Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

J

JT1314

23 Posts

4393

June 28th, 2011 13:00

Recently had Windows CleanThis problem, occasional redirects, and unable to update.

Hi I am running into problems with my dad's office computer.  He recently had a Windows CleanThis virus and I could not get around it so I restored to a previous date. Upon further inspection he also never updated his Vista operating system to any of the service packs. When I went to update windows I got a 80072EFE error message.  I have also noticed his web browser is sometimes redirecting him to a Scour.com. Now I went to post a HijackThis log but got an error about Host issues and to right click and run as administrator. But I never saw that option and this is the only Admin profile on the computer.  From a previous post on the regular Virus forum I was instructed to post the DDS and Attatch.txt log. So here's the DDS log, I can't post the other because it is too big or something, it is slowing down the computer when I try posting both. Will post the other log after a reply. Thank again any help would be greatly appreciated.

 

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18904
Run by Tony at 14:22:03 on 2011-06-28
Microsoft® Windows Vista™ Business   6.0.6000.0.1252.1.1033.18.3069.1872 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\msfeedssync.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.att.net/
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
mStart Page = hxxp://www.yahoo.com
mDefault_Page_URL = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride =
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn4\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn4\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn4\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn4\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10n_ActiveX.exe -update activex
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [Chuhuwaton] rundll32.exe  "c:\windows\system32\config\systemprofile\appdata\local\enecdi.dll",Startup
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
Trusted Zone: motive.com\pattta.att
Trusted Zone: motive.com\patttbc.att
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1 68.94.156.1 68.94.157.1
TCP: Interfaces\{5BF28FFE-305E-4146-BBF8-6DC7F720016F} : DhcpNameServer = 192.168.0.1 68.94.156.1 68.94.157.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
Hosts: 127.0.0.1    www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\tony\appdata\roaming\mozilla\firefox\profiles\3vkyxno3.default\
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff5.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\sony\reader\data\bin\npebldetectmoz.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg10\Firefox4
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-11-12 1153368]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 28624]
S?2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-16 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-16 135664]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-6-6 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-6-6 40552]
.
=============== Created Last 30 ================
.
2011-06-27 16:35:08    --------    d-----w-    C:\Microsoft
2011-06-27 16:34:38    --------    d-----w-    C:\Adobe
2011-06-24 17:07:41    388096    ----a-r-    c:\users\tony\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-06-24 17:07:41    --------    d-----w-    c:\program files\Trend Micro
2011-06-22 19:58:20    --------    d-----w-    c:\users\tony\appdata\local\Microsoft Corporation
2011-06-22 19:57:23    --------    d-----w-    c:\program files\Microsoft Windows 7 Upgrade Advisor
2011-06-18 15:42:22    0    ---ha-w-    c:\users\tony\appdata\local\Ptihisunogew.bin
2011-06-18 15:42:21    --------    d--h--w-    c:\users\tony\appdata\local\{F1164821-5543-42E1-BDDE-C95E827458D1}
2011-06-07 17:35:34    103864    ----a-w-    c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-06-07 17:35:34    103864    ----a-w-    c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M  ====================
.
2011-04-15 02:28:18    134480    ----a-w-    c:\windows\system32\drivers\AVGIDSDriver.sys
2011-04-05 05:59:56    297168    ----a-w-    c:\windows\system32\drivers\avgtdix.sys
.
============= FINISH: 14:22:58.50 ===============

 

 

 

 

 

 

 

JT1314

23 Posts

July 6th, 2011 10:00

Alright well I ran the Fixit Utility and it said it ran sucessfully but when I ran the standalone update again it still said "An internal error occured while installing the sercive packs Error Code 0x8007002.  The only diffference I noticed this time around is that the install bar made it to the end before the error showed up.

kevinf80_1d0ac6

1.1K Posts

July 6th, 2011 14:00

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

Link 1
Link 2






**** Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read Here why  disabling autoruns is recommended.

*EXTRA NOTES*

  •    
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
       
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
       
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)


Post the log in next reply please,

Kevin






JT1314

23 Posts

July 13th, 2011 11:00

I apologize for such a late reply but I did not notice your response. Never saw the email and I never logged on to check.  But I did download and install Combofix.  The problem I'm having is that this computer has AVG virus software on it and when I disabled it combofix still wouldnt run. So I went to uninstall AVG and was given this message.

AVG: Setup Error

Severity: Erro

Error Code: 0xC0070643

Error Message: General Internal Error

Additional Message: Service 'AVG Watchdog' AVGWDG could not be stopped. Verify that you have sufficient privleges to stop system services. (0xC0070781)

Context: MSI Action Failed.

Mind you this is the only admin account on the whole computer so I dont know what to do now. Any suggestions?

Also when writing this response I'm noticing a link to thespykiler.co.uk/index.php?page=20 is showing up when I move my cursor around the screen over your response. Should I be concerned about it.

JT1314

23 Posts

July 13th, 2011 11:00

Nevermind about that link. I saw it was an article about autorun, just thought it was wierd because it was showing up in my reply when i went to click and edit a portion of my response.

kevinf80_1d0ac6

1.1K Posts

July 13th, 2011 12:00

Go Here and get the AVG removal utility, make sure to use the correct version. Once you`ve run the removal utility Combofix will run OK...
Let me see the log in your reply......

JT1314

23 Posts

July 13th, 2011 15:00

AVG Removed Succesfully. Combofix scan ran with no issues. Below is the log. Oh and since I got rid of AVG any suggestions on other free virus software.

ComboFix 11-07-13.03 - Tony 07/13/2011  16:18:37.1.2 - x86

Microsoft® Windows Vista™ Business   6.0.6000.0.1252.1.1033.18.3069.2136 [GMT -5:00]

Running from: c:\users\Tony\Desktop\ComboFix.exe

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Microsoft

c:\programdata\ntuser.dat

c:\users\Tony\AppData\Roaming\Adobe\plugs

c:\users\Tony\AppData\Roaming\Adobe\shed

c:\users\Tony\AppData\Roaming\completescan

c:\users\Tony\AppData\Roaming\install

c:\users\Tony\g2mdlhlpx.exe

.

.

(((((((((((((((((((((((((   Files Created from 2011-06-13 to 2011-07-13  )))))))))))))))))))))))))))))))

.

.

2011-07-13 21:15 . 2011-07-13 21:15 -------- d-----w- C:\32788R22FWJFW

2011-07-06 15:05 . 2011-07-06 15:05 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-30 14:09 . 2011-06-30 14:09 -------- d-----w- c:\program files\ESET

2011-06-29 15:20 . 2011-05-04 09:52 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

2011-06-29 15:20 . 2011-05-04 09:52 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-06-28 22:49 . 2011-06-28 22:49 -------- d-----w- c:\users\Tony\AppData\Roaming\Malwarebytes

2011-06-28 22:49 . 2011-05-29 14:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-28 22:49 . 2011-06-28 22:49 -------- d-----w- c:\programdata\Malwarebytes

2011-06-28 22:48 . 2011-06-29 15:59 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE

2011-06-28 22:48 . 2011-06-28 22:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-06-28 22:48 . 2011-05-29 14:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-28 22:29 . 2011-06-28 22:29 -------- d-----w- C:\_OTM

2011-06-27 16:34 . 2011-06-27 16:34 -------- d-----w- C:\Adobe

2011-06-24 17:07 . 2011-06-24 17:07 388096 ----a-r- c:\users\Tony\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-06-24 17:07 . 2011-06-24 17:07 -------- d-----w- c:\program files\Trend Micro

2011-06-23 22:12 . 2011-06-23 22:12 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Adobe

2011-06-22 19:58 . 2011-06-22 19:58 -------- d-----w- c:\users\Tony\AppData\Local\Microsoft Corporation

2011-06-22 19:57 . 2011-06-22 19:57 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-26 68856]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]

"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ABC 13 E-lert.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ABC 13 E-lert.lnk

backup=c:\windows\pss\ABC 13 E-lert.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Desktop Manager.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Manager.lnk

backup=c:\windows\pss\Desktop Manager.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk

backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ymetray.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ymetray.lnk

backup=c:\windows\pss\ymetray.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^Users^Tony^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DING!.lnk]

path=c:\users\Tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DING!.lnk

backup=c:\windows\pss\DING!.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]

2006-07-11 22:12 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]

2006-11-17 21:19 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]

2006-09-29 17:39 151552 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]

2008-10-24 14:14 206112 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

2008-10-24 14:14 206112 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

2008-10-24 14:14 79136 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]

2008-01-10 16:36 1232896 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]

2007-02-08 05:16 303104 ----a-w- c:\windows\sttray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2008-03-26 15:21 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]

2000-05-11 06:00 90112 ----a-w- c:\windows\Updreg.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VolPanel]

2006-11-27 14:14 180224 ----a-w- c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

2007-05-17 14:28 1006264 ----a-w- c:\program files\Windows Defender\MSASCui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

2006-11-02 12:36 201728 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

2007-03-01 23:11 4670968 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

"Creative MediaSource Go"="c:\program files\Creative\MediaSource5\Go\CTCMSGoU.exe" /SCB

"airfrance"="c:\users\Tony\AppData\Local\Djingle\Widget by Air France (US)\bin\autorun.lnk"

"Search Protection"=c:\program files\Yahoo!\Search Protection\SearchProtection.exe

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"eBook Library Launcher"=c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" /runkey

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

.

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-16 135664]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-16 135664]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-05-29 39984]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ   PLA DPS BFE mpssvc

HPZ12 REG_MULTI_SZ   Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]

2009-03-08 11:32 128512 ----a-w- c:\windows\System32\advpack.dll

.

Contents of the 'Scheduled Tasks' folder

.

2011-07-13 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-26 14:14]

.

2011-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-16 17:10]

.

2011-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-16 17:10]

.

2011-07-12 c:\windows\Tasks\RegCure Program Check.job

- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]

.

2011-07-06 c:\windows\Tasks\RegCure.job

- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]

.

2011-07-13 c:\windows\Tasks\User_Feed_Synchronization-{3EA1FAAC-8CE7-42C8-B63A-A3BD6B5B83A9}.job

- c:\windows\system32\msfeedssync.exe [2010-03-30 04:54]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.att.net/

mStart Page = hxxp://www.yahoo.com

uInternet Settings,ProxyOverride =

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

Trusted Zone: motive.com\pattta.att

Trusted Zone: motive.com\patttbc.att

TCP: DhcpNameServer = 192.168.0.1 68.94.156.1 68.94.157.1

FF - ProfilePath - c:\users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\3vkyxno3.default\

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\AVG\AVG10\Firefox4

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

- - - - ORPHANS REMOVED - - - -

.

MSConfigStartUp-ATT-SST_McciTrayApp - c:\program files\ATT-SST\McciTrayApp.exe

MSConfigStartUp-BlackBerryAutoUpdate - c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

MSConfigStartUp-Corel Photo Downloader - c:\program files\Corel\Corel Snapfire Plus\PhotoDownloader.exe

MSConfigStartUp-Creative MediaSource Go - c:\program files\Creative\MediaSource5\Go\CTCMSGoU.exe

MSConfigStartUp-DellSupport - c:\program files\DellSupport\DSAgnt.exe

MSConfigStartUp-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe

MSConfigStartUp-dscactivate - c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

MSConfigStartUp-HP Software Update - c:\program files\HP\HP Software Update\HPWuSchd2.exe

MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe

MSConfigStartUp-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe

MSConfigStartUp-PDVDDXSrv - c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

MSConfigStartUp-RoxWatchTray - c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

MSConfigStartUp-Search Protection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe

MSConfigStartUp-sptekhje - c:\users\Tony\AppData\Local\xaugog\qcnisysguard.exe

MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

MSConfigStartUp-YSearchProtection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe

AddRemove-uninstall.exe - c:\progra~1\iLinc\CLIENT~1\UNINST~1.EXE

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-07-13 16:23

Windows 6.0.6000  NTFS

.

scanning hidden processes ...  

.

scanning hidden autostart entries ...

.

scanning hidden files ...  

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,38,bd,76,e4,d6,ae,15,42,89,3b,32,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,38,bd,76,e4,d6,ae,15,42,89,3b,32,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Completion time: 2011-07-13  16:25:39

ComboFix-quarantined-files.txt  2011-07-13 21:25

.

Pre-Run: 233,014,226,944 bytes free

Post-Run: 232,932,315,136 bytes free

.

- - End Of File - - DB755E3DB1B613EB05A6E62C0C635103

kevinf80_1d0ac6

1.1K Posts

July 13th, 2011 16:00

How is your system responding now, any improvement? Install the following AV program, let it update a do a quick scan, tell me if it finds anything:

To keep safe when online you need a good Antivirus/Antspyware/Antimalware/Anti-Rootkit combination application. Microsoft Security Essentials covers all of those bases, but better still it is free. Go Here and hit the "Download it free today" tab, follow the prompts. Once installed it will want to update and carry out a quick scan, allow that to happen.
Go Here for information that will show you how to install and use MSE.

Let me know if your system has improved, also what issues remain. Tell me if MSE found anything...

Kevin

JT1314

23 Posts

July 14th, 2011 08:00

Ok well I downloaded MSE with no problems and it updated and I ran the quick scan. Everything was ok said the scan was completed on 40,534 files no threats detected.

Went back to try the standalone update 1 and it did not work again.  Still getting the message about an Internal Error Occured. Error Code: 0x80070002

As far as the system goes it's running pretty well. No redirects or slow downs as far as I can tell.  The only big problem is that the OS can't update.  

kevinf80_1d0ac6

1.1K Posts

July 14th, 2011 15:00

OK, continue as follows please :-

Step 1

  • Download ERUNT (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  • Install ERUNT by following the prompts(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  • Start ERUNT(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  • Choose a location for the backup(the default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked
  • Press OK
  • Press YES to create the folder.

user posted image

Step 2

Please follow these instructions carefully:

Open Notepad, check the Format Menu and make sure Word Wrap is NOT selected. Then copy and paste the following from in between the dotted lines to Notepad:

----------------------------------------------------------------------------------------------------------------------------------------------
Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate\DisableWindowsUpdateAccess]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoWindowsUpdate"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoWindowsUpdate"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU]
"NoAutoUpdate"=dword:00000000
"AUOptions"=dword:00000000

[-HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate]

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDevMgrUpdate"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"NoUpdateCheck"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate]
"DisableWindowsUpdateAccess"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoWindowsUpdate"=dword:00000000
-----------------------------------------------------------------------------------------------------------------------------------------


Next, Click on the File Menu, then Save As ... and click on the drop down menu to change the file type to All Files.

Next navigate to your desktop, and enter the file name fixme.reg, and click Save.

You should now find a new file on your desktop named fixme.reg. Double click on fixme.reg. You will get a warning,
agree to the merge, and then a message the file has been merged will immediately pop up.

Then reboot and try the updates again...

Kevin





















































JT1314

23 Posts

July 15th, 2011 08:00

Okay well I installed and ran ERUNT successfully, proceeded with the registry instructions with no problems and rebooted. But once again the standalone OS update will not install. Still getting the message about an internal error occured: Error Code: 0x80070002.  Whatever was on this computer must have really screwed something up.

kevinf80_1d0ac6

1.1K Posts

July 15th, 2011 14:00

OK run the following and let me see the log please :-

 

Please read carefully and follow these steps.




  • Download
  • TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on
  • TDSSKiller.exe to run the application, then on Start Scan.











  • If an infected file is detected, the default action will be
  • Cure, click on Continue.











  • If a suspicious file is detected, the default action will be
  • Skip, click on Continue.











  • It may ask you to reboot the computer to complete the process. Click on
  • Reboot Now.











  • If no reboot is require, click on
  • Report. A log file should appear. Please copy and paste the contents of that file here.

  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "
  • TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

 

Kevin


JT1314

23 Posts

July 15th, 2011 15:00

OK well I ran TDSS and it didn't find anything this time but here's the log.

2011/07/15 15:56:44.0071 3728 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56

2011/07/15 15:56:44.0446 3728 ================================================================================

2011/07/15 15:56:44.0446 3728 SystemInfo:

2011/07/15 15:56:44.0446 3728

2011/07/15 15:56:44.0446 3728 OS Version: 6.0.6000 ServicePack: 0.0

2011/07/15 15:56:44.0446 3728 Product type: Workstation

2011/07/15 15:56:44.0446 3728 ComputerName: TONY-PC

2011/07/15 15:56:44.0461 3728 UserName: Tony

2011/07/15 15:56:44.0461 3728 Windows directory: C:\Windows

2011/07/15 15:56:44.0461 3728 System windows directory: C:\Windows

2011/07/15 15:56:44.0461 3728 Processor architecture: Intel x86

2011/07/15 15:56:44.0461 3728 Number of processors: 2

2011/07/15 15:56:44.0461 3728 Page size: 0x1000

2011/07/15 15:56:44.0461 3728 Boot type: Normal boot

2011/07/15 15:56:44.0461 3728 ================================================================================

2011/07/15 15:56:45.0257 3728 Initialize success

2011/07/15 15:56:59.0032 1332 ================================================================================

2011/07/15 15:56:59.0032 1332 Scan started

2011/07/15 15:56:59.0032 1332 Mode: Manual;

2011/07/15 15:56:59.0032 1332 ================================================================================

2011/07/15 15:57:00.0389 1332 ACPI            (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys

2011/07/15 15:57:00.0483 1332 adp94xx         (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys

2011/07/15 15:57:00.0529 1332 adpahci         (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys

2011/07/15 15:57:00.0561 1332 adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys

2011/07/15 15:57:00.0607 1332 adpu320         (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys

2011/07/15 15:57:00.0685 1332 AFD             (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys

2011/07/15 15:57:00.0795 1332 agp440          (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys

2011/07/15 15:57:00.0826 1332 aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

2011/07/15 15:57:00.0888 1332 aliide          (5c42a992e68724d2cd3ddb4fc3b0409f) C:\Windows\system32\drivers\aliide.sys

2011/07/15 15:57:00.0904 1332 amdagp          (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys

2011/07/15 15:57:00.0951 1332 amdide          (849dfacdde533da5d1810f0caf84eb19) C:\Windows\system32\drivers\amdide.sys

2011/07/15 15:57:01.0013 1332 AmdK7           (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys

2011/07/15 15:57:01.0060 1332 AmdK8           (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys

2011/07/15 15:57:01.0138 1332 arc             (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys

2011/07/15 15:57:01.0169 1332 arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys

2011/07/15 15:57:01.0231 1332 AsyncMac        (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/07/15 15:57:01.0278 1332 atapi           (9e7e85ec61d1c9c3171cc08427108863) C:\Windows\system32\drivers\atapi.sys

2011/07/15 15:57:01.0356 1332 Beep            (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys

2011/07/15 15:57:01.0434 1332 bowser          (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys

2011/07/15 15:57:01.0512 1332 BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

2011/07/15 15:57:01.0543 1332 BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

2011/07/15 15:57:01.0590 1332 Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

2011/07/15 15:57:01.0606 1332 BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

2011/07/15 15:57:01.0621 1332 BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

2011/07/15 15:57:01.0668 1332 BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

2011/07/15 15:57:01.0715 1332 BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

2011/07/15 15:57:02.0167 1332 cdfs            (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys

2011/07/15 15:57:02.0245 1332 cdrom           (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys

2011/07/15 15:57:02.0292 1332 circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys

2011/07/15 15:57:02.0339 1332 CLFS            (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys

2011/07/15 15:57:02.0386 1332 cmdide          (de11a06e187756ecb86cfa82dac40ff7) C:\Windows\system32\drivers\cmdide.sys

2011/07/15 15:57:02.0433 1332 Compbatt        (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys

2011/07/15 15:57:02.0495 1332 crcdisk         (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys

2011/07/15 15:57:02.0542 1332 Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys

2011/07/15 15:57:02.0604 1332 CSC             (ee95a5f89766f199557e5900ce6b2d7d) C:\Windows\system32\drivers\csc.sys

2011/07/15 15:57:02.0651 1332 DfsC            (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys

2011/07/15 15:57:02.0698 1332 disk            (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys

2011/07/15 15:57:02.0776 1332 Dot4            (57b2d433a08b95e4f1b53a919937f3e5) C:\Windows\system32\DRIVERS\Dot4.sys

2011/07/15 15:57:02.0838 1332 Dot4Print       (d93fa484bb62fbe7e5ef335c5415d3cf) C:\Windows\system32\DRIVERS\Dot4Prt.sys

2011/07/15 15:57:02.0869 1332 dot4usb         (599742c4260fb3e8edb3be148b8ce856) C:\Windows\system32\DRIVERS\dot4usb.sys

2011/07/15 15:57:02.0916 1332 drmkaud         (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys

2011/07/15 15:57:02.0963 1332 DXGKrnl         (334988883de69adb27e2cf9f9715bbdb) C:\Windows\System32\drivers\dxgkrnl.sys

2011/07/15 15:57:03.0041 1332 e1express       (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys

2011/07/15 15:57:03.0072 1332 E1G60           (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

2011/07/15 15:57:03.0135 1332 Ecache          (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys

2011/07/15 15:57:03.0181 1332 elxstor         (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys

2011/07/15 15:57:03.0228 1332 fastfat         (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys

2011/07/15 15:57:03.0259 1332 fdc             (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys

2011/07/15 15:57:03.0306 1332 FileInfo        (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys

2011/07/15 15:57:03.0337 1332 Filetrace       (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys

2011/07/15 15:57:03.0384 1332 flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/07/15 15:57:03.0447 1332 FltMgr          (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys

2011/07/15 15:57:03.0493 1332 Fs_Rec          (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys

2011/07/15 15:57:03.0525 1332 gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys

2011/07/15 15:57:03.0618 1332 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

2011/07/15 15:57:03.0649 1332 HDAudBus        (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys

2011/07/15 15:57:03.0696 1332 HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

2011/07/15 15:57:03.0759 1332 HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

2011/07/15 15:57:03.0805 1332 HidUsb          (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys

2011/07/15 15:57:03.0837 1332 HpCISSs         (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys

2011/07/15 15:57:03.0930 1332 HSF_DPV         (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys

2011/07/15 15:57:03.0993 1332 HSXHWBS2        (ed98350ecd4a5a9c9f1e641c09872bb2) C:\Windows\system32\DRIVERS\HSXHWBS2.sys

2011/07/15 15:57:04.0055 1332 HTTP            (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys

2011/07/15 15:57:04.0071 1332 i2omp           (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys

2011/07/15 15:57:04.0149 1332 i8042prt        (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys

2011/07/15 15:57:04.0195 1332 iaStor          (e9f704ca833bd24bfaa3b4a59707633a) C:\Windows\system32\drivers\iastor.sys

2011/07/15 15:57:04.0211 1332 iaStorV         (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys

2011/07/15 15:57:04.0258 1332 iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

2011/07/15 15:57:04.0289 1332 intelide        (1b16626beae3a52e611fc681cd796f86) C:\Windows\system32\drivers\intelide.sys

2011/07/15 15:57:04.0336 1332 intelppm        (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys

2011/07/15 15:57:04.0398 1332 IpFilterDriver  (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/07/15 15:57:04.0445 1332 IPMIDRV         (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys

2011/07/15 15:57:04.0492 1332 IPNAT           (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys

2011/07/15 15:57:04.0507 1332 IRENUM          (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys

2011/07/15 15:57:04.0523 1332 isapnp          (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys

2011/07/15 15:57:04.0570 1332 iScsiPrt        (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys

2011/07/15 15:57:04.0601 1332 iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

2011/07/15 15:57:04.0632 1332 iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

2011/07/15 15:57:04.0710 1332 kbdclass        (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys

2011/07/15 15:57:04.0741 1332 kbdhid          (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\DRIVERS\kbdhid.sys

2011/07/15 15:57:04.0788 1332 KSecDD          (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys

2011/07/15 15:57:04.0835 1332 lltdio          (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys

2011/07/15 15:57:04.0882 1332 LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys

2011/07/15 15:57:04.0913 1332 LSI_SAS         (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys

2011/07/15 15:57:04.0929 1332 LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys

2011/07/15 15:57:04.0975 1332 luafv           (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys

2011/07/15 15:57:05.0038 1332 MBAMSwissArmy   (b309912717c29fc67e1ba4730a82b6dd) C:\Windows\system32\drivers\mbamswissarmy.sys

2011/07/15 15:57:05.0085 1332 mdmxsdk         (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys

2011/07/15 15:57:05.0147 1332 megasas         (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys

2011/07/15 15:57:05.0241 1332 Modem           (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys

2011/07/15 15:57:05.0303 1332 monitor         (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys

2011/07/15 15:57:05.0350 1332 mouclass        (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys

2011/07/15 15:57:05.0365 1332 mouhid          (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\DRIVERS\mouhid.sys

2011/07/15 15:57:05.0397 1332 MountMgr        (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys

2011/07/15 15:57:05.0490 1332 MpFilter        (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys

2011/07/15 15:57:05.0568 1332 mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys

2011/07/15 15:57:05.0709 1332 MpKsl08eaec3b   (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AD1E9CCA-8822-47FB-8ED0-39F293A10077}\MpKsl08eaec3b.sys

2011/07/15 15:57:05.0896 1332 MpNWMon         (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys

2011/07/15 15:57:05.0943 1332 mpsdrv          (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys

2011/07/15 15:57:05.0989 1332 Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

2011/07/15 15:57:06.0270 1332 MRxDAV          (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys

2011/07/15 15:57:06.0301 1332 mrxsmb          (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/07/15 15:57:06.0317 1332 mrxsmb10        (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/07/15 15:57:06.0364 1332 mrxsmb20        (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/07/15 15:57:06.0395 1332 msahci          (0d1c042188ffe61a702a9df5944de5ba) C:\Windows\system32\drivers\msahci.sys

2011/07/15 15:57:06.0457 1332 msdsm           (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys

2011/07/15 15:57:06.0504 1332 Msfs            (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys

2011/07/15 15:57:06.0567 1332 msisadrv        (207df26dbb2537c20276da0e15892274) C:\Windows\system32\drivers\msisadrv.sys

2011/07/15 15:57:06.0629 1332 MSKSSRV         (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys

2011/07/15 15:57:06.0691 1332 MSPCLOCK        (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/07/15 15:57:06.0707 1332 MSPQM           (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys

2011/07/15 15:57:06.0738 1332 MsRPC           (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys

2011/07/15 15:57:06.0785 1332 mssmbios        (7dbaa028f625aa46b95dda4fbe4b602b) C:\Windows\system32\DRIVERS\mssmbios.sys

2011/07/15 15:57:06.0816 1332 MSTEE           (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys

2011/07/15 15:57:06.0847 1332 Mup             (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys

2011/07/15 15:57:06.0925 1332 NativeWifiP     (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys

2011/07/15 15:57:07.0003 1332 NDIS            (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys

2011/07/15 15:57:07.0066 1332 NdisTapi        (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/07/15 15:57:07.0113 1332 Ndisuio         (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/07/15 15:57:07.0128 1332 NdisWan         (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/07/15 15:57:07.0159 1332 NDProxy         (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys

2011/07/15 15:57:07.0222 1332 NetBIOS         (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys

2011/07/15 15:57:07.0253 1332 netbt           (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys

2011/07/15 15:57:07.0300 1332 nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

2011/07/15 15:57:07.0347 1332 Npfs            (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys

2011/07/15 15:57:07.0378 1332 nsiproxy        (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys

2011/07/15 15:57:07.0440 1332 Ntfs            (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys

2011/07/15 15:57:07.0518 1332 ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

2011/07/15 15:57:07.0565 1332 Null            (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys

2011/07/15 15:57:07.0596 1332 nvraid          (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys

2011/07/15 15:57:07.0627 1332 nvstor          (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys

2011/07/15 15:57:07.0674 1332 nv_agp          (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys

2011/07/15 15:57:07.0768 1332 ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys

2011/07/15 15:57:07.0830 1332 Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

2011/07/15 15:57:07.0861 1332 partmgr         (84be786f33fdbd8765e05df3b7f5b9e6) C:\Windows\system32\drivers\partmgr.sys

2011/07/15 15:57:07.0893 1332 Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

2011/07/15 15:57:07.0955 1332 pci             (bdd96f9cf34d58958aff1be6ef4c8020) C:\Windows\system32\drivers\pci.sys

2011/07/15 15:57:07.0986 1332 pciide          (54d23dc5b5072311116826fdb7f6e83e) C:\Windows\system32\drivers\pciide.sys

2011/07/15 15:57:08.0033 1332 pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

2011/07/15 15:57:08.0111 1332 PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

2011/07/15 15:57:08.0236 1332 pnarp           (3de33bce4a930edf57bd1f742823bcd8) C:\Windows\system32\DRIVERS\pnarp.sys

2011/07/15 15:57:08.0283 1332 PptpMiniport    (c04dec5ace67c5247b150c4223970bb7) C:\Windows\system32\DRIVERS\raspptp.sys

2011/07/15 15:57:08.0329 1332 Processor       (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys

2011/07/15 15:57:08.0407 1332 PSched          (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys

2011/07/15 15:57:08.0439 1332 purendis        (53efa6066e7ffaa1ad91c7fb40ffd2ec) C:\Windows\system32\DRIVERS\purendis.sys

2011/07/15 15:57:08.0501 1332 ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys

2011/07/15 15:57:08.0563 1332 ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

2011/07/15 15:57:08.0626 1332 QWAVEdrv        (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys

2011/07/15 15:57:08.0719 1332 R300            (8766b8f65459c37e20d525645e30e466) C:\Windows\system32\DRIVERS\atikmdag.sys

2011/07/15 15:57:08.0813 1332 RasAcd          (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys

2011/07/15 15:57:08.0844 1332 Rasl2tp         (68b0019fee429ec49d29017af937e482) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/07/15 15:57:08.0860 1332 RasPppoe        (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/07/15 15:57:08.0891 1332 rdbss           (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys

2011/07/15 15:57:08.0907 1332 RDPCDD          (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/07/15 15:57:08.0938 1332 rdpdr           (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\DRIVERS\rdpdr.sys

2011/07/15 15:57:08.0953 1332 RDPENCDD        (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys

2011/07/15 15:57:09.0000 1332 RDPWD           (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys

2011/07/15 15:57:09.0063 1332 RimUsb          (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys

2011/07/15 15:57:09.0125 1332 RimVSerPort     (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys

2011/07/15 15:57:09.0156 1332 ROOTMODEM       (d49d61312b273de069584d48c81c8b1d) C:\Windows\system32\Drivers\RootMdm.sys

2011/07/15 15:57:09.0203 1332 rspndr          (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys

2011/07/15 15:57:09.0250 1332 sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

2011/07/15 15:57:09.0297 1332 secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2011/07/15 15:57:09.0343 1332 Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

2011/07/15 15:57:09.0359 1332 Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

2011/07/15 15:57:09.0406 1332 sermouse        (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys

2011/07/15 15:57:09.0453 1332 sffdisk         (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys

2011/07/15 15:57:09.0484 1332 sffp_mmc        (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys

2011/07/15 15:57:09.0515 1332 sffp_sd         (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys

2011/07/15 15:57:09.0562 1332 sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

2011/07/15 15:57:09.0624 1332 sisagp          (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys

2011/07/15 15:57:09.0671 1332 SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys

2011/07/15 15:57:09.0687 1332 SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys

2011/07/15 15:57:09.0749 1332 Smb             (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys

2011/07/15 15:57:09.0811 1332 spldr           (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys

2011/07/15 15:57:09.0874 1332 srv             (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys

2011/07/15 15:57:09.0921 1332 srv2            (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys

2011/07/15 15:57:09.0936 1332 srvnet          (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys

2011/07/15 15:57:10.0045 1332 STHDA           (9cea131b5eb0ea653f6b3ea80b54956d) C:\Windows\system32\drivers\stwrt.sys

2011/07/15 15:57:10.0123 1332 swenum          (3b80b4383c9bce13279c8482734b32b2) C:\Windows\system32\DRIVERS\swenum.sys

2011/07/15 15:57:10.0170 1332 Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

2011/07/15 15:57:10.0217 1332 Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

2011/07/15 15:57:10.0264 1332 Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

2011/07/15 15:57:10.0326 1332 Tcpip           (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys

2011/07/15 15:57:10.0373 1332 Tcpip6          (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys

2011/07/15 15:57:10.0404 1332 tcpipreg        (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys

2011/07/15 15:57:10.0435 1332 TDPIPE          (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys

2011/07/15 15:57:10.0451 1332 TDTCP           (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys

2011/07/15 15:57:10.0482 1332 tdx             (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys

2011/07/15 15:57:10.0513 1332 TermDD          (849ed71967d45f15c3e0abfc633fdf2a) C:\Windows\system32\DRIVERS\termdd.sys

2011/07/15 15:57:10.0560 1332 tssecsrv        (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/07/15 15:57:10.0623 1332 tunmp           (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys

2011/07/15 15:57:10.0685 1332 tunnel          (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys

2011/07/15 15:57:10.0732 1332 uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys

2011/07/15 15:57:10.0794 1332 udfs            (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys

2011/07/15 15:57:10.0825 1332 uliagpkx        (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys

2011/07/15 15:57:10.0857 1332 uliahci         (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys

2011/07/15 15:57:10.0903 1332 UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

2011/07/15 15:57:10.0919 1332 ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

2011/07/15 15:57:10.0966 1332 umbus           (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys

2011/07/15 15:57:11.0044 1332 usbccgp         (a028bbf8f82d99f99c1e0ca73efcb5fb) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/07/15 15:57:11.0059 1332 usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

2011/07/15 15:57:11.0137 1332 usbehci         (15be5995d255f4067be57831d7a019e0) C:\Windows\system32\DRIVERS\usbehci.sys

2011/07/15 15:57:11.0169 1332 usbhub          (3af9f47f37b44ca50de50732c6a52c38) C:\Windows\system32\DRIVERS\usbhub.sys

2011/07/15 15:57:11.0215 1332 usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

2011/07/15 15:57:11.0262 1332 usbprint        (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys

2011/07/15 15:57:11.0309 1332 usbscan         (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys

2011/07/15 15:57:11.0356 1332 USBSTOR         (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2011/07/15 15:57:11.0387 1332 usbuhci         (6319543440ce8c180a12603d37934ff6) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/07/15 15:57:11.0465 1332 vga             (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/07/15 15:57:11.0512 1332 VgaSave         (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys

2011/07/15 15:57:11.0559 1332 viaagp          (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys

2011/07/15 15:57:11.0605 1332 ViaC7           (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys

2011/07/15 15:57:11.0652 1332 viaide          (c0ace9d0f5a5ee0b00f58345947a57fc) C:\Windows\system32\drivers\viaide.sys

2011/07/15 15:57:11.0699 1332 volmgr          (fd16fac15f9f165ac19a618e7b391f5c) C:\Windows\system32\drivers\volmgr.sys

2011/07/15 15:57:11.0777 1332 volmgrx         (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys

2011/07/15 15:57:11.0824 1332 volsnap         (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys

2011/07/15 15:57:11.0855 1332 vsmraid         (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys

2011/07/15 15:57:11.0933 1332 WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

2011/07/15 15:57:11.0980 1332 Wanarp          (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys

2011/07/15 15:57:12.0011 1332 Wanarpv6        (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys

2011/07/15 15:57:12.0073 1332 wanatw          (0a716c08cb13c3a8f4f51e882dbf7416) C:\Windows\system32\DRIVERS\wanatw4.sys

2011/07/15 15:57:12.0136 1332 Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys

2011/07/15 15:57:12.0198 1332 Wdf01000        (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys

2011/07/15 15:57:12.0323 1332 winachsf        (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys

2011/07/15 15:57:12.0432 1332 winusb          (086d2e78eecd6195667282adc6ca109f) C:\Windows\system32\DRIVERS\WinUSB.SYS

2011/07/15 15:57:12.0479 1332 WmiAcpi         (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys

2011/07/15 15:57:12.0557 1332 WpdUsb          (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys

2011/07/15 15:57:12.0588 1332 ws2ifsl         (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys

2011/07/15 15:57:12.0666 1332 WUDFRd          (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/07/15 15:57:12.0713 1332 XAudio          (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys

2011/07/15 15:57:12.0775 1332 MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

2011/07/15 15:57:12.0807 1332 Boot (0x1200)   (1d0ef0f50b52d9383e41dcbaff98308f) \Device\Harddisk0\DR0\Partition0

2011/07/15 15:57:12.0807 1332 Boot (0x1200)   (55310e33892c0cee92c18f0e0cbe1b04) \Device\Harddisk0\DR0\Partition1

2011/07/15 15:57:12.0822 1332 ================================================================================

2011/07/15 15:57:12.0822 1332 Scan finished

2011/07/15 15:57:12.0822 1332 ================================================================================

2011/07/15 15:57:12.0822 3656 Detected object count: 0

2011/07/15 15:57:12.0822 3656 Actual detected object count: 0

kevinf80_1d0ac6

1.1K Posts

July 15th, 2011 16:00

OK, Go here http://support.microsoft.com/kb/947366#resolution2 and work through the solutions, let me know how you get on....

JT1314

23 Posts

July 18th, 2011 11:00

Ok, so I used resolution 2 the update utility and it installed and ran ok.  Did a restart and ran the standalone update SP1 and this time it actually ran all the way and started the whole install process. Everything was looking great and installing ok until one of the restarts when it came to a black screen and started doing a count up of a bunch of files. It ran until 37070/90483 and that's where the big problem came. Got stuck on This:

!!  0cx01a001d  !!  (\Registry\Machine\Components\DerivedData...)  Couldn't read the rest.

I let it stay like that for atleast 30 min. but nothing was going on.  So I manually restarted the computer not knowing what was going to happen. And now I get the option to start windows normally or let windows fix it. When windows tries to fix it I get stuck at the Blue Screen which in past experiences is never good.  Any other ideas on what went wrong? And is there any solution to this or is this the end of the road?

kevinf80_1d0ac6

1.1K Posts

July 18th, 2011 14:00

Access the Advanced Boot Options Menu, restart the machine and continuously tap the F8 key until you see the Advanced Boot Options. From the Advanced Boot Options menu, select Repair your Computer. You should now see the Recovery Environment Menu. From the options Select System Restore, follow the prompts to restore to a previous date, does that get you booting normally again.

Kevin

View More

View All

No Events found!

Top