Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Help - Tried removing virus and lost internet


  • This topic is locked This topic is locked
8 replies to this topic

#1 dellvirushelp

dellvirushelp

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:54 PM

Posted 17 February 2012 - 11:34 AM

My computer recently became infected with some viruses causing problems with internet connectivity, google redirect (when able to connect to internet), svchost trying to connect to malicious websites, etc. I noticed that several other posts in this forum had similar issues, so I attempted to remove the viruses on my own. I was not successful though, as I am still having issues connecting to the internet. Really hoping someone can help me out.

Edited by hamluis, 17 February 2012 - 12:27 PM.
No logs, moved from Malware Removal Logs to Am I Infected.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,440 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:54 PM

Posted 17 February 2012 - 02:31 PM

Hello and welcome..
For the connection try these...

Please click Start > Run, type inetcpl.cpl in the runbox and press enter.
Click the Connections tab and click the LAN settings option.
Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.
Now check if the internet is working again.

OR

Go to Start ... Run and type in cmd
A dos Window will appear.
Type in the dos window: netsh winsock reset
Click on the enter key.

Reboot your system to complete the process.

>>>>

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

>>>>>

Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1 <<<== Use this one first.

Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Troubleshoot Malwarebytes' Anti-Malware
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 dellvirushelp

dellvirushelp
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:54 PM

Posted 23 February 2012 - 08:18 PM

Hello. Thank you for replying. I forgot to check the Watch Topic button, so I am just now seeing your response. I followed your instructions, and here is a summary...

Step 1. The "Use a proxy" box was already unchecked.

Step 2. When I typed in "netsh winsock reset", it stated "The requested operation requires elevation (Run as administrator)."

Step 3. I rebooted.

Step 4. I ran MiniToolBox. Here are the results...

MiniToolBox by Farbar Version: 18-01-2012
Ran by Zog (administrator) on 23-02-2012 at 19:59:57
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)
Dell Wireless 1520 Wireless-N WLAN Mini-Card = Wireless Network Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Hartzog
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Dell Wireless 1520 Wireless-N WLAN Mini-Card
Physical Address. . . . . . . . . : C4-17-FE-9C-57-89
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : arco.prv
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 00-26-B9-25-E0-EC
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.home:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Reusable ISATAP Interface {F7B2A6FB-30FF-457A-963D-D1C5AC5CD193}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Reusable ISATAP Interface {83654051-41ED-4DB9-BD52-201F891192F1}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #8
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.arco.prv:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #9
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.
Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.
Server: UnKnown
Address: 127.0.0.1

Ping request could not find host bleepingcomputer.com. Please check the name and try again.

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=4ms TTL=128
Reply from 127.0.0.1: bytes=32 time=6ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 4ms, Maximum = 6ms, Average = 5ms
===========================================================================
Interface List
11...c4 17 fe 9c 57 89 ......Dell Wireless 1520 Wireless-N WLAN Mini-Card
10...00 26 b9 25 e0 ec ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #8
22...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #9
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/17/2012 11:30:34 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/17/2012 10:35:45 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x800703fa.

Error: (02/17/2012 09:26:30 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x800703fa.

Error: (02/17/2012 09:26:30 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x800703fa.

Error: (02/13/2012 03:17:10 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (02/13/2012 03:17:10 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (01/22/2012 05:21:36 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (01/22/2012 05:21:36 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (01/22/2012 05:21:36 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (01/20/2012 06:32:55 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.


System errors:
=============
Error: (02/17/2012 10:56:42 AM) (Source: Service Control Manager) (User: )
Description: The HP CUE DeviceDiscovery Service service terminated unexpectedly. It has done this 1 time(s).

Error: (02/17/2012 10:56:42 AM) (Source: Service Control Manager) (User: )
Description: The hpqcxs08 service terminated unexpectedly. It has done this 1 time(s).

Error: (02/17/2012 10:43:05 AM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{78CBE764-538B-4D75-8996-48D5DB6A6F54}.
The backup browser is stopping.

Error: (02/17/2012 10:40:33 AM) (Source: Service Control Manager) (User: )
Description: The Windows Defender service terminated with the following error:
%%126

Error: (02/17/2012 10:39:08 AM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (02/17/2012 10:34:33 AM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (02/17/2012 10:30:26 AM) (Source: Service Control Manager) (User: )
Description: The HP CUE DeviceDiscovery Service service terminated unexpectedly. It has done this 1 time(s).

Error: (02/17/2012 10:30:26 AM) (Source: Service Control Manager) (User: )
Description: The hpqcxs08 service terminated unexpectedly. It has done this 1 time(s).

Error: (02/17/2012 09:31:57 AM) (Source: Service Control Manager) (User: )
Description: The Windows Defender service terminated with the following error:
%%126

Error: (02/17/2012 09:30:33 AM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
64 Bit HP CIO Components Installer (Version: 6.2.1)
8500A909_eDocs (Version: 1.00.0000)
8500A909_Help (Version: 1.00.0000)
8500A909a (Version: 50.0.165.000)
Accelerometer (Version: 1.06.08.17)
Acrobat.com (Version: 2.0.0)
Acrobat.com (Version: 2.0.0.0)
Adobe Flash Player 10 ActiveX (Version: 10.2.153.1)
Adobe Reader 9.3.3 (Version: 9.3.3)
Advanced Audio FX Engine (Version: 1.12.05)
Apple Application Support (Version: 2.1.5)
Apple Mobile Device Support (Version: 4.0.0.96)
Apple Software Update (Version: 2.1.3.127)
ATI Catalyst Control Center (Version: 2.009.0908.2224)
Bonjour (Version: 3.0.0.10)
BPD_DSWizards (Version: 1.00.0000)
bpd_scan (Version: 3.00.0000)
BPDSoftware (Version: 50.0.165.000)
BPDSoftware_Ini (Version: 1.00.0000)
BufferChm (Version: 130.0.331.000)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2009.0908.2225.38429)
Catalyst Control Center Graphics Full Existing (Version: 2009.0908.2225.38429)
Catalyst Control Center Graphics Full New (Version: 2009.0908.2225.38429)
Catalyst Control Center Graphics Light (Version: 2009.0908.2225.38429)
Catalyst Control Center Graphics Previews Common (Version: 2009.0908.2225.38429)
Catalyst Control Center Graphics Previews Vista (Version: 2009.0908.2225.38429)
Catalyst Control Center InstallProxy (Version: 2009.0908.2225.38429)
Catalyst Control Center Localization All (Version: 2009.0908.2225.38429)
ccc-core-static (Version: 2009.0908.2225.38429)
ccc-utility64 (Version: 2009.0908.2225.38429)
CCC Help Chinese Standard (Version: 2009.0908.2224.38429)
CCC Help Chinese Traditional (Version: 2009.0908.2224.38429)
CCC Help Danish (Version: 2009.0908.2224.38429)
CCC Help Dutch (Version: 2009.0908.2224.38429)
CCC Help English (Version: 2009.0908.2224.38429)
CCC Help Finnish (Version: 2009.0908.2224.38429)
CCC Help French (Version: 2009.0908.2224.38429)
CCC Help German (Version: 2009.0908.2224.38429)
CCC Help Italian (Version: 2009.0908.2224.38429)
CCC Help Japanese (Version: 2009.0908.2224.38429)
CCC Help Korean (Version: 2009.0908.2224.38429)
CCC Help Norwegian (Version: 2009.0908.2224.38429)
CCC Help Portuguese (Version: 2009.0908.2224.38429)
CCC Help Russian (Version: 2009.0908.2224.38429)
CCC Help Spanish (Version: 2009.0908.2224.38429)
CCC Help Swedish (Version: 2009.0908.2224.38429)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Consumer In-Home Service Agreement (Version: 2.0.0)
Cozi (Version: 1.0.4323.24051)
Dell DataSafe Local Backup (Version: 9.4.45)
Dell Dock (Version: 2.0.0)
Dell Driver Download Manager (Version: 2.0.0.0)
Dell Edoc Viewer (Version: 1.0.0)
Dell Getting Started Guide (Version: 1.00.0000)
Dell Support Center (Support Software) (Version: 2.5.09100)
Dell Touchpad (Version: 14.0.2.0)
Dell Webcam Central (Version: 1.40.05)
Dell Wireless WLAN Card Utility (Version: 5.30.21.0)
Destinations (Version: 130.0.0.0)
DeviceDiscovery (Version: 130.0.465.000)
DocMgr (Version: 130.0.000.000)
DocProc (Version: 13.0.0.0)
Fax (Version: 130.0.418.000)
GoToAssist 8.0.0.514
GPBaseService2 (Version: 130.0.371.000)
HP Customer Participation Program 13.0 (Version: 13.0)
HP Document Manager 2.0 (Version: 2.0)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Smart Web Printing 4.51 (Version: 4.51)
HP Solution Center 13.0 (Version: 13.0)
HP Update (Version: 4.000.011.006)
HPProductAssistant (Version: 130.0.371.000)
HPSSupply (Version: 130.0.371.000)
iTunes (Version: 10.5.0.142)
Junk Mail filter update (Version: 14.0.8089.726)
Live! Cam Avatar Creator (Version: 4.6.3009.1)
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
MarketResearch (Version: 130.0.374.000)
McAfee SecurityCenter (Version: 10.5.195)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2007 Primary Interop Assemblies (Version: 12.0.4518.1014)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 4.1.10111.0)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.58299)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0)
MobileMe Control Panel (Version: 3.1.6.0)
Monopoly Here & Now Edition
MPM (Version: 1.00.0000)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
Network64 (Version: 130.0.579.000)
OCR Software by I.R.I.S. 13.0 (Version: 13.0)
Officejet Pro 8500 A909 Series (Version: 13.0)
Picasa 3 (Version: 3.8)
PowerDVD DX (Version: 8.3.5424)
ProductContext (Version: 50.0.165.000)
QuickBooks (Version: 21.0.4008.904)
QuickBooks Pro 2006 (Version: )
QuickBooks Pro 2011 (Version: 21.0.4008.904)
Quickset64 (Version: 9.6.11)
QuickTime (Version: 7.70.80.34)
Roxio Burn (Version: 1.01)
Scan (Version: 13.0.0.0)
Shop for HP Supplies (Version: 13.0)
Skins (Version: 2009.0908.2225.38429)
SmartWebPrinting (Version: 130.0.457.000)
SolutionCenter (Version: 130.0.373.000)
Sound Blaster X-Fi MB (Version: 1.0)
Status (Version: 130.0.469.000)
Toolbox (Version: 130.0.648.000)
TrayApp (Version: 130.0.422.000)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
WebReg (Version: 130.0.132.017)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Movie Maker (Version: 14.0.8091.0730)
Windows Live Photo Gallery (Version: 14.0.8081.709)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Toolbar (Version: 14.0.8064.206)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8089.0726)
Yahoo! Toolbar

========================= Memory info: ===================================

Percentage of memory in use: 30%
Total physical RAM: 3956.52 MB
Available physical RAM: 2755.01 MB
Total Pagefile: 7911.24 MB
Available Pagefile: 6446.46 MB
Total Virtual: 4095.88 MB
Available Virtual: 3969.84 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:219.89 GB) NTFS

========================= Users: ========================================

User accounts for \\HARTZOG

Administrator ASPNET Guest
Zog


**** End of log ****


Step 5. I was not able to connect to the Internet. It stated unidentified network (note: my office computer is able to connect to the Internet, so the problem is isolated to my computer). I did have MBAM already on my computer though (last updated on 02/17/12). I ran did a scan, here are the results...

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.17.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Zog :: HARTZOG [administrator]

Protection: Enabled

2/23/2012 8:08:45 PM
mbam-log-2012-02-23 (20-08-45).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 185464
Time elapsed: 2 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Thanks again for your help. Looking forward to your reply.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,440 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:54 PM

Posted 23 February 2012 - 10:33 PM

Hi, I see now its Win7

Try this
WIN7.. Please Download this file, Click Me
Right-click on winsockfix.bat and click on Run as Administrator.


You may need to rin this off a Flashdrive or CD if you still cannot connect..

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 dellvirushelp

dellvirushelp
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:54 PM

Posted 24 February 2012 - 08:44 AM

Hey boobme. Thanks for the quick reply. You are correct that I have been using another computer, and transferring information to and from the infected computer with a thumb drive. Here is a summary for you...

Step 1. Ran winsockfix.bat

Step 2. Rebooted

Step 3. Ran Farbar Service Scanner, and here are the results...

Farbar Service Scanner Version: 22-02-2012
Ran by Zog (administrator) on 24-02-2012 at 08:51:11
Running from "C:\Users\Zog\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error: Google IP is unreachable
Attempt to access Yahoo IP returend error: Yahoo IP is unreachable


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Please let me know what you think are the next steps.

Edited by dellvirushelp, 24 February 2012 - 08:52 AM.


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,440 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:54 PM

Posted 24 February 2012 - 11:56 AM

Ok,we need to run these and see how it is after.

Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.



Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
Click the "Scan" button to start scan:
Posted Image

On completion of the scan click "Save log", save it to your desktop and post in your next reply:
Posted Image

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 dellvirushelp

dellvirushelp
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:54 PM

Posted 25 February 2012 - 09:10 AM

Hey boopme. Here is a quick summary...

Step 1. Ran TDSS Killer. It did not seem to find anything, and I did not need to reboot. But it should be noted that I have used TDSSKiller before coming to you for help, and it did find and cure some issues on a previous run. Here are the contents of the Report file...

08:57:31.0336 4780 TDSS rootkit removing tool 2.7.14.0 Feb 22 2012 16:54:49
08:57:33.0348 4780 ============================================================
08:57:33.0348 4780 Current date / time: 2012/02/25 08:57:33.0348
08:57:33.0348 4780 SystemInfo:
08:57:33.0348 4780
08:57:33.0348 4780 OS Version: 6.1.7601 ServicePack: 1.0
08:57:33.0348 4780 Product type: Workstation
08:57:33.0348 4780 ComputerName: HARTZOG
08:57:33.0348 4780 UserName: Zog
08:57:33.0348 4780 Windows directory: C:\Windows
08:57:33.0348 4780 System windows directory: C:\Windows
08:57:33.0348 4780 Running under WOW64
08:57:33.0348 4780 Processor architecture: Intel x64
08:57:33.0348 4780 Number of processors: 4
08:57:33.0348 4780 Page size: 0x1000
08:57:33.0348 4780 Boot type: Normal boot
08:57:33.0348 4780 ============================================================
08:57:35.0236 4780 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:57:35.0236 4780 Drive \Device\Harddisk1\DR1 - Size: 0x1DE000000 (7.47 Gb), SectorSize: 0x200, Cylinders: 0x3CE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
08:57:35.0236 4780 \Device\Harddisk0\DR0:
08:57:35.0236 4780 MBR used
08:57:35.0236 4780 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x1D4C000
08:57:35.0236 4780 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D5F9C5, BlocksNum 0x236CE8EB
08:57:35.0236 4780 \Device\Harddisk1\DR1:
08:57:35.0236 4780 MBR used
08:57:35.0236 4780 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x800, BlocksNum 0xEEE000
08:57:35.0267 4780 Initialize success
08:57:35.0267 4780 ============================================================
08:57:44.0814 4048 ============================================================
08:57:44.0814 4048 Scan started
08:57:44.0814 4048 Mode: Manual;
08:57:44.0814 4048 ============================================================
08:57:47.0747 4048 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
08:57:47.0747 4048 1394ohci - ok
08:57:47.0840 4048 Acceler (c49c56b35bfc6cda8d1fdcad2885568f) C:\Windows\system32\DRIVERS\Acceler.sys
08:57:47.0887 4048 Acceler - ok
08:57:47.0965 4048 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
08:57:47.0965 4048 ACPI - ok
08:57:47.0996 4048 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
08:57:48.0043 4048 AcpiPmi - ok
08:57:48.0074 4048 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
08:57:48.0106 4048 adp94xx - ok
08:57:48.0137 4048 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
08:57:48.0152 4048 adpahci - ok
08:57:48.0184 4048 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
08:57:48.0199 4048 adpu320 - ok
08:57:48.0293 4048 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
08:57:48.0340 4048 AFD - ok
08:57:48.0371 4048 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
08:57:48.0371 4048 agp440 - ok
08:57:48.0449 4048 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
08:57:48.0449 4048 aliide - ok
08:57:48.0542 4048 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
08:57:48.0542 4048 amdide - ok
08:57:48.0636 4048 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
08:57:48.0652 4048 AmdK8 - ok
08:57:48.0683 4048 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
08:57:48.0698 4048 AmdPPM - ok
08:57:48.0776 4048 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
08:57:48.0823 4048 amdsata - ok
08:57:48.0870 4048 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
08:57:48.0870 4048 amdsbs - ok
08:57:48.0901 4048 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
08:57:48.0964 4048 amdxata - ok
08:57:49.0042 4048 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
08:57:49.0073 4048 AppID - ok
08:57:49.0151 4048 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
08:57:49.0166 4048 arc - ok
08:57:49.0182 4048 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
08:57:49.0198 4048 arcsas - ok
08:57:49.0260 4048 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
08:57:49.0260 4048 AsyncMac - ok
08:57:49.0307 4048 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
08:57:49.0307 4048 atapi - ok
08:57:49.0369 4048 AtiHdmiService (506934df94e3197f4a1bbe8fbeab0ccd) C:\Windows\system32\drivers\AtiHdmi.sys
08:57:49.0416 4048 AtiHdmiService - ok
08:57:49.0525 4048 atikmdag (c9f90fee4fdc829382b9130a92fb744c) C:\Windows\system32\DRIVERS\atikmdag.sys
08:57:49.0946 4048 atikmdag - ok
08:57:50.0040 4048 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
08:57:50.0071 4048 b06bdrv - ok
08:57:50.0134 4048 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
08:57:50.0149 4048 b57nd60a - ok
08:57:50.0196 4048 BCM42RLY (e001dd475a7c27ebe5a0db45c11bad71) C:\Windows\system32\drivers\BCM42RLY.sys
08:57:50.0243 4048 BCM42RLY - ok
08:57:50.0368 4048 BCM43XX (37394d3553e220fb732c21e217e1bd8b) C:\Windows\system32\DRIVERS\bcmwl664.sys
08:57:50.0383 4048 BCM43XX - ok
08:57:50.0461 4048 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
08:57:50.0477 4048 Beep - ok
08:57:50.0539 4048 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
08:57:50.0555 4048 blbdrive - ok
08:57:50.0648 4048 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
08:57:50.0695 4048 bowser - ok
08:57:50.0711 4048 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:57:50.0726 4048 BrFiltLo - ok
08:57:50.0742 4048 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:57:50.0742 4048 BrFiltUp - ok
08:57:50.0820 4048 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
08:57:50.0836 4048 BridgeMP - ok
08:57:50.0851 4048 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
08:57:50.0882 4048 Brserid - ok
08:57:50.0898 4048 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
08:57:50.0898 4048 BrSerWdm - ok
08:57:50.0929 4048 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
08:57:50.0929 4048 BrUsbMdm - ok
08:57:50.0945 4048 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
08:57:50.0960 4048 BrUsbSer - ok
08:57:51.0023 4048 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
08:57:51.0023 4048 BTHMODEM - ok
08:57:51.0085 4048 catchme - ok
08:57:51.0148 4048 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
08:57:51.0148 4048 cdfs - ok
08:57:51.0241 4048 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
08:57:51.0241 4048 cdrom - ok
08:57:51.0319 4048 cfwids (3b8a124d87ee9d229d1f07f518da9a4c) C:\Windows\system32\drivers\cfwids.sys
08:57:51.0366 4048 cfwids - ok
08:57:51.0382 4048 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
08:57:51.0382 4048 circlass - ok
08:57:51.0428 4048 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
08:57:51.0444 4048 CLFS - ok
08:57:51.0506 4048 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
08:57:51.0506 4048 CmBatt - ok
08:57:51.0553 4048 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
08:57:51.0553 4048 cmdide - ok
08:57:51.0600 4048 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
08:57:51.0647 4048 CNG - ok
08:57:51.0709 4048 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
08:57:51.0709 4048 Compbatt - ok
08:57:51.0787 4048 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
08:57:51.0834 4048 CompositeBus - ok
08:57:51.0896 4048 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
08:57:51.0896 4048 crcdisk - ok
08:57:52.0006 4048 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
08:57:52.0037 4048 CtClsFlt - ok
08:57:52.0084 4048 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
08:57:52.0115 4048 DfsC - ok
08:57:52.0130 4048 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
08:57:52.0130 4048 discache - ok
08:57:52.0193 4048 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
08:57:52.0208 4048 Disk - ok
08:57:52.0302 4048 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
08:57:52.0318 4048 Dot4 - ok
08:57:52.0364 4048 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
08:57:52.0427 4048 Dot4Print - ok
08:57:52.0474 4048 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
08:57:52.0489 4048 dot4usb - ok
08:57:52.0520 4048 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
08:57:52.0536 4048 drmkaud - ok
08:57:52.0598 4048 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
08:57:52.0661 4048 DXGKrnl - ok
08:57:52.0754 4048 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
08:57:52.0864 4048 ebdrv - ok
08:57:52.0926 4048 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
08:57:52.0957 4048 elxstor - ok
08:57:53.0004 4048 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
08:57:53.0004 4048 ErrDev - ok
08:57:53.0051 4048 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
08:57:53.0051 4048 exfat - ok
08:57:53.0082 4048 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
08:57:53.0098 4048 fastfat - ok
08:57:53.0129 4048 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
08:57:53.0144 4048 fdc - ok
08:57:53.0160 4048 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
08:57:53.0160 4048 FileInfo - ok
08:57:53.0191 4048 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
08:57:53.0191 4048 Filetrace - ok
08:57:53.0222 4048 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
08:57:53.0222 4048 flpydisk - ok
08:57:53.0254 4048 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
08:57:53.0269 4048 FltMgr - ok
08:57:53.0300 4048 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
08:57:53.0300 4048 FsDepends - ok
08:57:53.0332 4048 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
08:57:53.0332 4048 Fs_Rec - ok
08:57:53.0363 4048 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
08:57:53.0425 4048 fvevol - ok
08:57:53.0441 4048 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
08:57:53.0456 4048 gagp30kx - ok
08:57:53.0519 4048 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:57:53.0550 4048 GEARAspiWDM - ok
08:57:53.0628 4048 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
08:57:53.0628 4048 hcw85cir - ok
08:57:53.0706 4048 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
08:57:53.0706 4048 HDAudBus - ok
08:57:53.0768 4048 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
08:57:53.0815 4048 HECIx64 - ok
08:57:53.0846 4048 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
08:57:53.0846 4048 HidBatt - ok
08:57:53.0862 4048 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
08:57:53.0878 4048 HidBth - ok
08:57:53.0893 4048 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
08:57:53.0893 4048 HidIr - ok
08:57:53.0987 4048 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
08:57:54.0034 4048 HidUsb - ok
08:57:54.0143 4048 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
08:57:54.0190 4048 HpSAMD - ok
08:57:54.0236 4048 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
08:57:54.0314 4048 HTTP - ok
08:57:54.0346 4048 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
08:57:54.0377 4048 hwpolicy - ok
08:57:54.0455 4048 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
08:57:54.0470 4048 i8042prt - ok
08:57:54.0502 4048 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
08:57:54.0564 4048 iaStorV - ok
08:57:54.0658 4048 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
08:57:54.0658 4048 iirsp - ok
08:57:54.0689 4048 Impcd (4ff8a2082d78255d2eb169f986bcc981) C:\Windows\system32\DRIVERS\Impcd.sys
08:57:54.0736 4048 Impcd - ok
08:57:54.0782 4048 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
08:57:54.0782 4048 intelide - ok
08:57:54.0860 4048 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
08:57:54.0860 4048 intelppm - ok
08:57:54.0938 4048 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:57:54.0985 4048 IpFilterDriver - ok
08:57:55.0016 4048 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
08:57:55.0063 4048 IPMIDRV - ok
08:57:55.0094 4048 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
08:57:55.0110 4048 IPNAT - ok
08:57:55.0172 4048 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
08:57:55.0172 4048 IRENUM - ok
08:57:55.0204 4048 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
08:57:55.0204 4048 isapnp - ok
08:57:55.0250 4048 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
08:57:55.0313 4048 iScsiPrt - ok
08:57:55.0360 4048 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
08:57:55.0360 4048 kbdclass - ok
08:57:55.0422 4048 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
08:57:55.0469 4048 kbdhid - ok
08:57:55.0500 4048 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
08:57:55.0547 4048 KSecDD - ok
08:57:55.0578 4048 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
08:57:55.0625 4048 KSecPkg - ok
08:57:55.0656 4048 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
08:57:55.0656 4048 ksthunk - ok
08:57:55.0718 4048 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
08:57:55.0734 4048 lltdio - ok
08:57:55.0796 4048 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
08:57:55.0812 4048 LSI_FC - ok
08:57:55.0828 4048 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
08:57:55.0828 4048 LSI_SAS - ok
08:57:55.0843 4048 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:57:55.0859 4048 LSI_SAS2 - ok
08:57:55.0874 4048 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:57:55.0874 4048 LSI_SCSI - ok
08:57:55.0890 4048 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
08:57:55.0906 4048 luafv - ok
08:57:55.0984 4048 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
08:57:55.0984 4048 MBAMProtector - ok
08:57:56.0077 4048 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
08:57:56.0093 4048 megasas - ok
08:57:56.0108 4048 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
08:57:56.0140 4048 MegaSR - ok
08:57:56.0202 4048 mfeapfk (0d8a2ccd9fb7a18114ffa13bb681f362) C:\Windows\system32\drivers\mfeapfk.sys
08:57:56.0249 4048 mfeapfk - ok
08:57:56.0280 4048 mfeavfk (58e891f01db2b41ef1a1296fe63ed74c) C:\Windows\system32\drivers\mfeavfk.sys
08:57:56.0296 4048 mfeavfk - ok
08:57:56.0327 4048 mfeavfk01 - ok
08:57:56.0405 4048 mfefirek (74c4bf6c59a8a900c25ee892d3771f73) C:\Windows\system32\drivers\mfefirek.sys
08:57:56.0452 4048 mfefirek - ok
08:57:56.0498 4048 mfehidk (bcd060ddc1ea7d2f84e75d17c8e2c88c) C:\Windows\system32\drivers\mfehidk.sys
08:57:56.0530 4048 mfehidk - ok
08:57:56.0623 4048 mfenlfk (27f5b2b6261d018cbce0f2250d812be5) C:\Windows\system32\DRIVERS\mfenlfk.sys
08:57:56.0670 4048 mfenlfk - ok
08:57:56.0717 4048 mferkdet (537d31cf8d41222be5bfa56a5ec35ceb) C:\Windows\system32\drivers\mferkdet.sys
08:57:56.0764 4048 mferkdet - ok
08:57:56.0857 4048 mfewfpk (5c07cb165074c6114616d8473cdd0938) C:\Windows\system32\drivers\mfewfpk.sys
08:57:56.0888 4048 mfewfpk - ok
08:57:56.0920 4048 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
08:57:56.0935 4048 Modem - ok
08:57:56.0982 4048 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
08:57:56.0982 4048 monitor - ok
08:57:57.0060 4048 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
08:57:57.0060 4048 mouclass - ok
08:57:57.0122 4048 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
08:57:57.0122 4048 mouhid - ok
08:57:57.0154 4048 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
08:57:57.0185 4048 mountmgr - ok
08:57:57.0216 4048 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
08:57:57.0263 4048 mpio - ok
08:57:57.0294 4048 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
08:57:57.0310 4048 mpsdrv - ok
08:57:57.0341 4048 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
08:57:57.0388 4048 MRxDAV - ok
08:57:57.0419 4048 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:57:57.0466 4048 mrxsmb - ok
08:57:57.0497 4048 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:57:57.0528 4048 mrxsmb10 - ok
08:57:57.0559 4048 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:57:57.0590 4048 mrxsmb20 - ok
08:57:57.0622 4048 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
08:57:57.0668 4048 msahci - ok
08:57:57.0684 4048 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
08:57:57.0731 4048 msdsm - ok
08:57:57.0746 4048 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
08:57:57.0762 4048 Msfs - ok
08:57:57.0809 4048 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
08:57:57.0824 4048 mshidkmdf - ok
08:57:57.0840 4048 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
08:57:57.0856 4048 msisadrv - ok
08:57:57.0934 4048 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
08:57:57.0934 4048 MSKSSRV - ok
08:57:57.0965 4048 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
08:57:57.0980 4048 MSPCLOCK - ok
08:57:58.0012 4048 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
08:57:58.0012 4048 MSPQM - ok
08:57:58.0058 4048 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
08:57:58.0105 4048 MsRPC - ok
08:57:58.0121 4048 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
08:57:58.0121 4048 mssmbios - ok
08:57:58.0152 4048 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
08:57:58.0168 4048 MSTEE - ok
08:57:58.0183 4048 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
08:57:58.0199 4048 MTConfig - ok
08:57:58.0214 4048 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
08:57:58.0230 4048 Mup - ok
08:57:58.0324 4048 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
08:57:58.0339 4048 NativeWifiP - ok
08:57:58.0417 4048 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
08:57:58.0433 4048 NDIS - ok
08:57:58.0495 4048 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
08:57:58.0495 4048 NdisCap - ok
08:57:58.0526 4048 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
08:57:58.0526 4048 NdisTapi - ok
08:57:58.0604 4048 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
08:57:58.0636 4048 Ndisuio - ok
08:57:58.0682 4048 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
08:57:58.0714 4048 NdisWan - ok
08:57:58.0776 4048 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
08:57:58.0807 4048 NDProxy - ok
08:57:58.0854 4048 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
08:57:58.0870 4048 NetBIOS - ok
08:57:58.0901 4048 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
08:57:58.0932 4048 NetBT - ok
08:57:58.0994 4048 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
08:57:59.0010 4048 nfrd960 - ok
08:57:59.0041 4048 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
08:57:59.0041 4048 Npfs - ok
08:57:59.0057 4048 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
08:57:59.0072 4048 nsiproxy - ok
08:57:59.0150 4048 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
08:57:59.0260 4048 Ntfs - ok
08:57:59.0275 4048 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
08:57:59.0291 4048 Null - ok
08:57:59.0353 4048 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
08:57:59.0400 4048 nvraid - ok
08:57:59.0431 4048 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
08:57:59.0462 4048 nvstor - ok
08:57:59.0494 4048 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
08:57:59.0494 4048 nv_agp - ok
08:57:59.0540 4048 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
08:57:59.0540 4048 ohci1394 - ok
08:57:59.0618 4048 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
08:57:59.0665 4048 Parport - ok
08:57:59.0696 4048 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
08:57:59.0759 4048 partmgr - ok
08:57:59.0806 4048 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
08:57:59.0806 4048 pci - ok
08:57:59.0837 4048 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
08:57:59.0852 4048 pciide - ok
08:57:59.0884 4048 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
08:57:59.0899 4048 pcmcia - ok
08:57:59.0915 4048 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
08:57:59.0915 4048 pcw - ok
08:57:59.0962 4048 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
08:57:59.0993 4048 PEAUTH - ok
08:58:00.0118 4048 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
08:58:00.0149 4048 PptpMiniport - ok
08:58:00.0180 4048 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
08:58:00.0180 4048 Processor - ok
08:58:00.0258 4048 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
08:58:00.0305 4048 Psched - ok
08:58:00.0383 4048 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
08:58:00.0430 4048 PxHlpa64 - ok
08:58:00.0508 4048 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
08:58:00.0570 4048 ql2300 - ok
08:58:00.0601 4048 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
08:58:00.0617 4048 ql40xx - ok
08:58:00.0648 4048 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
08:58:00.0648 4048 QWAVEdrv - ok
08:58:00.0710 4048 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
08:58:00.0710 4048 RasAcd - ok
08:58:00.0757 4048 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
08:58:00.0757 4048 RasAgileVpn - ok
08:58:00.0804 4048 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:58:00.0851 4048 Rasl2tp - ok
08:58:00.0913 4048 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
08:58:00.0913 4048 RasPppoe - ok
08:58:00.0944 4048 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
08:58:00.0944 4048 RasSstp - ok
08:58:00.0991 4048 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
08:58:01.0022 4048 rdbss - ok
08:58:01.0038 4048 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
08:58:01.0054 4048 rdpbus - ok
08:58:01.0069 4048 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:58:01.0069 4048 RDPCDD - ok
08:58:01.0100 4048 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
08:58:01.0100 4048 RDPENCDD - ok
08:58:01.0132 4048 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
08:58:01.0132 4048 RDPREFMP - ok
08:58:01.0194 4048 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
08:58:01.0225 4048 RDPWD - ok
08:58:01.0303 4048 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
08:58:01.0350 4048 rdyboost - ok
08:58:01.0381 4048 rimmptsk (6faf5b04bedc66d300d9d233b2d222f0) C:\Windows\system32\DRIVERS\rimmpx64.sys
08:58:01.0428 4048 rimmptsk - ok
08:58:01.0490 4048 rimspci (e20b1907fc72a3664ece21e3c20fc63d) C:\Windows\system32\DRIVERS\rimspe64.sys
08:58:01.0522 4048 rimspci - ok
08:58:01.0553 4048 rimsptsk (67f50c31713106fd1b0f286f86aa2b2e) C:\Windows\system32\DRIVERS\rimspx64.sys
08:58:01.0584 4048 rimsptsk - ok
08:58:01.0615 4048 risdpcie (a6da2b0c8f5bb3f9f5423cff8d6a02d9) C:\Windows\system32\DRIVERS\risdpe64.sys
08:58:01.0646 4048 risdpcie - ok
08:58:01.0693 4048 rismxdp (4d7ef3d46346ec4c58784db964b365de) C:\Windows\system32\DRIVERS\rixdpx64.sys
08:58:01.0740 4048 rismxdp - ok
08:58:01.0771 4048 rixdpcie (6a1cd4674505e6791390a1ab71da1fbe) C:\Windows\system32\DRIVERS\rixdpe64.sys
08:58:01.0787 4048 rixdpcie - ok
08:58:01.0834 4048 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
08:58:01.0834 4048 rspndr - ok
08:58:01.0927 4048 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
08:58:01.0990 4048 RTL8167 - ok
08:58:02.0036 4048 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
08:58:02.0099 4048 sbp2port - ok
08:58:02.0130 4048 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
08:58:02.0177 4048 scfilter - ok
08:58:02.0239 4048 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
08:58:02.0255 4048 secdrv - ok
08:58:02.0317 4048 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
08:58:02.0317 4048 Serenum - ok
08:58:02.0333 4048 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
08:58:02.0333 4048 Serial - ok
08:58:02.0364 4048 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
08:58:02.0380 4048 sermouse - ok
08:58:02.0411 4048 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
08:58:02.0426 4048 sffdisk - ok
08:58:02.0442 4048 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
08:58:02.0458 4048 sffp_mmc - ok
08:58:02.0489 4048 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
08:58:02.0520 4048 sffp_sd - ok
08:58:02.0536 4048 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
08:58:02.0551 4048 sfloppy - ok
08:58:02.0645 4048 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:58:02.0645 4048 SiSRaid2 - ok
08:58:02.0660 4048 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
08:58:02.0676 4048 SiSRaid4 - ok
08:58:02.0723 4048 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
08:58:02.0738 4048 Smb - ok
08:58:02.0770 4048 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
08:58:02.0770 4048 spldr - ok
08:58:02.0848 4048 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
08:58:02.0879 4048 srv - ok
08:58:02.0910 4048 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
08:58:02.0957 4048 srv2 - ok
08:58:02.0988 4048 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
08:58:03.0019 4048 srvnet - ok
08:58:03.0113 4048 stdflt (c48e0745d33897c7a73394214f2b9b4f) C:\Windows\system32\DRIVERS\stdflt.sys
08:58:03.0160 4048 stdflt - ok
08:58:03.0191 4048 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
08:58:03.0191 4048 stexstor - ok
08:58:03.0284 4048 STHDA (2d7c3ca0fdb0f438671c89fa1804674f) C:\Windows\system32\DRIVERS\stwrt64.sys
08:58:03.0347 4048 STHDA - ok
08:58:03.0378 4048 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
08:58:03.0378 4048 swenum - ok
08:58:03.0456 4048 SynTP (639b57dc871be4b86283027faf1f4e30) C:\Windows\system32\DRIVERS\SynTP.sys
08:58:03.0503 4048 SynTP - ok
08:58:03.0612 4048 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
08:58:03.0752 4048 Tcpip - ok
08:58:03.0846 4048 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
08:58:03.0862 4048 TCPIP6 - ok
08:58:03.0908 4048 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
08:58:03.0940 4048 tcpipreg - ok
08:58:04.0002 4048 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
08:58:04.0018 4048 TDPIPE - ok
08:58:04.0033 4048 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
08:58:04.0033 4048 TDTCP - ok
08:58:04.0080 4048 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
08:58:04.0127 4048 tdx - ok
08:58:04.0158 4048 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
08:58:04.0174 4048 TermDD - ok
08:58:04.0236 4048 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:58:04.0252 4048 tssecsrv - ok
08:58:04.0345 4048 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
08:58:04.0392 4048 TsUsbFlt - ok
08:58:04.0470 4048 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
08:58:04.0501 4048 tunnel - ok
08:58:04.0532 4048 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
08:58:04.0532 4048 uagp35 - ok
08:58:04.0579 4048 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
08:58:04.0642 4048 udfs - ok
08:58:04.0688 4048 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
08:58:04.0704 4048 uliagpkx - ok
08:58:04.0766 4048 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
08:58:04.0798 4048 umbus - ok
08:58:04.0844 4048 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
08:58:04.0844 4048 UmPass - ok
08:58:04.0938 4048 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
08:58:04.0969 4048 USBAAPL64 - ok
08:58:05.0047 4048 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
08:58:05.0078 4048 usbccgp - ok
08:58:05.0141 4048 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
08:58:05.0141 4048 usbcir - ok
08:58:05.0172 4048 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
08:58:05.0203 4048 usbehci - ok
08:58:05.0266 4048 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
08:58:05.0297 4048 usbhub - ok
08:58:05.0328 4048 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
08:58:05.0359 4048 usbohci - ok
08:58:05.0390 4048 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
08:58:05.0390 4048 usbprint - ok
08:58:05.0468 4048 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
08:58:05.0468 4048 usbscan - ok
08:58:05.0515 4048 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
08:58:05.0546 4048 USBSTOR - ok
08:58:05.0593 4048 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
08:58:05.0624 4048 usbuhci - ok
08:58:05.0687 4048 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
08:58:05.0734 4048 usbvideo - ok
08:58:05.0765 4048 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
08:58:05.0780 4048 vdrvroot - ok
08:58:05.0812 4048 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
08:58:05.0812 4048 vga - ok
08:58:05.0844 4048 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
08:58:05.0844 4048 VgaSave - ok
08:58:05.0875 4048 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
08:58:05.0937 4048 vhdmp - ok
08:58:05.0969 4048 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
08:58:05.0984 4048 viaide - ok
08:58:06.0015 4048 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
08:58:06.0047 4048 volmgr - ok
08:58:06.0078 4048 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
08:58:06.0125 4048 volmgrx - ok
08:58:06.0156 4048 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
08:58:06.0234 4048 volsnap - ok
08:58:06.0281 4048 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
08:58:06.0296 4048 vsmraid - ok
08:58:06.0343 4048 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
08:58:06.0343 4048 vwifibus - ok
08:58:06.0405 4048 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
08:58:06.0405 4048 vwififlt - ok
08:58:06.0452 4048 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
08:58:06.0452 4048 WacomPen - ok
08:58:06.0483 4048 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:58:06.0515 4048 WANARP - ok
08:58:06.0515 4048 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:58:06.0515 4048 Wanarpv6 - ok
08:58:06.0577 4048 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
08:58:06.0593 4048 Wd - ok
08:58:06.0624 4048 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
08:58:06.0655 4048 Wdf01000 - ok
08:58:06.0733 4048 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
08:58:06.0749 4048 WfpLwf - ok
08:58:06.0780 4048 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
08:58:06.0827 4048 WimFltr - ok
08:58:06.0842 4048 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
08:58:06.0858 4048 WIMMount - ok
08:58:06.0951 4048 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
08:58:06.0983 4048 WinUsb - ok
08:58:07.0045 4048 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
08:58:07.0061 4048 WmiAcpi - ok
08:58:07.0107 4048 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
08:58:07.0107 4048 ws2ifsl - ok
08:58:07.0154 4048 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
08:58:07.0217 4048 WudfPf - ok
08:58:07.0279 4048 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:58:07.0310 4048 WUDFRd - ok
08:58:07.0341 4048 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
08:58:07.0419 4048 \Device\Harddisk0\DR0 - ok
08:58:07.0419 4048 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
08:58:07.0669 4048 \Device\Harddisk1\DR1 - ok
08:58:07.0685 4048 Boot (0x1200) (f80ba36281b72ae08c1e05f0b21ba570) \Device\Harddisk0\DR0\Partition0
08:58:07.0685 4048 \Device\Harddisk0\DR0\Partition0 - ok
08:58:07.0700 4048 Boot (0x1200) (3fc1fe9cdcaeb99286666fbfb940c826) \Device\Harddisk0\DR0\Partition1
08:58:07.0700 4048 \Device\Harddisk0\DR0\Partition1 - ok
08:58:07.0716 4048 Boot (0x1200) (b48c2cc6e58ca8b39a17af498013419e) \Device\Harddisk1\DR1\Partition0
08:58:07.0716 4048 \Device\Harddisk1\DR1\Partition0 - ok
08:58:07.0716 4048 ============================================================
08:58:07.0716 4048 Scan finished
08:58:07.0716 4048 ============================================================
08:58:07.0731 5048 Detected object count: 0
08:58:07.0731 5048 Actual detected object count: 0
08:58:40.0726 4152 Deinitialize success


Step 2. Ran aswMBR and here is a copy of the log...

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-02-25 09:00:06
-----------------------------
09:00:06.890 OS Version: Windows x64 6.1.7601 Service Pack 1
09:00:06.890 Number of processors: 4 586 0x2502
09:00:06.890 ComputerName: HARTZOG UserName: Zog
09:00:08.278 Initialize success
09:00:21.870 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:00:21.870 Disk 0 Vendor: ST9320423AS 0004SDM1 Size: 305245MB BusType: 11
09:00:21.886 Disk 0 MBR read successfully
09:00:21.901 Disk 0 MBR scan
09:00:21.901 Disk 0 Windows VISTA default MBR code
09:00:21.901 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
09:00:21.917 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 80325
09:00:21.933 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 290205 MB offset 30800325
09:00:21.948 Disk 0 scanning C:\Windows\system32\drivers
09:00:38.531 Service scanning
09:00:57.611 Modules scanning
09:00:57.611 Disk 0 trace - called modules:
09:00:57.642 ntoskrnl.exe CLASSPNP.SYS disk.sys stdflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
09:00:57.642 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c1a060]
09:00:57.658 3 CLASSPNP.SYS[fffff880019c843f] -> nt!IofCallDriver -> [0xfffffa8004aa7870]
09:00:57.658 5 stdflt.sys[fffff88001913a4a] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004932060]
09:00:57.673 Scan finished successfully
09:01:18.967 Disk 0 MBR has been saved successfully to "C:\Users\Zog\Desktop\MBR.dat"
09:01:18.983 The log file has been saved successfully to "C:\Users\Zog\Desktop\aswMBR.txt"


Thanks again for helping me out.

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,440 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:54 PM

Posted 25 February 2012 - 01:32 PM

Ok, this ia pribably an effect if running ComboFix. Having run ComboFix we need to see that and a DDS log.

Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
Skip the GMER step and instead post the ComboFix log you have.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,440 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:54 PM

Posted 26 February 2012 - 03:31 PM

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.

The current wait time is 1 - 3 days and ALL logs are answered.

To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users