3672 Mup - ok
07:35:03.0975 3672 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
07:35:03.0991 3672 NDIS - ok
07:35:04.0007 3672 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
07:35:04.0022 3672 NdisTapi - ok
07:35:04.0038 3672 Ndisuio (eefa1ce63805d2145978621be5c6d955) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
07:35:04.0038 3672 Ndisuio - ok
07:35:04.0085 3672 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
07:35:04.0085 3672 NdisWan - ok
07:35:04.0116 3672 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
07:35:04.0116 3672 NDProxy - ok
07:35:04.0132 3672 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
07:35:04.0132 3672 NetBIOS - ok
07:35:04.0178 3672 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
07:35:04.0178 3672 NetBT - ok
07:35:04.0225 3672 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
07:35:04.0225 3672 NIC1394 - ok
07:35:04.0303 3672 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
07:35:04.0319 3672 Npfs - ok
07:35:04.0428 3672 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
07:35:04.0475 3672 Ntfs - ok
07:35:04.0522 3672 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
07:35:04.0538 3672 Null - ok
07:35:04.0725 3672 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
07:35:04.0835 3672 nv - ok
07:35:04.0928 3672 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
07:35:04.0928 3672 NwlnkFlt - ok
07:35:04.0960 3672 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
07:35:04.0960 3672 NwlnkFwd - ok
07:35:04.0975 3672 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
07:35:04.0975 3672 ohci1394 - ok
07:35:05.0022 3672 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys
07:35:05.0022 3672 omci - ok
07:35:05.0100 3672 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
07:35:05.0116 3672 ossrv - ok
07:35:05.0163 3672 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
07:35:05.0178 3672 Parport - ok
07:35:05.0241 3672 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
07:35:05.0241 3672 PartMgr - ok
07:35:05.0319 3672 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
07:35:05.0319 3672 ParVdm - ok
07:35:05.0366 3672 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
07:35:05.0366 3672 PCI - ok
07:35:05.0444 3672 PCIDump - ok
07:35:05.0538 3672 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
07:35:05.0538 3672 PCIIde - ok
07:35:05.0585 3672 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
07:35:05.0600 3672 Pcmcia - ok
07:35:05.0600 3672 PDCOMP - ok
07:35:05.0632 3672 PDFRAME - ok
07:35:05.0647 3672 PDRELI - ok
07:35:05.0663 3672 PDRFRAME - ok
07:35:05.0710 3672 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
07:35:05.0725 3672 perc2 - ok
07:35:05.0741 3672 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
07:35:05.0741 3672 perc2hib - ok
07:35:05.0835 3672 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
07:35:05.0835 3672 PptpMiniport - ok
07:35:05.0850 3672 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
07:35:05.0866 3672 PSched - ok
07:35:05.0882 3672 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
07:35:05.0882 3672 Ptilink - ok
07:35:05.0897 3672 PxHelp20 (81088114178112618b1c414a65e50f7c) C:\WINDOWS\system32\Drivers\PxHelp20.sys
07:35:05.0897 3672 PxHelp20 - ok
07:35:05.0928 3672 qcserxp - ok
07:35:05.0975 3672 qcusbser - ok
07:35:06.0069 3672 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
07:35:06.0069 3672 ql1080 - ok
07:35:06.0225 3672 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
07:35:06.0225 3672 Ql10wnt - ok
07:35:06.0257 3672 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
07:35:06.0272 3672 ql12160 - ok
07:35:06.0366 3672 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
07:35:06.0366 3672 ql1240 - ok
07:35:06.0491 3672 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
07:35:06.0507 3672 ql1280 - ok
07:35:06.0538 3672 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
07:35:06.0553 3672 RasAcd - ok
07:35:06.0585 3672 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
07:35:06.0585 3672 Rasl2tp - ok
07:35:06.0600 3672 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
07:35:06.0600 3672 RasPppoe - ok
07:35:06.0632 3672 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
07:35:06.0632 3672 Raspti - ok
07:35:06.0694 3672 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
07:35:06.0694 3672 Rdbss - ok
07:35:06.0741 3672 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
07:35:06.0741 3672 RDPCDD - ok
07:35:06.0788 3672 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
07:35:06.0788 3672 rdpdr - ok
07:35:06.0850 3672 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
07:35:06.0850 3672 RDPWD - ok
07:35:06.0944 3672 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
07:35:06.0944 3672 redbook - ok
07:35:07.0100 3672 rimmptsk (24ed7af20651f9fa1f249482e7c1f165) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
07:35:07.0100 3672 rimmptsk - ok
07:35:07.0147 3672 rimsptsk (1bdba2d2d402415a78a4ba766dfe0f7b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
07:35:07.0147 3672 rimsptsk - ok
07:35:07.0257 3672 RimUsb (92d33f76769a028ddc54a863eb7de4a2) C:\WINDOWS\system32\Drivers\RimUsb.sys
07:35:07.0257 3672 RimUsb - ok
07:35:07.0335 3672 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
07:35:07.0350 3672 RimVSerPort - ok
07:35:07.0397 3672 rismxdp (f774ecd11a064f0debb2d4395418153c) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
07:35:07.0397 3672 rismxdp - ok
07:35:07.0444 3672 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
07:35:07.0444 3672 ROOTMODEM - ok
07:35:07.0538 3672 s24trans (2c0e9e777ab1849b43494626c1f308b5) C:\WINDOWS\system32\DRIVERS\s24trans.sys
07:35:07.0553 3672 s24trans - ok
07:35:07.0600 3672 sdbus (02fc71b020ec8700ee8a46c58bc6f276) C:\WINDOWS\system32\DRIVERS\sdbus.sys
07:35:07.0600 3672 sdbus - ok
07:35:07.0678 3672 SDDMI2 (8edd7b9e4a4b4c16e2dab9188caa861b) C:\WINDOWS\system32\DDMI2.sys
07:35:07.0678 3672 SDDMI2 - ok
07:35:07.0772 3672 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
07:35:07.0772 3672 Secdrv - ok
07:35:07.0866 3672 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
07:35:07.0866 3672 serenum - ok
07:35:07.0913 3672 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
07:35:07.0913 3672 Serial - ok
07:35:07.0960 3672 sffdisk (1d9f1bec651815741f088a8fb88e17ee) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
07:35:07.0975 3672 sffdisk - ok
07:35:07.0991 3672 sffp_sd (586499fd312ffd7f78553f408e71682e) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
07:35:07.0991 3672 sffp_sd - ok
07:35:08.0038 3672 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
07:35:08.0038 3672 Sfloppy - ok
07:35:08.0100 3672 Simbad - ok
07:35:08.0147 3672 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
07:35:08.0163 3672 sisagp - ok
07:35:08.0319 3672 SMSIVZAM5 (1e715247efffdda938c085913045d599) C:\PROGRA~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS
07:35:08.0319 3672 SMSIVZAM5 - ok
07:35:08.0538 3672 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
07:35:08.0538 3672 Sparrow - ok
07:35:08.0632 3672 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
07:35:08.0632 3672 splitter - ok
07:35:08.0663 3672 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
07:35:08.0663 3672 sr - ok
07:35:08.0772 3672 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
07:35:08.0788 3672 Srv - ok
07:35:08.0866 3672 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
07:35:08.0866 3672 sscdbhk5 - ok
07:35:08.0944 3672 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
07:35:08.0944 3672 ssrtln - ok
07:35:09.0100 3672 STHDA (3ad78e22210d3fbd9f76de84a8df19b5) C:\WINDOWS\system32\drivers\sthda.sys
07:35:09.0178 3672 STHDA - ok
07:35:09.0366 3672 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
07:35:09.0366 3672 swenum - ok
07:35:09.0475 3672 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
07:35:09.0475 3672 swmidi - ok
07:35:09.0553 3672 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
07:35:09.0569 3672 symc810 - ok
07:35:09.0616 3672 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
07:35:09.0616 3672 symc8xx - ok
07:35:09.0678 3672 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
07:35:09.0678 3672 sym_hi - ok
07:35:09.0803 3672 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
07:35:09.0803 3672 sym_u3 - ok
07:35:09.0928 3672 SynTP (fa2daa32bed908023272a0f77d625dae) C:\WINDOWS\system32\DRIVERS\SynTP.sys
07:35:09.0928 3672 SynTP - ok
07:35:10.0053 3672 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
07:35:10.0053 3672 sysaudio - ok
07:35:10.0163 3672 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
07:35:10.0178 3672 Tcpip - ok
07:35:10.0225 3672 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
07:35:10.0225 3672 TDPIPE - ok
07:35:10.0382 3672 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
07:35:10.0382 3672 TDTCP - ok
07:35:10.0444 3672 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
07:35:10.0444 3672 TermDD - ok
07:35:10.0522 3672 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys
07:35:10.0522 3672 tfsnboio - ok
07:35:10.0585 3672 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys
07:35:10.0600 3672 tfsncofs - ok
07:35:10.0600 3672 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys
07:35:10.0616 3672 tfsndrct - ok
07:35:10.0632 3672 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys
07:35:10.0632 3672 tfsndres - ok
07:35:10.0663 3672 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys
07:35:10.0663 3672 tfsnifs - ok
07:35:10.0710 3672 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys
07:35:10.0710 3672 tfsnopio - ok
07:35:10.0725 3672 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys
07:35:10.0725 3672 tfsnpool - ok
07:35:10.0741 3672 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys
07:35:10.0757 3672 tfsnudf - ok
07:35:10.0772 3672 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys
07:35:10.0772 3672 tfsnudfa - ok
07:35:10.0835 3672 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
07:35:10.0835 3672 TosIde - ok
07:35:10.0913 3672 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
07:35:10.0913 3672 Udfs - ok
07:35:10.0960 3672 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
07:35:10.0960 3672 ultra - ok
07:35:11.0022 3672 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
07:35:11.0038 3672 Update - ok
07:35:11.0147 3672 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
07:35:11.0147 3672 USBAAPL - ok
07:35:11.0210 3672 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
07:35:11.0210 3672 usbccgp - ok
07:35:11.0288 3672 usbehci (708579b01fed227aadb393cb0c3b4a2c) C:\WINDOWS\system32\DRIVERS\usbehci.sys
07:35:11.0288 3672 usbehci - ok
07:35:11.0507 3672 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
07:35:11.0507 3672 usbhub - ok
07:35:11.0632 3672 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
07:35:11.0632 3672 usbprint - ok
07:35:11.0678 3672 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
07:35:11.0678 3672 usbscan - ok
07:35:11.0725 3672 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
07:35:11.0725 3672 USBSTOR - ok
07:35:11.0772 3672 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
07:35:11.0772 3672 usbuhci - ok
07:35:11.0803 3672 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
07:35:11.0803 3672 VgaSave - ok
07:35:11.0850 3672 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
07:35:11.0850 3672 viaagp - ok
07:35:11.0882 3672 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
07:35:11.0882 3672 ViaIde - ok
07:35:11.0928 3672 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
07:35:11.0944 3672 VolSnap - ok
07:35:12.0147 3672 w39n51 (95c7421f8bafc85ba09d33364058937d) C:\WINDOWS\system32\DRIVERS\w39n51.sys
07:35:12.0241 3672 w39n51 - ok
07:35:12.0491 3672 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
07:35:12.0491 3672 Wanarp - ok
07:35:12.0507 3672 wanatw - ok
07:35:12.0600 3672 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
07:35:12.0616 3672 Wdf01000 - ok
07:35:12.0663 3672 WDICA - ok
07:35:12.0725 3672 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
07:35:12.0725 3672 wdmaud - ok
07:35:12.0835 3672 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
07:35:12.0882 3672 winachsf - ok
07:35:13.0007 3672 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
07:35:13.0007 3672 WmiAcpi - ok
07:35:13.0100 3672 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
07:35:13.0100 3672 WpdUsb - ok
07:35:13.0178 3672 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
07:35:13.0178 3672 WudfPf - ok
07:35:13.0241 3672 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
07:35:13.0241 3672 WudfRd - ok
07:35:13.0319 3672 MBR (0x1B8) (4661f953f30d48fd76a9da73c4892179) \Device\Harddisk0\DR0
07:35:13.0678 3672 \Device\Harddisk0\DR0 - ok
07:35:13.0678 3672 Boot (0x1200) (e9174a97688cc08cc0cba58110e6dedb) \Device\Harddisk0\DR0\Partition0
07:35:13.0694 3672 \Device\Harddisk0\DR0\Partition0 - ok
07:35:13.0694 3672 ============================================================
07:35:13.0694 3672 Scan finished
07:35:13.0694 3672 ============================================================
07:35:13.0710 2388 Detected object count: 0
07:35:13.0710 2388 Actual detected object count: 0
07:36:51.0835 3540 ============================================================
07:36:51.0835 3540 Scan started
07:36:51.0835 3540 Mode: Manual;
07:36:51.0835 3540 ============================================================
07:36:52.0194 3540 Abiosdsk - ok
07:36:52.0241 3540 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
07:36:52.0257 3540 abp480n5 - ok
07:36:52.0303 3540 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
07:36:52.0319 3540 ACPI - ok
07:36:52.0350 3540 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
07:36:52.0350 3540 ACPIEC - ok
07:36:52.0382 3540 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
07:36:52.0382 3540 adpu160m - ok
07:36:52.0444 3540 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
07:36:52.0460 3540 aec - ok
07:36:52.0507 3540 AegisP (91f3df93f40a74d222cd166fe95db633) C:\WINDOWS\system32\DRIVERS\AegisP.sys
07:36:52.0507 3540 AegisP - ok
07:36:52.0553 3540 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
07:36:52.0569 3540 AFD - ok
07:36:52.0616 3540 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
07:36:52.0616 3540 agp440 - ok
07:36:52.0647 3540 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
07:36:52.0647 3540 agpCPQ - ok
07:36:52.0788 3540 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
07:36:52.0788 3540 Aha154x - ok
07:36:52.0819 3540 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
07:36:52.0819 3540 aic78u2 - ok
07:36:52.0850 3540 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
07:36:52.0850 3540 aic78xx - ok
07:36:52.0882 3540 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
07:36:52.0882 3540 AliIde - ok
07:36:52.0913 3540 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys
07:36:52.0913 3540 alim1541 - ok
07:36:52.0928 3540 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys
07:36:52.0928 3540 amdagp - ok
07:36:52.0960 3540 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
07:36:52.0960 3540 amsint - ok
07:36:53.0022 3540 AnyDVD (486cf73f183e7adc5575fcd47f9fb1af) C:\WINDOWS\system32\Drivers\AnyDVD.sys
07:36:53.0022 3540 AnyDVD - ok
07:36:53.0272 3540 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
07:36:53.0272 3540 APPDRV - ok
07:36:53.0350 3540 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
07:36:53.0366 3540 Arp1394 - ok
07:36:53.0413 3540 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
07:36:53.0413 3540 asc - ok
07:36:53.0428 3540 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
07:36:53.0428 3540 asc3350p - ok
07:36:53.0460 3540 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
07:36:53.0460 3540 asc3550 - ok
07:36:53.0507 3540 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
07:36:53.0507 3540 ASCTRM - ok
07:36:53.0569 3540 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
07:36:53.0569 3540 AsyncMac - ok
07:36:53.0600 3540 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
07:36:53.0600 3540 atapi - ok
07:36:53.0616 3540 Atdisk - ok
07:36:53.0663 3540 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
07:36:53.0663 3540 Atmarpc - ok
07:36:53.0678 3540 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
07:36:53.0678 3540 audstub - ok
07:36:53.0741 3540 bcm4sbxp (6489310d11971f6ba6c7f49be0baf6e0) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
07:36:53.0741 3540 bcm4sbxp - ok
07:36:53.0803 3540 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
07:36:53.0803 3540 Beep - ok
07:36:54.0022 3540 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
07:36:54.0022 3540 cbidf - ok
07:36:54.0053 3540 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
07:36:54.0053 3540 cbidf2k - ok
07:36:54.0085 3540 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
07:36:54.0085 3540 cd20xrnt - ok
07:36:54.0132 3540 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
07:36:54.0132 3540 Cdaudio - ok
07:36:54.0147 3540 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
07:36:54.0163 3540 Cdfs - ok
07:36:54.0178 3540 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
07:36:54.0194 3540 Cdrom - ok
07:36:54.0194 3540 Changer - ok
07:36:54.0241 3540 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
07:36:54.0241 3540 CmBatt - ok
07:36:54.0288 3540 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
07:36:54.0288 3540 CmdIde - ok
07:36:54.0303 3540 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
07:36:54.0303 3540 Compbatt - ok
07:36:54.0350 3540 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
07:36:54.0350 3540 Cpqarray - ok
07:36:54.0428 3540 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
07:36:54.0428 3540 ctsfm2k - ok
07:36:54.0460 3540 CTUSFSYN (4ee8822adb764edd28ce44e808097995) C:\WINDOWS\system32\drivers\ctusfsyn.sys
07:36:54.0475 3540 CTUSFSYN - ok
07:36:54.0522 3540 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
07:36:54.0522 3540 dac2w2k - ok
07:36:54.0553 3540 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
07:36:54.0553 3540 dac960nt - ok
07:36:54.0710 3540 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
07:36:54.0725 3540 Disk - ok
07:36:54.0819 3540 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
07:36:54.0835 3540 dmboot - ok
07:36:54.0850 3540 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
07:36:54.0866 3540 dmio - ok
07:36:54.0882 3540 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
07:36:54.0882 3540 dmload - ok
07:36:54.0944 3540 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
07:36:54.0944 3540 DMusic - ok
07:36:54.0991 3540 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
07:36:54.0991 3540 dpti2o - ok
07:36:55.0038 3540 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
07:36:55.0038 3540 drmkaud - ok
07:36:55.0085 3540 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
07:36:55.0085 3540 drvmcdb - ok
07:36:55.0147 3540 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
07:36:55.0147 3540 drvnddm - ok
07:36:55.0335 3540 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
07:36:55.0335 3540 DSproct - ok
07:36:55.0538 3540 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
07:36:55.0538 3540 E100B - ok
07:36:55.0616 3540 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
07:36:55.0616 3540 ElbyCDIO - ok
07:36:55.0663 3540 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
07:36:55.0663 3540 Fastfat - ok
07:36:55.0694 3540 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
07:36:55.0694 3540 Fdc - ok
07:36:55.0725 3540 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
07:36:55.0725 3540 Fips - ok
07:36:55.0772 3540 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
07:36:55.0772 3540 Flpydisk - ok
07:36:55.0819 3540 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
07:36:55.0819 3540 FltMgr - ok
07:36:55.0850 3540 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
07:36:55.0850 3540 Fs_Rec - ok
07:36:55.0897 3540 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
07:36:55.0897 3540 Ftdisk - ok
07:36:55.0960 3540 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
07:36:55.0960 3540 GEARAspiWDM - ok
07:36:55.0975 3540 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
07:36:55.0975 3540 Gpc - ok
07:36:56.0069 3540 HDAudBus (e31363d186b3e1d7c4e9117884a6aee5) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
07:36:56.0069 3540 HDAudBus - ok
07:36:56.0147 3540 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
07:36:56.0147 3540 HidUsb - ok
07:36:56.0350 3540 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
07:36:56.0350 3540 hpn - ok
07:36:56.0475 3540 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
07:36:56.0491 3540 HSF_DPV - ok
07:36:56.0522 3540 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
07:36:56.0538 3540 HSXHWAZL - ok
07:36:56.0600 3540 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
07:36:56.0616 3540 HTTP - ok
07:36:56.0694 3540 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
07:36:56.0694 3540 i2omgmt - ok
07:36:56.0741 3540 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys
07:36:56.0741 3540 i2omp - ok
07:36:56.0803 3540 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
07:36:56.0803 3540 i8042prt - ok
07:36:56.0960 3540 ialm (cc449157474d5e43daea7e20f52c635a) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
07:36:56.0991 3540 ialm - ok
07:36:57.0116 3540 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
07:36:57.0116 3540 Imapi - ok
07:36:57.0178 3540 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
07:36:57.0178 3540 ini910u - ok
07:36:57.0210 3540 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
07:36:57.0210 3540 IntelIde - ok
07:36:57.0225 3540 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
07:36:57.0225 3540 intelppm - ok
07:36:57.0241 3540 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
07:36:57.0257 3540 Ip6Fw - ok
07:36:57.0303 3540 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
07:36:57.0303 3540 IpFilterDriver - ok
07:36:57.0350 3540 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
07:36:57.0350 3540 IpInIp - ok
07:36:57.0413 3540 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
07:36:57.0413 3540 IpNat - ok
07:36:57.0507 3540 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
07:36:57.0507 3540 IPSec - ok
07:36:57.0553 3540 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
07:36:57.0553 3540 IRENUM - ok
07:36:57.0647 3540 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
07:36:57.0647 3540 isapnp - ok
07:36:57.0678 3540 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
07:36:57.0678 3540 Kbdclass - ok
07:36:57.0819 3540 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
07:36:57.0835 3540 kmixer - ok
07:36:57.0866 3540 KSecDD (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys
07:36:57.0866 3540 KSecDD - ok
07:36:57.0897 3540 lbrtfdc - ok
07:36:58.0022 3540 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
07:36:58.0022 3540 mdmxsdk - ok
07:36:58.0069 3540 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys
07:36:58.0069 3540 mferkdk - ok
07:36:58.0163 3540 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys
07:36:58.0163 3540 mfesmfk - ok
07:36:58.0225 3540 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
07:36:58.0225 3540 MHNDRV - ok
07:36:58.0303 3540 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
07:36:58.0303 3540 mnmdd - ok
07:36:58.0366 3540 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
07:36:58.0366 3540 Modem - ok
07:36:58.0585 3540 monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\monfilt.sys
07:36:58.0616 3540 monfilt - ok
07:36:58.0632 3540 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
07:36:58.0632 3540 Mouclass - ok
07:36:58.0678 3540 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
07:36:58.0678 3540 mouhid - ok
07:36:58.0710 3540 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
07:36:58.0710 3540 MountMgr - ok
07:36:58.0757 3540 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
07:36:58.0757 3540 mraid35x - ok
07:36:58.0803 3540 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
07:36:58.0803 3540 MRxDAV - ok
07:36:58.0913 3540 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
07:36:58.0913 3540 MRxSmb - ok
07:36:58.0944 3540 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
07:36:58.0960 3540 Msfs - ok
07:36:59.0022 3540 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
07:36:59.0022 3540 MSKSSRV - ok
07:36:59.0116 3540 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
07:36:59.0116 3540 MSPCLOCK - ok
07:36:59.0210 3540 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
07:36:59.0210 3540 MSPQM - ok
07:36:59.0397 3540 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
07:36:59.0397 3540 mssmbios - ok
07:36:59.0413 3540 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
07:36:59.0413 3540 Mup - ok
07:36:59.0460 3540 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
07:36:59.0460 3540 NDIS - ok
07:36:59.0475 3540 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
07:36:59.0475 3540 NdisTapi - ok
07:36:59.0507 3540 Ndisuio (eefa1ce63805d2145978621be5c6d955) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
07:36:59.0507 3540 Ndisuio - ok
07:36:59.0585 3540 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
07:36:59.0585 3540 NdisWan - ok
07:36:59.0616 3540 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
07:36:59.0616 3540 NDProxy - ok
07:36:59.0632 3540 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
07:36:59.0632 3540 NetBIOS - ok
07:36:59.0678 3540 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
07:36:59.0678 3540 NetBT - ok
07:36:59.0757 3540 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
07:36:59.0757 3540 NIC1394 - ok
07:36:59.0835 3540 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
07:36:59.0835 3540 Npfs - ok
07:36:59.0960 3540 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
07:36:59.0975 3540 Ntfs - ok
07:37:00.0085 3540 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
07:37:00.0100 3540 Null - ok
07:37:00.0241 3540 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
07:37:00.0272 3540 nv - ok
07:37:00.0319 3540 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
07:37:00.0319 3540 NwlnkFlt - ok
07:37:00.0350 3540 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
07:37:00.0350 3540 NwlnkFwd - ok
07:37:00.0694 3540 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
07:37:00.0694 3540 ohci1394 - ok
07:37:00.0757 3540 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys
07:37:00.0757 3540 omci - ok
07:37:00.0897 3540 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
07:37:00.0913 3540 ossrv - ok
07:37:00.0975 3540 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
07:37:00.0975 3540 Parport - ok
07:37:01.0022 3540 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
07:37:01.0022 3540 PartMgr - ok
07:37:01.0069 3540 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
07:37:01.0069 3540 ParVdm - ok
07:37:01.0272 3540 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
07:37:01.0272 3540 PCI - ok
07:37:01.0288 3540 PCIDump - ok
07:37:01.0303 3540 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
07:37:01.0303 3540 PCIIde - ok
07:37:01.0366 3540 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
07:37:01.0366 3540 Pcmcia - ok
07:37:01.0382 3540 PDCOMP - ok
07:37:01.0397 3540 PDFRAME - ok
07:37:01.0413 3540 PDRELI - ok
07:37:01.0428 3540 PDRFRAME - ok
07:37:01.0475 3540 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
07:37:01.0475 3540 perc2 - ok
07:37:01.0491 3540 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
07:37:01.0507 3540 perc2hib - ok
07:37:01.0600 3540 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
07:37:01.0600 3540 PptpMiniport - ok
07:37:01.0616 3540 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
07:37:01.0632 3540 PSched - ok
07:37:01.0663 3540 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
07:37:01.0663 3540 Ptilink - ok
07:37:01.0725 3540 PxHelp20 (81088114178112618b1c414a65e50f7c) C:\WINDOWS\system32\Drivers\PxHelp20.sys
07:37:01.0725 3540 PxHelp20 - ok
07:37:01.0788 3540 qcserxp - ok
07:37:01.0819 3540 qcusbser - ok
07:37:01.0944 3540 ql1080 (0

#18 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,058 posts

Posted 23 February 2012 - 12:09 PM

See if you can now run MBAM, DDS, and Security check. See Instructions and post the requested logs.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#19 briang8r

briang8r

    Member

  • Full Member
  • Pip
  • 15 posts

Posted 23 February 2012 - 06:42 PM

OK, I am able to install and run applications now, so that is good. I am pasting the three logs below:


Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.23.04

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 6.0.2900.2180
Kelli :: KELLILAPTOP [administrator]

2/23/2012 6:15:02 PM
mbam-log-2012-02-23 (18-15-02).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 191541
Time elapsed: 11 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\System\CurrentControlSet\Services\SfX (Rootkit.Agent) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


DDS:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_29
Run by Kelli at 18:34:22 on 2012-02-23
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.444 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\WINDOWS\system32\lxeacoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe
C:\Program Files\Lexmark S300-S400 Series\ezprint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5061227
mDefault_Page_URL = hxxp://www.dell.com
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DelayShred] c:\progra~1\mcafee\mshr\shrcl.exe /p7 /q c:\docume~1\kelli\locals~1\temp\tempor~1\content.ie5\hs0vw0g9.sh! c:\docume~1\kelli\locals~1\temp\tempor~1\content.ie5\czl5h72x.sh! c:\docume~1\kelli\locals~1\temp\tempor~1\content.ie5\53kkhlba.sh! c:\docume~1\kelli\locals~1\temp\tempor~1\content.sh! c:\docume~1\kelli\locals~1\temp\tempor~1.sh! c:\docume~1\kelli\locals~1\temp\tempor~1.sh!\content.sh!\hs0vw0g9.sh! c:\docume~1\kelli\locals~1\temp\tempor~1.sh!\content.sh!\czl5h72x.sh! c:\docume~1\kelli\locals~1\temp\tempor~1.sh!\content.sh!\53kkhlba.sh! c:\docume~1\kelli\locals~1\temp\tempor~1.sh!\Content.SH!
uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [THGuard] "c:\program files\trojanhunter 5.0\THGuard.exe"
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [lxeamon.exe] "c:\program files\lexmark s300-s400 series\lxeamon.exe"
mRun: [EzPrint] "c:\program files\lexmark s300-s400 series\ezprint.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [qsjYdvrhRprI.exe] c:\documents and settings\all users\application data\qsjYdvrhRprI.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{BE8B9962-2155-4AEE-B27B-66224D448DD2} : DhcpNameServer = 65.32.5.111 65.32.5.112
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\kelli\application data\mozilla\firefox\profiles\fm6nk5ky.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - component: c:\documents and settings\kelli\application data\mozilla\firefox\profiles\fm6nk5ky.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\kelli\application data\mozilla\firefox\profiles\fm6nk5ky.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\kelli\application data\mozilla\plugins\npatgpc.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
.
============= SERVICES / DRIVERS ===============
.
R2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe -service --> c:\windows\system32\lxeacoms.exe -service [?]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-1 135664]
S2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeaserv.exe [2010-6-12 98984]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-3-1 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-8-22 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-8-22 40552]
S3 qcserxp;HTC Diagnostic Port;c:\windows\system32\drivers\qcserxp.sys --> c:\windows\system32\drivers\qcserxp.sys [?]
S3 qcusbser;Qualcomm USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcmdmxp.sys --> c:\windows\system32\drivers\qcmdmxp.sys [?]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-5-25 32408]
.
=============== Created Last 30 ================
.
2012-02-22 03:34:44 -------- d-----w- c:\documents and settings\all users\application data\F4D55F0E000166B3012B00EB2830AC72
2012-02-21 19:23:33 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-02-16 02:46:02 19416 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll
2012-02-11 22:39:44 -------- d-----w- c:\windows\system32\GroupPolicy
2012-02-04 13:59:01 205938 ----a-w- c:\documents and settings\all users\SPL7.tmp
.
==================== Find3M ====================
.
2012-01-15 16:45:20 246422 ----a-w- c:\documents and settings\all users\SPL25.tmp
2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-04 21:23:51 121464 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2008-11-13 04:30:12 19011 ----a-w- c:\program files\common files\ynexu.vbs
.
============= FINISH: 18:36:07.92 ===============




Security Check:

Results of screen317's Security Check version 0.99.31
Windows XP Service Pack 2 x86
Out of date service pack!!
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
McAfee Security Scan Plus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Spybot - Search & Destroy
HijackThis 2.0.2
Java™ 6 Update 29
Java version out of date!
Adobe Flash Player 9 Flash Player out of date!
Adobe Flash Player 10.3.183.5 Flash Player out of Date!
Mozilla Firefox (10.0.2)
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````

#20 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,058 posts

Posted 23 February 2012 - 07:58 PM

Good. Progress!

Please go to http://www.virustotal.com, click on 'Choose file', and send the following file/s for analysis: You will only be able to have one file scanned at a time.

c:\documents and settings\all users\SPL25.tmp
c:\documents and settings\all users\application data\qsjYdvrhRprI.exe

For each one:

After you click 'Send file', allow the file to be scanned, and then please post a link to the results page here for me. (Don't copy the page)


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#21 briang8r

briang8r

    Member

  • Full Member
  • Pip
  • 15 posts

Posted 24 February 2012 - 08:09 AM

That's good news! I really appreciate all of your help. I was only able to find the first file (SPL25.tmp). I could not find the executable file in the Application Data folder. Here is the link:

https://www.virustot...793c8/analysis/

#22 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,058 posts

Posted 01 March 2012 - 05:50 PM

Please do these important security updates:
Get XP Service Pack 3. Support for SP 2 ended July 2010.
Get Internet Explorer 8
Update Adobe Flash Player
Updating Java:
  • Go here and download the latest version of Java:
  • Go to Start -> Control Panel -> Add or Remove Programs.
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
    They should have this icon next to any that are there: Posted Image
    Select any found and choose Uninstall.
  • Then install the version you downloaded earlier.

Advice for malware prevention:

Configure Windows to do automatic updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

Keep MalwareBytes Anti-Malware updated and run it whenever you suspect a problem.

The free FileHippo Update Checker makes it easy to keep all your programs up to date - run it every few weeks.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you may be able to find out if it is a rogue here:

http://www.systemloo...p?type=filename

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different from the rogues mentioned above.

For much more old but still useful information, read Tony Klein's excellent article: How did I get infected in the first place

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#23 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,058 posts

Posted 09 March 2012 - 11:54 AM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button