Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Not sure what I have, Redirecting to NewsDaily7, buzzcrazy.com, etc


  • This topic is locked This topic is locked
41 replies to this topic

#1 ravinraven

ravinraven

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:34 PM

Posted 17 January 2012 - 04:25 PM

Last night while browsing I suddenly got a bunch of pop-up warning from my anti-virus. There were about 3 different things that kept popping up, one of which I remember it saying was a Trojan. I was frantically clicking "move to vault though" and didn't catch the names. Once I finally got off the site and the warning stopped, it recommended I restart to complete the removal, which I did. It said it was successful, but upon opening my browser I was immediately redirected to newsdaily7.com I have since been directed to buzzcrazy.cm and businessadvantagegold.com as well. Also, everything is running noticeably slower.


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_25
Run by Raven at 19:04:16 on 2012-01-16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.764 [GMT -8:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: Norton Internet Worm Protection *Disabled*
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WTouch\WTouchService.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\WTouch\WTouchUser.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\EXSHOW95.EXE
C:\WINDOWS\system32\EXSHOW.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Documents and Settings\Raven\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.aol.com/?src=aim
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\9.0.0.18\AVG Secure Search_toolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\9.0.0.18\AVG Secure Search_toolbar.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [LXSUPMON] c:\windows\system32\LXSUPMON.EXE RUN
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [EXSHOW95.EXE] EXSHOW95.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [<NO NAME>]
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
StartupFolder: c:\docume~1\raven\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\raven\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\raven\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\raven\startm~1\programs\startup\seagat~1.lnk - c:\documents and settings\raven\application data\leadertech\powerregister\Seagate 2GE766LF Product Registration.exe
StartupFolder: c:\docume~1\raven\startm~1\programs\startup\yahoo!~1.lnk - c:\program files\yahoo!\widgets\YahooWidgets.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppavi~1.lnk - c:\program files\hewlett-packard\hp pavilion webcam\HPWebcam.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: mswsock.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{419F2BE6-F297-4F05-AAAB-03E6B0BA1973} : DhcpNameServer = 192.168.1.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\9.0.1\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\raven\application data\mozilla\firefox\profiles\2eabkvlw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.woot.com/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cdf4446&v=7.007.026.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\documents and settings\raven\application data\mozilla\firefox\profiles\2eabkvlw.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff5.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff6.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff7.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff8.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\raven\application data\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\raven\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-3-17 64288]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 295248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-12-18 189736]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-8-12 2152152]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-9-11 1174152]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2010-10-5 4497704]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2008-5-14 1373480]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\9.0.1\ToolbarUpdater.exe [2011-12-10 855904]
R2 WTouchService;WTouch Service;c:\program files\wtouch\WTouchService.exe [2010-10-5 113448]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 16720]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-12 15232]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2011-3-19 11520]
S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [2006-6-6 61952]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-5-6 1025352]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2010-10-5 16240]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2006-3-15 14336]
.
=============== Created Last 30 ================
.
2012-01-16 22:22:43 -------- d-----w- c:\documents and settings\raven\application data\AVG Secure Search
2012-01-15 18:05:27 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
2012-01-15 18:05:27 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2012-01-15 18:05:27 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2012-01-15 18:05:27 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll
2012-01-03 13:10:44 182672 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2012-01-03 13:10:44 182672 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2012-01-17 02:10:24 7304 ----a-w- c:\windows\TMP0001.TMP
2011-11-29 21:16:27 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 15:28:36 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28:36 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37:08 2148864 ------w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:02 2027008 ------w- c:\windows\system32\ntkrnlpa.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x9D02BFF0]<<
_asm { MOV EAX, [ESP+0x4]; MOV ECX, [EAX+0x28]; PUSH EBP; MOV EBP, [ECX+0x4]; PUSH ESI; MOV ESI, [ESP+0x10]; PUSH EDI; MOV EDI, [ESI+0x60]; MOV AL, [EDI]; CMP AL, 0x16; JNZ 0x36; PUSH ESI; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A780030]
3 CLASSPNP[0xF74E7FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x89AB3F08]
\Driver\00002378[0x898373E0] -> IRP_MJ_CREATE -> 0x9D02BFF0
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x7a; }
user != kernel MBR !!!
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
============= FINISH: 19:07:24.48 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 rigacci

rigacci

    Fiorentino


  • Members
  • 2,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:34 PM

Posted 19 January 2012 - 10:40 AM

Hello rainraven and welcome to the forum. :welcome:

I apologize for the delay in responding to your request for help but it is very busy here and we can get overwhelmed at times.

If you have since resolved the original problem you were having, we would appreciate you letting us know.

If you still do need our help, please note the following:
  • While working we us, please refrain from running tools or applying updates other than those we suggest while we are cleaning your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received and do not proceed if you need clarification.
  • Please also include a clear description of the problems you're having.
  • After 5 days if your topic is not replied I will assume it has been abandoned and will close it.

Please be patient while I analyze your logs. All of my fixes are checked by higher level forum members before posting.

Thank you.

DR


#3 ravinraven

ravinraven
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:34 PM

Posted 19 January 2012 - 10:50 AM

Great, thank you for the response and info :)
Currently haven't resolved the problem. Looking forward to your help with this.

Thanks again for your time,
Raven

#4 ravinraven

ravinraven
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:34 PM

Posted 19 January 2012 - 08:36 PM

I just noticed something new so I thought I'd post it in case it's relevant. My network connection constantly has the connecting icon and says it's "acquiring network address". However the internet still works like I'm connected.

#5 rigacci

rigacci

    Fiorentino


  • Members
  • 2,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:34 PM

Posted 19 January 2012 - 08:42 PM

Sure, any extra info is always helpful. :thumbup2:

DR

#6 rigacci

rigacci

    Fiorentino


  • Members
  • 2,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:34 PM

Posted 20 January 2012 - 07:23 AM

Hi rainraven:

Before we start, I need to inform you of the following.

IMPORTANT NOTE: One or more of the identified infections is related to the rootkit TDL4. Rootkits, backdoor Trojans, Botnets, and IRCBots are very dangerous because they compromise system integrity by making changes that allow it to be used be the attacker for malicious purposes. Rootkits are used be Trojans to conceal its presence (hide from view) in order to prevent detection of an attacker's software and make removal more difficult. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. They can disable your anti-virus and security tools to prevent detection and removal. Remote attackers use backdoors as a means of accessing and taking control of a computer that bepasses security mechanisms. This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is send back to the hacker. To learn more about these types of infections, you can refer to:
What danger is presented be rootkits?

Rootkits and how to combat them

r00tkit Analysis: What Is A Rootkit
If your computer was used for online banking, has credit card information or other sensitive data on it, you should stay disconnected from the Internet until your system is fully cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised and change each password using a clean computer, not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connect again. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

What Should I Do If I've Become A Victim Of Identity Theft?

Identity Theft Victims Guide - What to do
Although the infection has been identified and may be removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired so you can never be sure that you have completely removed a rootkit. The malware may leave so many remnants behind that security tools cannot find them. Tools that claim to be able to remove rootkits cannot guarantee that all traces of it will be removed. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:
When should I re-format? How should I reinstall?

Help: I Got Hacked. Now What Do I Do?

Where to draw the line? When to recommend a format and reinstall?



We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. If you decide to continue please do this:


It looks like you have more than one anti virus product installed and running on your computer at a time. That is not recommended!!!
The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either AVG or Lavasoft (my own preference would be to keep the AVG).



Once you are finished with that, Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable Security Programs

•Double click on ComboFix.exe & follow the prompts.

Notes: ComboFix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.

Posted Image

If running XP, Click on YES and allow the Recovery Console to install. If running Vista or 7, click on NO to continue the scanning for malware.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy/Paste in your next reply.

Notes:

1.Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. ComboFix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. ComboFix disconnects your machine from the internet. The connection is automatically restored before ComboFix completes its run.

Give it at least 20-30 minutes to finish if needed.

Please do not attach the scan results from ComboFix. Use copy/paste.

Also please describe how your computer behaves at the moment.



Thanks.

Dave

#7 ravinraven

ravinraven
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:34 PM

Posted 20 January 2012 - 06:15 PM

I'm posting from a friend's computer. I ran combofix and it's on a screen that says "Preparing log report. Do not run any programs until combofix has finished"
It's been like that for over an hour though. Is that normal?

#8 ravinraven

ravinraven
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:34 PM

Posted 20 January 2012 - 08:25 PM

I finally gave up and restarted my computer. I checked the combofix folder though and it did have a log. Please let me know if this is sufficient or if I need to do something else/complete the scan properly.


ComboFix 12-01-19.02 - Raven 01/20/2012 14:17:18.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1431 [GMT -8:00]
Running from: C:\Documents and Settings\Raven\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

/wow section - STAGE 10


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\All Users\Application Data\TEMP
C:\Documents and Settings\Raven\Application Data\PriceGong
C:\Documents and Settings\Raven\Application Data\PriceGong\Data\1.xml
C:\Documents and Settings\Raven\Application Data\PriceGong\Data\a.xml
C:\Documents and Settings\Raven\Application Data\PriceGong\Data\b.xml
C:\Documents and Settings\Raven\Application Data\PriceGong\Data\c.xml
C:\Documents and Settings\Raven\Application Data\PriceGong\Data\d.xml
C:\Documents and Settings\Raven\Application Data\PriceGong\Data\e.xml
C:\Documents and Settings\Raven\Application Data\PriceGong\Data\f.xml
C:\Documents and Settings\Raven\Application Data\PriceGong\Data\g.xml
C:\Documents and Settings\Raven\Application Data\PriceGong\Data\h.xml
C:\Documents and Settings\Raven\Application Data\PriceGong\Data\i.xml
C:\Documents and Settings\Raven\Application Data\PriceGong\Data\J.xml
C:\Documents and Settings\Raven\Application Data\PriceGong\Data\k.xml
C:\Documents and Settings\Raven\Application Data\PriceGong\Data\l.xml
C:\Documents and Settings\Raven\Application Data\PriceGong\Data\m.xml
C:\Documents and Settings\Raven\Application Data\PriceGong\Data\mru.xml
C:\Documents and Settings\Raven\Application Data\PriceGong\Data\n.xml
C:\Documents and Settings\Raven\Application Data\PriceGong\Data\o.xml
C:\Documents and Settings\Raven\Application Data\PriceGong\Data\p.xml
C:\Documents and Settings\Raven\Application Data\PriceGong\Data\q.xml
C:\Documents and Settings\Raven\Application Data\PriceGong\Data\r.xml
C:\Documents and Settings\Raven\Application Data\PriceGong\Data\s.xml
C:\Documents and Settings\Raven\Application Data\PriceGong\Data\t.xml
C:\Documents and Settings\Raven\Application Data\PriceGong\Data\u.xml
C:\Documents and Settings\Raven\Application Data\PriceGong\Data\v.xml
C:\Documents and Settings\Raven\Application Data\PriceGong\Data\w.xml
C:\Documents and Settings\Raven\Application Data\PriceGong\Data\x.xml
C:\Documents and Settings\Raven\Application Data\PriceGong\Data\y.xml
C:\Documents and Settings\Raven\Application Data\PriceGong\Data\z.xml
C:\Documents and Settings\Raven\WINDOWS
C:\Ex.CleanI
C:\Program Files\Common Files\Help
C:\Program Files\Common Files\Help\_updated.js
C:\Program Files\Common Files\Help\qnue.chm
C:\Program Files\Common Files\Help\qnue.lif
C:\Program Files\Common Files\Help\qnue.lt3
C:\Program Files\Common Files\Help\qnue.rul
C:\Program Files\Common Files\Help\quicken.chm
C:\Program Files\Common Files\Help\quicken.lif
C:\Program Files\Common Files\Help\Quicken.lt3
C:\Program Files\Common Files\Help\Quicken.rul
C:\Program Files\Common Files\Help\quickenProject.lt3
C:\Program Files\Common Files\Help\quickenProject.rul
C:\WINDOWS\kb913800.exe
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\Cache\272512937d9e61a4.fb
C:\WINDOWS\system32\Cache\287204568329e189.fb
C:\WINDOWS\system32\Cache\28bc8f716fd76a47.fb
C:\WINDOWS\system32\Cache\2c53092c95605355.fb
C:\WINDOWS\system32\Cache\3917078cb68ec657.fb
C:\WINDOWS\system32\Cache\590ba23ce359fd0c.fb
C:\WINDOWS\system32\Cache\610289e025a3ee9a.fb
C:\WINDOWS\system32\Cache\651c5d3cdbfb8bd1.fb
C:\WINDOWS\system32\Cache\6c59ac5e7e7a3ad0.fb
C:\WINDOWS\system32\Cache\9033a2e61533f812.fb
C:\WINDOWS\system32\Cache\a8556537add6dfc5.fb
C:\WINDOWS\system32\Cache\ad10a52aff5e038d.fb
C:\WINDOWS\system32\Cache\c4d28dca2e7648be.fb
C:\WINDOWS\system32\Cache\d1a9f9a9527084ac.fb
C:\WINDOWS\system32\Cache\d201ef9910cd39de.fb
C:\WINDOWS\system32\Cache\d2e94710a5708128.fb
C:\WINDOWS\system32\Cache\d79b9dfe81484ec4.fb
C:\WINDOWS\system32\Cache\e0de16f883bea794.fb

Infected copy of C:\WINDOWS\system32\drivers\avgtdix.sys was found and disinfected
Restored copy from - The cat found it :)

((((((((((((((((((((((((( Files Created from 2011-12-20 to 2012-01-20 )))))))))))))))))))))))))))))))


2012-01-20 21:47:09 . 2011-07-11 08:14:38 295248 ----a-w- C:\WINDOWS\system32\drivers\avgtdix.sys
2012-01-16 22:22:43 . 2012-01-16 22:22:43 -------- d-----w- C:\Documents and Settings\Raven\Application Data\AVG Secure Search
2012-01-15 18:05:27 . 2012-01-15 18:05:28 43992 ----a-w- C:\Program Files\Mozilla Firefox\mozutils.dll
2012-01-15 18:05:27 . 2012-01-15 18:05:27 626688 ----a-w- C:\Program Files\Mozilla Firefox\msvcr80.dll
2012-01-15 18:05:27 . 2012-01-15 18:05:27 548864 ----a-w- C:\Program Files\Mozilla Firefox\msvcp80.dll
2012-01-15 18:05:27 . 2012-01-15 18:05:27 479232 ----a-w- C:\Program Files\Mozilla Firefox\msvcm80.dll
2012-01-03 13:10:44 . 2012-01-03 13:10:44 182672 ----a-w- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
2012-01-03 13:10:44 . 2012-01-03 13:10:44 182672 ----a-w- C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-01-20 22:14:39 . 2011-04-09 04:53:45 7304 ----a-w- C:\WINDOWS\TMP0001.TMP
2011-11-29 21:16:27 . 2011-06-29 00:11:46 414368 ----a-w- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2011-11-25 21:57:19 . 2006-03-16 04:00:00 293376 ----a-w- C:\WINDOWS\system32\winsrv.dll
2011-11-23 13:25:32 . 2006-03-16 04:00:00 1859584 ----a-w- C:\WINDOWS\system32\win32k.sys
2011-11-18 12:35:08 . 2006-03-16 04:00:00 60416 ----a-w- C:\WINDOWS\system32\packager.exe
2011-11-04 19:20:51 . 2006-03-16 04:00:00 916992 ----a-w- C:\WINDOWS\system32\wininet.dll
2011-11-04 19:20:51 . 2006-03-16 04:00:00 43520 ----a-w- C:\WINDOWS\system32\licmgr10.dll
2011-11-04 19:20:51 . 2006-03-16 04:00:00 1469440 ------w- C:\WINDOWS\system32\inetcpl.cpl
2011-11-04 11:23:59 . 2006-03-16 04:00:00 385024 ----a-w- C:\WINDOWS\system32\html.iec
2011-11-03 15:28:36 . 2005-08-30 12:13:42 1292288 ----a-w- C:\WINDOWS\system32\quartz.dll
2011-11-03 15:28:36 . 2005-06-29 09:55:08 386048 ----a-w- C:\WINDOWS\system32\qdvd.dll
2011-11-01 16:07:10 . 2006-03-16 04:00:00 1288704 ----a-w- C:\WINDOWS\system32\ole32.dll
2011-10-28 05:31:48 . 2006-03-16 04:00:00 33280 ----a-w- C:\WINDOWS\system32\csrsrv.dll
2011-10-25 13:37:08 . 2006-03-16 04:00:00 2148864 ------w- C:\WINDOWS\system32\ntoskrnl.exe
2011-10-25 12:52:02 . 2006-03-16 04:00:00 2027008 ------w- C:\WINDOWS\system32\ntkrnlpa.exe
2012-01-15 18:05:29 . 2011-12-02 17:04:12 121816 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll

#9 rigacci

rigacci

    Fiorentino


  • Members
  • 2,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:34 PM

Posted 21 January 2012 - 02:23 PM

Hi rainraven:

Let's run this first.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your Desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.



Once you are finished with that, Right-Click the copy of ComboFix that is on your desktop and Delete it.

Now Download a new copy of ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable Security Programs

•Double click on ComboFix.exe & follow the prompts.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy/Paste in your next reply.

Notes:

1.Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. ComboFix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. ComboFix disconnects your machine from the internet. The connection is automatically restored before ComboFix completes its run.

Give it at least 20-30 minutes to finish if needed.

Please do not attach the scan results from ComboFix. Use copy/paste.

Also please describe how your computer behaves at the moment.



Thanks.

Dave

#10 ravinraven

ravinraven
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:34 PM

Posted 22 January 2012 - 08:52 PM

Alrighty. Well the TDSSKiller finished quickly and didn't find anything. ComboFix had the same problem as the first time I ran it - it wouldn't generate a report so I finally restarted the computer. There was a log when it restarted though. It also said it detected rootkit activity when I ran it.

As far as how my computer is acting, it's running faster again and has stopped redirecting. AVG has popped up several time though detecting rootkit/trojan threats.

Here are the logs:

16:10:09.0265 1528 TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
16:10:09.0843 1528 ============================================================
16:10:09.0843 1528 Current date / time: 2012/01/22 16:10:09.0843
16:10:09.0843 1528 SystemInfo:
16:10:09.0843 1528
16:10:09.0843 1528 OS Version: 5.1.2600 ServicePack: 3.0
16:10:09.0843 1528 Product type: Workstation
16:10:09.0843 1528 ComputerName: LAPPY
16:10:09.0843 1528 UserName: Raven
16:10:09.0843 1528 Windows directory: C:\WINDOWS
16:10:09.0843 1528 System windows directory: C:\WINDOWS
16:10:09.0843 1528 Processor architecture: Intel x86
16:10:09.0843 1528 Number of processors: 2
16:10:09.0843 1528 Page size: 0x1000
16:10:09.0843 1528 Boot type: Normal boot
16:10:09.0843 1528 ============================================================
16:10:10.0500 1528 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:10:10.0500 1528 Drive \Device\Harddisk1\DR4 - Size: 0x3A0ED00000 (232.23 Gb), SectorSize: 0x200, Cylinders: 0x766B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:10:14.0921 1528 Initialize success
16:10:30.0250 4556 ============================================================
16:10:30.0250 4556 Scan started
16:10:30.0250 4556 Mode: Manual;
16:10:30.0250 4556 ============================================================
16:10:31.0171 4556 5U870CAP_VID_1262&PID_25FD (d2142fee659d97b2b05820f21594bfe2) C:\WINDOWS\system32\Drivers\5U870CAP.sys
16:10:31.0171 4556 5U870CAP_VID_1262&PID_25FD - ok
16:10:31.0265 4556 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
16:10:31.0265 4556 61883 - ok
16:10:31.0281 4556 Abiosdsk - ok
16:10:31.0343 4556 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
16:10:31.0343 4556 abp480n5 - ok
16:10:31.0406 4556 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:10:31.0421 4556 ACPI - ok
16:10:31.0453 4556 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
16:10:31.0453 4556 ACPIEC - ok
16:10:31.0484 4556 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
16:10:31.0500 4556 adpu160m - ok
16:10:31.0531 4556 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:10:31.0546 4556 aec - ok
16:10:31.0609 4556 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
16:10:31.0625 4556 AFD - ok
16:10:31.0843 4556 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
16:10:31.0843 4556 agp440 - ok
16:10:31.0906 4556 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
16:10:31.0921 4556 agpCPQ - ok
16:10:32.0000 4556 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
16:10:32.0000 4556 Aha154x - ok
16:10:32.0046 4556 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
16:10:32.0046 4556 aic78u2 - ok
16:10:32.0109 4556 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
16:10:32.0109 4556 aic78xx - ok
16:10:32.0187 4556 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
16:10:32.0187 4556 AliIde - ok
16:10:32.0343 4556 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
16:10:32.0343 4556 alim1541 - ok
16:10:32.0453 4556 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
16:10:32.0453 4556 amdagp - ok
16:10:32.0531 4556 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
16:10:32.0531 4556 amsint - ok
16:10:32.0625 4556 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
16:10:32.0625 4556 Arp1394 - ok
16:10:32.0734 4556 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
16:10:32.0734 4556 asc - ok
16:10:32.0781 4556 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
16:10:32.0781 4556 asc3350p - ok
16:10:32.0968 4556 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
16:10:32.0968 4556 asc3550 - ok
16:10:33.0046 4556 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:10:33.0062 4556 AsyncMac - ok
16:10:33.0140 4556 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:10:33.0156 4556 atapi - ok
16:10:33.0281 4556 Atdisk - ok
16:10:33.0328 4556 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:10:33.0343 4556 Atmarpc - ok
16:10:33.0500 4556 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:10:33.0500 4556 audstub - ok
16:10:33.0640 4556 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
16:10:33.0640 4556 Avc - ok
16:10:33.0703 4556 AVCSTRM (e625773d7b950842d582f713656859c0) C:\WINDOWS\system32\DRIVERS\avcstrm.sys
16:10:33.0703 4556 AVCSTRM - ok
16:10:33.0812 4556 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
16:10:33.0828 4556 AVGIDSDriver - ok
16:10:33.0937 4556 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
16:10:33.0937 4556 AVGIDSEH - ok
16:10:34.0062 4556 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
16:10:34.0062 4556 AVGIDSFilter - ok
16:10:34.0171 4556 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
16:10:34.0171 4556 AVGIDSShim - ok
16:10:34.0296 4556 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
16:10:34.0296 4556 Avgldx86 - ok
16:10:34.0421 4556 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
16:10:34.0421 4556 Avgmfx86 - ok
16:10:34.0562 4556 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
16:10:34.0593 4556 Avgrkx86 - ok
16:10:34.0656 4556 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
16:10:34.0656 4556 Avgtdix - ok
16:10:34.0718 4556 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:10:34.0718 4556 Beep - ok
16:10:34.0906 4556 BTWUSB (4272bab9291d26da5ac913bc79c3ce85) C:\WINDOWS\system32\Drivers\btwusb.sys
16:10:34.0906 4556 BTWUSB - ok
16:10:35.0015 4556 catchme - ok
16:10:35.0156 4556 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
16:10:35.0156 4556 cbidf - ok
16:10:35.0203 4556 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:10:35.0203 4556 cbidf2k - ok
16:10:35.0281 4556 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
16:10:35.0281 4556 CCDECODE - ok
16:10:35.0421 4556 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
16:10:35.0421 4556 cd20xrnt - ok
16:10:35.0484 4556 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:10:35.0500 4556 Cdaudio - ok
16:10:35.0531 4556 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:10:35.0546 4556 Cdfs - ok
16:10:35.0671 4556 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:10:35.0671 4556 Cdrom - ok
16:10:35.0703 4556 Changer - ok
16:10:35.0843 4556 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
16:10:35.0843 4556 CmBatt - ok
16:10:35.0921 4556 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
16:10:35.0921 4556 CmdIde - ok
16:10:35.0968 4556 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
16:10:35.0968 4556 Compbatt - ok
16:10:36.0046 4556 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
16:10:36.0046 4556 Cpqarray - ok
16:10:36.0125 4556 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
16:10:36.0125 4556 dac2w2k - ok
16:10:36.0250 4556 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
16:10:36.0250 4556 dac960nt - ok
16:10:36.0375 4556 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:10:36.0375 4556 Disk - ok
16:10:36.0500 4556 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
16:10:36.0546 4556 dmboot - ok
16:10:36.0593 4556 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
16:10:36.0609 4556 dmio - ok
16:10:36.0687 4556 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:10:36.0687 4556 dmload - ok
16:10:36.0781 4556 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:10:36.0781 4556 DMusic - ok
16:10:36.0921 4556 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
16:10:36.0937 4556 dpti2o - ok
16:10:37.0015 4556 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:10:37.0015 4556 drmkaud - ok
16:10:37.0109 4556 E100B (ac9cf17ee2ae003c98eb4f5336c38058) C:\WINDOWS\system32\DRIVERS\e100b325.sys
16:10:37.0109 4556 E100B - ok
16:10:37.0171 4556 eabfiltr (b5cb3084046146fd2587d8c9b219feb4) C:\WINDOWS\system32\DRIVERS\eabfiltr.sys
16:10:37.0171 4556 eabfiltr - ok
16:10:37.0203 4556 eabusb (231f4547ae1e4b3e60eca66c3a96d218) C:\WINDOWS\system32\DRIVERS\eabusb.sys
16:10:37.0203 4556 eabusb - ok
16:10:37.0343 4556 eeCtrl (08035db1987412cced1d4201263776ed) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
16:10:37.0359 4556 eeCtrl - ok
16:10:37.0625 4556 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:10:37.0625 4556 Fastfat - ok
16:10:37.0671 4556 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
16:10:37.0671 4556 Fdc - ok
16:10:37.0718 4556 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
16:10:37.0718 4556 Fips - ok
16:10:37.0765 4556 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
16:10:37.0765 4556 Flpydisk - ok
16:10:37.0812 4556 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
16:10:37.0812 4556 FltMgr - ok
16:10:38.0046 4556 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:10:38.0046 4556 Fs_Rec - ok
16:10:38.0171 4556 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:10:38.0171 4556 Ftdisk - ok
16:10:38.0250 4556 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
16:10:38.0250 4556 GEARAspiWDM - ok
16:10:38.0328 4556 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:10:38.0328 4556 Gpc - ok
16:10:38.0421 4556 HBtnKey (cef316dbbd1b3845a6d53ed620eb1aeb) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
16:10:38.0421 4556 HBtnKey - ok
16:10:38.0500 4556 HdAudAddService (4905d28aa09f63e6a2f4e93ed6dd7d19) C:\WINDOWS\system32\drivers\CHDAud.sys
16:10:38.0531 4556 HdAudAddService - ok
16:10:38.0671 4556 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:10:38.0671 4556 HDAudBus - ok
16:10:38.0734 4556 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:10:38.0734 4556 HidUsb - ok
16:10:38.0843 4556 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
16:10:38.0843 4556 hpn - ok
16:10:38.0984 4556 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
16:10:38.0984 4556 HPZid412 - ok
16:10:39.0031 4556 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
16:10:39.0031 4556 HPZipr12 - ok
16:10:39.0109 4556 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
16:10:39.0109 4556 HPZius12 - ok
16:10:39.0265 4556 HSFHWAZL (0aaef566e6782957252fa79f566fbc0b) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
16:10:39.0281 4556 HSFHWAZL - ok
16:10:39.0406 4556 HSF_DPV (e472e0cb4e716cc34c0e045f2c196221) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
16:10:39.0453 4556 HSF_DPV - ok
16:10:39.0546 4556 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:10:39.0546 4556 HTTP - ok
16:10:39.0687 4556 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
16:10:39.0687 4556 i2omgmt - ok
16:10:39.0750 4556 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
16:10:39.0750 4556 i2omp - ok
16:10:39.0828 4556 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:10:39.0828 4556 i8042prt - ok
16:10:39.0968 4556 ialm (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
16:10:40.0015 4556 ialm - ok
16:10:40.0156 4556 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys
16:10:40.0156 4556 iaStor - ok
16:10:40.0328 4556 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:10:40.0328 4556 Imapi - ok
16:10:40.0437 4556 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
16:10:40.0437 4556 ini910u - ok
16:10:40.0500 4556 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
16:10:40.0500 4556 IntelIde - ok
16:10:40.0546 4556 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:10:40.0546 4556 intelppm - ok
16:10:40.0625 4556 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
16:10:40.0640 4556 Ip6Fw - ok
16:10:40.0765 4556 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:10:40.0781 4556 IpFilterDriver - ok
16:10:40.0875 4556 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:10:40.0875 4556 IpInIp - ok
16:10:40.0937 4556 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:10:40.0937 4556 IpNat - ok
16:10:41.0000 4556 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:10:41.0000 4556 IPSec - ok
16:10:41.0046 4556 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:10:41.0046 4556 IRENUM - ok
16:10:41.0125 4556 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:10:41.0125 4556 isapnp - ok
16:10:41.0312 4556 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:10:41.0312 4556 Kbdclass - ok
16:10:41.0343 4556 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:10:41.0343 4556 kbdhid - ok
16:10:41.0437 4556 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:10:41.0453 4556 kmixer - ok
16:10:41.0546 4556 KMW_SYS (624fda9ffa42b16f3f91861b462d69ae) C:\WINDOWS\system32\DRIVERS\KMW_SYS.sys
16:10:41.0546 4556 KMW_SYS - ok
16:10:41.0656 4556 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:10:41.0671 4556 KSecDD - ok
16:10:41.0750 4556 Lavasoft Kernexplorer - ok
16:10:41.0968 4556 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
16:10:42.0000 4556 Lbd - ok
16:10:42.0156 4556 lbrtfdc - ok
16:10:42.0250 4556 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
16:10:42.0250 4556 mdmxsdk - ok
16:10:42.0359 4556 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
16:10:42.0359 4556 MHNDRV - ok
16:10:42.0609 4556 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:10:42.0609 4556 mnmdd - ok
16:10:42.0656 4556 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
16:10:42.0671 4556 Modem - ok
16:10:42.0718 4556 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:10:42.0718 4556 Mouclass - ok
16:10:42.0765 4556 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:10:42.0765 4556 mouhid - ok
16:10:42.0812 4556 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:10:42.0812 4556 MountMgr - ok
16:10:42.0859 4556 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
16:10:42.0859 4556 mraid35x - ok
16:10:42.0906 4556 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:10:42.0921 4556 MRxDAV - ok
16:10:43.0015 4556 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:10:43.0015 4556 MRxSmb - ok
16:10:43.0171 4556 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:10:43.0171 4556 Msfs - ok
16:10:43.0265 4556 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:10:43.0265 4556 MSKSSRV - ok
16:10:43.0328 4556 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:10:43.0343 4556 MSPCLOCK - ok
16:10:43.0390 4556 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:10:43.0390 4556 MSPQM - ok
16:10:43.0453 4556 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:10:43.0453 4556 mssmbios - ok
16:10:43.0578 4556 MSTAPE (5c3f9bdf4db23b75306388fc26a0a8e5) C:\WINDOWS\system32\DRIVERS\mstape.sys
16:10:43.0578 4556 MSTAPE - ok
16:10:43.0609 4556 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
16:10:43.0609 4556 MSTEE - ok
16:10:43.0812 4556 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
16:10:43.0812 4556 Mup - ok
16:10:43.0890 4556 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
16:10:43.0890 4556 NABTSFEC - ok
16:10:43.0953 4556 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:10:43.0953 4556 NDIS - ok
16:10:44.0000 4556 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
16:10:44.0000 4556 NdisIP - ok
16:10:44.0062 4556 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:10:44.0062 4556 NdisTapi - ok
16:10:44.0140 4556 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:10:44.0140 4556 Ndisuio - ok
16:10:44.0296 4556 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:10:44.0296 4556 NdisWan - ok
16:10:44.0390 4556 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
16:10:44.0390 4556 NDProxy - ok
16:10:44.0468 4556 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:10:44.0468 4556 NetBIOS - ok
16:10:44.0500 4556 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:10:44.0500 4556 NetBT - ok
16:10:44.0734 4556 NETw5x32 (05743fffc2bc88cc8e426321bc6a762e) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
16:10:44.0875 4556 NETw5x32 - ok
16:10:45.0062 4556 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
16:10:45.0062 4556 NIC1394 - ok
16:10:45.0093 4556 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:10:45.0093 4556 Npfs - ok
16:10:45.0156 4556 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:10:45.0203 4556 Ntfs - ok
16:10:45.0296 4556 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:10:45.0296 4556 Null - ok
16:10:45.0343 4556 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:10:45.0343 4556 NwlnkFlt - ok
16:10:45.0406 4556 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:10:45.0421 4556 NwlnkFwd - ok
16:10:45.0609 4556 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
16:10:45.0609 4556 ohci1394 - ok
16:10:45.0734 4556 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
16:10:45.0734 4556 Parport - ok
16:10:45.0828 4556 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:10:45.0828 4556 PartMgr - ok
16:10:45.0906 4556 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
16:10:45.0906 4556 ParVdm - ok
16:10:45.0968 4556 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
16:10:45.0968 4556 PCI - ok
16:10:46.0140 4556 PCIDump - ok
16:10:46.0218 4556 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:10:46.0218 4556 PCIIde - ok
16:10:46.0312 4556 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
16:10:46.0312 4556 Pcmcia - ok
16:10:46.0343 4556 PDCOMP - ok
16:10:46.0375 4556 PDFRAME - ok
16:10:46.0406 4556 PDRELI - ok
16:10:46.0437 4556 PDRFRAME - ok
16:10:46.0593 4556 PenClass (4a108cc9cc0e0605e68cce7021479879) C:\WINDOWS\system32\Drivers\PenClass.sys
16:10:46.0593 4556 PenClass - ok
16:10:46.0703 4556 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
16:10:46.0718 4556 perc2 - ok
16:10:46.0843 4556 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
16:10:46.0843 4556 perc2hib - ok
16:10:46.0937 4556 pfc (f2b3785d7282bac66d4b644fc88749f0) C:\WINDOWS\system32\drivers\pfc.sys
16:10:46.0937 4556 pfc - ok
16:10:47.0031 4556 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:10:47.0046 4556 PptpMiniport - ok
16:10:47.0156 4556 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:10:47.0156 4556 PSched - ok
16:10:47.0218 4556 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:10:47.0234 4556 Ptilink - ok
16:10:47.0593 4556 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
16:10:47.0593 4556 PxHelp20 - ok
16:10:47.0640 4556 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
16:10:47.0640 4556 ql1080 - ok
16:10:47.0671 4556 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
16:10:47.0671 4556 Ql10wnt - ok
16:10:47.0687 4556 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
16:10:47.0687 4556 ql12160 - ok
16:10:47.0765 4556 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
16:10:47.0765 4556 ql1240 - ok
16:10:47.0890 4556 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
16:10:47.0890 4556 ql1280 - ok
16:10:47.0937 4556 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:10:47.0937 4556 RasAcd - ok
16:10:48.0125 4556 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:10:48.0140 4556 Rasl2tp - ok
16:10:48.0171 4556 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:10:48.0171 4556 RasPppoe - ok
16:10:48.0265 4556 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:10:48.0265 4556 Raspti - ok
16:10:48.0312 4556 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:10:48.0312 4556 Rdbss - ok
16:10:48.0406 4556 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:10:48.0406 4556 RDPCDD - ok
16:10:48.0453 4556 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:10:48.0468 4556 rdpdr - ok
16:10:48.0609 4556 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
16:10:48.0625 4556 RDPWD - ok
16:10:48.0703 4556 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:10:48.0703 4556 redbook - ok
16:10:48.0765 4556 rimmptsk (7a6648b61661b1421ffab762e391e33f) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
16:10:48.0765 4556 rimmptsk - ok
16:10:48.0812 4556 rimsptsk (d0a35b7670aa3558eaab483f64446496) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
16:10:48.0812 4556 rimsptsk - ok
16:10:48.0859 4556 rismxdp (3ac17802740c3a4764dc9750e92e6233) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
16:10:48.0859 4556 rismxdp - ok
16:10:48.0953 4556 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
16:10:48.0953 4556 rtl8139 - ok
16:10:49.0046 4556 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
16:10:49.0046 4556 sdbus - ok
16:10:49.0156 4556 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:10:49.0171 4556 Secdrv - ok
16:10:49.0359 4556 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
16:10:49.0359 4556 Serial - ok
16:10:49.0484 4556 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
16:10:49.0484 4556 sffdisk - ok
16:10:49.0531 4556 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
16:10:49.0531 4556 sffp_sd - ok
16:10:49.0578 4556 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:10:49.0578 4556 Sfloppy - ok
16:10:49.0640 4556 Simbad - ok
16:10:49.0718 4556 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
16:10:49.0718 4556 sisagp - ok
16:10:49.0796 4556 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
16:10:49.0796 4556 SLIP - ok
16:10:49.0890 4556 SMNDIS5 (4ef5ea44583c37383c289d4b8c354698) C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS
16:10:49.0906 4556 SMNDIS5 - ok
16:10:50.0062 4556 SNP2UVC (fac7b89330e20713950925050c91cd04) C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
16:10:50.0062 4556 SNP2UVC - ok
16:10:50.0187 4556 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
16:10:50.0187 4556 Sparrow - ok
16:10:50.0265 4556 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:10:50.0265 4556 splitter - ok
16:10:50.0296 4556 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
16:10:50.0312 4556 sr - ok
16:10:50.0375 4556 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
16:10:50.0406 4556 Srv - ok
16:10:50.0437 4556 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
16:10:50.0437 4556 streamip - ok
16:10:50.0531 4556 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:10:50.0531 4556 swenum - ok
16:10:50.0640 4556 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:10:50.0640 4556 swmidi - ok
16:10:50.0781 4556 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
16:10:50.0781 4556 symc810 - ok
16:10:50.0843 4556 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
16:10:50.0843 4556 symc8xx - ok
16:10:50.0937 4556 SYMIDSCO - ok
16:10:51.0093 4556 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys
16:10:51.0093 4556 symlcbrd - ok
16:10:51.0171 4556 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
16:10:51.0171 4556 sym_hi - ok
16:10:51.0296 4556 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
16:10:51.0296 4556 sym_u3 - ok
16:10:51.0390 4556 SynTP (926e0bb4cac05d9a0c3b59dc16fe2f1c) C:\WINDOWS\system32\DRIVERS\SynTP.sys
16:10:51.0406 4556 SynTP - ok
16:10:51.0468 4556 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:10:51.0468 4556 sysaudio - ok
16:10:51.0718 4556 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:10:51.0718 4556 Tcpip - ok
16:10:51.0812 4556 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:10:51.0812 4556 TDPIPE - ok
16:10:51.0843 4556 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:10:51.0843 4556 TDTCP - ok
16:10:51.0875 4556 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:10:51.0875 4556 TermDD - ok
16:10:51.0937 4556 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
16:10:51.0937 4556 TosIde - ok
16:10:52.0031 4556 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:10:52.0031 4556 Udfs - ok
16:10:52.0109 4556 UIUSys - ok
16:10:52.0203 4556 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
16:10:52.0203 4556 ultra - ok
16:10:52.0312 4556 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:10:52.0328 4556 Update - ok
16:10:52.0406 4556 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\WINDOWS\system32\Drivers\usbaapl.sys
16:10:52.0406 4556 USBAAPL - ok
16:10:52.0468 4556 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
16:10:52.0484 4556 usbaudio - ok
16:10:52.0531 4556 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:10:52.0546 4556 usbccgp - ok
16:10:52.0562 4556 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:10:52.0562 4556 usbehci - ok
16:10:52.0578 4556 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:10:52.0593 4556 usbhub - ok
16:10:52.0609 4556 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:10:52.0609 4556 usbprint - ok
16:10:52.0703 4556 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:10:52.0703 4556 usbscan - ok
16:10:52.0765 4556 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:10:52.0765 4556 USBSTOR - ok
16:10:52.0781 4556 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:10:52.0781 4556 usbuhci - ok
16:10:52.0812 4556 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:10:52.0812 4556 VgaSave - ok
16:10:52.0875 4556 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
16:10:52.0875 4556 viaagp - ok
16:10:52.0953 4556 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
16:10:52.0968 4556 ViaIde - ok
16:10:53.0046 4556 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
16:10:53.0046 4556 VolSnap - ok
16:10:53.0187 4556 w39n51 (c79918a5bd269035f3a34d157401b9df) C:\WINDOWS\system32\DRIVERS\w39n51.sys
16:10:53.0265 4556 w39n51 - ok
16:10:53.0328 4556 wacmoumonitor (f24ee97511fb901189e11cbbd51605ba) C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys
16:10:53.0359 4556 wacmoumonitor - ok
16:10:53.0484 4556 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
16:10:53.0484 4556 wacommousefilter - ok
16:10:53.0531 4556 wacomvhid (846b58ea44bf8c92e4b59f4e2252c4c0) C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
16:10:53.0531 4556 wacomvhid - ok
16:10:53.0546 4556 WacomVKHid - ok
16:10:53.0578 4556 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:10:53.0593 4556 Wanarp - ok
16:10:53.0640 4556 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
16:10:53.0640 4556 WDC_SAM - ok
16:10:53.0718 4556 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
16:10:53.0750 4556 Wdf01000 - ok
16:10:53.0859 4556 WDICA - ok
16:10:53.0921 4556 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:10:53.0937 4556 wdmaud - ok
16:10:54.0093 4556 winachsf (0e666ac2766f2fd860cc03f405a2ace1) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
16:10:54.0125 4556 winachsf - ok
16:10:54.0250 4556 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
16:10:54.0250 4556 WmiAcpi - ok
16:10:54.0343 4556 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
16:10:54.0343 4556 WpdUsb - ok
16:10:54.0437 4556 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
16:10:54.0437 4556 WS2IFSL - ok
16:10:54.0500 4556 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
16:10:54.0515 4556 WSTCODEC - ok
16:10:54.0640 4556 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:10:54.0640 4556 WudfPf - ok
16:10:54.0718 4556 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:10:54.0718 4556 WudfRd - ok
16:10:54.0906 4556 xusb21 (f5e5f944e63a9b5f6e76c2ebb2ac462f) C:\WINDOWS\system32\DRIVERS\xusb21.sys
16:10:54.0906 4556 xusb21 - ok
16:10:54.0953 4556 MBR (0x1B8) (665277635dc8ba83deae12eadedb75a0) \Device\Harddisk0\DR0
16:10:54.0984 4556 \Device\Harddisk0\DR0 - ok
16:10:54.0984 4556 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR4
16:10:55.0000 4556 \Device\Harddisk1\DR4 - ok
16:10:55.0000 4556 Boot (0x1200) (eb8eea86fa1af3f31d16c944f2ff9076) \Device\Harddisk0\DR0\Partition0
16:10:55.0000 4556 \Device\Harddisk0\DR0\Partition0 - ok
16:10:55.0031 4556 Boot (0x1200) (9b4ca203ea214b385b5ac9b9408addbe) \Device\Harddisk0\DR0\Partition1
16:10:55.0031 4556 \Device\Harddisk0\DR0\Partition1 - ok
16:10:55.0031 4556 Boot (0x1200) (200301c2e642922e961c5843ef023029) \Device\Harddisk1\DR4\Partition0
16:10:55.0031 4556 \Device\Harddisk1\DR4\Partition0 - ok
16:10:55.0046 4556 ============================================================
16:10:55.0046 4556 Scan finished
16:10:55.0046 4556 ============================================================
16:10:55.0062 7972 Detected object count: 0
16:10:55.0062 7972 Actual detected object count: 0








ComboFix 12-01-21.02 - Raven 01/22/2012 16:26:45.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1430 [GMT -8:00]
Running from: C:\Documents and Settings\Raven\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


---- Previous Run -------

C:\Documents and Settings\All Users\Application Data\TEMP
C:\Documents and Settings\Raven\Application Data\PriceGong
C:\Documents and Settings\Raven\Application Data\PriceGong\Data\1.xml
C:\Documents and Settings\Raven\Application Data\PriceGong\Data\a.xml
C:\Documents and Settings\Raven\Application Data\PriceGong\Data\b.xml
C:\Documents and Settings\Raven\Application Data\PriceGong\Data\c.xml
C:\Documents and Settings\Raven\Application Data\PriceGong\Data\d.xml
C:\Documents and Settings\Raven\Application Data\PriceGong\Data\e.xml
C:\Documents and Settings\Raven\Application Data\PriceGong\Data\f.xml
C:\Documents and Settings\Raven\Application Data\PriceGong\Data\g.xml
C:\Documents and Settings\Raven\Application Data\PriceGong\Data\h.xml
C:\Documents and Settings\Raven\Application Data\PriceGong\Data\i.xml
C:\Documents and Settings\Raven\Application Data\PriceGong\Data\J.xml
C:\Documents and Settings\Raven\Application Data\PriceGong\Data\k.xml
C:\Documents and Settings\Raven\Application Data\PriceGong\Data\l.xml
C:\Documents and Settings\Raven\Application Data\PriceGong\Data\m.xml
C:\Documents and Settings\Raven\Application Data\PriceGong\Data\mru.xml
C:\Documents and Settings\Raven\Application Data\PriceGong\Data\n.xml
C:\Documents and Settings\Raven\Application Data\PriceGong\Data\o.xml
C:\Documents and Settings\Raven\Application Data\PriceGong\Data\p.xml
C:\Documents and Settings\Raven\Application Data\PriceGong\Data\q.xml
C:\Documents and Settings\Raven\Application Data\PriceGong\Data\r.xml
C:\Documents and Settings\Raven\Application Data\PriceGong\Data\s.xml
C:\Documents and Settings\Raven\Application Data\PriceGong\Data\t.xml
C:\Documents and Settings\Raven\Application Data\PriceGong\Data\u.xml
C:\Documents and Settings\Raven\Application Data\PriceGong\Data\v.xml
C:\Documents and Settings\Raven\Application Data\PriceGong\Data\w.xml
C:\Documents and Settings\Raven\Application Data\PriceGong\Data\x.xml
C:\Documents and Settings\Raven\Application Data\PriceGong\Data\y.xml
C:\Documents and Settings\Raven\Application Data\PriceGong\Data\z.xml
C:\Documents and Settings\Raven\WINDOWS
C:\Ex.CleanI
C:\Program Files\Common Files\Help
C:\Program Files\Common Files\Help\_updated.js
C:\Program Files\Common Files\Help\qnue.chm
C:\Program Files\Common Files\Help\qnue.lif
C:\Program Files\Common Files\Help\qnue.lt3
C:\Program Files\Common Files\Help\qnue.rul
C:\Program Files\Common Files\Help\quicken.chm
C:\Program Files\Common Files\Help\quicken.lif
C:\Program Files\Common Files\Help\Quicken.lt3
C:\Program Files\Common Files\Help\Quicken.rul
C:\Program Files\Common Files\Help\quickenProject.lt3
C:\Program Files\Common Files\Help\quickenProject.rul
C:\WINDOWS\kb913800.exe
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\Cache\272512937d9e61a4.fb
C:\WINDOWS\system32\Cache\287204568329e189.fb
C:\WINDOWS\system32\Cache\28bc8f716fd76a47.fb
C:\WINDOWS\system32\Cache\2c53092c95605355.fb
C:\WINDOWS\system32\Cache\3917078cb68ec657.fb
C:\WINDOWS\system32\Cache\590ba23ce359fd0c.fb
C:\WINDOWS\system32\Cache\610289e025a3ee9a.fb
C:\WINDOWS\system32\Cache\651c5d3cdbfb8bd1.fb
C:\WINDOWS\system32\Cache\6c59ac5e7e7a3ad0.fb
C:\WINDOWS\system32\Cache\9033a2e61533f812.fb
C:\WINDOWS\system32\Cache\a8556537add6dfc5.fb
C:\WINDOWS\system32\Cache\ad10a52aff5e038d.fb
C:\WINDOWS\system32\Cache\c4d28dca2e7648be.fb
C:\WINDOWS\system32\Cache\d1a9f9a9527084ac.fb
C:\WINDOWS\system32\Cache\d201ef9910cd39de.fb
C:\WINDOWS\system32\Cache\d2e94710a5708128.fb
C:\WINDOWS\system32\Cache\d79b9dfe81484ec4.fb
C:\WINDOWS\system32\Cache\e0de16f883bea794.fb


((((((((((((((((((((((((( Files Created from 2011-12-23 to 2012-01-23 )))))))))))))))))))))))))))))))


2012-01-20 21:47:09 . 2011-07-11 08:14:38 295248 ----a-w- C:\WINDOWS\system32\drivers\avgtdix.sys
2012-01-16 22:22:43 . 2012-01-16 22:22:43 -------- d-----w- C:\Documents and Settings\Raven\Application Data\AVG Secure Search
2012-01-15 18:05:27 . 2012-01-15 18:05:28 43992 ----a-w- C:\Program Files\Mozilla Firefox\mozutils.dll
2012-01-15 18:05:27 . 2012-01-15 18:05:27 626688 ----a-w- C:\Program Files\Mozilla Firefox\msvcr80.dll
2012-01-15 18:05:27 . 2012-01-15 18:05:27 548864 ----a-w- C:\Program Files\Mozilla Firefox\msvcp80.dll
2012-01-15 18:05:27 . 2012-01-15 18:05:27 479232 ----a-w- C:\Program Files\Mozilla Firefox\msvcm80.dll
2012-01-03 13:10:44 . 2012-01-03 13:10:44 182672 ----a-w- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
2012-01-03 13:10:44 . 2012-01-03 13:10:44 182672 ----a-w- C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-01-23 00:23:45 . 2011-04-09 04:53:45 7304 ----a-w- C:\WINDOWS\TMP0001.TMP
2011-11-29 21:16:27 . 2011-06-29 00:11:46 414368 ----a-w- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2011-11-25 21:57:19 . 2006-03-16 04:00:00 293376 ----a-w- C:\WINDOWS\system32\winsrv.dll
2011-11-23 13:25:32 . 2006-03-16 04:00:00 1859584 ----a-w- C:\WINDOWS\system32\win32k.sys
2011-11-18 12:35:08 . 2006-03-16 04:00:00 60416 ----a-w- C:\WINDOWS\system32\packager.exe
2011-11-16 14:21:44 . 2006-03-16 04:00:00 354816 ----a-w- C:\WINDOWS\system32\winhttp.dll
2011-11-16 14:21:44 . 2006-03-16 04:00:00 152064 ----a-w- C:\WINDOWS\system32\schannel.dll
2011-11-04 19:20:51 . 2006-03-16 04:00:00 916992 ----a-w- C:\WINDOWS\system32\wininet.dll
2011-11-04 19:20:51 . 2006-03-16 04:00:00 43520 ----a-w- C:\WINDOWS\system32\licmgr10.dll
2011-11-04 19:20:51 . 2006-03-16 04:00:00 1469440 ------w- C:\WINDOWS\system32\inetcpl.cpl
2011-11-04 11:23:59 . 2006-03-16 04:00:00 385024 ----a-w- C:\WINDOWS\system32\html.iec
2011-11-03 15:28:36 . 2005-08-30 12:13:42 1292288 ----a-w- C:\WINDOWS\system32\quartz.dll
2011-11-03 15:28:36 . 2005-06-29 09:55:08 386048 ----a-w- C:\WINDOWS\system32\qdvd.dll
2011-11-01 16:07:10 . 2006-03-16 04:00:00 1288704 ----a-w- C:\WINDOWS\system32\ole32.dll
2011-10-28 05:31:48 . 2006-03-16 04:00:00 33280 ----a-w- C:\WINDOWS\system32\csrsrv.dll
2011-10-25 13:37:08 . 2006-03-16 04:00:00 2148864 ------w- C:\WINDOWS\system32\ntoskrnl.exe
2011-10-25 12:52:02 . 2006-03-16 04:00:00 2027008 ------w- C:\WINDOWS\system32\ntkrnlpa.exe
2012-01-15 18:05:29 . 2011-12-02 17:04:12 121816 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll

Edited by ravinraven, 22 January 2012 - 08:53 PM.


#11 rigacci

rigacci

    Fiorentino


  • Members
  • 2,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:34 PM

Posted 23 January 2012 - 04:35 PM

Hi rainraven:

Try this please. We need to get a closer look at your Master Boot Record.

Download aswMBR.exe to your desktop. Double click the aswMBR.exe to run it.

•Click the "Scan" button to start scan.

•Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT

•Please post the contents of that log in your next reply.

There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder.

Please attach that zipped file in your next reply.



For this next step you will need a USB flash drive.


Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer
  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK
  • Select the DiskImage option then click the browse button located on the right side of the textbox field.
  • Browse to and select the xpud-0.9.2.iso file you downloaded
  • Verify the correct drive letter is selected for your USB device then click OK
  • It will install a little bootable OS on your USB device
  • Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Next download dumpit to your USB
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB
  • Please note.. F12 does not create a 'boot menu' on all computers. You might need to try F10, F4, Esc.. to set the boot order. Let me know if you encounter difficulties.
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • Click on sdb1 (sdb1 represents the USB drive). Please note that if you do not see sdb1 please remove then replace the USB drive and see if it appears.
  • Double click on the dumpit file.
  • A black window will pop-up and it will dump and zip the MBR to your USB drive.
  • Press Enter to exit the black window.
  • Click on HOME tab and choose Power Off to turn off xPUD.
  • Remove the USB drive and insert it back on your working computer.
  • Locate the mbr.zip file in your USB drive and attach it when you reply.
Please include the following in your next post:
  • Attach the mbr.zip file

If you have any concerns please ask before proceeding.



Thanks.



Dave

#12 rigacci

rigacci

    Fiorentino


  • Members
  • 2,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:34 PM

Posted 26 January 2012 - 08:01 AM

Hi rainraven!

Are you still with us?

Dave

#13 ravinraven

ravinraven
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:34 PM

Posted 26 January 2012 - 11:40 AM

Hey Dave!
Sorry about the lag in communication. I picked up a nasty bug (personally, instead of just my computer this time :-p). I know running scans and such isn't all that taxing, but I haven't felt up to getting out of bed much. I will try to get up to speed on your instructions today if possible. I'm definitely still here though. Thanks!

#14 rigacci

rigacci

    Fiorentino


  • Members
  • 2,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:34 PM

Posted 26 January 2012 - 12:48 PM

OK, no problem. Just concentrate on getting well.

I will keep this topic open until you say so.

Dave

#15 rigacci

rigacci

    Fiorentino


  • Members
  • 2,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:34 PM

Posted 31 January 2012 - 09:01 AM

Hi rainraven!

How are you doing? Feeling up to completing this?

Take care!

Dave




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users