TechSpot

Can't install Windows updates or antivirus

Resolved
By lango
Sep 22, 2011
Topic Status:
Not open for further replies.
  1. Hello,

    My girlfriend asked me to take a look at her ageing laptop.

    Toshiba Satellite A60
    Windows XP SP2

    This is what happened before I found TechSpot (& the 6-steps) - sorry if any of these have complicated things:

    Firstly I noticed that it was running very slowly (start-up & programs). I couldn't install Windows updates. I disconnected from internet & looked for the AV, she had Zone Alarm. It wasn't responding I uninstalled (used removal tool).

    I tried to install Microsoft Security Essentials (downloaded on my laptop).

    Used SUPERAntiSypware ran from USB - found and removed 3 trojans (didn't note what - sorry) - Still couldn't install anything

    Ran ESET Online scan - found and removed 1 trojan (Win32/Kryptik.FQV) - Still couldn't install anything

    Found TechSpot!
    -----------------------
    Downloaded Avast - Connected to Internet; couldn't update (was writing down error msg & PC Blue screened & crashed). Appears to be running ok.

    Installed Malwarebytes' Anti-Malware (DB updated to 7774). Ran - found infected file (Riskware.Tool) - log below
    Ran GMER - PC Blue screened & crashed (twice), tried 3rd time started it as soon as windows was starting up - log below

    Tried to run DDS - hung - ran for over hour & half (states should only take 3 mins).

    Any help that you can offer would be greatly appreciated. Please find the logs below:

    > mbam-log-2011-09-22 (19-28-44)
    -------------------------------------------------

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 7774

    Windows 5.1.2600 Service Pack 2
    Internet Explorer 6.0.2900.2180

    22/09/2011 19:28:44
    mbam-log-2011-09-22 (19-28-44).txt

    Scan type: Quick scan
    Objects scanned: 171223
    Time elapsed: 10 minute(s), 26 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\RECYCLER\s-1-5-21-2494479079-576879021-1610809673-1006\dc11.keymaker-zwt\keygen.exe (Riskware.Tool.CK) -> Quarantined and deleted successfully.
    ----------------------------------------------

    gmer.log
    ------------

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2011-09-22 19:50:48
    Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 FUJITSU_MHT2040AT rev.0022
    Running: o8y88pq9.exe; Driver: C:\DOCUME~1\ERIKAB~1\LOCALS~1\Temp\uxtdapoc.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xEEC56D5A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xEEC56BC5]

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

    ---- EOF - GMER 1.0.15 ----

    Again thanks for taking the time to look at this.

    Rob
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    [​IMG]
    (Image courtesy animationplayhouse.com)

    Welcome to TechSpot, Rob! Thank you for giving me the history of what you've done. Let me tell you about the riskware entry found by Mbam:
    c:\RECYCLER\s-1-5-21-2494479079-576879021-1610809673-1006\dc11.keymaker-zwt\keygen.exe (Riskware.Tool.CK) -> Quarantined and deleted successfully.

    The Recycler is the protected system folder which receive the contents of the Recycle Bin when it is emptied.. Although Mbam says it was deleted, but the Recycler is a hidden folder and is handled separately.
    The Riskware.tool which is dc 11.keymaker-zwt\keygen.exe is downloaded from a torrent site in order to get a key or license number to pirate a program instead of paying for it.

    Pirating programs and using file sharing is a straight road to malware
    ==========================================
    We need to get DDS to run. Please download this file: xp_scr_fix

    Unpack (unzip) the file onto your desktop and double-click it. You will be asked if you wish to merge the file with you registry, say Yes.

    You should then be able to run DDS.scr. It's the .scr file extension causing the problem. If this doesn't work, I have something else in my pocket.

    Please leave both logs from DDS in your next reply.
    ===========================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.

    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    =====================================
  3. lango

    lango TS Rookie Topic Starter Posts: 16

    Hi Bobbye,

    Thanks for taking the time to help me with this. The info about the keygen definitely makes sense, first thing I spotted on her laptop was LimeWire... Instant warning signs, was the first thing I uninstalled (she's blaming her ex!)

    So I've downloaded the "xp_scr_fix" and merged it with the Registry.

    Ran "DDS.scr" again. Same problem; it loads up and the "progress" #'s start to move slowly across the page. It appears to have froze at the same spot again at about 75% (roughly below the "t" in "...where it was req...") - this is exactly the same spot as it hung the first two times as well.

    It has been running now for 15 mins and hasn't progressed (I'll leave it going, but last night it ran for over an hour and didn't progress at all past this point).

    Thanks again for taking the time to assist me.

    Rob
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Okay, try renaming dds.scr to friday.exe then double click friday.exe to run.

    If that doesn't work, try this:

    Please download and run the tool below named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
    • Rkill.com
    • Rkill.scr
    • Rkill.pif
    • Rkill.exe
    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run then try to immediately run the following>>>>.

    Please download exeHelper by Raktor and save it to your desktop.
    • Double-click on exeHelper.com or exeHelper.scr to run the fix tool.
    • A black window should pop up, press any key to close once the fix is completed.
    • A log file called exehelperlog.txt will be created and should open at the end of the scan)
    • A copy of that log will also be saved in the directory where you ran exeHelper.com
    • Copy and paste the contents of exehelperlog.txt in your next reply.

    Note: If the window shows a message that says "Error deleting file", please re-run the tool again before posting a log and then post the two logs together (they both will be in the one file).
    ======================================
    Let's go ahead also and see if there are other keygens:

    Download CKScanner and save to your desktop.
    • Doubleclick CKScanner.exe and click Search For Files.
    • When the cursor hourglass disappears, click Save List To File.
    • A message box will verify that the file is saved.
    • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents
      in your next reply.
  5. lango

    lango TS Rookie Topic Starter Posts: 16

    Hi Bobbye,

    DDS (friday.exe) hung at the same point again.

    Rkill.com appeared to work (FYI: I got a 404 for Rkill.pif)

    exehelperlog
    ------------------
    exeHelper by Raktor
    Build 20100414
    Run at 23:19:17 on 09/23/11
    Now searching...
    Checking for numerical processes...
    Checking for sysguard processes...
    Checking for bad processes...
    Checking for bad files...
    Checking for bad registry entries...
    Resetting filetype association for .exe
    Resetting filetype association for .com
    Resetting userinit and shell values...
    Resetting policies...
    --Finished--

    CKFiles.txt
    ---------------

    CKScanner - Additional Security Risks - These are not necessarily bad
    c:\documents and settings\erikaballantine\desktop\erika\african rustic\c744-507165-mixed%20crackle%20rice%20bowls%20set%204-070.eps
    c:\documents and settings\erikaballantine\desktop\erika\trends\african rustic\c744-507165-mixed%20crackle%20rice%20bowls%20set%204-070.c
    c:\documents and settings\erikaballantine\desktop\erika\trends\african rustic\c744-507165-mixed%20crackle%20rice%20bowls%20set%204-070.eps
    c:\documents and settings\erikaballantine\desktop\erika\trends\african rustic\c744-507165-mixed%20crackle%20rice%20bowls%20set%204-070.k
    c:\documents and settings\erikaballantine\desktop\erika\trends\african rustic\c744-507165-mixed%20crackle%20rice%20bowls%20set%204-070.m
    c:\documents and settings\erikaballantine\desktop\erika\trends\african rustic\c744-507165-mixed%20crackle%20rice%20bowls%20set%204-070.y
    c:\documents and settings\erikaballantine\desktop\erika\trends\african rustic\african rustic\c744-507165-mixed%20crackle%20rice%20bowls%20set%204-070.c
    c:\documents and settings\erikaballantine\desktop\erika\trends\african rustic\african rustic\c744-507165-mixed%20crackle%20rice%20bowls%20set%204-070.eps
    c:\documents and settings\erikaballantine\desktop\erika\trends\african rustic\african rustic\c744-507165-mixed%20crackle%20rice%20bowls%20set%204-070.k
    c:\documents and settings\erikaballantine\desktop\erika\trends\african rustic\african rustic\c744-507165-mixed%20crackle%20rice%20bowls%20set%204-070.m
    c:\documents and settings\erikaballantine\desktop\erika\trends\african rustic\african rustic\c744-507165-mixed%20crackle%20rice%20bowls%20set%204-070.y
    scanner sequence 3.EF.11.VNNALH
    ----- EOF -----


    Thanks for your continuing help.

    Rob
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Thank you for your patience Rob! I spent extra time with my family last weekend celebrating a special occasion.

    Sometimes a rootkit will prevent programs from running, so I'd like you to run the following- in the order listed:
    • Download the file TDSSKiller.zip and save to the desktop.
      (If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)
    • Right-click the tdsskiller.zip file> Select Extract All into a folder on the infected (or potentially infected) PC.
    • Double click on TDSSKiller.exe. to run the scan
    • When the scan is over, the utility outputs a list of detected objects with description.
      The utility automatically selects an action (Cure or Delete) for malicious objects.
      The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
    • Select the action Quarantine to quarantine detected objects.
      The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43
    • After clicking Next, the utility applies selected actions and outputs the result.
    • A reboot is required after disinfection.
    ==================================
    Follow with Combofix: Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once installed, you should see a blue screen prompt that says:
      The Recovery Console was successfully installed.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
    ========================================
    When you have finished with the above, try the DDS scan again.
    ========================================
    Logs to leave:
    TDSKiller
    Combofix
    DDS- 2 logs
  7. lango

    lango TS Rookie Topic Starter Posts: 16

    No problem, thanks for getting back to me, I hope you had a good weekend.

    Ran TDSKiller; it didn't find anything (log below).

    Ran ComboFix; it installed Microsoft Windows Recovery Console, the scan then ran for 4 hours, and wasn't finished. Stopped it, uninstalled and re-installed it again (wierdly it said that I didn't have "Microsoft Windows Recovery Console" installed the second time again - although it does appear to be as I noticed it on start-up).

    Ran scan again, was running for a couple of hours, as I thought it wasn't very promising I tried to get the TDSKiller.log off the desktop but must have clicked the ComboFix window and stalled it. Should I uninstall it again?

    Did try on the off chance to run DDS again, but it hung at the same point again.

    Not sure if this is relevant, but: I've been downloading all the applications on my "clean" laptop and transferring them to the infected by USB, I've disconnected it from the internet with the exception of when I installed the Recovery Console. Is this OK?


    TDSKiller.log
    ------------------

    18:22:43.0125 3324 TDSS rootkit removing tool 2.6.2.0 Sep 26 2011 18:56:43
    18:22:43.0234 3324 ============================================================
    18:22:43.0234 3324 Current date / time: 2011/09/29 18:22:43.0234
    18:22:43.0234 3324 SystemInfo:
    18:22:43.0234 3324
    18:22:43.0234 3324 OS Version: 5.1.2600 ServicePack: 2.0
    18:22:43.0234 3324 Product type: Workstation
    18:22:43.0234 3324 ComputerName: ERIKA
    18:22:43.0250 3324 UserName: erikaballantine
    18:22:43.0250 3324 Windows directory: C:\WINDOWS
    18:22:43.0250 3324 System windows directory: C:\WINDOWS
    18:22:43.0250 3324 Processor architecture: Intel x86
    18:22:43.0250 3324 Number of processors: 1
    18:22:43.0250 3324 Page size: 0x1000
    18:22:43.0250 3324 Boot type: Normal boot
    18:22:43.0250 3324 ============================================================
    18:22:45.0218 3324 Initialize success
    18:24:26.0984 3532 ============================================================
    18:24:26.0984 3532 Scan started
    18:24:26.0984 3532 Mode: Manual;
    18:24:26.0984 3532 ============================================================
    18:24:27.0421 3532 Aavmker4 (95d1de2a6613494e853a9738d5d9acd4) C:\WINDOWS\system32\drivers\Aavmker4.sys
    18:24:27.0421 3532 Aavmker4 - ok
    18:24:27.0500 3532 Abiosdsk - ok
    18:24:27.0640 3532 abp480n5 - ok
    18:24:27.0765 3532 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    18:24:27.0781 3532 ACPI - ok
    18:24:27.0921 3532 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
    18:24:27.0968 3532 ACPIEC - ok
    18:24:28.0078 3532 adpu160m - ok
    18:24:28.0171 3532 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
    18:24:28.0187 3532 aec - ok
    18:24:28.0281 3532 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
    18:24:28.0296 3532 AFD - ok
    18:24:28.0484 3532 AgereSoftModem (052343cd49c8da20c48958cfe73c7d44) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
    18:24:28.0578 3532 AgereSoftModem - ok
    18:24:28.0703 3532 Aha154x - ok
    18:24:28.0765 3532 aic78u2 - ok
    18:24:28.0828 3532 aic78xx - ok
    18:24:29.0015 3532 ALCXSENS (ba88534a3ceb6161e7432438b9ea4f54) C:\WINDOWS\system32\drivers\ALCXSENS.SYS
    18:24:29.0062 3532 ALCXSENS - ok
    18:24:29.0234 3532 ALCXWDM (69cbb79ccccb7ab08f5e00109e9703bd) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
    18:24:29.0281 3532 ALCXWDM - ok
    18:24:29.0437 3532 AliIde - ok
    18:24:29.0500 3532 amsint - ok
    18:24:29.0640 3532 AR5211 (466708ae500e11cfa56483ee7fb9ad11) C:\WINDOWS\system32\DRIVERS\ar5211.sys
    18:24:29.0671 3532 AR5211 - ok
    18:24:29.0812 3532 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    18:24:29.0828 3532 Arp1394 - ok
    18:24:29.0937 3532 asc - ok
    18:24:30.0015 3532 asc3350p - ok
    18:24:30.0093 3532 asc3550 - ok
    18:24:30.0265 3532 aswFsBlk (c47623ffd181a1e7d63574dde2a0a711) C:\WINDOWS\system32\drivers\aswFsBlk.sys
    18:24:30.0281 3532 aswFsBlk - ok
    18:24:30.0390 3532 aswMon2 (fff2dbb17a3c89f87f78d5fa72ca47fd) C:\WINDOWS\system32\drivers\aswMon2.sys
    18:24:30.0406 3532 aswMon2 - ok
    18:24:30.0546 3532 aswRdr (36239e24470a3dd81fae37510953cc6c) C:\WINDOWS\system32\drivers\aswRdr.sys
    18:24:30.0546 3532 aswRdr - ok
    18:24:30.0671 3532 aswSnx (caa846e9c83836bdc3d2d700c678db65) C:\WINDOWS\system32\drivers\aswSnx.sys
    18:24:30.0703 3532 aswSnx - ok
    18:24:30.0875 3532 aswSP (748ae7f2d7da33adb063fe05704a9969) C:\WINDOWS\system32\drivers\aswSP.sys
    18:24:30.0906 3532 aswSP - ok
    18:24:31.0046 3532 aswTdi (ca9925ce1dbd07ffe1eb357752cf5577) C:\WINDOWS\system32\drivers\aswTdi.sys
    18:24:31.0046 3532 aswTdi - ok
    18:24:31.0171 3532 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    18:24:31.0171 3532 AsyncMac - ok
    18:24:31.0296 3532 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
    18:24:31.0296 3532 atapi - ok
    18:24:31.0390 3532 Atdisk - ok
    18:24:31.0562 3532 ati2mtag (59485150d0388e07772ead4999a5afc2) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    18:24:31.0609 3532 ati2mtag - ok
    18:24:31.0765 3532 atiide (899c9f94ed5ec5eff71aa6e17a084419) C:\WINDOWS\system32\DRIVERS\atiide.sys
    18:24:31.0765 3532 atiide - ok
    18:24:31.0921 3532 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    18:24:31.0921 3532 Atmarpc - ok
    18:24:32.0093 3532 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    18:24:32.0093 3532 audstub - ok
    18:24:32.0281 3532 BCM43XX (ebf36d658d0da5b1ea667fa403919c26) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
    18:24:32.0312 3532 BCM43XX - ok
    18:24:32.0484 3532 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    18:24:32.0500 3532 Beep - ok
    18:24:32.0640 3532 caboagp (906fcf0d1dc5b573015bbd21ef54bd88) C:\WINDOWS\system32\DRIVERS\atisgkaf.sys
    18:24:32.0640 3532 caboagp - ok
    18:24:32.0796 3532 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    18:24:32.0796 3532 cbidf2k - ok
    18:24:32.0906 3532 cd20xrnt - ok
    18:24:33.0000 3532 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    18:24:33.0015 3532 Cdaudio - ok
    18:24:33.0156 3532 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
    18:24:33.0156 3532 Cdfs - ok
    18:24:33.0281 3532 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    18:24:33.0281 3532 Cdrom - ok
    18:24:33.0375 3532 Changer - ok
    18:24:33.0531 3532 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    18:24:33.0531 3532 CmBatt - ok
    18:24:33.0625 3532 CmdIde - ok
    18:24:33.0734 3532 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
    18:24:33.0750 3532 Compbatt - ok
    18:24:33.0859 3532 Cpqarray - ok
    18:24:33.0953 3532 dac2w2k - ok
    18:24:34.0046 3532 dac960nt - ok
    18:24:34.0187 3532 DevUpper (913938a5382bfb2487aacaea408a14d2) C:\WINDOWS\system32\DRIVERS\tiumflt.sys
    18:24:34.0203 3532 DevUpper - ok
    18:24:34.0375 3532 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
    18:24:34.0390 3532 Disk - ok
    18:24:34.0546 3532 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
    18:24:34.0609 3532 dmboot - ok
    18:24:34.0781 3532 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
    18:24:34.0796 3532 dmio - ok
    18:24:34.0937 3532 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    18:24:34.0953 3532 dmload - ok
    18:24:35.0109 3532 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
    18:24:35.0125 3532 DMusic - ok
    18:24:35.0203 3532 dpti2o - ok
    18:24:35.0359 3532 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
    18:24:35.0390 3532 drmkaud - ok
    18:24:35.0593 3532 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
    18:24:35.0609 3532 Fastfat - ok
    18:24:35.0734 3532 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
    18:24:35.0750 3532 Fdc - ok
    18:24:35.0859 3532 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
    18:24:35.0875 3532 Fips - ok
    18:24:36.0015 3532 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
    18:24:36.0015 3532 Flpydisk - ok
    18:24:36.0140 3532 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\drivers\fltmgr.sys
    18:24:36.0156 3532 FltMgr - ok
    18:24:36.0281 3532 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\WINDOWS\system32\FsUsbExDisk.SYS
    18:24:36.0296 3532 FsUsbExDisk - ok
    18:24:36.0437 3532 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    18:24:36.0437 3532 Fs_Rec - ok
    18:24:36.0593 3532 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    18:24:36.0593 3532 Ftdisk - ok
    18:24:36.0734 3532 GEARAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
    18:24:36.0734 3532 GEARAspiWDM - ok
    18:24:36.0859 3532 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    18:24:36.0859 3532 Gpc - ok
    18:24:37.0031 3532 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    18:24:37.0031 3532 HidUsb - ok
    18:24:37.0125 3532 hpn - ok
    18:24:37.0265 3532 HPZid412 (863cc3a82c63c9f60acf2e85d5310620) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
    18:24:37.0265 3532 HPZid412 - ok
    18:24:37.0390 3532 HPZipr12 (08cb72e95dd75b61f2966b311d0e4366) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
    18:24:37.0406 3532 HPZipr12 - ok
    18:24:37.0546 3532 HPZius12 (ca990306ed4ef732af9695bff24fc96f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    18:24:37.0546 3532 HPZius12 - ok
    18:24:37.0687 3532 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
    18:24:37.0718 3532 HTTP - ok
    18:24:37.0812 3532 i2omgmt - ok
    18:24:37.0890 3532 i2omp - ok
    18:24:38.0000 3532 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    18:24:38.0000 3532 i8042prt - ok
    18:24:38.0125 3532 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
    18:24:38.0125 3532 Imapi - ok
    18:24:38.0265 3532 ini910u - ok
    18:24:38.0375 3532 IntelIde - ok
    18:24:38.0515 3532 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    18:24:38.0515 3532 intelppm - ok
    18:24:38.0609 3532 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
    18:24:38.0625 3532 ip6fw - ok
    18:24:38.0765 3532 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    18:24:38.0765 3532 IpFilterDriver - ok
    18:24:38.0921 3532 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    18:24:38.0937 3532 IpInIp - ok
    18:24:39.0109 3532 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    18:24:39.0125 3532 IpNat - ok
    18:24:39.0843 3532 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    18:24:39.0937 3532 IPSec - ok
    18:24:40.0078 3532 irda (86c204836feec22510d434982d4221b8) C:\WINDOWS\system32\DRIVERS\irda.sys
    18:24:40.0078 3532 irda - ok
    18:24:40.0203 3532 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
    18:24:40.0218 3532 IRENUM - ok
    18:24:40.0375 3532 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    18:24:40.0390 3532 isapnp - ok
    18:24:40.0515 3532 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    18:24:40.0515 3532 Kbdclass - ok
    18:24:40.0640 3532 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
    18:24:40.0656 3532 kmixer - ok
    18:24:40.0781 3532 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
    18:24:40.0796 3532 KSecDD - ok
    18:24:40.0906 3532 lbrtfdc - ok
    18:24:41.0046 3532 MBAMSwissArmy - ok
    18:24:41.0187 3532 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    18:24:41.0187 3532 mnmdd - ok
    18:24:41.0343 3532 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
    18:24:41.0343 3532 Modem - ok
    18:24:41.0453 3532 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    18:24:41.0468 3532 Mouclass - ok
    18:24:41.0593 3532 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
    18:24:41.0609 3532 MountMgr - ok
    18:24:41.0687 3532 mraid35x - ok
    18:24:41.0843 3532 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    18:24:41.0875 3532 MRxDAV - ok
    18:24:41.0984 3532 MRxSmb (5ddc9a1b2eb5a4bf010ce8c019a18c1f) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    18:24:42.0031 3532 MRxSmb - ok
    18:24:42.0171 3532 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
    18:24:42.0187 3532 Msfs - ok
    18:24:42.0343 3532 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    18:24:42.0406 3532 MSKSSRV - ok
    18:24:42.0562 3532 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    18:24:42.0578 3532 MSPCLOCK - ok
    18:24:42.0671 3532 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
    18:24:42.0687 3532 MSPQM - ok
    18:24:42.0843 3532 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    18:24:42.0843 3532 mssmbios - ok
    18:24:43.0031 3532 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
    18:24:43.0046 3532 Mup - ok
    18:24:43.0125 3532 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
    18:24:43.0156 3532 NDIS - ok
    18:24:43.0296 3532 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    18:24:43.0312 3532 NdisTapi - ok
    18:24:43.0421 3532 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    18:24:43.0437 3532 Ndisuio - ok
    18:24:43.0593 3532 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    18:24:43.0593 3532 NdisWan - ok
    18:24:43.0718 3532 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
    18:24:43.0734 3532 NDProxy - ok
    18:24:43.0890 3532 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
    18:24:43.0890 3532 NetBIOS - ok
    18:24:44.0015 3532 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
    18:24:44.0031 3532 NetBT - ok
    18:24:44.0203 3532 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
    18:24:44.0203 3532 Netdevio - ok
    18:24:44.0390 3532 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    18:24:44.0390 3532 NIC1394 - ok
    18:24:44.0515 3532 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
    18:24:44.0531 3532 Npfs - ok
    18:24:44.0687 3532 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
    18:24:44.0734 3532 Ntfs - ok
    18:24:44.0921 3532 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    18:24:44.0937 3532 Null - ok
    18:24:45.0046 3532 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    18:24:45.0062 3532 NwlnkFlt - ok
    18:24:45.0203 3532 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    18:24:45.0218 3532 NwlnkFwd - ok
    18:24:45.0359 3532 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    18:24:45.0359 3532 ohci1394 - ok
    18:24:45.0484 3532 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
    18:24:45.0500 3532 Parport - ok
    18:24:45.0671 3532 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
    18:24:45.0671 3532 PartMgr - ok
    18:24:45.0781 3532 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    18:24:45.0796 3532 ParVdm - ok
    18:24:45.0937 3532 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
    18:24:45.0953 3532 PCI - ok
    18:24:46.0015 3532 PCIDump - ok
    18:24:46.0187 3532 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    18:24:46.0203 3532 PCIIde - ok
    18:24:46.0343 3532 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
    18:24:46.0359 3532 Pcmcia - ok
    18:24:46.0437 3532 PDCOMP - ok
    18:24:46.0562 3532 PDFRAME - ok
    18:24:46.0640 3532 PDRELI - ok
    18:24:46.0765 3532 PDRFRAME - ok
    18:24:46.0843 3532 perc2 - ok
    18:24:47.0000 3532 perc2hib - ok
    18:24:47.0218 3532 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    18:24:47.0218 3532 PptpMiniport - ok
    18:24:47.0375 3532 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
    18:24:47.0390 3532 Processor - ok
    18:24:47.0515 3532 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
    18:24:47.0515 3532 PSched - ok
    18:24:47.0671 3532 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    18:24:47.0687 3532 Ptilink - ok
    18:24:47.0812 3532 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
    18:24:47.0828 3532 PxHelp20 - ok
    18:24:47.0953 3532 ql1080 - ok
    18:24:48.0031 3532 Ql10wnt - ok
    18:24:48.0140 3532 ql12160 - ok
    18:24:48.0234 3532 ql1240 - ok
    18:24:48.0359 3532 ql1280 - ok
    18:24:48.0468 3532 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    18:24:48.0484 3532 RasAcd - ok
    18:24:48.0687 3532 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
    18:24:48.0703 3532 Rasirda - ok
    18:24:48.0812 3532 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    18:24:48.0828 3532 Rasl2tp - ok
    18:24:49.0218 3532 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    18:24:49.0234 3532 RasPppoe - ok
    18:24:49.0359 3532 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    18:24:49.0375 3532 Raspti - ok
    18:24:49.0500 3532 Rdbss (809ca45caa9072b3176ad44579d7f688) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    18:24:49.0515 3532 Rdbss - ok
    18:24:49.0640 3532 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    18:24:49.0656 3532 RDPCDD - ok
    18:24:49.0796 3532 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
    18:24:49.0828 3532 RDPWD - ok
    18:24:49.0968 3532 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
    18:24:49.0984 3532 redbook - ok
    18:24:50.0218 3532 RTL8023 (d88f6c53b637abe4c23de29db40a9f05) C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys
    18:24:50.0234 3532 RTL8023 - ok
    18:24:50.0359 3532 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
    18:24:50.0359 3532 rtl8139 - ok
    18:24:50.0593 3532 SASDIFSV (39763504067962108505bff25f024345) C:\DOCUME~1\ERIKAB~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS
    18:24:50.0593 3532 SASDIFSV - ok
    18:24:50.0812 3532 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\DOCUME~1\ERIKAB~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS
    18:24:50.0828 3532 SASKUTIL - ok
    18:24:51.0046 3532 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    18:24:51.0046 3532 Secdrv - ok
    18:24:51.0203 3532 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys
    18:24:51.0218 3532 Serial - ok
    18:24:51.0375 3532 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
    18:24:51.0375 3532 Sfloppy - ok
    18:24:51.0531 3532 Simbad - ok
    18:24:51.0687 3532 SMCIRDA (f5fec5b4b985fbf81927844e75dd5bd1) C:\WINDOWS\system32\DRIVERS\smcirda.sys
    18:24:51.0687 3532 SMCIRDA - ok
    18:24:51.0796 3532 Sparrow - ok
    18:24:51.0921 3532 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
    18:24:51.0937 3532 splitter - ok
    18:24:52.0062 3532 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
    18:24:52.0078 3532 sr - ok
    18:24:52.0250 3532 Srv (553007ecce7f6565bbe645beb66d3b69) C:\WINDOWS\system32\DRIVERS\srv.sys
    18:24:52.0265 3532 Srv - ok
    18:24:52.0406 3532 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
    18:24:52.0421 3532 swenum - ok
    18:24:52.0546 3532 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
    18:24:52.0546 3532 swmidi - ok
    18:24:52.0671 3532 symc810 - ok
    18:24:52.0750 3532 symc8xx - ok
    18:24:52.0812 3532 sym_hi - ok
    18:24:52.0906 3532 sym_u3 - ok
    18:24:53.0062 3532 SynTP (d5803ceafc64fcf475fe6b6756b41bb8) C:\WINDOWS\system32\DRIVERS\SynTP.sys
    18:24:53.0078 3532 SynTP - ok
    18:24:53.0250 3532 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
    18:24:53.0265 3532 sysaudio - ok
    18:24:53.0484 3532 Tcpip (88763a98a4c26c409741b4aa162720c9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    18:24:53.0515 3532 Tcpip - ok
    18:24:53.0687 3532 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
    18:24:53.0703 3532 TDPIPE - ok
    18:24:53.0781 3532 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
    18:24:53.0796 3532 TDTCP - ok
    18:24:53.0937 3532 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
    18:24:53.0937 3532 TermDD - ok
    18:24:54.0140 3532 tiumfwl (65e8e81c2f40abce9db98fd232f86bf8) C:\WINDOWS\system32\drivers\tiumfwl.sys
    18:24:54.0140 3532 tiumfwl - ok
    18:24:54.0234 3532 TosIde - ok
    18:24:54.0421 3532 TVALD (5cd3966b9dbec34787783d44dc2ae6b8) C:\WINDOWS\system32\DRIVERS\NBSMI.sys
    18:24:54.0437 3532 TVALD - ok
    18:24:54.0562 3532 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
    18:24:54.0578 3532 Udfs - ok
    18:24:54.0671 3532 ultra - ok
    18:24:54.0812 3532 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
    18:24:54.0859 3532 Update - ok
    18:24:55.0312 3532 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    18:24:55.0328 3532 usbccgp - ok
    18:24:55.0515 3532 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    18:24:55.0515 3532 usbehci - ok
    18:24:55.0687 3532 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    18:24:55.0703 3532 usbhub - ok
    18:24:55.0843 3532 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
    18:24:55.0843 3532 usbohci - ok
    18:24:55.0984 3532 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    18:24:56.0000 3532 usbprint - ok
    18:24:56.0125 3532 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    18:24:56.0140 3532 usbscan - ok
    18:24:56.0296 3532 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    18:24:56.0296 3532 USBSTOR - ok
    18:24:56.0406 3532 USB_RNDIS - ok
    18:24:56.0531 3532 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
    18:24:56.0546 3532 VgaSave - ok
    18:24:56.0640 3532 ViaIde - ok
    18:24:56.0765 3532 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
    18:24:56.0781 3532 VolSnap - ok
    18:24:57.0000 3532 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    18:24:57.0015 3532 Wanarp - ok
    18:24:57.0109 3532 WDICA - ok
    18:24:57.0265 3532 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
    18:24:57.0281 3532 wdmaud - ok
    18:24:57.0515 3532 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
    18:24:57.0531 3532 WS2IFSL - ok
    18:24:57.0734 3532 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk0\DR0
    18:24:57.0906 3532 \Device\Harddisk0\DR0 - ok
    18:24:57.0968 3532 Boot (0x1200) (8cf9db6abdd362ba6318f56c9506c4ab) \Device\Harddisk0\DR0\Partition0
    18:24:57.0968 3532 \Device\Harddisk0\DR0\Partition0 - ok
    18:24:58.0000 3532 ============================================================
    18:24:58.0000 3532 Scan finished
    18:24:58.0000 3532 ============================================================
    18:24:58.0046 3524 Detected object count: 0
    18:24:58.0046 3524 Actual detected object count: 0
    18:25:44.0750 3624 ============================================================
    18:25:44.0750 3624 Scan started
    18:25:44.0750 3624 Mode: Manual;
    18:25:44.0750 3624 ============================================================
    18:25:45.0390 3624 Aavmker4 (95d1de2a6613494e853a9738d5d9acd4) C:\WINDOWS\system32\drivers\Aavmker4.sys
    18:25:45.0390 3624 Aavmker4 - ok
    18:25:45.0468 3624 Abiosdsk - ok
    18:25:45.0578 3624 abp480n5 - ok
    18:25:45.0718 3624 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    18:25:45.0718 3624 ACPI - ok
    18:25:45.0859 3624 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
    18:25:45.0859 3624 ACPIEC - ok
    18:25:45.0968 3624 adpu160m - ok
    18:25:46.0156 3624 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
    18:25:46.0171 3624 aec - ok
    18:25:46.0312 3624 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
    18:25:46.0312 3624 AFD - ok
    18:25:46.0562 3624 AgereSoftModem (052343cd49c8da20c48958cfe73c7d44) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
    18:25:46.0593 3624 AgereSoftModem - ok
    18:25:46.0703 3624 Aha154x - ok
    18:25:46.0796 3624 aic78u2 - ok
    18:25:46.0906 3624 aic78xx - ok
    18:25:47.0109 3624 ALCXSENS (ba88534a3ceb6161e7432438b9ea4f54) C:\WINDOWS\system32\drivers\ALCXSENS.SYS
    18:25:47.0109 3624 ALCXSENS - ok
    18:25:47.0312 3624 ALCXWDM (69cbb79ccccb7ab08f5e00109e9703bd) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
    18:25:47.0328 3624 ALCXWDM - ok
    18:25:47.0468 3624 AliIde - ok
    18:25:47.0609 3624 amsint - ok
    18:25:47.0812 3624 AR5211 (466708ae500e11cfa56483ee7fb9ad11) C:\WINDOWS\system32\DRIVERS\ar5211.sys
    18:25:47.0828 3624 AR5211 - ok
    18:25:47.0953 3624 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    18:25:47.0968 3624 Arp1394 - ok
    18:25:48.0078 3624 asc - ok
    18:25:48.0265 3624 asc3350p - ok
    18:25:48.0453 3624 asc3550 - ok
    18:25:48.0734 3624 aswFsBlk (c47623ffd181a1e7d63574dde2a0a711) C:\WINDOWS\system32\drivers\aswFsBlk.sys
    18:25:48.0734 3624 aswFsBlk - ok
    18:25:48.0843 3624 aswMon2 (fff2dbb17a3c89f87f78d5fa72ca47fd) C:\WINDOWS\system32\drivers\aswMon2.sys
    18:25:48.0859 3624 aswMon2 - ok
    18:25:49.0046 3624 aswRdr (36239e24470a3dd81fae37510953cc6c) C:\WINDOWS\system32\drivers\aswRdr.sys
    18:25:49.0046 3624 aswRdr - ok
    18:25:49.0296 3624 aswSnx (caa846e9c83836bdc3d2d700c678db65) C:\WINDOWS\system32\drivers\aswSnx.sys
    18:25:49.0312 3624 aswSnx - ok
    18:25:49.0484 3624 aswSP (748ae7f2d7da33adb063fe05704a9969) C:\WINDOWS\system32\drivers\aswSP.sys
    18:25:49.0484 3624 aswSP - ok
    18:25:49.0578 3624 aswTdi (ca9925ce1dbd07ffe1eb357752cf5577) C:\WINDOWS\system32\drivers\aswTdi.sys
    18:25:49.0578 3624 aswTdi - ok
    18:25:49.0734 3624 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    18:25:49.0734 3624 AsyncMac - ok
    18:25:49.0875 3624 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
    18:25:49.0875 3624 atapi - ok
    18:25:49.0968 3624 Atdisk - ok
    18:25:50.0156 3624 ati2mtag (59485150d0388e07772ead4999a5afc2) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    18:25:50.0171 3624 ati2mtag - ok
    18:25:50.0312 3624 atiide (899c9f94ed5ec5eff71aa6e17a084419) C:\WINDOWS\system32\DRIVERS\atiide.sys
    18:25:50.0328 3624 atiide - ok
    18:25:50.0468 3624 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    18:25:50.0468 3624 Atmarpc - ok
    18:25:50.0640 3624 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    18:25:50.0656 3624 audstub - ok
    18:25:50.0859 3624 BCM43XX (ebf36d658d0da5b1ea667fa403919c26) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
    18:25:50.0859 3624 BCM43XX - ok
    18:25:51.0031 3624 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    18:25:51.0031 3624 Beep - ok
    18:25:51.0234 3624 caboagp (906fcf0d1dc5b573015bbd21ef54bd88) C:\WINDOWS\system32\DRIVERS\atisgkaf.sys
    18:25:51.0234 3624 caboagp - ok
    18:25:51.0406 3624 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    18:25:51.0406 3624 cbidf2k - ok
    18:25:51.0531 3624 cd20xrnt - ok
    18:25:51.0718 3624 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    18:25:51.0718 3624 Cdaudio - ok
    18:25:51.0859 3624 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
    18:25:51.0859 3624 Cdfs - ok
    18:25:51.0968 3624 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    18:25:51.0984 3624 Cdrom - ok
    18:25:52.0093 3624 Changer - ok
    18:25:52.0234 3624 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    18:25:52.0265 3624 CmBatt - ok
    18:25:52.0375 3624 CmdIde - ok
    18:25:52.0546 3624 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
    18:25:52.0546 3624 Compbatt - ok
    18:25:52.0718 3624 Cpqarray - ok
    18:25:52.0796 3624 dac2w2k - ok
    18:25:52.0906 3624 dac960nt - ok
    18:25:53.0046 3624 DevUpper (913938a5382bfb2487aacaea408a14d2) C:\WINDOWS\system32\DRIVERS\tiumflt.sys
    18:25:53.0046 3624 DevUpper - ok
    18:25:53.0203 3624 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
    18:25:53.0203 3624 Disk - ok
    18:25:53.0437 3624 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
    18:25:53.0453 3624 dmboot - ok
    18:25:53.0609 3624 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
    18:25:53.0609 3624 dmio - ok
    18:25:53.0796 3624 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    18:25:53.0796 3624 dmload - ok
    18:25:53.0968 3624 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
    18:25:53.0968 3624 DMusic - ok
    18:25:54.0109 3624 dpti2o - ok
    18:25:54.0296 3624 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
    18:25:54.0296 3624 drmkaud - ok
    18:25:54.0500 3624 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
    18:25:54.0515 3624 Fastfat - ok
    18:25:54.0671 3624 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
    18:25:54.0687 3624 Fdc - ok
    18:25:54.0828 3624 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
    18:25:54.0843 3624 Fips - ok
    18:25:55.0015 3624 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
    18:25:55.0031 3624 Flpydisk - ok
    18:25:55.0187 3624 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\drivers\fltmgr.sys
    18:25:55.0187 3624 FltMgr - ok
    18:25:55.0312 3624 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\WINDOWS\system32\FsUsbExDisk.SYS
    18:25:55.0328 3624 FsUsbExDisk - ok
    18:25:55.0484 3624 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    18:25:55.0500 3624 Fs_Rec - ok
    18:25:55.0703 3624 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    18:25:55.0703 3624 Ftdisk - ok
    18:25:55.0859 3624 GEARAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
    18:25:55.0859 3624 GEARAspiWDM - ok
    18:25:56.0015 3624 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    18:25:56.0031 3624 Gpc - ok
    18:25:56.0203 3624 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    18:25:56.0218 3624 HidUsb - ok
    18:25:56.0312 3624 hpn - ok
    18:25:56.0453 3624 HPZid412 (863cc3a82c63c9f60acf2e85d5310620) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
    18:25:56.0468 3624 HPZid412 - ok
    18:25:56.0609 3624 HPZipr12 (08cb72e95dd75b61f2966b311d0e4366) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
    18:25:56.0625 3624 HPZipr12 - ok
    18:25:56.0781 3624 HPZius12 (ca990306ed4ef732af9695bff24fc96f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    18:25:56.0796 3624 HPZius12 - ok
    18:25:56.0953 3624 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
    18:25:56.0953 3624 HTTP - ok
    18:25:57.0093 3624 i2omgmt - ok
    18:25:57.0187 3624 i2omp - ok
    18:25:57.0343 3624 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    18:25:57.0359 3624 i8042prt - ok
    18:25:57.0515 3624 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
    18:25:57.0531 3624 Imapi - ok
    18:25:57.0671 3624 ini910u - ok
    18:25:57.0781 3624 IntelIde - ok
    18:25:57.0953 3624 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    18:25:57.0953 3624 intelppm - ok
    18:25:58.0093 3624 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
    18:25:58.0109 3624 ip6fw - ok
    18:25:58.0265 3624 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    18:25:58.0265 3624 IpFilterDriver - ok
    18:25:58.0421 3624 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    18:25:58.0437 3624 IpInIp - ok
    18:25:58.0578 3624 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    18:25:58.0593 3624 IpNat - ok
    18:25:58.0750 3624 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    18:25:58.0765 3624 IPSec - ok
    18:25:58.0906 3624 irda (86c204836feec22510d434982d4221b8) C:\WINDOWS\system32\DRIVERS\irda.sys
    18:25:58.0921 3624 irda - ok
    18:25:59.0093 3624 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
    18:25:59.0093 3624 IRENUM - ok
    18:25:59.0765 3624 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    18:25:59.0781 3624 isapnp - ok
    18:26:00.0046 3624 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    18:26:00.0046 3624 Kbdclass - ok
    18:26:00.0140 3624 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
    18:26:00.0140 3624 kmixer - ok
    18:26:00.0312 3624 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
    18:26:00.0312 3624 KSecDD - ok
    18:26:00.0468 3624 lbrtfdc - ok
    18:26:00.0578 3624 MBAMSwissArmy - ok
    18:26:00.0750 3624 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    18:26:00.0765 3624 mnmdd - ok
    18:26:00.0921 3624 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
    18:26:00.0937 3624 Modem - ok
    18:26:01.0046 3624 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    18:26:01.0046 3624 Mouclass - ok
    18:26:01.0187 3624 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
    18:26:01.0203 3624 MountMgr - ok
    18:26:01.0281 3624 mraid35x - ok
    18:26:01.0421 3624 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    18:26:01.0421 3624 MRxDAV - ok
    18:26:01.0593 3624 MRxSmb (5ddc9a1b2eb5a4bf010ce8c019a18c1f) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    18:26:01.0609 3624 MRxSmb - ok
    18:26:01.0750 3624 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
    18:26:01.0750 3624 Msfs - ok
    18:26:01.0921 3624 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    18:26:01.0921 3624 MSKSSRV - ok
    18:26:02.0078 3624 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    18:26:02.0093 3624 MSPCLOCK - ok
    18:26:02.0218 3624 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
    18:26:02.0218 3624 MSPQM - ok
    18:26:02.0359 3624 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    18:26:02.0375 3624 mssmbios - ok
    18:26:02.0500 3624 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
    18:26:02.0500 3624 Mup - ok
    18:26:02.0640 3624 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
    18:26:02.0656 3624 NDIS - ok
    18:26:02.0765 3624 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    18:26:02.0781 3624 NdisTapi - ok
    18:26:02.0921 3624 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    18:26:02.0937 3624 Ndisuio - ok
    18:26:03.0062 3624 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    18:26:03.0062 3624 NdisWan - ok
    18:26:03.0187 3624 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
    18:26:03.0203 3624 NDProxy - ok
    18:26:03.0328 3624 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
    18:26:03.0343 3624 NetBIOS - ok
    18:26:03.0468 3624 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
    18:26:03.0468 3624 NetBT - ok
    18:26:03.0640 3624 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
    18:26:03.0656 3624 Netdevio - ok
    18:26:03.0828 3624 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    18:26:03.0828 3624 NIC1394 - ok
    18:26:03.0984 3624 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
    18:26:04.0000 3624 Npfs - ok
    18:26:04.0171 3624 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
    18:26:04.0187 3624 Ntfs - ok
    18:26:04.0375 3624 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    18:26:04.0390 3624 Null - ok
    18:26:04.0515 3624 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    18:26:04.0531 3624 NwlnkFlt - ok
    18:26:04.0656 3624 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    18:26:04.0671 3624 NwlnkFwd - ok
    18:26:04.0828 3624 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    18:26:04.0828 3624 ohci1394 - ok
    18:26:05.0015 3624 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
    18:26:05.0031 3624 Parport - ok
    18:26:05.0156 3624 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
    18:26:05.0156 3624 PartMgr - ok
    18:26:05.0250 3624 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    18:26:05.0265 3624 ParVdm - ok
    18:26:05.0375 3624 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
    18:26:05.0390 3624 PCI - ok
    18:26:05.0468 3624 PCIDump - ok
    18:26:05.0609 3624 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    18:26:05.0609 3624 PCIIde - ok
    18:26:05.0718 3624 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
    18:26:05.0734 3624 Pcmcia - ok
    18:26:05.0812 3624 PDCOMP - ok
    18:26:05.0906 3624 PDFRAME - ok
    18:26:06.0031 3624 PDRELI - ok
    18:26:06.0093 3624 PDRFRAME - ok
    18:26:06.0218 3624 perc2 - ok
    18:26:06.0265 3624 perc2hib - ok
    18:26:06.0531 3624 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    18:26:06.0531 3624 PptpMiniport - ok
    18:26:06.0625 3624 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
    18:26:06.0625 3624 Processor - ok
    18:26:06.0781 3624 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
    18:26:06.0781 3624 PSched - ok
    18:26:06.0937 3624 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    18:26:06.0937 3624 Ptilink - ok
    18:26:07.0062 3624 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
    18:26:07.0062 3624 PxHelp20 - ok
    18:26:07.0187 3624 ql1080 - ok
    18:26:07.0250 3624 Ql10wnt - ok
    18:26:07.0359 3624 ql12160 - ok
    18:26:07.0421 3624 ql1240 - ok
    18:26:07.0546 3624 ql1280 - ok
    18:26:07.0656 3624 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    18:26:07.0671 3624 RasAcd - ok
    18:26:07.0828 3624 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
    18:26:07.0843 3624 Rasirda - ok
    18:26:07.0953 3624 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    18:26:07.0968 3624 Rasl2tp - ok
    18:26:08.0125 3624 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    18:26:08.0125 3624 RasPppoe - ok
    18:26:08.0265 3624 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    18:26:08.0265 3624 Raspti - ok
    18:26:08.0406 3624 Rdbss (809ca45caa9072b3176ad44579d7f688) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    18:26:08.0421 3624 Rdbss - ok
    18:26:08.0578 3624 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    18:26:08.0578 3624 RDPCDD - ok
    18:26:08.0750 3624 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
    18:26:08.0765 3624 RDPWD - ok
    18:26:08.0906 3624 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
    18:26:08.0921 3624 redbook - ok
    18:26:09.0156 3624 RTL8023 (d88f6c53b637abe4c23de29db40a9f05) C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys
    18:26:09.0171 3624 RTL8023 - ok
    18:26:09.0343 3624 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
    18:26:09.0343 3624 rtl8139 - ok
    18:26:09.0578 3624 SASDIFSV (39763504067962108505bff25f024345) C:\DOCUME~1\ERIKAB~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS
    18:26:09.0578 3624 SASDIFSV - ok
    18:26:09.0796 3624 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\DOCUME~1\ERIKAB~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS
    18:26:09.0796 3624 SASKUTIL - ok
    18:26:10.0015 3624 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    18:26:10.0015 3624 Secdrv - ok
    18:26:10.0171 3624 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys
    18:26:10.0187 3624 Serial - ok
    18:26:10.0312 3624 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
    18:26:10.0312 3624 Sfloppy - ok
    18:26:10.0437 3624 Simbad - ok
    18:26:10.0593 3624 SMCIRDA (f5fec5b4b985fbf81927844e75dd5bd1) C:\WINDOWS\system32\DRIVERS\smcirda.sys
    18:26:10.0609 3624 SMCIRDA - ok
    18:26:10.0687 3624 Sparrow - ok
    18:26:10.0812 3624 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
    18:26:10.0812 3624 splitter - ok
    18:26:10.0968 3624 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
    18:26:10.0984 3624 sr - ok
    18:26:11.0187 3624 Srv (553007ecce7f6565bbe645beb66d3b69) C:\WINDOWS\system32\DRIVERS\srv.sys
    18:26:11.0203 3624 Srv - ok
    18:26:11.0375 3624 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
    18:26:11.0390 3624 swenum - ok
    18:26:11.0500 3624 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
    18:26:11.0515 3624 swmidi - ok
    18:26:11.0656 3624 symc810 - ok
    18:26:11.0734 3624 symc8xx - ok
    18:26:11.0828 3624 sym_hi - ok
    18:26:11.0906 3624 sym_u3 - ok
    18:26:12.0031 3624 SynTP (d5803ceafc64fcf475fe6b6756b41bb8) C:\WINDOWS\system32\DRIVERS\SynTP.sys
    18:26:12.0046 3624 SynTP - ok
    18:26:12.0203 3624 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
    18:26:12.0218 3624 sysaudio - ok
    18:26:12.0390 3624 Tcpip (88763a98a4c26c409741b4aa162720c9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    18:26:12.0406 3624 Tcpip - ok
    18:26:12.0531 3624 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
    18:26:12.0546 3624 TDPIPE - ok
    18:26:12.0656 3624 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
    18:26:12.0671 3624 TDTCP - ok
    18:26:12.0796 3624 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
    18:26:12.0812 3624 TermDD - ok
    18:26:12.0984 3624 tiumfwl (65e8e81c2f40abce9db98fd232f86bf8) C:\WINDOWS\system32\drivers\tiumfwl.sys
    18:26:12.0984 3624 tiumfwl - ok
    18:26:13.0078 3624 TosIde - ok
    18:26:13.0250 3624 TVALD (5cd3966b9dbec34787783d44dc2ae6b8) C:\WINDOWS\system32\DRIVERS\NBSMI.sys
    18:26:13.0250 3624 TVALD - ok
    18:26:13.0406 3624 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
    18:26:13.0421 3624 Udfs - ok
    18:26:13.0531 3624 ultra - ok
    18:26:13.0640 3624 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
    18:26:13.0656 3624 Update - ok
    18:26:13.0828 3624 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    18:26:13.0843 3624 usbccgp - ok
    18:26:13.0984 3624 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    18:26:13.0984 3624 usbehci - ok
    18:26:14.0078 3624 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    18:26:14.0093 3624 usbhub - ok
    18:26:14.0218 3624 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
    18:26:14.0234 3624 usbohci - ok
    18:26:14.0328 3624 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    18:26:14.0343 3624 usbprint - ok
    18:26:14.0468 3624 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    18:26:14.0500 3624 usbscan - ok
    18:26:14.0609 3624 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    18:26:14.0625 3624 USBSTOR - ok
    18:26:14.0718 3624 USB_RNDIS - ok
    18:26:14.0843 3624 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
    18:26:14.0843 3624 VgaSave - ok
    18:26:14.0921 3624 ViaIde - ok
    18:26:15.0031 3624 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
    18:26:15.0046 3624 VolSnap - ok
    18:26:15.0250 3624 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    18:26:15.0265 3624 Wanarp - ok
    18:26:15.0359 3624 WDICA - ok
    18:26:15.0500 3624 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
    18:26:15.0515 3624 wdmaud - ok
    18:26:15.0828 3624 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
    18:26:15.0843 3624 WS2IFSL - ok
    18:26:16.0046 3624 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk0\DR0
    18:26:16.0218 3624 \Device\Harddisk0\DR0 - ok
    18:26:16.0281 3624 Boot (0x1200) (8cf9db6abdd362ba6318f56c9506c4ab) \Device\Harddisk0\DR0\Partition0
    18:26:16.0281 3624 \Device\Harddisk0\DR0\Partition0 - ok
    18:26:16.0312 3624 ============================================================
    18:26:16.0312 3624 Scan finished
    18:26:16.0312 3624 ============================================================
    18:26:16.0359 3616 Detected object count: 0
    18:26:16.0359 3616 Actual detected object count: 0
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Yes, it's relevant because you're making changes on the system we're working on. There is also a chance that the flash drive is infected, so let's 'assume' it is and go ahead and disinfect it:
    ==================================
    You haven't tried Combofix yet have you? It should run since you ran RKill and exe helper:
    ------------------
    If you have AVG, run the App Remover first:
    Download AppRemover and save to the desktop
    1. Double click the setup on the desktop> click Next
    2. Select “Remove Security Application”
    3. Let scan finish to determine security apps
    4. A screen like below will appear:
      [​IMG]
    5. Click on Next after choice has been made
    6. Check the AVG program you want to uninstall
    7. After uninstall shows complete, follow online prompts to Exit the program.

    Temporary AV: Use one:
    Avira-AntiVir-Personal-Free-Antivirus
    Avast Free Version
    =============================
    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once installed, you should see a blue screen prompt that says:
      The Recovery Console was successfully installed.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
  9. lango

    lango TS Rookie Topic Starter Posts: 16

    Yes, it ran for over 4 hours (the screen says it should run for 10 mins (or double for badly infected). Should I run it again? Do I need to uninstall it first? How long should I leave it running for? I presumed there was an issue as it had ran for that long.

    Not sure about the other advice you've given, I already have Avast installed, do I still need to use AppRemover?
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Okay, so far I have no information for what the system is running. I don't know if Avast is your only AV program, so I included the AppRemover in case AVG was on the system because Combofix will not run with it. Some do not red the prelim instructions correctly and think they are suppose to download Avast or Avira, even if they have an AV already

    As for Combofix, there are notes that instruct you:
    But you have interrupted it twice. Yes, the more files, the longer scan can take.
  11. lango

    lango TS Rookie Topic Starter Posts: 16

    Ok, thanks for your patience, I'l set it off running this afternoon; how long could it run for? For example if its still running tomorrow morning would that be a problem, what about if it takes 24 hours, should I just leave it running?

    Cheers,

    Rob
     
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    All scan times are determined by how many files there are to scan. If a computer has had reasonable care and maintenance, none of them should take very long.

    Be sure to follow the directions exactly, especially for Combofix.
  13. lango

    lango TS Rookie Topic Starter Posts: 16

    I ran AppRemover just to be on the safe side, no AVG (or other AV software), just Avast.

    I uninstalled ComboFix & then ran it again.

    It started scanning at around 23:20 last night & I left it overnight. This morning (07:00) it still hasn't finished.

    I definitely have not clicked on the window, but it appears to have stalled. The cursor is not blinking and also the clock in the taskbar reads 23:46.

    I shall leave it running until you advise otherwise, but I'm guessing this isn't a good sign.

    Thanks for your continuing help.

    Rob
  14. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Rob, it shouldn't take time like that. Stop that scan. Check first in your system and see if there's a log>>Combofix.txt. Post it if there is. If not, let me know.
    ==========================================
    1. You may have a flash drive infection. These worms travel through your portable drives. If they have been connected to other machines, they may now be infected.

    Please disinfect all movable drives
    1. Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
    2. Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
      Note: Some security programs will flag Flash_Disinfector as being some sort of malware, you can safely ignore these warnings
    3. The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
    4. Wait until it has finished scanning and then exit the program.
    5. Reboot your computer when done.

    Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.
    =================
    2. Since I have no information about the system, run TFC (Temp File Cleaner). This will get the file count down:
    Download TFC to your desktop
    • Open the file and close any other windows.
    • It will close all programs itself when run, make sure to let it run uninterrupted.
    • Click the Start button to begin the process. The program should not take long to finish its job
    • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

    TFC only cleans temp folders. TFC will not clean URL history, prefetch, or cookies. Depending on how often someone cleans their temp folders, their system hardware, and how many accounts are present, it can take anywhere from a few seconds to a minute or more. TFC will completely clear all temp files where other temp file cleaners may fail. TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.

    TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.
    ================================
    3. I'd like to try to remove this.
    The Recycler is a hidden, protected system file. The Recycle Bin must be empty when you try this and I have found a file in the Recycler won't always let you remove it, but we'll try:
    ---------------------
    Deleting contents of the Recycler:
    • Do a right click on the Recycle Bin> Empty.
    • Right click on Start> Explore> Double click the C Drive
    • From within Windows Explorer: Tools> Folder Options> View tab> Check 'show hidden files and folders'> Uncheck 'hide protected system files (Recommended)'> Confirm Yes when message comes up> Apply> OK
    • Find the Recycler and double click on it to open
    • Look for this account on the right screen: s-1-5-21-2494479079-576879021-1610809673-1006
    • Do a right click> Delete on the trash in this account
    Go back and rehide the files & folders
    ========================================
    4. Boot into Safe Mode
    • Restart your computer and start pressing the F8 key on your keyboard.
    • Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.

    5. Try Combofix from Safe Mode. You can also try DDS in Safe Mode.
    ==================================
  15. lango

    lango TS Rookie Topic Starter Posts: 16

    Combofix log - none that I could find. In Explorer C:/Combofix was displayed as if it was "My Computer"
    1. Flash drive disinfected; nothing found.

    2. TFC ran and cleaned.

    3. I couldn't delete the file (Cannot delete S-1-5-21... : It is being used by another person or program.)

    4. Booted into Safe Mode:

    Tried to uninstall Combofix; think this is the first time this has ran properly (I'd never seen the final notification before)
    Ran Combofix; the program ran further than ever, I got the following: Completed Stage_49; Deleted files/folders; Preparing log report - Then the program froze (icon stopped blinking, clock stopped, etc). I've tried again uninstalling & installing again but every time since it has froze at the same point it was originally stopping at.

    One thing I did encounter was that Combofix thought that Avast was still running (I clicked through the Combofix warnings).

    Still no joy on with dds.scr (or friday.exe) both froze at the same point again.

    Thanks as always,

    Rob
  16. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    I have to get some information or the only suggestion I'll be able to give is to reformat/reinstall!!

    Have you disinfected the flash drive? If not, do it now:
    Please disinfect all movable drives
    1. Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
    2. Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
      Note: Some security programs will flag Flash_Disinfector as being some sort of malware, you can safely ignore these warnings
    3. The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
    4. Wait until it has finished scanning and then exit the program.
    5. Reboot your computer when done.

    Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.
    =================
    If you have Win 7, use the following instead for disinfection:
    • Please download Panda USB Vaccine(you must provide valid e-mail and they will send you download link to this e-mail address) to your desktop.
    • Install and run it.
    • Plug in USB drive and click on Vaccinate USB and Vaccinate computer.
    =========================================
    Can you access the internet?
  17. lango

    lango TS Rookie Topic Starter Posts: 16

    I have already disinfected the flash drive I was using.

    I can access the internet, I just wasn't as a precaution.

    Rob
  18. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    The only info I have for you system is this:
    Windows 5.1.2600 Service Pack 2
    Internet Explorer 6.0.2900.2180
    ================================
    For these programs that won't run or finish, have they all been downloaded from the flash drive then run on the problem computer? If the answer is Yes, I'm going to have you remove all of them:
    Removing all of the tools we used and the files and folders they created
    • Uninstall ComboFix and all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
      [​IMG]
    • Download OTCleanIt by OldTimer and save it to your Desktop.
    • Double click OTCleanIt.exe.
    • Click the CleanUp! button.
    • Select Yes when the "Begin cleanup Process?" prompt appears.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    -----
    Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

    Empty the Recycle Bin
    =======================================
    Directly from the internet>> TFC (Temp File Cleaner)

    Download TFC to your desktop
    • Open the file and close any other windows.
    • It will close all programs itself when run, make sure to let it run uninterrupted.
    • Click the Start button to begin the process. The program should not take long to finish its job
    • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
    ================================================
    Go back to the steps in the Preliminary Virus and Malware Removal thread HERE.

    Download directly from the internet:

    [u]Be sure that the original programs were all uninstalled and the logs removed.[/u]

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

    Save the 2 logs from DDS and run Malwarebytes.
    -----------------------
    Then follow with Combofix, follow with the Eset scan. You have the links and instructions for all. Don't rename anything yet. If Combofix starts the scan, do not abort it. If it says there's no Recovery Console, we'll deal with the later.

    I'm thinking positive here: Leave all logs in next post. (okay to use second post if needed)
  19. lango

    lango TS Rookie Topic Starter Posts: 16

    Hi there,

    Sorry for the delay in getting back to you, was away at the weekend.

    Ok then:

    Removed everything from the process & uninstalled Combofix

    All of the following was downloaded directly onto the affected machine

    Ran OTCleanlt
    Ran TFC

    From Preliminary Virus and Malware Removal thread:
    Ran Malwarebytes (log below)
    GMER crashed and went to blue screen twice, 3rd time ran in Safe Mode (log below)
    DDS started but hung at exactly the same point again (left running overnight)
    Ran Combofix; started but hung at same point again (left running overnight) - Recovery Console installed OK
    Ran ESET scan; found nothing

    -----------------
    Malwarebytes Log:
    -----------------
    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 7966

    Windows 5.1.2600 Service Pack 2
    Internet Explorer 6.0.2900.2180

    17/10/2011 19:29:32
    mbam-log-2011-10-17 (19-29-31).txt

    Scan type: Quick scan
    Objects scanned: 170075
    Time elapsed: 11 minute(s), 45 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    ---------
    GMER Log:
    ---------

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2011-10-17 19:44:45
    Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 FUJITSU_MHT2040AT rev.0022
    Running: pfcij26u.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\uxtdapoc.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

    ---- EOF - GMER 1.0.15 ----
  20. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Last scan:
    Download HijackThis and save to your desktop.
    • Extract it to a directory on your hard drive called c:\HijackThis.
    • Then navigate to that directory and double-click on the hijackthis.exe file.
    • When started click on the Scan button and then the Save Log button to create a log of your information.
    • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and paste (Ctrl+V) the log in your next reply.

    NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
  21. lango

    lango TS Rookie Topic Starter Posts: 16

    HijackThis Log
    ===========

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 17:48:48, on 19/10/2011
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
    C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\Program Files\AVAST Software\Avast\avastUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\bgsvcgen.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\system32\FsUsbExService.Exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\HijackThis\HijackThis.exe
    C:\Program Files\AVAST Software\Avast\setup\avast.setup
    C:\WINDOWS\system32\wscntfy.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
    O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://www.apple.com
    O15 - Trusted Zone: http://login.passport.net
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

    --
    End of file - 5177 bytes
  22. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    I still don't have any information to work with.

    Please ask her what these entries are for:
    documents and settings\erikaballantine\desktop\erika\african rustic\c744-507165-mixed%20crackle%20rice%20bowls%20set%204-070.eps

    I tried to ID several different sections of the entry but still only came up with this thread.
    =====================================
    There are only a couple of minor changes I'd do in HJT, nothing that would affect the subject of this thread.

    Updates are not current as you know: Windows XP SP2
    Adobe reader needs to be updated: She has v6, current is v10. Adobe Reader site Uninstall any earlier updates as they are vulnerabilities.

    Please check the system and see if there is a log from Combofix: Look for C:\ComboFix.txt

    What is the status of the system now?
  23. lango

    lango TS Rookie Topic Starter Posts: 16

    Thanks as always for your continuing assistance.

    The .eps file is an image from Photoshop. She says it is very old and can be deleted - she also mentioned that she'd previously been unable to delete it so just left it. Do you want me to do anything with it?

    No sign of Combofix.txt.

    What do you mean by "What is the status of the system now?"

    I haven't attempted to update windows since my initial post - should I try?

    Also the Avast AV say's it has expired. When I try to click "Register Now", it then says "retrieving information" and then nothing happens. Has the free version just expired? Do I need to get something new or am I doing something wrong?

    Cheers.
  24. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Unless you can get some of these scans to run and give me a log, I can't help. I'll try one more scan- if it won't run, the system will need to be reformtted and the OS reinstalled:

    • Download OTL from either of the links below and save it to your desktop.
      Link 1
      Link 2
    • Double click the OTL icon to run it.[​IMG]
    • The opened console will resemble this: [​IMG]
    • Set Output at the top to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Copy the entries in the Codebox below> Paste in the Custom Scan box.
      Code:
      netsvcs
      %SYSTEMDRIVE%\*.exe
      /md5start
      explorer.exe
      winlogon.exe
      userinit.exe
      /md5stop
      %systemroot%\*. /mp /s
      CREATERESTOREPOINT
      
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      Make sure all other windows are closed and to let it run uninterrupted.
    • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
  25. lango

    lango TS Rookie Topic Starter Posts: 16

    Success!

    Thanks as usual for your continuing help.

    OTL.txt

    OTL logfile created on: 29/10/2011 21:53:01 - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\erikaballantine\Desktop
    Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.2180)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    447.48 Mb Total Physical Memory | 203.94 Mb Available Physical Memory | 45.58% Memory free
    1.03 Gb Paging File | 0.87 Gb Available in Paging File | 84.42% Paging File free
    Paging file location(s): C:\pagefile.sys 0 0 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 37.26 Gb Total Space | 19.68 Gb Free Space | 52.81% Space Free | Partition Type: NTFS

    Computer Name: ERIKA | User Name: erikaballantine | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\erikaballantine\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
    PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
    PRC - C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
    PRC - C:\WINDOWS\system32\bgsvcgen.exe (B.H.A Corporation)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe (TOSHIBA)
    PRC - C:\WINDOWS\system32\TPSBattM.exe (TOSHIBA Corporation)
    PRC - C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe (TOSHIBA Corporation)
    PRC - C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
    PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
    PRC - C:\Program Files\TOSHIBA\PadTouch\PadExe.exe (TOSHIBA)
    PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)


    ========== Modules (No Company Name) ==========

    MOD - C:\Program Files\AVAST Software\Avast\defs\11101901\algo.dll ()
    MOD - C:\Program Files\AVAST Software\Avast\defs\11101901\aswRep.dll ()
    MOD - C:\WINDOWS\system32\MousePage.dll ()
    MOD - C:\WINDOWS\system32\TCtrlIO.dll ()
    MOD - C:\WINDOWS\system32\ati2evxx.dll ()


    ========== Win32 Services (SafeList) ==========

    SRV - (Raslierd) -- File not found
    SRV - (HidServ) -- File not found
    SRV - (AppMgmt) -- File not found
    SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
    SRV - (FsUsbExService) -- C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
    SRV - (bgsvcgen) -- C:\WINDOWS\system32\bgsvcgen.exe (B.H.A Corporation)
    SRV - (CFSvcs) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
    SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
    SRV - (ATMsrvc) -- C:\WINDOWS\system32\ATMsrvc.exe (Adobe Systems Incorporated)


    ========== Driver Services (SafeList) ==========

    DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
    DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
    DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
    DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
    DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
    DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
    DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
    DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys ()
    DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\rtl8139.sys (Realtek Semiconductor Corporation)
    DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)
    DRV - (atiide) -- C:\WINDOWS\System32\DRIVERS\atiide.sys (ATI Technologies Inc.)
    DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
    DRV - (TVALD) -- C:\WINDOWS\system32\drivers\NBSMI.sys (Toshiba Corporation)
    DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
    DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura)
    DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
    DRV - (RTL8023) -- C:\WINDOWS\system32\drivers\Rtlnic51.sys (Realtek Semiconductor Corporation )
    DRV - (caboagp) -- C:\WINDOWS\System32\DRIVERS\atisgkaf.sys (ATI Technologies Inc.)
    DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\bcmwl5.sys (Broadcom Corporation)
    DRV - (tiumfwl) -- C:\WINDOWS\system32\drivers\tiumfwl.sys (Texas Instruments Inc.)
    DRV - (Netdevio) -- C:\WINDOWS\system32\drivers\Netdevio.sys (TOSHIBA Corporation.)
    DRV - (DevUpper) -- C:\WINDOWS\System32\DRIVERS\tiumflt.sys (Texas Instruments Inc.)
    DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial"
    FF - prefs.js..extensions.enabledItems: wrc@avast.com:6.0.1289
    FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/09/22 18:54:12 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/17 18:23:58 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/17 18:23:49 | 000,000,000 | ---D | M]

    [2008/12/15 11:07:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\erikaballantine\Application Data\Mozilla\Extensions
    [2008/02/15 22:24:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\erikaballantine\Application Data\Mozilla\Firefox\Profiles\i6yqeg7c.default\extensions
    [2008/01/21 20:23:17 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\erikaballantine\Application Data\Mozilla\Firefox\Profiles\i6yqeg7c.default\searchplugins\aolsearch.xml
    [2011/10/17 18:23:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/09/29 07:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2011/09/29 01:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

    O1 HOSTS File: ([2011/10/05 19:58:44 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
    O4 - HKLM..\Run: [PadTouch] C:\Program Files\TOSHIBA\PadTouch\PadExe.exe (TOSHIBA)
    O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
    O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
    O4 - HKLM..\Run: [TFncKy] TFncKy.exe File not found
    O4 - HKLM..\Run: [THotkey] C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe (TOSHIBA)
    O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
    O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
    O15 - HKCU\..Trusted Domains: apple.com ([www] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: passport.net ([login] http in Trusted sites)
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_04)
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_04)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1BB2E300-E295-4EFB-B2C0-AA9DBEEEB4F1}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{586AF466-1D2A-4EFB-8C40-D987E483A5DB}: DhcpNameServer = 194.168.4.100 194.168.8.100
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll ()
    O24 - Desktop WallPaper: C:\Documents and Settings\erikaballantine\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\erikaballantine\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2004/05/18 07:40:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2011/10/05 19:18:51 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: AppMgmt - File not found
    NetSvcs: HidServ - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    CREATERESTOREPOINT
    Error creating restore point.

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/10/29 21:50:45 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\erikaballantine\Desktop\OTL.exe
    [2011/10/19 17:46:55 | 000,000,000 | ---D | C] -- C:\HijackThis
    [2011/10/18 17:39:55 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\erikaballantine\Desktop\esetsmartinstaller_enu.exe
    [2011/10/17 21:48:18 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2011/10/17 21:33:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\erikaballantine\Desktop\tdsskiller
    [2011/10/17 20:47:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\erikaballantine\Desktop\xp_scr_fix
    [2011/10/17 19:51:31 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\erikaballantine\Desktop\friday.exe.scr
    [2011/10/17 19:14:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/10/17 19:14:38 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2011/10/17 19:08:15 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\erikaballantine\Desktop\mbam-setup-1.51.2.1300.exe
    [2011/10/17 18:53:49 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\erikaballantine\Desktop\TFC.exe
    [2011/10/17 18:25:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\erikaballantine\My Documents\Downloads
    [2011/10/05 21:07:36 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2011/10/05 19:58:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2011/10/05 19:18:51 | 000,000,000 | RHSD | C] -- C:\autorun.inf

    ========== Files - Modified Within 30 Days ==========

    [2011/10/29 21:50:46 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\erikaballantine\Desktop\OTL.exe
    [2011/10/29 21:46:48 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/10/29 21:46:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/10/19 17:46:24 | 000,305,771 | ---- | M] () -- C:\HijackThis.zip
    [2011/10/18 17:39:59 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\erikaballantine\Desktop\esetsmartinstaller_enu.exe
    [2011/10/17 21:48:25 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2011/10/17 21:32:12 | 001,540,929 | ---- | M] () -- C:\Documents and Settings\erikaballantine\Desktop\tdsskiller.zip
    [2011/10/17 21:12:41 | 000,459,264 | ---- | M] () -- C:\Documents and Settings\erikaballantine\Desktop\CKScanner.exe
    [2011/10/17 21:11:45 | 000,294,400 | ---- | M] () -- C:\Documents and Settings\erikaballantine\Desktop\exeHelper.com
    [2011/10/17 21:06:32 | 001,008,092 | ---- | M] () -- C:\Documents and Settings\erikaballantine\Desktop\rkill.com
    [2011/10/17 20:47:03 | 000,000,497 | ---- | M] () -- C:\Documents and Settings\erikaballantine\Desktop\xp_scr_fix.zip
    [2011/10/17 19:51:38 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\erikaballantine\Desktop\friday.exe.scr
    [2011/10/17 19:33:00 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\erikaballantine\Desktop\pfcij26u.exe
    [2011/10/17 19:14:50 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/10/17 19:09:50 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\erikaballantine\Desktop\mbam-setup-1.51.2.1300.exe
    [2011/10/17 18:53:55 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\erikaballantine\Desktop\TFC.exe
    [2011/10/17 18:34:27 | 001,382,016 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011/10/17 18:24:02 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2011/10/16 21:51:33 | 263,610,632 | ---- | M] () -- C:\Documents and Settings\erikaballantine\My Documents\feb layout visual1.pdf
    [2011/10/16 20:59:49 | 122,353,090 | ---- | M] () -- C:\Documents and Settings\erikaballantine\My Documents\jan layout1.pdf
    [2011/10/16 20:22:42 | 099,533,483 | ---- | M] () -- C:\Documents and Settings\erikaballantine\My Documents\jan layout.pdf
    [2011/10/14 18:44:14 | 289,163,452 | ---- | M] () -- C:\Documents and Settings\erikaballantine\My Documents\feb layout visual.pdf
    [2011/10/05 21:09:40 | 000,000,327 | ---- | M] () -- C:\Boot.bak
    [2011/10/05 19:58:44 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2011/10/02 13:07:59 | 000,060,928 | ---- | M] () -- C:\Documents and Settings\erikaballantine\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== Files Created - No Company Name ==========

    [2011/10/19 17:46:17 | 000,305,771 | ---- | C] () -- C:\HijackThis.zip
    [2011/10/17 21:48:25 | 000,000,327 | ---- | C] () -- C:\Boot.bak
    [2011/10/17 21:32:04 | 001,540,929 | ---- | C] () -- C:\Documents and Settings\erikaballantine\Desktop\tdsskiller.zip
    [2011/10/17 21:12:27 | 000,459,264 | ---- | C] () -- C:\Documents and Settings\erikaballantine\Desktop\CKScanner.exe
    [2011/10/17 21:11:30 | 000,294,400 | ---- | C] () -- C:\Documents and Settings\erikaballantine\Desktop\exeHelper.com
    [2011/10/17 21:06:11 | 001,008,092 | ---- | C] () -- C:\Documents and Settings\erikaballantine\Desktop\rkill.com
    [2011/10/17 20:46:56 | 000,000,497 | ---- | C] () -- C:\Documents and Settings\erikaballantine\Desktop\xp_scr_fix.zip
    [2011/10/17 19:32:58 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\erikaballantine\Desktop\pfcij26u.exe
    [2011/10/17 19:14:50 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/10/17 18:24:02 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
    [2011/10/16 21:48:57 | 263,610,632 | ---- | C] () -- C:\Documents and Settings\erikaballantine\My Documents\feb layout visual1.pdf
    [2011/10/16 21:02:48 | 289,163,452 | ---- | C] () -- C:\Documents and Settings\erikaballantine\My Documents\feb layout visual.pdf
    [2011/10/16 20:58:40 | 122,353,090 | ---- | C] () -- C:\Documents and Settings\erikaballantine\My Documents\jan layout1.pdf
    [2011/10/16 20:06:02 | 099,533,483 | ---- | C] () -- C:\Documents and Settings\erikaballantine\My Documents\jan layout.pdf
    [2009/04/05 23:08:24 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
    [2009/04/05 23:08:24 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
    [2009/04/05 22:54:05 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\erikaballantine\Application Data\$_hpcst$.hpc
    [2008/01/02 22:41:28 | 000,001,158 | ---- | C] () -- C:\WINDOWS\mozver.dat
    [2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
    [2007/01/13 23:53:07 | 001,339,474 | ---- | C] () -- C:\WINDOWS\Uninstallvusb.dll
    [2005/12/15 23:16:13 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2005/12/07 10:35:05 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
    [2005/11/16 05:38:00 | 000,647,168 | ---- | C] () -- C:\WINDOWS\System32\pqdvdb.dll
    [2005/06/12 17:28:56 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe
    [2005/03/03 09:31:30 | 001,382,016 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2005/02/27 12:49:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2005/02/20 14:12:32 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2005/02/17 17:32:19 | 000,060,928 | ---- | C] () -- C:\Documents and Settings\erikaballantine\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2004/11/18 01:33:24 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2004/11/18 01:28:37 | 000,000,021 | ---- | C] () -- C:\WINDOWS\CS_setup.ini
    [2004/10/26 23:39:05 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
    [2004/08/12 22:24:03 | 000,160,963 | ---- | C] () -- C:\WINDOWS\System32\drivers\gtipdsp.bin
    [2004/08/04 08:56:42 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
    [2004/06/16 10:36:46 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2004/06/16 10:34:47 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\FIXPATH.EXE
    [2004/05/19 11:07:43 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
    [2004/05/19 11:07:43 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
    [2004/05/19 11:07:43 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
    [2004/05/19 11:07:43 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
    [2004/05/19 08:09:17 | 000,159,744 | ---- | C] () -- C:\WINDOWS\MakeMrk.exe
    [2004/05/19 08:09:02 | 000,006,757 | ---- | C] () -- C:\WINDOWS\TcdsASC2.ini
    [2004/05/18 14:11:04 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2004/05/18 12:53:20 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
    [2004/05/18 12:53:20 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
    [2004/05/18 12:53:20 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
    [2004/05/18 12:53:20 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
    [2004/05/18 12:53:20 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
    [2004/05/18 12:53:19 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
    [2004/05/18 12:50:32 | 000,019,607 | ---- | C] () -- C:\WINDOWS\System32\drivers\TOSSMBNT.sys
    [2004/05/18 12:09:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
    [2004/05/18 12:00:17 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\MousePage.dll
    [2004/05/18 12:00:17 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
    [2004/05/18 11:47:42 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
    [2004/05/18 11:47:40 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
    [2004/05/18 11:47:39 | 000,001,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
    [2004/05/18 11:42:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
    [2004/05/18 11:38:54 | 000,270,336 | ---- | C] () -- C:\WINDOWS\System32\PlugPlayPCIDevice.exe
    [2004/05/18 11:38:54 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\MFCFirstRemove.exe
    [2004/05/18 11:38:54 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\RefreshDevice.exe
    [2004/05/18 11:17:27 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
    [2004/05/18 11:17:27 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
    [2004/05/18 08:31:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2004/05/18 08:13:09 | 000,028,779 | ---- | C] () -- C:\WINDOWS\System32\javaw.exe
    [2004/05/18 08:13:09 | 000,024,681 | ---- | C] () -- C:\WINDOWS\System32\java.exe
    [2004/05/18 08:02:37 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2004/05/18 07:45:01 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2004/05/18 07:37:58 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2004/05/18 06:27:56 | 000,000,083 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2004/05/18 06:27:32 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
    [2004/05/18 06:27:30 | 000,381,094 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2004/05/18 06:27:30 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2004/05/18 06:27:30 | 000,053,276 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2004/05/18 06:27:30 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2004/05/18 06:27:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2004/05/18 06:27:28 | 000,004,631 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2004/05/18 06:27:26 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2004/05/18 06:27:22 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2004/05/18 06:27:21 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2004/05/18 06:27:16 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2004/05/18 06:27:05 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2004/03/15 18:28:08 | 000,048,865 | ---- | C] () -- C:\WINDOWS\System32\drivers\tiumfw.bin
    [2003/06/06 17:12:18 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\DProcess.exe
    [2003/03/09 05:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
    [2003/02/12 16:50:06 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\RM_ABG.exe
    [2002/12/05 13:18:56 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\Set_ABG.exe
    [1999/08/28 23:07:05 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe

    ========== LOP Check ==========

    [2011/09/22 18:53:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2011/09/21 18:46:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2011/09/21 18:56:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2008/01/02 23:18:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\erikaballantine\Application Data\FUJIFILM
    [2004/10/22 13:52:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\erikaballantine\Application Data\InterVideo
    [2004/11/18 01:39:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\erikaballantine\Application Data\Nikon
    [2009/04/05 22:52:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\erikaballantine\Application Data\Samsung
    [2004/05/18 12:50:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\erikaballantine\Application Data\toshiba
    [2011/09/21 22:18:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\erikaballantine\Application Data\Uksy
    [2010/07/24 16:48:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\erikaballantine\Application Data\Umud
    [2004/08/12 19:13:09 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 2.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.exe >
    [2011/07/10 20:55:32 | 002,527,232 | ---- | M] (Topala Software Solutions) -- C:\siw.exe


    < MD5 for: EXPLORER.EXE >
    [2004/08/04 08:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\explorer.exe
    [2004/08/04 08:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
    [2003/03/31 12:00:00 | 001,004,032 | ---- | M] (Microsoft Corporation) MD5=A82B28BFC2E4455FE43022A498C0EF0A -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

    < MD5 for: USERINIT.EXE >
    [2004/08/04 08:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
    [2004/08/04 08:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\userinit.exe
    [2003/03/31 12:00:00 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=E931E0A2B8BF0019DB902E98D03662CB -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

    < MD5 for: WINLOGON.EXE >
    [2004/08/04 08:56:57 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
    [2004/08/04 08:56:57 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\winlogon.exe
    [2003/03/31 12:00:00 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=2246D8D8F4714A2CEDB21AB9B1849ABB -- C:\WINDOWS\$NtUninstallKB841533$\winlogon.exe
    [2004/05/27 02:38:46 | 000,483,328 | ---- | M] (Microsoft Corporation) MD5=E7F9D2E4E4A94A6F58014E5FFA16A65E -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

    < %systemroot%\*. /mp /s >

    < End of report >

    Extras.txt

    OTL Extras logfile created on: 29/10/2011 21:53:01 - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\erikaballantine\Desktop
    Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.2180)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    447.48 Mb Total Physical Memory | 203.94 Mb Available Physical Memory | 45.58% Memory free
    1.03 Gb Paging File | 0.87 Gb Available in Paging File | 84.42% Paging File free
    Paging file location(s): C:\pagefile.sys 0 0 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 37.26 Gb Total Space | 19.68 Gb Free Space | 52.81% Space Free | Partition Type: NTFS

    Computer Name: ERIKA | User Name: erikaballantine | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
    .js [@ = JSFile] -- C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe (Macromedia, Inc.)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
    https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
    InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
    jsfile [open] -- "C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1" (Macromedia, Inc.)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [FinePix] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" "%1" (FUJIFILM Corporation.)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Winamp Remote\bin\Orb.exe" = C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb
    "C:\Program Files\Winamp Remote\bin\OrbTray.exe" = C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray
    "C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client
    "C:\WINDOWS\system32\sysservice.exe" = C:\WINDOWS\system32\sysservice.exe:*:Enabled:dnsclient
    "C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Disabled:TrueVector Service
    "C:\Documents and Settings\erikaballantine\Local Settings\Temp\7zS2.tmp\SymNRT.exe" = C:\Documents and Settings\erikaballantine\Local Settings\Temp\7zS2.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{05832D65-6EDB-4D32-BA78-BCD0E2B91C02}" = Atheros Wireless LAN MiniPCI card Driver
    "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
    "{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}" = iTunes
    "{188BA1CC-F3A1-49B0-A34D-8C861C64E1AE}" = TOSHIBA Manuals
    "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
    "{1D2E8198-25CE-4901-B8EB-8587185C5776}" = Voyager USB Driver
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.5.3
    "{3470FBE6-B743-420F-B5CE-0D27FA749C16}" = Touch and Launch
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}" = Macromedia Flash MX
    "{3CF0858D-1AC5-4308-9DE7-AD15288A8BDC}" = TOSHIBA Console
    "{416DFEDD-9F1B-4EFC-AF70-FCA891AE0251}" = Adobe InDesign CS
    "{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver
    "{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
    "{68D368EE-F5AC-4402-BD45-B454B5453FE1}" = SRS WOW XT Plug-In for Windows Media Player for Toshiba version 1.0.1
    "{7148F0A8-6813-11D6-A77B-00B0D0142040}" = Java 2 Runtime Environment, SE v1.4.2_04
    "{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
    "{78FC8439-5FAF-4AD2-B9FD-2F5519F3ED0B}" = WLAN
    "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
    "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
    "{8B4AB829-DFD3-436D-B808-D9733D76C590}" = Macromedia Dreamweaver MX
    "{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
    "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for Toshiba
    "{91A10409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
    "{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}" = Adobe Illustrator CS
    "{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
    "{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
    "{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
    "{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
    "{AC76BA86-7AD7-1033-7646-A00000000001}" = Adobe Reader 6.0.1
    "{AE2310DC-B261-4D84-BE03-BD318EB41B78}" = PCI1620 Ultramedia Controller
    "{B093990A-AAF2-44AC-9216-14BB7A2189B6}" = ImageMixer VCD2 LE for FinePix
    "{B44529FF-501E-47CD-A06D-223C161BE058}" = FinePixViewer Resource
    "{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
    "{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{E0D51394-1D45-460A-B62D-383BC4F8B335}" = QuickTime
    "{E3B3AB03-8ABC-46CF-8CA9-DB5581E1F368}" = FinePix Studio
    "{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
    "{F1B8DB67-D30E-4FF9-A85F-3CEE51825AA2}" = SMSC IrCC V5.1.3600.3 SP1
    "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
    "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player Plugin
    "Adobe SVG Viewer" = Adobe SVG Viewer 3.0
    "Adobe Type Manager Deluxe 4.1" = Adobe Type Manager Deluxe 4.1
    "All ATI Software" = ATI - Software Uninstall Utility
    "ArcSoft Software Suite" = ArcSoft Software Suite
    "ATI Display Driver" = ATI Display Driver
    "avast" = avast! Free Antivirus
    "CCleaner" = CCleaner
    "InstallShield_{68D368EE-F5AC-4402-BD45-B454B5453FE1}" = SRS WOW XT Plug-In for Windows Media Player for Toshiba version 1.0.1
    "InstallShield_{AE2310DC-B261-4D84-BE03-BD318EB41B78}" = PCI 1620 Cardbus Controller and Software
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
    "Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
    "PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool
    "Power Saver" = TOSHIBA Power Saver
    "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
    "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
    "Skype_is1" = Skype 1.4
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "TOSHIBA Hotkey Utility for Display Devices" = TOSHIBA Hotkey Utility for Display Devices
    "TOSHIBA Software Modem" = TOSHIBA Software Modem
    "TOSHIBA Utilities" = TOSHIBA Utilities
    "Windows Media Format Runtime" = Windows Media Format Runtime
    "Windows Media Player" = Windows Media Player 10
    "Windows XP Service Pack" = Windows XP Service Pack 2
    "WLAN 802.11g Cardbus" = WLAN 802.11g Cardbus

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 31/10/2007 12:56:43 | Computer Name = ERIKA | Source = Application Hang | ID = 1002
    Description = Hanging application Illustrator.exe, version 11.0.32.0, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 29/12/2007 19:13:59 | Computer Name = ERIKA | Source = Application Error | ID = 1000
    Description = Faulting application hpoevm08.exe, version 4.2.0.20, faulting module
    ole32.dll, version 5.1.2600.2726, fault address 0x0002d8f5.

    Error - 29/12/2007 20:00:17 | Computer Name = ERIKA | Source = Application Error | ID = 1000
    Description = Faulting application hpoevm08.exe, version 4.2.0.20, faulting module
    ole32.dll, version 5.1.2600.2726, fault address 0x0002d8f5.

    Error - 06/01/2008 17:40:32 | Computer Name = ERIKA | Source = Application Hang | ID = 1002
    Description = Hanging application Photoshop.exe, version 8.0.0.0, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 10/01/2008 17:24:28 | Computer Name = ERIKA | Source = Application Error | ID = 1000
    Description = Faulting application acrord32.exe, version 6.0.1.1091, faulting module
    msvcrt.dll, version 7.0.2600.2180, fault address 0x000370d0.

    Error - 20/01/2008 08:13:35 | Computer Name = ERIKA | Source = Application Error | ID = 1000
    Description = Faulting application vsmon.exe, version 6.5.700.0, faulting module
    msvcrt.dll, version 7.0.2600.2180, fault address 0x000372e3.

    Error - 21/01/2008 16:05:20 | Computer Name = ERIKA | Source = Application Error | ID = 1000
    Description = Faulting application winamp.exe, version 5.5.2.1800, faulting module
    gen_ff.dll, version 0.0.0.0, fault address 0x000ce525.

    Error - 28/01/2008 16:35:01 | Computer Name = ERIKA | Source = Application Hang | ID = 1002
    Description = Hanging application OrbTray.exe, version 2.2008.105.1830, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 31/03/2008 11:25:20 | Computer Name = ERIKA | Source = Application Hang | ID = 1002
    Description = Hanging application updater.exe, version 1.8.20080.20121, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 04/10/2008 11:56:40 | Computer Name = ERIKA | Source = Application Error | ID = 1000
    Description = Faulting application vsmon.exe, version 6.5.700.0, faulting module
    unknown, version 0.0.0.0, fault address 0x055e0a1a.

    [ System Events ]
    Error - 19/10/2011 18:18:32 | Computer Name = ERIKA | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.1.6 for the Network Card with network
    address 000F66D3AD0D has been denied by the DHCP server 192.168.1.1 (The DHCP Server
    sent a DHCPNACK message).

    Error - 19/10/2011 18:19:46 | Computer Name = ERIKA | Source = Windows Update Agent | ID = 20
    Description = Installation Failure: Windows failed to install the following update
    with error 0x80070643: Critical Update for Office XP on Windows XP Service Pack
    2 (KB885884).

    Error - 19/10/2011 18:19:51 | Computer Name = ERIKA | Source = Windows Update Agent | ID = 20
    Description = Installation Failure: Windows failed to install the following update
    with error 0x80070002: Critical Update for Windows XP (KB886185).

    Error - 19/10/2011 18:19:52 | Computer Name = ERIKA | Source = Windows Update Agent | ID = 20
    Description = Installation Failure: Windows failed to install the following update
    with error 0x80070002: Cumulative Security Update for Internet Explorer for Windows
    XP (KB896688).

    Error - 25/10/2011 14:23:21 | Computer Name = ERIKA | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    SASDIFSV SASKUTIL

    Error - 25/10/2011 14:24:14 | Computer Name = ERIKA | Source = Windows Update Agent | ID = 16
    Description = Unable to Connect: Windows is unable to connect to the automatic updates
    service and therefore cannot download and install updates according to the set
    schedule. Windows will continue to try to establish a connection.

    Error - 25/10/2011 17:48:49 | Computer Name = ERIKA | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.1.7 for the Network Card with network
    address 000F66D3AD0D has been denied by the DHCP server 192.168.1.1 (The DHCP Server
    sent a DHCPNACK message).

    Error - 25/10/2011 17:49:56 | Computer Name = ERIKA | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    SASDIFSV SASKUTIL

    Error - 29/10/2011 16:48:14 | Computer Name = ERIKA | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    SASDIFSV SASKUTIL

    Error - 29/10/2011 16:49:15 | Computer Name = ERIKA | Source = Windows Update Agent | ID = 16
    Description = Unable to Connect: Windows is unable to connect to the automatic updates
    service and therefore cannot download and install updates according to the set
    schedule. Windows will continue to try to establish a connection.


    < End of report >
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.