Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

A virus keeps commenting lines in my etc/hosts file


  • This topic is locked This topic is locked
5 replies to this topic

#1 schattel

schattel

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:59 PM

Posted 12 February 2012 - 12:02 PM

A virus keeps commenting the download.mcafee.com line in my \Windows\System32\drivers\etc\hosts file. This is preventing me from installing McAfee virus protection software. I have tried to manually uncomment the line but the virus keeps commenting it out before the software can download and install. I have tried reinstalling Windows 7 to its factory settings, but that didn't get rid of the virus. Any help on removing this virus would be appreciated. I will likely have to do this to 2 other PCs on my home network so I'll be taking good notes. Is this virus hiding in my "document" files and will I have to delete them or can I use a backup made during the reinstall to recover them?

I have run HiJackThis and I am inserting the log below:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:22:01 AM, on 2/12/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16912)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
O4 - HKLM\..\RunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
O4 - HKLM\..\RunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files (x86)\Logitech\Ereg\eReg.exe
O4 - Global Startup: ActivClient Agent.lnk = C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
O4 - Global Startup: vpngui.exe.lnk = ?
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: ActivIdentity Shared Store Service (ac.sharedstore) - ActivIdentity - C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD Fusion Utility Service (AMDFusionSVC) - Advanced Micro Devices - c:\Program Files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe
O23 - Service: AMD RAIDXpert (AMD_RAIDXpert) - AMD - C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Dell DataSafe Online (NOBU) - Dell, Inc. - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RoxMediaDB10 - Sonic Solutions - c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SessionLauncher - Unknown owner - c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10990 bytes

HijackThis is not able to provide accurate information for 64 bit systems.
In your case we need to see a DDS Log.
I would remove HijackThis using the Add/Remove Programs list.


Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

Posted Image
Download DDS and save it to your desktop from here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop.

Please just paste the contents of the DDS.txt log in your next post.

Edited by nasdaq, 13 February 2012 - 01:41 PM.
DDS log requested.


BC AdBot (Login to Remove)

 


#2 schattel

schattel
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:59 PM

Posted 13 February 2012 - 09:18 PM

DDS LOG:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by MomDad at 21:15:48 on 2012-02-13
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.12287.10187 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k NetworkService
c:\Program Files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\WinMsgBalloonServer.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\internet explorer\iexplore.exe
C:\Program Files (x86)\internet explorer\iexplore.exe
C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\mswinext.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\internet explorer\iexplore.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [zzzHPSETUP] D:\Setup.exe
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
mRunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
mRunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
StartupFolder: C:\Users\MomDad\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
StartupFolder: C:\Users\MomDad\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Logitech\Ereg\eReg.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ACTIVC~1.LNK - C:\Program Files (x86)\ActivIdentity\ActivClient\acsagent.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\VPNGUI~1.LNK - C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.254.254 192.168.254.254
TCP: Interfaces\{D9FD48F6-B8D5-481F-A216-764B17AA0D5F} : DhcpNameServer = 192.168.254.254 192.168.254.254
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [zzzHPSETUP] D:\Setup.exe
mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
mRunOnce-x64: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
mRunOnce-x64: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 ac.sharedstore;ActivIdentity Shared Store Service;C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-6-3 277032]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD_RAIDXpert;AMD RAIDXpert;C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-3-16 122880]
R2 AMDFusionSVC;AMD Fusion Utility Service;C:\Program Files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe [2009-9-8 383544]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-12-8 689472]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-8-19 450848]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AmdLLD64;AMD Low Level Device Driver;C:\Windows\system32\DRIVERS\AmdLLD64.sys --> C:\Windows\system32\DRIVERS\AmdLLD64.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 LVUVC64;Logitech HD Pro Webcam C910(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2010-7-30 25072]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SessionLauncher;SessionLauncher;c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]
S3 ahcix64s;ahcix64s;C:\Windows\system32\DRIVERS\ahcix64s.sys --> C:\Windows\system32\DRIVERS\ahcix64s.sys [?]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]
S3 S3XXx64;SCR3xx USB SmartCardReader64;C:\Windows\system32\DRIVERS\S3XXx64.sys --> C:\Windows\system32\DRIVERS\S3XXx64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-02-12 20:43:10 1409 ----a-w- C:\Windows\SysWow64\tmp5A5EE.FOT
2012-02-12 20:43:10 1409 ----a-w- C:\Windows\SysWow64\tmp4C5EE.FOT
2012-02-12 20:43:10 1409 ----a-w- C:\Windows\SysWow64\tmp146EE.FOT
2012-02-12 20:43:10 1409 ----a-w- C:\Windows\SysWow64\tmp136EE.FOT
2012-02-12 20:43:10 1409 ----a-w- C:\Windows\SysWow64\tmp076EE.FOT
2012-02-12 20:43:10 1409 ----a-w- C:\Windows\SysWow64\tmp066EE.FOT
2012-02-12 19:00:22 -------- d-----w- C:\Users\MomDad\AppData\Roaming\PCDr
2012-02-12 19:00:00 -------- d-----w- C:\ProgramData\PCDr
2012-02-12 18:50:32 83968 ----a-w- C:\Windows\System32\MLMON__S.DLL
2012-02-12 18:50:32 77312 ----a-w- C:\Windows\System32\MICM___S.DLL
2012-02-12 18:50:32 59904 ----a-w- C:\Windows\System32\MIMF32_S.DLL
2012-02-12 18:50:32 56832 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\MIMFPR_S.DLL
2012-02-12 18:50:32 51200 ----a-w- C:\Windows\System32\MTAG32_S.DLL
2012-02-12 18:50:32 267776 ----a-w- C:\Windows\System32\MSTMON_S.EXE
2012-02-12 18:50:32 226816 ----a-w- C:\Windows\System32\MUINST_S.EXE
2012-02-12 18:50:32 1443328 ----a-w- C:\Windows\System32\MSTMON_S.DLL
2012-02-12 18:50:32 119808 ----a-w- C:\Windows\System32\MSPOOL_S.DLL
2012-02-12 18:50:31 93184 ----a-w- C:\Windows\System32\MCMM___S.DLL
2012-02-12 18:50:31 54784 ----a-w- C:\Windows\System32\MCOINS_S.DLL
2012-02-12 18:50:31 107520 ----a-w- C:\Windows\System32\MGDI32_S.DLL
2012-02-12 16:18:38 -------- d-----w- C:\Users\MomDad\AppData\Local\Logitech® Webcam Software
2012-02-12 16:15:16 53248 ----a-r- C:\Users\MomDad\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-02-12 16:15:00 -------- d-----w- C:\Program Files (x86)\Common Files\LWS
2012-02-12 13:08:42 -------- d-----w- C:\Windows\SysWow64\Wat
2012-02-12 13:08:42 -------- d-----w- C:\Windows\System32\Wat
2012-02-12 05:03:01 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
2012-02-12 05:03:01 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
2012-02-12 04:56:49 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2012-02-12 04:55:13 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2012-02-12 04:55:13 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2012-02-12 04:55:13 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2012-02-12 04:55:13 444752 ----a-w- C:\Windows\System32\mscoree.dll
2012-02-12 04:55:13 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2012-02-12 04:55:13 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2012-02-12 04:55:13 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2012-02-12 04:55:13 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2012-02-12 04:55:13 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2012-02-12 04:55:13 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2012-02-12 04:35:31 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-02-12 04:33:23 714752 ----a-w- C:\Windows\System32\kerberos.dll
2012-02-12 04:33:23 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-02-12 04:31:53 2870272 ----a-w- C:\Windows\explorer.exe
2012-02-12 04:31:53 2614784 ----a-w- C:\Windows\SysWow64\explorer.exe
2012-02-12 04:31:50 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2012-02-12 04:31:49 850432 ----a-w- C:\Windows\SysWow64\sbe.dll
2012-02-12 04:31:49 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2012-02-12 04:31:49 259072 ----a-w- C:\Windows\System32\mpg2splt.ax
2012-02-12 04:31:49 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2012-02-12 04:31:49 1118720 ----a-w- C:\Windows\System32\sbe.dll
2012-02-12 04:29:57 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-02-12 04:28:49 633856 ----a-w- C:\Windows\System32\comctl32.dll
2012-02-12 04:27:43 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2012-02-12 04:27:43 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2012-02-12 04:27:42 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2012-02-12 04:27:42 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2012-02-12 04:22:47 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-02-12 04:22:47 367104 ----a-w- C:\Windows\System32\atmfd.dll
2012-02-12 04:22:47 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-02-12 04:22:47 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-02-12 04:22:06 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2012-02-12 04:22:05 223448 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2012-02-12 04:19:40 516096 ----a-w- C:\Program Files\Windows Mail\wab.exe
2012-02-12 04:19:39 516096 ----a-w- C:\Program Files (x86)\Windows Mail\wab.exe
2012-02-12 04:19:39 35328 ----a-w- C:\Program Files\Windows Mail\wabfind.dll
2012-02-12 04:09:46 -------- d-----w- C:\Program Files\Common Files\Deterministic Networks
2012-02-12 04:09:46 -------- d-----w- C:\Program Files (x86)\Cisco Systems
2012-02-12 03:57:45 422400 ----a-w- C:\Windows\System32\KernelBase.dll
2012-02-12 03:56:59 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2012-02-12 03:56:58 861184 ----a-w- C:\Windows\System32\oleaut32.dll
2012-02-12 03:56:58 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2012-02-12 03:56:58 331776 ----a-w- C:\Windows\System32\oleacc.dll
2012-02-12 03:56:58 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2012-02-12 03:56:55 723456 ----a-w- C:\Windows\System32\EncDec.dll
2012-02-12 03:56:55 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2012-02-12 03:56:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-02-12 03:56:49 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-02-12 03:54:54 77312 ----a-w- C:\Windows\System32\packager.dll
2012-02-12 03:54:54 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-02-12 03:39:08 -------- d-----w- C:\Program Files\Common Files\ActivIdentity
2012-02-12 03:39:08 -------- d-----w- C:\Program Files\ActivIdentity
2012-02-12 03:39:08 -------- d-----w- C:\Program Files (x86)\ActivIdentity
2012-02-12 03:37:13 -------- d-sh--w- C:\Windows\ftpcache
2012-02-11 23:40:39 -------- d-----w- C:\Emergency
2012-02-11 23:29:02 -------- d-----w- C:\Windows\SMINST
2012-02-11 22:55:03 -------- d-----w- C:\Users\MomDad\AppData\Roaming\Dell
2012-02-11 22:54:45 -------- d-----w- C:\Users\MomDad\AppData\Local\Stardock_Corporation
2012-02-11 22:54:33 -------- d-----w- C:\Users\MomDad\AppData\Local\ATI
2012-02-11 22:54:14 -------- d-sh--w- C:\$RECYCLE.BIN
2012-02-11 22:54:13 -------- d-----w- C:\Users\MomDad\AppData\Local\VirtualStore
.
==================== Find3M ====================
.
2012-01-29 10:10:42 279656 ------w- C:\Windows\System32\MpSigStub.exe
2011-11-24 05:00:47 3141632 ----a-w- C:\Windows\System32\win32k.sys
2011-11-17 07:17:03 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2011-11-17 07:17:02 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2011-11-17 07:15:08 460296 ----a-w- C:\Windows\System32\drivers\cng.sys
2011-11-17 07:14:10 1739160 ----a-w- C:\Windows\System32\ntdll.dll
2011-11-17 07:12:02 395776 ----a-w- C:\Windows\System32\webio.dll
2011-11-17 07:11:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2011-11-17 07:11:33 136192 ----a-w- C:\Windows\System32\sspicli.dll
2011-11-17 07:11:02 28160 ----a-w- C:\Windows\System32\secur32.dll
2011-11-17 07:10:58 340992 ----a-w- C:\Windows\System32\schannel.dll
2011-11-17 07:08:18 1446912 ----a-w- C:\Windows\System32\lsasrv.dll
2011-11-17 07:05:16 31232 ----a-w- C:\Windows\System32\lsass.exe
2011-11-17 05:41:38 1292592 ----a-w- C:\Windows\SysWow64\ntdll.dll
2011-11-17 05:39:28 314368 ----a-w- C:\Windows\SysWow64\webio.dll
2011-11-17 05:39:21 224768 ----a-w- C:\Windows\SysWow64\schannel.dll
2011-11-17 05:39:21 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
.
============= FINISH: 21:15:59.96 ===============

ATTACH LOG:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 2/11/2012 5:50:56 PM
System Uptime: 2/13/2012 5:13:41 PM (4 hours ago)
.
Motherboard: Dell Inc. | | 0NWWY0
Processor: AMD Phenom™ II X6 1045T Processor | CPU 1 | 2700/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 920 GiB total, 845.278 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 233 GiB total, 119.541 GiB free.
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco Systems VPN Adapter for 64-bit Windows
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter for 64-bit Windows
PNP Device ID: ROOT\NET\0000
Service: CVirtA
.
==== System Restore Points ===================
.
RP14: 2/11/2012 10:38:32 PM - Installed ActivClient CAC x64.
RP15: 2/11/2012 11:09:32 PM - Installed Cisco Systems VPN Client 5.0.07.0290
RP16: 2/11/2012 11:31:49 PM - Windows Update
RP17: 2/11/2012 11:35:05 PM - Installed HiJackThis
RP18: 2/11/2012 11:47:40 PM - Windows Update
RP19: 2/12/2012 8:15:41 AM - Windows Update
RP20: 2/12/2012 11:20:04 AM - Installed Java™ 6 Update 30
RP21: 2/13/2012 3:00:26 AM - Windows Update
RP22: 2/13/2012 9:13:20 PM - Removed HiJackThis
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1.2
AMD Fusion Media Explorer
AMD Fusion Utility for Desktops
ATI Catalyst Control Center
Bing Bar
Bing Bar Platform
Bing Rewards Client Installer
CameraHelperMsi
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Consumer In-Home Service Agreement
Cozi
D3DX10
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Dock
Dell Getting Started Guide
DirectXInstallService
EMC 10 Content
erLT
GoToAssist 8.0.0.514
Internet Explorer
Java Auto Updater
Java™ 6 Update 30
Junk Mail filter update
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Mesh Runtime
Messenger Companion
Microsoft Default Manager
Microsoft Office 2010
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Multimedia Card Reader
RAIDXpert
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio BackOnTrack
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Easy CD and DVD Burning
Roxio Express Labeler 3
Roxio Update Manager
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Skins
Skype Toolbars
Skype™ 4.2
Sonic CinePlayer Decoder Pack
THX TruStudio PC
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
2/13/2012 7:24:15 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {B77C4C36-0154-4C52-AB49-FAA03837E47F} and APPID {EA022610-0748-4C24-B229-6C507EBDFDBB} to the user MomDad-PC\MomDad SID (S-1-5-21-649522380-802934552-651596965-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
2/13/2012 5:14:10 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: RxFilter
2/13/2012 5:14:07 PM, Error: Service Control Manager [7000] - The SessionLauncher service failed to start due to the following error: The system cannot find the file specified.
2/12/2012 8:11:58 AM, Error: Service Control Manager [7023] -
2/12/2012 8:11:11 AM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004
2/12/2012 8:10:18 PM, Error: Microsoft-Windows-Smartcard-Server [610] - Smart Card Reader 'SCM Microsystems Inc. SCR33x USB Smart Card Reader 0' rejected IOCTL GET_STATE: The device has been removed. If this error persists, your smart card or reader may not be functioning correctly. Command Header: XX XX XX XX
2/12/2012 11:51:52 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {B77C4C36-0154-4C52-AB49-FAA03837E47F} and APPID {EA022610-0748-4C24-B229-6C507EBDFDBB} to the user MomDad-PC\Amy SID (S-1-5-21-649522380-802934552-651596965-1003) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
2/11/2012 5:59:06 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
2/11/2012 11:10:53 PM, Error: Service Control Manager [7030] - The Cisco Systems, Inc. VPN Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
.
==== End Of File ===========================

#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,447 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:59 PM

Posted 17 February 2012 - 11:49 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Nothing suspicious was found on your logs.

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#4 schattel

schattel
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:59 PM

Posted 19 February 2012 - 01:59 PM

Both TDSSKiller and Avast executables ran fine. As far as I can tell, they didn't detect anything. Here is the log files:

TDSSKiller Log:

12:58:36.0658 3164 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
12:58:37.0087 3164 ============================================================
12:58:37.0087 3164 Current date / time: 2012/02/19 12:58:37.0087
12:58:37.0087 3164 SystemInfo:
12:58:37.0087 3164
12:58:37.0088 3164 OS Version: 6.1.7601 ServicePack: 1.0
12:58:37.0088 3164 Product type: Workstation
12:58:37.0088 3164 ComputerName: MOMDAD-PC
12:58:37.0088 3164 UserName: MomDad
12:58:37.0088 3164 Windows directory: C:\Windows
12:58:37.0088 3164 System windows directory: C:\Windows
12:58:37.0088 3164 Running under WOW64
12:58:37.0088 3164 Processor architecture: Intel x64
12:58:37.0088 3164 Number of processors: 6
12:58:37.0088 3164 Page size: 0x1000
12:58:37.0088 3164 Boot type: Normal boot
12:58:37.0088 3164 ============================================================
12:58:38.0049 3164 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:58:38.0098 3164 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E200 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:58:38.0144 3164 \Device\Harddisk0\DR0:
12:58:38.0144 3164 MBR used
12:58:38.0144 3164 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x17E9000
12:58:38.0144 3164 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x17FD000, BlocksNum 0x72F09000
12:58:38.0144 3164 \Device\Harddisk1\DR1:
12:58:38.0146 3164 MBR used
12:58:38.0146 3164 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
12:58:38.0176 3164 Initialize success
12:58:38.0176 3164 ============================================================
12:58:41.0220 6856 ============================================================
12:58:41.0220 6856 Scan started
12:58:41.0220 6856 Mode: Manual;
12:58:41.0220 6856 ============================================================
12:58:41.0829 6856 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
12:58:41.0835 6856 1394ohci - ok
12:58:41.0909 6856 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
12:58:41.0916 6856 ACPI - ok
12:58:41.0950 6856 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
12:58:41.0951 6856 AcpiPmi - ok
12:58:42.0015 6856 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
12:58:42.0025 6856 adp94xx - ok
12:58:42.0036 6856 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
12:58:42.0039 6856 adpahci - ok
12:58:42.0047 6856 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
12:58:42.0049 6856 adpu320 - ok
12:58:42.0107 6856 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
12:58:42.0117 6856 AFD - ok
12:58:42.0156 6856 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
12:58:42.0159 6856 agp440 - ok
12:58:42.0214 6856 ahcix64s (af53917d9741a84627fa689ea622558a) C:\Windows\system32\DRIVERS\ahcix64s.sys
12:58:42.0220 6856 ahcix64s - ok
12:58:42.0258 6856 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
12:58:42.0258 6856 aliide - ok
12:58:42.0314 6856 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
12:58:42.0316 6856 amdide - ok
12:58:42.0344 6856 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
12:58:42.0345 6856 AmdK8 - ok
12:58:42.0463 6856 amdkmdag (cf3db4d8b2ce0b282ab39c9d846eca74) C:\Windows\system32\DRIVERS\atikmdag.sys
12:58:42.0583 6856 amdkmdag - ok
12:58:42.0593 6856 amdkmdap (7d07db26f6d3a16a6c8d34ce6c09fd01) C:\Windows\system32\DRIVERS\atikmpag.sys
12:58:42.0594 6856 amdkmdap - ok
12:58:42.0611 6856 AmdLLD64 (c27e46c19d5a48ca02c11e3c9b58f4c1) C:\Windows\system32\DRIVERS\AmdLLD64.sys
12:58:42.0612 6856 AmdLLD64 - ok
12:58:42.0625 6856 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
12:58:42.0625 6856 AmdPPM - ok
12:58:42.0639 6856 amdsata (53d8d46d51d390abdb54eca623165cb7) C:\Windows\system32\DRIVERS\amdsata.sys
12:58:42.0641 6856 amdsata - ok
12:58:42.0661 6856 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
12:58:42.0663 6856 amdsbs - ok
12:58:42.0670 6856 amdxata (75c51148154e34eb3d7bb84749a758d5) C:\Windows\system32\DRIVERS\amdxata.sys
12:58:42.0671 6856 amdxata - ok
12:58:42.0706 6856 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
12:58:42.0709 6856 AppID - ok
12:58:42.0736 6856 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
12:58:42.0739 6856 arc - ok
12:58:42.0749 6856 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
12:58:42.0750 6856 arcsas - ok
12:58:42.0757 6856 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:58:42.0758 6856 AsyncMac - ok
12:58:42.0778 6856 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
12:58:42.0779 6856 atapi - ok
12:58:42.0828 6856 athr (e0fabc10635c670bd7d89fd214a405d7) C:\Windows\system32\DRIVERS\athrx.sys
12:58:42.0850 6856 athr - ok
12:58:42.0867 6856 AtiHdmiService (637e0753bd6deb8ea5314a5c357ec1a0) C:\Windows\system32\drivers\AtiHdmi.sys
12:58:42.0868 6856 AtiHdmiService - ok
12:58:42.0895 6856 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
12:58:42.0900 6856 b06bdrv - ok
12:58:42.0918 6856 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:58:42.0921 6856 b57nd60a - ok
12:58:42.0931 6856 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:58:42.0932 6856 Beep - ok
12:58:42.0967 6856 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:58:42.0968 6856 blbdrive - ok
12:58:42.0989 6856 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
12:58:42.0991 6856 bowser - ok
12:58:43.0002 6856 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:58:43.0004 6856 BrFiltLo - ok
12:58:43.0016 6856 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:58:43.0017 6856 BrFiltUp - ok
12:58:43.0037 6856 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
12:58:43.0039 6856 BridgeMP - ok
12:58:43.0050 6856 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:58:43.0053 6856 Brserid - ok
12:58:43.0060 6856 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:58:43.0061 6856 BrSerWdm - ok
12:58:43.0067 6856 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:58:43.0068 6856 BrUsbMdm - ok
12:58:43.0075 6856 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:58:43.0076 6856 BrUsbSer - ok
12:58:43.0084 6856 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
12:58:43.0085 6856 BTHMODEM - ok
12:58:43.0096 6856 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:58:43.0097 6856 cdfs - ok
12:58:43.0119 6856 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
12:58:43.0120 6856 cdrom - ok
12:58:43.0140 6856 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
12:58:43.0142 6856 circlass - ok
12:58:43.0200 6856 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:58:43.0209 6856 CLFS - ok
12:58:43.0277 6856 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
12:58:43.0278 6856 CmBatt - ok
12:58:43.0297 6856 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
12:58:43.0297 6856 cmdide - ok
12:58:43.0347 6856 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
12:58:43.0357 6856 CNG - ok
12:58:43.0367 6856 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
12:58:43.0369 6856 Compbatt - ok
12:58:43.0411 6856 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
12:58:43.0413 6856 CompositeBus - ok
12:58:43.0435 6856 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
12:58:43.0437 6856 crcdisk - ok
12:58:43.0470 6856 CVirtA (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys
12:58:43.0471 6856 CVirtA - ok
12:58:43.0520 6856 CVPNDRVA (cc8e52daa9826064ba464dbe531f2bb5) C:\Windows\system32\Drivers\CVPNDRVA.sys
12:58:43.0521 6856 CVPNDRVA - ok
12:58:43.0700 6856 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
12:58:43.0703 6856 DfsC - ok
12:58:43.0728 6856 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:58:43.0730 6856 discache - ok
12:58:43.0746 6856 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
12:58:43.0747 6856 Disk - ok
12:58:43.0764 6856 DNE (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys
12:58:43.0764 6856 DNE - ok
12:58:43.0792 6856 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:58:43.0792 6856 drmkaud - ok
12:58:43.0845 6856 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
12:58:43.0859 6856 DXGKrnl - ok
12:58:43.0947 6856 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
12:58:44.0012 6856 ebdrv - ok
12:58:44.0071 6856 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
12:58:44.0075 6856 elxstor - ok
12:58:44.0090 6856 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
12:58:44.0091 6856 ErrDev - ok
12:58:44.0104 6856 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:58:44.0106 6856 exfat - ok
12:58:44.0132 6856 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:58:44.0136 6856 fastfat - ok
12:58:44.0152 6856 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
12:58:44.0154 6856 fdc - ok
12:58:44.0167 6856 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:58:44.0168 6856 FileInfo - ok
12:58:44.0183 6856 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:58:44.0184 6856 Filetrace - ok
12:58:44.0192 6856 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
12:58:44.0193 6856 flpydisk - ok
12:58:44.0233 6856 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
12:58:44.0236 6856 FltMgr - ok
12:58:44.0246 6856 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:58:44.0247 6856 FsDepends - ok
12:58:44.0254 6856 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
12:58:44.0255 6856 Fs_Rec - ok
12:58:44.0285 6856 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:58:44.0286 6856 fvevol - ok
12:58:44.0308 6856 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:58:44.0311 6856 gagp30kx - ok
12:58:44.0336 6856 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:58:44.0337 6856 hcw85cir - ok
12:58:44.0357 6856 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
12:58:44.0358 6856 HDAudBus - ok
12:58:44.0365 6856 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
12:58:44.0366 6856 HidBatt - ok
12:58:44.0374 6856 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
12:58:44.0375 6856 HidBth - ok
12:58:44.0382 6856 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
12:58:44.0383 6856 HidIr - ok
12:58:44.0395 6856 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
12:58:44.0396 6856 HidUsb - ok
12:58:44.0433 6856 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
12:58:44.0437 6856 HpSAMD - ok
12:58:44.0480 6856 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
12:58:44.0495 6856 HTTP - ok
12:58:44.0529 6856 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
12:58:44.0530 6856 hwpolicy - ok
12:58:44.0563 6856 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
12:58:44.0564 6856 i8042prt - ok
12:58:44.0589 6856 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
12:58:44.0598 6856 iaStorV - ok
12:58:44.0626 6856 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
12:58:44.0627 6856 iirsp - ok
12:58:44.0699 6856 IntcAzAudAddService (52d9171838bb92319f23656f502916e9) C:\Windows\system32\drivers\RTKVHD64.sys
12:58:44.0708 6856 IntcAzAudAddService - ok
12:58:44.0738 6856 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
12:58:44.0739 6856 intelide - ok
12:58:44.0746 6856 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:58:44.0747 6856 intelppm - ok
12:58:44.0805 6856 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:58:44.0808 6856 IpFilterDriver - ok
12:58:44.0835 6856 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
12:58:44.0837 6856 IPMIDRV - ok
12:58:44.0844 6856 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:58:44.0846 6856 IPNAT - ok
12:58:44.0867 6856 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:58:44.0868 6856 IRENUM - ok
12:58:44.0897 6856 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
12:58:44.0898 6856 isapnp - ok
12:58:44.0926 6856 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
12:58:44.0932 6856 iScsiPrt - ok
12:58:44.0970 6856 k57nd60a (9d7ea8c7215d8d4ae7be110eee61085d) C:\Windows\system32\DRIVERS\k57nd60a.sys
12:58:44.0975 6856 k57nd60a - ok
12:58:44.0995 6856 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
12:58:44.0997 6856 kbdclass - ok
12:58:45.0007 6856 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
12:58:45.0007 6856 kbdhid - ok
12:58:45.0049 6856 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
12:58:45.0052 6856 KSecDD - ok
12:58:45.0074 6856 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
12:58:45.0077 6856 KSecPkg - ok
12:58:45.0089 6856 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:58:45.0090 6856 ksthunk - ok
12:58:45.0124 6856 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:58:45.0125 6856 lltdio - ok
12:58:45.0153 6856 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:58:45.0154 6856 LSI_FC - ok
12:58:45.0163 6856 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:58:45.0164 6856 LSI_SAS - ok
12:58:45.0172 6856 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:58:45.0173 6856 LSI_SAS2 - ok
12:58:45.0181 6856 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:58:45.0182 6856 LSI_SCSI - ok
12:58:45.0200 6856 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:58:45.0201 6856 luafv - ok
12:58:45.0332 6856 LVUVC64 (ac22f92c6078640fe8a70d662a2f3ad5) C:\Windows\system32\DRIVERS\lvuvc64.sys
12:58:45.0458 6856 LVUVC64 - ok
12:58:45.0468 6856 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
12:58:45.0469 6856 megasas - ok
12:58:45.0478 6856 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
12:58:45.0481 6856 MegaSR - ok
12:58:45.0492 6856 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:58:45.0493 6856 Modem - ok
12:58:45.0508 6856 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:58:45.0508 6856 monitor - ok
12:58:45.0524 6856 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
12:58:45.0525 6856 mouclass - ok
12:58:45.0538 6856 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:58:45.0539 6856 mouhid - ok
12:58:45.0583 6856 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
12:58:45.0585 6856 mountmgr - ok
12:58:45.0618 6856 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
12:58:45.0621 6856 MpFilter - ok
12:58:45.0648 6856 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
12:58:45.0653 6856 mpio - ok
12:58:45.0679 6856 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
12:58:45.0680 6856 MpNWMon - ok
12:58:45.0704 6856 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:58:45.0705 6856 mpsdrv - ok
12:58:45.0737 6856 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
12:58:45.0741 6856 MRxDAV - ok
12:58:45.0752 6856 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:58:45.0754 6856 mrxsmb - ok
12:58:45.0770 6856 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:58:45.0773 6856 mrxsmb10 - ok
12:58:45.0791 6856 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:58:45.0792 6856 mrxsmb20 - ok
12:58:45.0814 6856 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
12:58:45.0817 6856 msahci - ok
12:58:45.0850 6856 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
12:58:45.0855 6856 msdsm - ok
12:58:45.0874 6856 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:58:45.0875 6856 Msfs - ok
12:58:45.0893 6856 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:58:45.0893 6856 mshidkmdf - ok
12:58:45.0912 6856 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
12:58:45.0913 6856 msisadrv - ok
12:58:45.0931 6856 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:58:45.0932 6856 MSKSSRV - ok
12:58:45.0958 6856 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:58:45.0958 6856 MSPCLOCK - ok
12:58:45.0965 6856 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:58:45.0966 6856 MSPQM - ok
12:58:45.0999 6856 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
12:58:46.0002 6856 MsRPC - ok
12:58:46.0022 6856 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
12:58:46.0023 6856 mssmbios - ok
12:58:46.0054 6856 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:58:46.0055 6856 MSTEE - ok
12:58:46.0076 6856 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
12:58:46.0077 6856 MTConfig - ok
12:58:46.0092 6856 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:58:46.0092 6856 Mup - ok
12:58:46.0115 6856 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:58:46.0119 6856 NativeWifiP - ok
12:58:46.0176 6856 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
12:58:46.0198 6856 NDIS - ok
12:58:46.0216 6856 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:58:46.0217 6856 NdisCap - ok
12:58:46.0236 6856 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:58:46.0238 6856 NdisTapi - ok
12:58:46.0268 6856 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
12:58:46.0270 6856 Ndisuio - ok
12:58:46.0315 6856 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
12:58:46.0319 6856 NdisWan - ok
12:58:46.0357 6856 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
12:58:46.0360 6856 NDProxy - ok
12:58:46.0376 6856 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:58:46.0377 6856 NetBIOS - ok
12:58:46.0416 6856 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
12:58:46.0422 6856 NetBT - ok
12:58:46.0466 6856 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
12:58:46.0467 6856 nfrd960 - ok
12:58:46.0504 6856 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
12:58:46.0505 6856 NisDrv - ok
12:58:46.0538 6856 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:58:46.0539 6856 Npfs - ok
12:58:46.0558 6856 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:58:46.0559 6856 nsiproxy - ok
12:58:46.0635 6856 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
12:58:46.0653 6856 Ntfs - ok
12:58:46.0662 6856 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:58:46.0663 6856 Null - ok
12:58:46.0713 6856 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
12:58:46.0772 6856 nvraid - ok
12:58:46.0865 6856 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
12:58:46.0870 6856 nvstor - ok
12:58:46.0889 6856 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
12:58:46.0893 6856 nv_agp - ok
12:58:46.0931 6856 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
12:58:46.0934 6856 ohci1394 - ok
12:58:46.0998 6856 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
12:58:47.0001 6856 Parport - ok
12:58:47.0022 6856 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
12:58:47.0022 6856 partmgr - ok
12:58:47.0060 6856 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 (7317a0b550f7ac0223b7070897670476) c:\program files\dell support center\pcdsrvc_x64.pkms
12:58:47.0062 6856 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok
12:58:47.0082 6856 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
12:58:47.0084 6856 pci - ok
12:58:47.0120 6856 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
12:58:47.0122 6856 pciide - ok
12:58:47.0145 6856 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
12:58:47.0149 6856 pcmcia - ok
12:58:47.0166 6856 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:58:47.0167 6856 pcw - ok
12:58:47.0191 6856 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:58:47.0200 6856 PEAUTH - ok
12:58:47.0287 6856 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
12:58:47.0290 6856 PptpMiniport - ok
12:58:47.0309 6856 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
12:58:47.0311 6856 Processor - ok
12:58:47.0366 6856 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
12:58:47.0370 6856 Psched - ok
12:58:47.0403 6856 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
12:58:47.0415 6856 PxHlpa64 - ok
12:58:47.0464 6856 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
12:58:47.0506 6856 ql2300 - ok
12:58:47.0519 6856 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
12:58:47.0521 6856 ql40xx - ok
12:58:47.0539 6856 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:58:47.0540 6856 QWAVEdrv - ok
12:58:47.0558 6856 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:58:47.0559 6856 RasAcd - ok
12:58:47.0570 6856 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:58:47.0571 6856 RasAgileVpn - ok
12:58:47.0609 6856 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:58:47.0613 6856 Rasl2tp - ok
12:58:47.0638 6856 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:58:47.0639 6856 RasPppoe - ok
12:58:47.0655 6856 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:58:47.0656 6856 RasSstp - ok
12:58:47.0695 6856 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
12:58:47.0701 6856 rdbss - ok
12:58:47.0713 6856 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
12:58:47.0715 6856 rdpbus - ok
12:58:47.0735 6856 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:58:47.0735 6856 RDPCDD - ok
12:58:47.0744 6856 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:58:47.0745 6856 RDPENCDD - ok
12:58:47.0760 6856 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:58:47.0761 6856 RDPREFMP - ok
12:58:47.0779 6856 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
12:58:47.0781 6856 RDPWD - ok
12:58:47.0822 6856 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
12:58:47.0828 6856 rdyboost - ok
12:58:47.0863 6856 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:58:47.0864 6856 rspndr - ok
12:58:47.0871 6856 RxFilter - ok
12:58:47.0896 6856 S3XXx64 (4f55bc63dca859a6dedc1106e0062135) C:\Windows\system32\DRIVERS\S3XXx64.sys
12:58:47.0897 6856 S3XXx64 - ok
12:58:47.0920 6856 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
12:58:47.0921 6856 sbp2port - ok
12:58:47.0958 6856 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
12:58:47.0959 6856 scfilter - ok
12:58:47.0986 6856 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:58:47.0987 6856 secdrv - ok
12:58:47.0998 6856 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
12:58:47.0999 6856 Serenum - ok
12:58:48.0006 6856 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
12:58:48.0008 6856 Serial - ok
12:58:48.0031 6856 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
12:58:48.0032 6856 sermouse - ok
12:58:48.0069 6856 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
12:58:48.0070 6856 sffdisk - ok
12:58:48.0077 6856 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
12:58:48.0078 6856 sffp_mmc - ok
12:58:48.0085 6856 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
12:58:48.0086 6856 sffp_sd - ok
12:58:48.0093 6856 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
12:58:48.0094 6856 sfloppy - ok
12:58:48.0144 6856 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:58:48.0146 6856 SiSRaid2 - ok
12:58:48.0155 6856 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
12:58:48.0156 6856 SiSRaid4 - ok
12:58:48.0164 6856 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:58:48.0165 6856 Smb - ok
12:58:48.0187 6856 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:58:48.0188 6856 spldr - ok
12:58:48.0232 6856 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
12:58:48.0239 6856 srv - ok
12:58:48.0260 6856 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
12:58:48.0265 6856 srv2 - ok
12:58:48.0293 6856 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
12:58:48.0295 6856 srvnet - ok
12:58:48.0325 6856 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
12:58:48.0327 6856 stexstor - ok
12:58:48.0344 6856 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
12:58:48.0344 6856 swenum - ok
12:58:48.0428 6856 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
12:58:48.0473 6856 Tcpip - ok
12:58:48.0500 6856 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
12:58:48.0508 6856 TCPIP6 - ok
12:58:48.0536 6856 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
12:58:48.0537 6856 tcpipreg - ok
12:58:48.0567 6856 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:58:48.0568 6856 TDPIPE - ok
12:58:48.0575 6856 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
12:58:48.0576 6856 TDTCP - ok
12:58:48.0608 6856 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
12:58:48.0612 6856 tdx - ok
12:58:48.0634 6856 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
12:58:48.0635 6856 TermDD - ok
12:58:48.0685 6856 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:58:48.0686 6856 tssecsrv - ok
12:58:48.0742 6856 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
12:58:48.0745 6856 TsUsbFlt - ok
12:58:48.0781 6856 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
12:58:48.0785 6856 tunnel - ok
12:58:48.0797 6856 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
12:58:48.0800 6856 uagp35 - ok
12:58:48.0840 6856 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
12:58:48.0848 6856 udfs - ok
12:58:48.0890 6856 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
12:58:48.0892 6856 uliagpkx - ok
12:58:48.0917 6856 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
12:58:48.0919 6856 umbus - ok
12:58:48.0931 6856 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
12:58:48.0932 6856 UmPass - ok
12:58:48.0972 6856 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
12:58:48.0975 6856 usbaudio - ok
12:58:48.0988 6856 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
12:58:48.0989 6856 usbccgp - ok
12:58:49.0013 6856 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
12:58:49.0015 6856 usbcir - ok
12:58:49.0024 6856 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
12:58:49.0025 6856 usbehci - ok
12:58:49.0056 6856 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
12:58:49.0061 6856 usbhub - ok
12:58:49.0078 6856 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
12:58:49.0080 6856 usbohci - ok
12:58:49.0107 6856 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
12:58:49.0109 6856 usbprint - ok
12:58:49.0148 6856 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
12:58:49.0150 6856 usbscan - ok
12:58:49.0174 6856 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:58:49.0176 6856 USBSTOR - ok
12:58:49.0202 6856 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
12:58:49.0204 6856 usbuhci - ok
12:58:49.0232 6856 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
12:58:49.0237 6856 usbvideo - ok
12:58:49.0259 6856 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
12:58:49.0260 6856 vdrvroot - ok
12:58:49.0270 6856 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:58:49.0271 6856 vga - ok
12:58:49.0299 6856 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:58:49.0300 6856 VgaSave - ok
12:58:49.0322 6856 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
12:58:49.0328 6856 vhdmp - ok
12:58:49.0373 6856 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
12:58:49.0375 6856 viaide - ok
12:58:49.0408 6856 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
12:58:49.0412 6856 volmgr - ok
12:58:49.0484 6856 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
12:58:49.0492 6856 volmgrx - ok
12:58:49.0543 6856 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
12:58:49.0550 6856 volsnap - ok
12:58:49.0582 6856 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
12:58:49.0586 6856 vsmraid - ok
12:58:49.0615 6856 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
12:58:49.0617 6856 vwifibus - ok
12:58:49.0634 6856 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
12:58:49.0635 6856 vwififlt - ok
12:58:49.0645 6856 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
12:58:49.0646 6856 WacomPen - ok
12:58:49.0661 6856 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:58:49.0662 6856 WANARP - ok
12:58:49.0665 6856 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:58:49.0665 6856 Wanarpv6 - ok
12:58:49.0680 6856 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
12:58:49.0681 6856 Wd - ok
12:58:49.0702 6856 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:58:49.0708 6856 Wdf01000 - ok
12:58:49.0731 6856 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:58:49.0732 6856 WfpLwf - ok
12:58:49.0776 6856 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
12:58:49.0781 6856 WimFltr - ok
12:58:49.0793 6856 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:58:49.0796 6856 WIMMount - ok
12:58:49.0882 6856 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
12:58:49.0885 6856 WmiAcpi - ok
12:58:49.0923 6856 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:58:49.0924 6856 ws2ifsl - ok
12:58:49.0961 6856 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
12:58:49.0963 6856 WudfPf - ok
12:58:49.0985 6856 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:58:49.0989 6856 WUDFRd - ok
12:58:50.0024 6856 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
12:58:50.0092 6856 \Device\Harddisk0\DR0 - ok
12:58:50.0101 6856 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
12:58:50.0166 6856 \Device\Harddisk1\DR1 - ok
12:58:50.0168 6856 Boot (0x1200) (953388e0ff29d6def331dee0dc227a7d) \Device\Harddisk0\DR0\Partition0
12:58:50.0169 6856 \Device\Harddisk0\DR0\Partition0 - ok
12:58:50.0184 6856 Boot (0x1200) (de925793d31abfefe80d4cb1b38a41b7) \Device\Harddisk0\DR0\Partition1
12:58:50.0184 6856 \Device\Harddisk0\DR0\Partition1 - ok
12:58:50.0188 6856 Boot (0x1200) (fa5bfb95ad46e77c25201a56ebc3bcab) \Device\Harddisk1\DR1\Partition0
12:58:50.0190 6856 \Device\Harddisk1\DR1\Partition0 - ok
12:58:50.0190 6856 ============================================================
12:58:50.0190 6856 Scan finished
12:58:50.0190 6856 ============================================================
12:58:50.0197 5080 Detected object count: 0
12:58:50.0197 5080 Actual detected object count: 0

AVAST Log:

aswMBR version 0.9.9.1618 Copyright© 2011 AVAST Software
Run date: 2012-02-19 13:05:06
-----------------------------
13:05:06.791 OS Version: Windows x64 6.1.7601 Service Pack 1
13:05:06.791 Number of processors: 6 586 0xA00
13:05:06.807 ComputerName: MOMDAD-PC UserName: MomDad
13:05:08.741 Initialize success
13:13:35.665 AVAST engine defs: 12021900
13:19:24.364 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000066
13:19:24.364 Disk 0 Vendor: WDC_WD10 05.0 Size: 953869MB BusType: 11
13:19:24.380 Disk 0 MBR read successfully
13:19:24.395 Disk 0 MBR scan
13:19:24.395 Disk 0 Windows VISTA default MBR code
13:19:24.411 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
13:19:24.442 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 12242 MB offset 81920
13:19:24.473 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 941586 MB offset 25153536
13:19:24.489 Service scanning
13:19:47.031 Modules scanning
13:19:47.047 Disk 0 trace - called modules:
13:19:47.062 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys hal.dll amdsata.sys
13:19:47.062 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800ab9d060]
13:19:47.078 3 CLASSPNP.SYS[fffff88001b9843f] -> nt!IofCallDriver -> [0xfffffa800a4da040]
13:19:47.078 5 amdxata.sys[fffff880011097a8] -> nt!IofCallDriver -> \Device\00000066[0xfffffa800a4d0060]
13:19:49.605 AVAST engine scan C:\Windows
13:19:52.444 AVAST engine scan C:\Windows\system32
13:22:34.029 AVAST engine scan C:\Windows\system32\drivers
13:22:47.227 AVAST engine scan C:\Users\MomDad
13:25:14.401 AVAST engine scan C:\ProgramData
13:25:40.235 Scan finished successfully
13:26:03.713 Disk 0 MBR has been saved successfully to "C:\Users\MomDad\Desktop\MBR.dat"
13:26:03.713 The log file has been saved successfully to "C:\Users\MomDad\Desktop\aswMBR.txt"

I'm beginning to wonder if this may not be a virus but some sort of problem with McAfee. Maybe McAfee is commenting out the hosts file. Anyway, thanks for all the time and effot you have put into my problem.

#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,447 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:59 PM

Posted 19 February 2012 - 02:33 PM

Go to: http://www.funkytoad.com/index.php?option=com_content&task=view&id=13&Itemid=
Download the program HostsXpert to restore the default hosts file back onto your machine.
Unzip the program and execute it.
Select
"Restore MS Hosts File".
Close the application.
=*=

Picture of HostsXpert
http://www.mvps.org/winhelp2002/hoster.gif
*/*

When done please open the hosts file with Notepad. Copy and paste the content on your next reply.

You will find the hosts file in one of the following location.
Windows 7 - 32 bit C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
Windows 7 - 64 bit C:\WINDOWS\SYSTEM32\sysWOW32\ETC\HOSTS

#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,447 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:59 PM

Posted 25 February 2012 - 09:50 AM

Are you still with me?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users