Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Question: can the pc still have a virus after format and install


  • This topic is locked This topic is locked
27 replies to this topic

#1 Cassiopeia

Cassiopeia

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 30 July 2012 - 07:17 AM

After three days of working on the pc to find the virus, I decided to format and install. Its original OS is VISTA, so I used the disc that came with the pc. (Dell Inspiron 530)

The owner downloads from all sites for free games. No matter what I say, she knows best. :(

Last week, the pc would not boot. It would get to the desktop, then the blue screen of death would appear and shut down. (Not enough time to view the whole blue page before the pc shut down.)

A check of disc manager displayed one drive, but the information for format was "RAW" and the restore drive was not listed. If I clicked the drive, nothing. No further information was available; no actions were available.

I cannot locate my Vista disc and the pc owner didn't think she still had hers (she did), so I decided to boot into safe mode. It would. Upon getting to safe mode, I ran Malware-Bytes and McAfee. McAfee found 199 Trojans, but didn't do anything after that. Malware-bytes found Active-X problems, but couldn't repair 4 of them. I removed McAfee and installed Avast. Avast didn't find anything.

However, after running Avast, the pc booted to its regular mode. I was not able to get onto the internet. If IE was opened, the message about page cannot be displayed appeared. (I have a laptop I use for troubleshooting, so I know the internet connection worked.)

I ran backup on Vista to save the files. This morning, I installed Vista. After, I realized it had not asked me about formatting the hard drive. I went to bleepingcomputer.com and searched for format and install of Vista. I followed the instructions. When the thumb drive is attached to restore the settings and files, the process gets to 100 per cent, then reads that all data was unreadable.

PC is slower than an 8086. It can access the web. I can go to Dell.com and get the drivers for the pc. I was in the middle of doing that, when I noticed something odd about IE's behavior. When IE first opens, and if nothing is typed in the address bar, or if it takes to long to type into the address bar, IE is redirected. If IE is directed to a site to download an anti-virus, IE quits responding and has to be shut down. The redirection is a site dealing with relationships, but nothing is displayed.

I apologize for such a long post, but I want to be thorough.

Help?

:blink:

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:17 PM

Posted 04 August 2012 - 07:20 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/463079 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Cassiopeia

Cassiopeia
  • Topic Starter

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 04 August 2012 - 07:39 PM

The OS is Windows Vista 32 Bit.

Yes, the original CD is available.

DDS:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6001.18000
Run by Beau at 20:18:24 on 2012-08-04
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.2036.1222 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{8AE08224-9867-4DE1-819E-162793EB8A03} : DhcpNameServer = 192.168.1.254
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2012-2-22 464304]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-7-30 151912]
R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2008-1-20 987648]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2008-1-20 251904]
S2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-7-30 214904]
.
=============== Created Last 30 ================
.
2012-07-30 20:18:26 -------- d-----w- c:\users\beau\appdata\roaming\McAfee
2012-07-30 20:14:44 -------- d-----w- c:\program files\common files\Mcafee
2012-07-30 20:14:43 -------- d-----w- c:\program files\McAfee.com
2012-07-30 20:14:42 -------- d-----w- c:\program files\McAfee
2012-07-30 20:06:58 151912 ----a-w- c:\windows\system32\mfevtps.exe
2012-07-30 19:54:41 -------- d-----w- c:\windows\pss
2012-07-30 19:50:27 -------- d-----w- c:\programdata\AVAST Software
2012-07-30 19:50:27 -------- d-----w- c:\program files\AVAST Software
2012-07-30 14:38:19 -------- d-----w- c:\windows\Panther
2012-07-30 14:38:03 -------- d-sh--w- C:\Boot
2012-07-30 14:37:46 -------- d-----w- c:\windows\system32\OEM
2012-07-30 11:31:21 -------- d-sh--w- c:\windows\Installer
2012-07-30 11:31:19 39288 ----a-w- c:\windows\system32\NicInE6.dll
2012-07-30 11:31:19 28536 ----a-w- c:\windows\system32\NicCo6.dll
2012-07-30 11:31:19 228224 ----a-w- c:\windows\system32\drivers\e1e6032.sys
2012-07-30 11:31:19 154496 ----a-w- c:\windows\system32\Prounstl.exe
2012-07-30 11:31:18 179048 ----a-w- c:\windows\system32\e1000msg.dll
2012-07-30 11:19:11 920088 ----a-w- c:\windows\system32\igxpun.exe
2012-07-30 11:19:11 319456 ----a-w- c:\windows\system32\difxapi.dll
2012-07-30 11:19:11 -------- d-----w- c:\windows\system32\Lang
2012-07-30 10:48:46 -------- d-----w- c:\users\beau\appdata\local\MigWiz
.
==================== Find3M ====================
.
.
============= FINISH: 20:18:40.73 ===============


ARK.txt

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-08-04 20:32:26
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdePort0 Hitachi_HDP725025GLA380 rev.GM2OA5BA
Running: 869rqkfq.exe; Driver: C:\Users\Beau\AppData\Local\Temp\kxldqpog.sys


---- Kernel code sections - GMER 1.0.15 ----

? C:\Users\Beau\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\mfevtps.exe[388] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [00E4A4D0] C:\Windows\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\Windows\system32\mfevtps.exe[388] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [00E4A530] C:\Windows\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:17 PM

Posted 05 August 2012 - 09:16 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Lets start with these scans.

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#5 Cassiopeia

Cassiopeia
  • Topic Starter

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 05 August 2012 - 07:26 PM

tdsskiller:

20:03:22.0921 3108 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
20:03:22.0952 3108 ============================================================
20:03:22.0952 3108 Current date / time: 2012/08/05 20:03:22.0952
20:03:22.0952 3108 SystemInfo:
20:03:22.0952 3108
20:03:22.0952 3108 OS Version: 6.0.6001 ServicePack: 1.0
20:03:22.0952 3108 Product type: Workstation
20:03:22.0952 3108 ComputerName: BEAU-PC
20:03:22.0952 3108 UserName: Beau
20:03:22.0952 3108 Windows directory: C:\Windows
20:03:22.0952 3108 System windows directory: C:\Windows
20:03:22.0952 3108 Processor architecture: Intel x86
20:03:22.0952 3108 Number of processors: 1
20:03:22.0952 3108 Page size: 0x1000
20:03:22.0952 3108 Boot type: Normal boot
20:03:22.0952 3108 ============================================================
20:03:23.0810 3108 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:03:23.0810 3108 Drive \Device\Harddisk1\DR1 - Size: 0xF0D89000 (3.76 Gb), SectorSize: 0x200, Cylinders: 0x1EB, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:03:23.0810 3108 ============================================================
20:03:23.0810 3108 \Device\Harddisk0\DR0:
20:03:23.0810 3108 MBR partitions:
20:03:23.0810 3108 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
20:03:23.0810 3108 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x1B448CA2
20:03:23.0810 3108 \Device\Harddisk1\DR1:
20:03:23.0810 3108 MBR partitions:
20:03:23.0810 3108 ============================================================
20:03:23.0872 3108 C: <-> \Device\Harddisk0\DR0\Partition1
20:03:23.0935 3108 D: <-> \Device\Harddisk0\DR0\Partition0
20:03:23.0935 3108 ============================================================
20:03:23.0935 3108 Initialize success
20:03:23.0935 3108 ============================================================
20:03:37.0616 1068 ============================================================
20:03:37.0616 1068 Scan started
20:03:37.0616 1068 Mode: Manual;
20:03:37.0616 1068 ============================================================
20:03:40.0486 1068 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
20:03:40.0486 1068 ACPI - ok
20:03:40.0518 1068 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
20:03:40.0533 1068 adp94xx - ok
20:03:40.0564 1068 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
20:03:40.0564 1068 adpahci - ok
20:03:40.0580 1068 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
20:03:40.0580 1068 adpu160m - ok
20:03:40.0611 1068 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
20:03:40.0611 1068 adpu320 - ok
20:03:40.0642 1068 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
20:03:40.0642 1068 AeLookupSvc - ok
20:03:40.0658 1068 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
20:03:40.0674 1068 AFD - ok
20:03:40.0689 1068 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
20:03:40.0689 1068 agp440 - ok
20:03:40.0720 1068 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
20:03:40.0720 1068 aic78xx - ok
20:03:40.0736 1068 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
20:03:40.0736 1068 ALG - ok
20:03:40.0752 1068 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
20:03:40.0752 1068 aliide - ok
20:03:40.0752 1068 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
20:03:40.0767 1068 amdagp - ok
20:03:40.0767 1068 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
20:03:40.0767 1068 amdide - ok
20:03:40.0783 1068 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
20:03:40.0798 1068 AmdK7 - ok
20:03:40.0814 1068 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
20:03:40.0814 1068 AmdK8 - ok
20:03:40.0861 1068 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
20:03:40.0861 1068 Appinfo - ok
20:03:40.0876 1068 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
20:03:40.0876 1068 arc - ok
20:03:40.0908 1068 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
20:03:40.0908 1068 arcsas - ok
20:03:40.0923 1068 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
20:03:40.0923 1068 AsyncMac - ok
20:03:40.0954 1068 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
20:03:40.0954 1068 atapi - ok
20:03:40.0986 1068 AudioEndpointBuilder (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
20:03:41.0001 1068 AudioEndpointBuilder - ok
20:03:41.0001 1068 Audiosrv (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
20:03:41.0001 1068 Audiosrv - ok
20:03:41.0032 1068 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
20:03:41.0032 1068 Beep - ok
20:03:41.0064 1068 BFE (8582e233c346aefe759833e8a30dd697) C:\Windows\System32\bfe.dll
20:03:41.0064 1068 BFE - ok
20:03:41.0126 1068 BITS (02ed7b4dbc2a3232a389106da7515c3d) C:\Windows\System32\qmgr.dll
20:03:41.0142 1068 BITS - ok
20:03:41.0173 1068 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
20:03:41.0173 1068 blbdrive - ok
20:03:41.0204 1068 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
20:03:41.0204 1068 bowser - ok
20:03:41.0220 1068 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
20:03:41.0220 1068 BrFiltLo - ok
20:03:41.0235 1068 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
20:03:41.0235 1068 BrFiltUp - ok
20:03:41.0251 1068 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
20:03:41.0251 1068 Browser - ok
20:03:41.0282 1068 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
20:03:41.0282 1068 Brserid - ok
20:03:41.0298 1068 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
20:03:41.0298 1068 BrSerWdm - ok
20:03:41.0298 1068 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
20:03:41.0298 1068 BrUsbMdm - ok
20:03:41.0313 1068 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
20:03:41.0313 1068 BrUsbSer - ok
20:03:41.0329 1068 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
20:03:41.0329 1068 BTHMODEM - ok
20:03:41.0344 1068 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
20:03:41.0344 1068 cdfs - ok
20:03:41.0360 1068 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
20:03:41.0360 1068 cdrom - ok
20:03:41.0407 1068 CertPropSvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
20:03:41.0407 1068 CertPropSvc - ok
20:03:41.0422 1068 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
20:03:41.0422 1068 circlass - ok
20:03:41.0469 1068 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
20:03:41.0469 1068 CLFS - ok
20:03:41.0734 1068 clr_optimization_v2.0.50727_32 (a4af4201bd519971f8f34724f3ca9dbb) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:03:41.0734 1068 clr_optimization_v2.0.50727_32 - ok
20:03:41.0766 1068 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
20:03:41.0766 1068 cmdide - ok
20:03:41.0781 1068 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
20:03:41.0781 1068 Compbatt - ok
20:03:41.0797 1068 COMSysApp - ok
20:03:41.0797 1068 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
20:03:41.0797 1068 crcdisk - ok
20:03:41.0812 1068 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
20:03:41.0812 1068 Crusoe - ok
20:03:41.0859 1068 CryptSvc (6de363f9f99334514c46aec02d3e3678) C:\Windows\system32\cryptsvc.dll
20:03:41.0859 1068 CryptSvc - ok
20:03:41.0922 1068 DcomLaunch (33fb1f0193ee2051067441492d56113c) C:\Windows\system32\rpcss.dll
20:03:41.0937 1068 DcomLaunch - ok
20:03:41.0968 1068 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
20:03:41.0984 1068 DfsC - ok
20:03:42.0093 1068 DFSR (fa3463f25f9cc9c3bcf1e7912feff099) C:\Windows\system32\DFSR.exe
20:03:42.0124 1068 DFSR - ok
20:03:42.0514 1068 Dhcp (43a988a9c10333476cb5fb667cbd629d) C:\Windows\System32\dhcpcsvc.dll
20:03:42.0514 1068 Dhcp - ok
20:03:42.0624 1068 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
20:03:42.0624 1068 disk - ok
20:03:42.0702 1068 Dnscache (f5a0f1da1ed8b429597e71d27d976e31) C:\Windows\System32\dnsrslvr.dll
20:03:42.0702 1068 Dnscache - ok
20:03:42.0733 1068 dot3svc (5af620a08c614e24206b79e8153cf1a8) C:\Windows\System32\dot3svc.dll
20:03:42.0733 1068 dot3svc - ok
20:03:42.0795 1068 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
20:03:42.0795 1068 DPS - ok
20:03:42.0826 1068 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
20:03:42.0826 1068 drmkaud - ok
20:03:42.0873 1068 DXGKrnl (f8bf50a8d862f8cc089080bec509bca6) C:\Windows\System32\drivers\dxgkrnl.sys
20:03:42.0873 1068 DXGKrnl - ok
20:03:42.0904 1068 e1express (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys
20:03:42.0904 1068 e1express - ok
20:03:42.0936 1068 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
20:03:42.0951 1068 E1G60 - ok
20:03:42.0967 1068 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
20:03:42.0967 1068 EapHost - ok
20:03:42.0998 1068 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
20:03:42.0998 1068 Ecache - ok
20:03:43.0045 1068 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
20:03:43.0045 1068 elxstor - ok
20:03:43.0076 1068 EMDMgmt (ba4e96d951ddad6ac3af3c91d4ac68bf) C:\Windows\system32\emdmgmt.dll
20:03:43.0092 1068 EMDMgmt - ok
20:03:43.0107 1068 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
20:03:43.0107 1068 ErrDev - ok
20:03:43.0123 1068 EventSystem (f4bf4fa769db51b106d2b4b35256988b) C:\Windows\system32\es.dll
20:03:43.0138 1068 EventSystem - ok
20:03:43.0154 1068 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
20:03:43.0154 1068 exfat - ok
20:03:43.0170 1068 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
20:03:43.0170 1068 fastfat - ok
20:03:43.0185 1068 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
20:03:43.0185 1068 fdc - ok
20:03:43.0216 1068 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
20:03:43.0232 1068 fdPHost - ok
20:03:43.0232 1068 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
20:03:43.0232 1068 FDResPub - ok
20:03:43.0248 1068 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
20:03:43.0248 1068 FileInfo - ok
20:03:43.0263 1068 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
20:03:43.0263 1068 Filetrace - ok
20:03:43.0279 1068 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
20:03:43.0279 1068 flpydisk - ok
20:03:43.0310 1068 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
20:03:43.0310 1068 FltMgr - ok
20:03:43.0372 1068 FontCache3.0.0.0 (993883524aa9cf1c90e1545411a9ac9c) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:03:43.0372 1068 FontCache3.0.0.0 - ok
20:03:43.0388 1068 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
20:03:43.0388 1068 Fs_Rec - ok
20:03:43.0419 1068 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
20:03:43.0435 1068 gagp30kx - ok
20:03:43.0669 1068 gpsvc (d9f1113d9401185245573350712f92fc) C:\Windows\System32\gpsvc.dll
20:03:43.0684 1068 gpsvc - ok
20:03:43.0731 1068 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
20:03:43.0731 1068 HdAudAddService - ok
20:03:43.0762 1068 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:03:43.0762 1068 HDAudBus - ok
20:03:43.0762 1068 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
20:03:43.0762 1068 HidBth - ok
20:03:43.0778 1068 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
20:03:43.0778 1068 HidIr - ok
20:03:43.0794 1068 hidserv (8fa640195279ace21bea91396a0054fc) C:\Windows\system32\hidserv.dll
20:03:43.0809 1068 hidserv - ok
20:03:43.0809 1068 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
20:03:43.0809 1068 HidUsb - ok
20:03:43.0825 1068 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
20:03:43.0840 1068 hkmsvc - ok
20:03:43.0840 1068 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
20:03:43.0840 1068 HpCISSs - ok
20:03:43.0872 1068 HTTP (406c027c18e98a396faa1963dad5ff70) C:\Windows\system32\drivers\HTTP.sys
20:03:43.0872 1068 HTTP - ok
20:03:43.0887 1068 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
20:03:43.0887 1068 i2omp - ok
20:03:43.0918 1068 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
20:03:43.0918 1068 i8042prt - ok
20:03:43.0965 1068 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
20:03:43.0965 1068 iaStorV - ok
20:03:44.0074 1068 idsvc (e7cc3aeaed9893a88876744cd439f76c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:03:44.0090 1068 idsvc - ok
20:03:44.0230 1068 igfx (bbace0293b73bf8c7cb591f2d06f26fa) C:\Windows\system32\DRIVERS\igdkmd32.sys
20:03:44.0262 1068 igfx - ok
20:03:44.0823 1068 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
20:03:44.0823 1068 iirsp - ok
20:03:44.0964 1068 IKEEXT (a3bc480a2bf8aa8e4dabd2d5dce0afac) C:\Windows\System32\ikeext.dll
20:03:44.0964 1068 IKEEXT - ok
20:03:45.0042 1068 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
20:03:45.0042 1068 intelide - ok
20:03:45.0057 1068 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
20:03:45.0073 1068 intelppm - ok
20:03:45.0104 1068 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
20:03:45.0104 1068 IPBusEnum - ok
20:03:45.0120 1068 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:03:45.0120 1068 IpFilterDriver - ok
20:03:45.0135 1068 iphlpsvc (cad416b8a4309b5e1ce75425381e7d2f) C:\Windows\System32\iphlpsvc.dll
20:03:45.0135 1068 iphlpsvc - ok
20:03:45.0151 1068 IpInIp - ok
20:03:45.0166 1068 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
20:03:45.0166 1068 IPMIDRV - ok
20:03:45.0166 1068 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
20:03:45.0182 1068 IPNAT - ok
20:03:45.0198 1068 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
20:03:45.0198 1068 IRENUM - ok
20:03:45.0213 1068 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
20:03:45.0213 1068 isapnp - ok
20:03:45.0244 1068 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
20:03:45.0244 1068 iScsiPrt - ok
20:03:45.0260 1068 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
20:03:45.0260 1068 iteatapi - ok
20:03:45.0260 1068 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
20:03:45.0276 1068 iteraid - ok
20:03:45.0276 1068 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
20:03:45.0276 1068 kbdclass - ok
20:03:45.0291 1068 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
20:03:45.0291 1068 kbdhid - ok
20:03:45.0307 1068 KeyIso (dcf733788c7d088d814e5f80eb4b3e0f) C:\Windows\system32\lsass.exe
20:03:45.0307 1068 KeyIso - ok
20:03:45.0338 1068 KSecDD (5367dc846cae9639b899bfd13b97a8c9) C:\Windows\system32\Drivers\ksecdd.sys
20:03:45.0354 1068 KSecDD - ok
20:03:45.0385 1068 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
20:03:45.0385 1068 KtmRm - ok
20:03:45.0416 1068 LanmanServer (05ce901a4472b3fbf9407c94ad1db693) C:\Windows\system32\srvsvc.dll
20:03:45.0432 1068 LanmanServer - ok
20:03:45.0478 1068 LanmanWorkstation (dec1a338b86c5d582c25c40836dd76c3) C:\Windows\System32\wkssvc.dll
20:03:45.0478 1068 LanmanWorkstation - ok
20:03:45.0510 1068 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
20:03:45.0510 1068 lltdio - ok
20:03:45.0541 1068 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
20:03:45.0541 1068 lltdsvc - ok
20:03:45.0556 1068 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
20:03:45.0556 1068 lmhosts - ok
20:03:45.0572 1068 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
20:03:45.0588 1068 LSI_FC - ok
20:03:45.0603 1068 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
20:03:45.0603 1068 LSI_SAS - ok
20:03:45.0619 1068 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
20:03:45.0634 1068 LSI_SCSI - ok
20:03:45.0634 1068 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
20:03:45.0634 1068 luafv - ok
20:03:45.0900 1068 McNASvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
20:03:45.0946 1068 McNASvc - ok
20:03:45.0962 1068 McProxy (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
20:03:45.0962 1068 McProxy - ok
20:03:45.0993 1068 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
20:03:45.0993 1068 megasas - ok
20:03:46.0024 1068 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
20:03:46.0024 1068 MegaSR - ok
20:03:46.0180 1068 mfehidk (d1e998748ba24a731106611d535c6bbf) C:\Windows\system32\drivers\mfehidk.sys
20:03:46.0180 1068 mfehidk - ok
20:03:46.0212 1068 mfevtp (2b8dfc60edddaa33eb5e9f7c91b48acd) C:\Windows\system32\mfevtps.exe
20:03:46.0212 1068 mfevtp - ok
20:03:46.0243 1068 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
20:03:46.0243 1068 MMCSS - ok
20:03:46.0274 1068 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
20:03:46.0274 1068 Modem - ok
20:03:46.0305 1068 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
20:03:46.0305 1068 monitor - ok
20:03:46.0321 1068 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
20:03:46.0321 1068 mouclass - ok
20:03:46.0321 1068 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
20:03:46.0321 1068 mouhid - ok
20:03:46.0336 1068 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
20:03:46.0336 1068 MountMgr - ok
20:03:46.0368 1068 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
20:03:46.0368 1068 mpio - ok
20:03:46.0383 1068 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
20:03:46.0383 1068 mpsdrv - ok
20:03:46.0414 1068 MpsSvc (d1639ba315b0d79dec49a4b0e1fb929b) C:\Windows\system32\mpssvc.dll
20:03:46.0414 1068 MpsSvc - ok
20:03:46.0430 1068 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
20:03:46.0430 1068 Mraid35x - ok
20:03:46.0446 1068 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
20:03:46.0446 1068 MRxDAV - ok
20:03:46.0461 1068 mrxsmb (c4ad205530888404e2b5fc8d9319b119) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:03:46.0461 1068 mrxsmb - ok
20:03:46.0477 1068 mrxsmb10 (67e55ced3fc143c82a8197988bfc1f9a) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:03:46.0492 1068 mrxsmb10 - ok
20:03:46.0492 1068 mrxsmb20 (3268b8c3fa92bfc086355c39b45e9cc9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:03:46.0492 1068 mrxsmb20 - ok
20:03:46.0508 1068 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
20:03:46.0508 1068 msahci - ok
20:03:46.0524 1068 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
20:03:46.0524 1068 msdsm - ok
20:03:46.0555 1068 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
20:03:46.0555 1068 MSDTC - ok
20:03:46.0586 1068 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
20:03:46.0586 1068 Msfs - ok
20:03:46.0602 1068 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
20:03:46.0602 1068 msisadrv - ok
20:03:46.0617 1068 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
20:03:46.0633 1068 MSiSCSI - ok
20:03:46.0633 1068 msiserver - ok
20:03:46.0664 1068 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
20:03:46.0664 1068 MSKSSRV - ok
20:03:46.0680 1068 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
20:03:46.0680 1068 MSPCLOCK - ok
20:03:46.0695 1068 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
20:03:46.0695 1068 MSPQM - ok
20:03:46.0695 1068 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
20:03:46.0711 1068 MsRPC - ok
20:03:46.0726 1068 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
20:03:46.0726 1068 mssmbios - ok
20:03:46.0726 1068 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
20:03:46.0726 1068 MSTEE - ok
20:03:46.0742 1068 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
20:03:46.0742 1068 Mup - ok
20:03:46.0789 1068 napagent (c43b25863fbd65b6d2a142af3ae320ca) C:\Windows\system32\qagentRT.dll
20:03:46.0789 1068 napagent - ok
20:03:46.0820 1068 NativeWifiP (dd721f8635191132992e7ceaa3c43c84) C:\Windows\system32\DRIVERS\nwifi.sys
20:03:46.0820 1068 NativeWifiP - ok
20:03:46.0867 1068 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
20:03:46.0867 1068 NDIS - ok
20:03:46.0929 1068 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
20:03:46.0929 1068 NdisTapi - ok
20:03:46.0929 1068 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
20:03:46.0929 1068 Ndisuio - ok
20:03:46.0945 1068 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
20:03:46.0960 1068 NdisWan - ok
20:03:46.0960 1068 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
20:03:46.0960 1068 NDProxy - ok
20:03:47.0007 1068 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
20:03:47.0007 1068 NetBIOS - ok
20:03:47.0023 1068 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
20:03:47.0023 1068 netbt - ok
20:03:47.0054 1068 Netlogon (dcf733788c7d088d814e5f80eb4b3e0f) C:\Windows\system32\lsass.exe
20:03:47.0054 1068 Netlogon - ok
20:03:47.0101 1068 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
20:03:47.0101 1068 Netman - ok
20:03:47.0132 1068 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
20:03:47.0132 1068 netprofm - ok
20:03:47.0210 1068 NetTcpPortSharing (f9102685f97f9ba85f4a70afcf722cfe) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:03:47.0210 1068 NetTcpPortSharing - ok
20:03:47.0226 1068 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
20:03:47.0226 1068 nfrd960 - ok
20:03:47.0257 1068 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
20:03:47.0257 1068 NlaSvc - ok
20:03:47.0272 1068 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
20:03:47.0272 1068 Npfs - ok
20:03:47.0288 1068 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
20:03:47.0288 1068 nsi - ok
20:03:47.0304 1068 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
20:03:47.0304 1068 nsiproxy - ok
20:03:47.0366 1068 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
20:03:47.0382 1068 Ntfs - ok
20:03:47.0382 1068 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
20:03:47.0382 1068 ntrigdigi - ok
20:03:47.0397 1068 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
20:03:47.0397 1068 Null - ok
20:03:47.0413 1068 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
20:03:47.0413 1068 nvraid - ok
20:03:47.0444 1068 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
20:03:47.0444 1068 nvstor - ok
20:03:47.0460 1068 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
20:03:47.0460 1068 nv_agp - ok
20:03:47.0475 1068 NwlnkFlt - ok
20:03:47.0491 1068 NwlnkFwd - ok
20:03:47.0491 1068 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
20:03:47.0491 1068 ohci1394 - ok
20:03:47.0538 1068 p2pimsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
20:03:47.0553 1068 p2pimsvc - ok
20:03:47.0569 1068 p2psvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
20:03:47.0569 1068 p2psvc - ok
20:03:47.0584 1068 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
20:03:47.0584 1068 Parport - ok
20:03:47.0600 1068 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
20:03:47.0600 1068 partmgr - ok
20:03:47.0616 1068 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
20:03:47.0616 1068 Parvdm - ok
20:03:47.0631 1068 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
20:03:47.0631 1068 PcaSvc - ok
20:03:47.0647 1068 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
20:03:47.0662 1068 pci - ok
20:03:47.0678 1068 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
20:03:47.0678 1068 pciide - ok
20:03:47.0694 1068 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
20:03:47.0694 1068 pcmcia - ok
20:03:47.0740 1068 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
20:03:47.0756 1068 PEAUTH - ok
20:03:47.0865 1068 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
20:03:47.0896 1068 pla - ok
20:03:48.0099 1068 PlugPlay (78f975cb6d18265be6f492edb2d7bc7b) C:\Windows\system32\umpnpmgr.dll
20:03:48.0099 1068 PlugPlay - ok
20:03:48.0146 1068 PNRPAutoReg (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
20:03:48.0162 1068 PNRPAutoReg - ok
20:03:48.0162 1068 PNRPsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
20:03:48.0177 1068 PNRPsvc - ok
20:03:48.0208 1068 PolicyAgent (017fb87911583b00da1581f07cb7e7f2) C:\Windows\System32\ipsecsvc.dll
20:03:48.0208 1068 PolicyAgent - ok
20:03:48.0302 1068 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
20:03:48.0318 1068 PptpMiniport - ok
20:03:48.0318 1068 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
20:03:48.0333 1068 Processor - ok
20:03:48.0364 1068 ProfSvc (b627e4fc8585e8843c5905d4d3587a90) C:\Windows\system32\profsvc.dll
20:03:48.0364 1068 ProfSvc - ok
20:03:48.0396 1068 ProtectedStorage (dcf733788c7d088d814e5f80eb4b3e0f) C:\Windows\system32\lsass.exe
20:03:48.0396 1068 ProtectedStorage - ok
20:03:48.0411 1068 PSched (a114cfe308c24b8235b03cfdffe11e99) C:\Windows\system32\DRIVERS\pacer.sys
20:03:48.0411 1068 PSched - ok
20:03:48.0505 1068 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
20:03:48.0520 1068 ql2300 - ok
20:03:48.0520 1068 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
20:03:48.0520 1068 ql40xx - ok
20:03:48.0567 1068 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
20:03:48.0567 1068 QWAVE - ok
20:03:48.0583 1068 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
20:03:48.0583 1068 QWAVEdrv - ok
20:03:48.0583 1068 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
20:03:48.0583 1068 RasAcd - ok
20:03:48.0614 1068 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
20:03:48.0614 1068 RasAuto - ok
20:03:48.0692 1068 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:03:48.0692 1068 Rasl2tp - ok
20:03:48.0723 1068 RasMan (6e7c284fc5c4ec07ad164d93810385a6) C:\Windows\System32\rasmans.dll
20:03:48.0723 1068 RasMan - ok
20:03:48.0754 1068 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
20:03:48.0754 1068 RasPppoe - ok
20:03:48.0770 1068 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
20:03:48.0770 1068 RasSstp - ok
20:03:48.0786 1068 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
20:03:48.0786 1068 rdbss - ok
20:03:48.0801 1068 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:03:48.0801 1068 RDPCDD - ok
20:03:48.0832 1068 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
20:03:48.0832 1068 rdpdr - ok
20:03:48.0848 1068 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
20:03:48.0848 1068 RDPENCDD - ok
20:03:48.0864 1068 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
20:03:48.0864 1068 RDPWD - ok
20:03:48.0895 1068 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
20:03:48.0895 1068 RemoteAccess - ok
20:03:48.0942 1068 RemoteRegistry (cc4e32400f3c7253400cf8f3f3a0b676) C:\Windows\system32\regsvc.dll
20:03:48.0942 1068 RemoteRegistry - ok
20:03:48.0957 1068 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
20:03:48.0957 1068 RpcLocator - ok
20:03:48.0988 1068 RpcSs (33fb1f0193ee2051067441492d56113c) C:\Windows\system32\rpcss.dll
20:03:49.0004 1068 RpcSs - ok
20:03:49.0035 1068 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
20:03:49.0051 1068 rspndr - ok
20:03:49.0082 1068 SamSs (dcf733788c7d088d814e5f80eb4b3e0f) C:\Windows\system32\lsass.exe
20:03:49.0082 1068 SamSs - ok
20:03:49.0082 1068 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
20:03:49.0098 1068 sbp2port - ok
20:03:49.0160 1068 SCardSvr (11387e32642269c7e62e8b52c060b3c6) C:\Windows\System32\SCardSvr.dll
20:03:49.0160 1068 SCardSvr - ok
20:03:49.0207 1068 Schedule (1d5e99db3c10f4fa034010dc49043ca4) C:\Windows\system32\schedsvc.dll
20:03:49.0222 1068 Schedule - ok
20:03:49.0254 1068 SCPolicySvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
20:03:49.0254 1068 SCPolicySvc - ok
20:03:49.0285 1068 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
20:03:49.0285 1068 SDRSVC - ok
20:03:49.0316 1068 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:03:49.0316 1068 secdrv - ok
20:03:49.0347 1068 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
20:03:49.0347 1068 seclogon - ok
20:03:49.0363 1068 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
20:03:49.0363 1068 SENS - ok
20:03:49.0378 1068 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
20:03:49.0378 1068 Serenum - ok
20:03:49.0378 1068 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
20:03:49.0394 1068 Serial - ok
20:03:49.0394 1068 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
20:03:49.0394 1068 sermouse - ok
20:03:49.0425 1068 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
20:03:49.0441 1068 SessionEnv - ok
20:03:49.0456 1068 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
20:03:49.0456 1068 sffdisk - ok
20:03:49.0488 1068 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
20:03:49.0488 1068 sffp_mmc - ok
20:03:49.0566 1068 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
20:03:49.0566 1068 sffp_sd - ok
20:03:49.0581 1068 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
20:03:49.0581 1068 sfloppy - ok
20:03:49.0612 1068 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
20:03:49.0612 1068 SharedAccess - ok
20:03:49.0644 1068 ShellHWDetection (27f10f348e508243f6254846f8370d0d) C:\Windows\System32\shsvcs.dll
20:03:49.0659 1068 ShellHWDetection - ok
20:03:49.0690 1068 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
20:03:49.0690 1068 sisagp - ok
20:03:49.0706 1068 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
20:03:49.0706 1068 SiSRaid2 - ok
20:03:49.0722 1068 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
20:03:49.0722 1068 SiSRaid4 - ok
20:03:51.0562 1068 slsvc (0ba91e1358ad25236863039bb2609a2e) C:\Windows\system32\SLsvc.exe
20:03:51.0625 1068 slsvc - ok
20:03:52.0623 1068 SLUINotify (7c6dc44ca0bfa6291629ab764200d1d4) C:\Windows\system32\SLUINotify.dll
20:03:52.0623 1068 SLUINotify - ok
20:03:52.0842 1068 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
20:03:52.0842 1068 Smb - ok
20:03:52.0873 1068 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
20:03:52.0873 1068 SNMPTRAP - ok
20:03:52.0888 1068 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
20:03:52.0888 1068 spldr - ok
20:03:52.0920 1068 Spooler (846cdf9a3cf4da9b306adfb7d55ee4c2) C:\Windows\System32\spoolsv.exe
20:03:52.0935 1068 Spooler - ok
20:03:52.0951 1068 srv (3d7c04aba41ac96ba7e9d123ec8f7fa3) C:\Windows\system32\DRIVERS\srv.sys
20:03:52.0951 1068 srv - ok
20:03:52.0966 1068 srv2 (805fac010405ad3f82ef8df0bb035d81) C:\Windows\system32\DRIVERS\srv2.sys
20:03:52.0966 1068 srv2 - ok
20:03:52.0982 1068 srvnet (f63a0a58aafe34d7a1a0a74abccdd9c0) C:\Windows\system32\DRIVERS\srvnet.sys
20:03:52.0982 1068 srvnet - ok
20:03:53.0013 1068 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
20:03:53.0013 1068 SSDPSRV - ok
20:03:53.0060 1068 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
20:03:53.0060 1068 SstpSvc - ok
20:03:53.0091 1068 stisvc (7dd08a597bc56051f320da0baf69e389) C:\Windows\System32\wiaservc.dll
20:03:53.0091 1068 stisvc - ok
20:03:53.0107 1068 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
20:03:53.0107 1068 swenum - ok
20:03:53.0169 1068 swprv (b36c7cdb86f7f7a8e884479219766950) C:\Windows\System32\swprv.dll
20:03:53.0169 1068 swprv - ok
20:03:53.0200 1068 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
20:03:53.0200 1068 Symc8xx - ok
20:03:53.0200 1068 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
20:03:53.0216 1068 Sym_hi - ok
20:03:53.0216 1068 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
20:03:53.0216 1068 Sym_u3 - ok
20:03:53.0263 1068 SysMain (8710a92d0024b03b5fb9540df1f71f1d) C:\Windows\system32\sysmain.dll
20:03:53.0294 1068 SysMain - ok
20:03:53.0310 1068 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
20:03:53.0325 1068 TabletInputService - ok
20:03:53.0341 1068 TapiSrv (680916bb09ee0f3a6aca7c274b0d633f) C:\Windows\System32\tapisrv.dll
20:03:53.0356 1068 TapiSrv - ok
20:03:53.0372 1068 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
20:03:53.0372 1068 TBS - ok
20:03:53.0450 1068 Tcpip (fc6e2835d667774d409c7c7021eaf9c4) C:\Windows\system32\drivers\tcpip.sys
20:03:53.0466 1068 Tcpip - ok
20:03:53.0481 1068 Tcpip6 (fc6e2835d667774d409c7c7021eaf9c4) C:\Windows\system32\DRIVERS\tcpip.sys
20:03:53.0481 1068 Tcpip6 - ok
20:03:53.0497 1068 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
20:03:53.0497 1068 tcpipreg - ok
20:03:53.0512 1068 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
20:03:53.0512 1068 TDPIPE - ok
20:03:53.0528 1068 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
20:03:53.0528 1068 TDTCP - ok
20:03:53.0544 1068 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
20:03:53.0544 1068 tdx - ok
20:03:53.0544 1068 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
20:03:53.0559 1068 TermDD - ok
20:03:53.0590 1068 TermService (d605031e225aaccbceb5b76a4f1603a6) C:\Windows\System32\termsrv.dll
20:03:53.0590 1068 TermService - ok
20:03:53.0668 1068 Themes (27f10f348e508243f6254846f8370d0d) C:\Windows\system32\shsvcs.dll
20:03:53.0684 1068 Themes - ok
20:03:53.0746 1068 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
20:03:53.0746 1068 THREADORDER - ok
20:03:53.0778 1068 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
20:03:53.0793 1068 TrkWks - ok
20:03:53.0824 1068 TrustedInstaller (16613a1bad034d4ecf957af18b7c2ff5) C:\Windows\servicing\TrustedInstaller.exe
20:03:53.0824 1068 TrustedInstaller - ok
20:03:53.0840 1068 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:03:53.0840 1068 tssecsrv - ok
20:03:53.0871 1068 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
20:03:53.0871 1068 tunmp - ok
20:03:53.0887 1068 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
20:03:53.0887 1068 tunnel - ok
20:03:53.0902 1068 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
20:03:53.0902 1068 uagp35 - ok
20:03:53.0934 1068 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
20:03:53.0934 1068 udfs - ok
20:03:53.0965 1068 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
20:03:53.0980 1068 UI0Detect - ok
20:03:53.0996 1068 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
20:03:53.0996 1068 uliagpkx - ok
20:03:54.0012 1068 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
20:03:54.0012 1068 uliahci - ok
20:03:54.0027 1068 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
20:03:54.0027 1068 UlSata - ok
20:03:54.0043 1068 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
20:03:54.0043 1068 ulsata2 - ok
20:03:54.0058 1068 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
20:03:54.0058 1068 umbus - ok
20:03:54.0090 1068 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
20:03:54.0090 1068 upnphost - ok
20:03:54.0105 1068 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
20:03:54.0105 1068 usbccgp - ok
20:03:54.0121 1068 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
20:03:54.0121 1068 usbcir - ok
20:03:54.0152 1068 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
20:03:54.0152 1068 usbehci - ok
20:03:54.0168 1068 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
20:03:54.0183 1068 usbhub - ok
20:03:54.0183 1068 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
20:03:54.0183 1068 usbohci - ok
20:03:54.0199 1068 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
20:03:54.0199 1068 usbprint - ok
20:03:54.0230 1068 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:03:54.0230 1068 USBSTOR - ok
20:03:54.0246 1068 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
20:03:54.0246 1068 usbuhci - ok
20:03:54.0277 1068 UxSms (032a0acc3909ae7215d524e29d536797) C:\Windows\System32\uxsms.dll
20:03:54.0277 1068 UxSms - ok
20:03:54.0589 1068 vds (b13bc395b9d6116628f5af47e0802ac4) C:\Windows\System32\vds.exe
20:03:54.0604 1068 vds - ok
20:03:54.0636 1068 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
20:03:54.0636 1068 vga - ok
20:03:54.0651 1068 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
20:03:54.0651 1068 VgaSave - ok
20:03:54.0667 1068 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
20:03:54.0667 1068 viaagp - ok
20:03:54.0682 1068 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
20:03:54.0682 1068 ViaC7 - ok
20:03:54.0698 1068 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
20:03:54.0698 1068 viaide - ok
20:03:54.0698 1068 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
20:03:54.0698 1068 volmgr - ok
20:03:54.0729 1068 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
20:03:54.0729 1068 volmgrx - ok
20:03:54.0760 1068 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
20:03:54.0760 1068 volsnap - ok
20:03:54.0885 1068 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
20:03:54.0885 1068 vsmraid - ok
20:03:54.0948 1068 VSS (d5fb73d19c46ade183f968e13f186b23) C:\Windows\system32\vssvc.exe
20:03:54.0963 1068 VSS - ok
20:03:55.0010 1068 VSTHWBS2 (c466021d31ff6c0a6069d12299d80c0b) C:\Windows\system32\DRIVERS\VSTBS23.SYS
20:03:55.0010 1068 VSTHWBS2 - ok
20:03:55.0072 1068 VST_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
20:03:55.0072 1068 VST_DPV - ok
20:03:55.0119 1068 W32Time (1cf9206966a8458cda9a8b20df8ab7d3) C:\Windows\system32\w32time.dll
20:03:55.0119 1068 W32Time - ok
20:03:55.0150 1068 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
20:03:55.0150 1068 WacomPen - ok
20:03:55.0166 1068 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:03:55.0166 1068 Wanarp - ok
20:03:55.0166 1068 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:03:55.0182 1068 Wanarpv6 - ok
20:03:55.0197 1068 wcncsvc (f3a5c2e1a6533192b070d06ecf6be796) C:\Windows\System32\wcncsvc.dll
20:03:55.0213 1068 wcncsvc - ok
20:03:55.0228 1068 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
20:03:55.0228 1068 WcsPlugInService - ok
20:03:55.0244 1068 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
20:03:55.0244 1068 Wd - ok
20:03:55.0275 1068 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
20:03:55.0291 1068 Wdf01000 - ok
20:03:55.0322 1068 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
20:03:55.0322 1068 WdiServiceHost - ok
20:03:55.0338 1068 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
20:03:55.0338 1068 WdiSystemHost - ok
20:03:55.0369 1068 WebClient (cf9a5f41789b642db967021de06a2713) C:\Windows\System32\webclnt.dll
20:03:55.0369 1068 WebClient - ok
20:03:55.0384 1068 Wecsvc (905214925a88311fce52f66153de7610) C:\Windows\system32\wecsvc.dll
20:03:55.0384 1068 Wecsvc - ok
20:03:55.0416 1068 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
20:03:55.0416 1068 wercplsupport - ok
20:03:55.0431 1068 WerSvc (4081288554294f144e5a7d4ee20e3ce6) C:\Windows\System32\WerSvc.dll
20:03:55.0431 1068 WerSvc - ok
20:03:55.0509 1068 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
20:03:55.0509 1068 winachsf - ok
20:03:55.0572 1068 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
20:03:55.0572 1068 WinDefend - ok
20:03:55.0587 1068 WinHttpAutoProxySvc - ok
20:03:55.0728 1068 Winmgmt (00b79a7c984678f24cf052e5beb3a2f5) C:\Windows\system32\wbem\WMIsvc.dll
20:03:55.0728 1068 Winmgmt - ok
20:03:55.0790 1068 WinRM (20fc93fdc916843cfdfcaa7a1b0db16f) C:\Windows\system32\WsmSvc.dll
20:03:55.0790 1068 WinRM - ok
20:03:55.0852 1068 Wlansvc (4b40ff01db5357299dcbdb5a5746ad21) C:\Windows\System32\wlansvc.dll
20:03:55.0868 1068 Wlansvc - ok
20:03:55.0962 1068 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
20:03:55.0962 1068 WmiAcpi - ok
20:03:56.0086 1068 wmiApSrv (aba4cf9f856d9a3a25f4ddd7690a6e9d) C:\Windows\system32\wbem\WmiApSrv.exe
20:03:56.0086 1068 wmiApSrv - ok
20:03:56.0164 1068 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
20:03:56.0180 1068 WMPNetworkSvc - ok
20:03:56.0211 1068 WPCSvc (5d94cd167751294962ba238d82dd1bb8) C:\Windows\System32\wpcsvc.dll
20:03:56.0211 1068 WPCSvc - ok
20:03:56.0227 1068 WPDBusEnum (396d406292b0cd26e3504ffe82784702) C:\Windows\system32\wpdbusenum.dll
20:03:56.0227 1068 WPDBusEnum - ok
20:03:56.0320 1068 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
20:03:56.0320 1068 ws2ifsl - ok
20:03:56.0367 1068 wscsvc (683dd16b590372f2c9661d277f35e49c) C:\Windows\System32\wscsvc.dll
20:03:56.0367 1068 wscsvc - ok
20:03:56.0383 1068 WSearch - ok
20:03:56.0445 1068 wuauserv (d79538b67fa641e986855def651e78fe) C:\Windows\system32\wuaueng.dll
20:03:56.0476 1068 wuauserv - ok
20:03:56.0742 1068 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:03:56.0742 1068 WUDFRd - ok
20:03:56.0773 1068 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
20:03:56.0773 1068 wudfsvc - ok
20:03:56.0804 1068 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
20:03:56.0866 1068 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
20:03:56.0866 1068 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
20:03:56.0882 1068 MBR (0x1B8) (36fe278f98d1a88ed381295cc11f18ab) \Device\Harddisk1\DR1
20:04:03.0028 1068 \Device\Harddisk1\DR1 - ok
20:04:03.0060 1068 Boot (0x1200) (3c44ab004a7c8419f01c8d1b00308e67) \Device\Harddisk0\DR0\Partition0
20:04:03.0075 1068 \Device\Harddisk0\DR0\Partition0 - ok
20:04:03.0091 1068 Boot (0x1200) (d7e34cd3480cd5eb5caece49084a9edd) \Device\Harddisk0\DR0\Partition1
20:04:03.0106 1068 \Device\Harddisk0\DR0\Partition1 - ok
20:04:03.0106 1068 ============================================================
20:04:03.0106 1068 Scan finished
20:04:03.0106 1068 ============================================================
20:04:03.0122 3020 Detected object count: 1
20:04:03.0122 3020 Actual detected object count: 1
20:04:39.0439 3020 \Device\Harddisk0\DR0\# - copied to quarantine
20:04:39.0439 3020 \Device\Harddisk0\DR0 - copied to quarantine
20:04:39.0501 3020 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
20:04:39.0501 3020 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
20:04:39.0517 3020 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
20:04:39.0517 3020 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
20:04:39.0517 3020 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
20:04:39.0517 3020 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
20:04:39.0532 3020 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
20:04:39.0532 3020 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
20:04:39.0532 3020 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
20:04:39.0532 3020 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
20:04:39.0532 3020 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
20:04:39.0532 3020 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
20:04:39.0532 3020 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
20:04:39.0610 3020 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
20:04:39.0610 3020 \Device\Harddisk0\DR0 - ok
20:04:39.0610 3020 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
20:04:43.0994 3104 Deinitialize success

aswMBR

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-05 20:13:46
-----------------------------
20:13:46.917 OS Version: Windows 6.0.6001 Service Pack 1
20:13:46.917 Number of processors: 1 586 0x1601
20:13:46.932 ComputerName: BEAU-PC UserName: Beau
20:13:47.650 Initialize success
20:14:14.596 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:14:14.596 Disk 0 Vendor: Hitachi_HDP725025GLA380 GM2OA5BA Size: 238418MB BusType: 3
20:14:14.612 Disk 0 MBR read successfully
20:14:14.612 Disk 0 MBR scan
20:14:14.628 Disk 0 Windows VISTA default MBR code
20:14:14.628 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
20:14:14.643 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15000 MB offset 81920
20:14:14.659 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 223377 MB offset 30801920
20:14:14.659 Disk 0 scanning sectors +488279202
20:14:14.721 Disk 0 scanning C:\Windows\system32\drivers
20:14:17.373 Service scanning
20:14:31.195 Modules scanning
20:14:37.669 Disk 0 trace - called modules:
20:14:37.700 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
20:14:38.199 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84c70588]
20:14:38.199 3 CLASSPNP.SYS[879a5745] -> nt!IofCallDriver -> [0x83c601e0]
20:14:38.215 5 acpi.sys[806a06a0] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x83c648a8]
20:14:38.230 Scan finished successfully
20:14:59.680 Disk 0 MBR has been saved successfully to "F:\MBR.dat"
20:14:59.696 The log file has been saved successfully to "F:\aswMBR.txt"


Thank the Lord for thumb drives. Is there any possibility I could be infecting my troubleshooting computer by transferring the information requested from the infected computer to my troubleshooting computer in order to upload it to the forum?

I cannot use the infected computer to go online. I am constantly redirected. I attempted to use the forum via the infected pc, only to be redirected even after tdsskiller.

Thanks for your assistance.

By the way, upon reboot after running tdsskiller, as required by tdsskiller, windows itself had to reboot in order to effect the changes. In essence, I had to reboot twice: once for tdsskiller and once for windows.

Attached Files

  • Attached File  MBR.zip   571bytes   0 downloads

Edited by Cassiopeia, 05 August 2012 - 07:43 PM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:17 PM

Posted 06 August 2012 - 06:54 AM

Is there any possibility I could be infecting my troubleshooting computer by transferring the information requested from the infected computer to my troubleshooting computer in order to upload it to the forum?


It's always possible. But what I see so far is a Virus nor a worm.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
==============

p.s.
Try to run this ComboFix tool in normal mode.

If not in Safe mode with Internet connection.

#7 Cassiopeia

Cassiopeia
  • Topic Starter

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 06 August 2012 - 04:16 PM

Internet Explorer is still redirecting to: http://www.msn.com/?ocid=iehp&fb_xd_fragment#xd_sig=f2a2ed1430c8e1&xd_action=proxy_ready&data&xd_rel=parent.parent&relation=parent.parent&xd_origin=http%3A%2F%2Fstatic.ak.facebook.com

Combofix.txt

ComboFix 12-08-05.02 - Beau 08/06/2012 17:05:28.1.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.2036.1238 [GMT -4:00]
Running from: c:\users\Beau\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-06 to 2012-08-06 )))))))))))))))))))))))))))))))
.
.
2012-08-06 21:09 . 2012-08-06 21:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-06 00:04 . 2012-08-06 00:04 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-30 20:14 . 2012-08-05 00:11 -------- d-----w- c:\program files\Common Files\Mcafee
2012-07-30 20:14 . 2012-07-30 20:18 -------- d-----w- c:\program files\McAfee
2012-07-30 20:06 . 2012-05-25 21:13 151912 ----a-w- c:\windows\system32\mfevtps.exe
2012-07-30 20:06 . 2012-07-30 20:18 -------- d-----w- c:\programdata\McAfee
2012-07-30 19:50 . 2012-07-30 20:20 -------- d-----w- c:\programdata\AVAST Software
2012-07-30 19:50 . 2012-07-30 20:20 -------- d-----w- c:\program files\AVAST Software
2012-07-30 14:38 . 2012-07-30 13:43 -------- d-----w- c:\windows\Panther
2012-07-30 14:38 . 2012-07-30 14:38 -------- d-----w- C:\Boot
2012-07-30 14:37 . 2012-07-30 14:37 -------- d-----w- c:\windows\system32\OEM
2012-07-30 13:44 . 2012-07-30 11:10 -------- d-----w- c:\windows\Debug
2012-07-30 11:32 . 2012-07-30 11:32 -------- d-----w- c:\program files\Intel
2012-07-30 11:31 . 2012-07-30 11:32 -------- d-sh--w- c:\windows\Installer
2012-07-30 11:31 . 2007-04-13 17:22 228224 ----a-w- c:\windows\system32\drivers\e1e6032.sys
2012-07-30 11:31 . 2007-04-12 15:47 154496 ----a-w- c:\windows\system32\Prounstl.exe
2012-07-30 11:31 . 2007-03-07 20:20 39288 ----a-w- c:\windows\system32\NicInE6.dll
2012-07-30 11:31 . 2007-03-07 16:35 28536 ----a-w- c:\windows\system32\NicCo6.dll
2012-07-30 11:31 . 2007-01-17 19:59 179048 ----a-w- c:\windows\system32\e1000msg.dll
2012-07-30 11:19 . 2012-07-30 11:19 -------- d-----w- c:\windows\system32\Lang
2012-07-30 11:19 . 2007-09-02 02:19 920088 ----a-w- c:\windows\system32\igxpun.exe
2012-07-30 11:19 . 2006-11-10 20:25 319456 ----a-w- c:\windows\system32\difxapi.dll
2012-07-30 10:46 . 2012-07-30 20:15 -------- d-----w- c:\users\Beau
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-02 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-02 129560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 95888103
*Deregistered* - 95888103
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 192.168.1.254
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-06 17:09
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-08-06 17:11:18
ComboFix-quarantined-files.txt 2012-08-06 21:11
.
Pre-Run: 221,656,285,184 bytes free
Post-Run: 221,768,257,536 bytes free
.
- - End Of File - - 945224EFF3E8FA9310C7CA84A3946A1C

#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:17 PM

Posted 07 August 2012 - 07:04 AM

Please download MiniToolBox to Desktop and run it.

Check mark the following boxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
Click Go and copy/paste the log (Result.txt) into your next post.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

Please post the log for my review.

#9 Cassiopeia

Cassiopeia
  • Topic Starter

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 07 August 2012 - 07:18 AM

minitool box

MiniToolBox by Farbar Version: 23-07-2012
Ran by Beau (administrator) on 07-08-2012 at 08:16:38
Microsoft® Windows Vista™ Home Basic Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost


**** End of log ****

Clicking on AdwCleaner results in Parse error: syntax error, unexpected '=', expecting '(' in /homez.383/generalcm/www/includes/framework.php on line 42. at URL http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner

#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:17 PM

Posted 07 August 2012 - 09:04 AM

Delete your current version of Adwcleaner

Download from this site and run it.
http://destrio5.free.fr/Telechargement_CCM/adwcleaner.exe

Post the log if you can.

Are you still having the same issue?

#11 Cassiopeia

Cassiopeia
  • Topic Starter

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 07 August 2012 - 02:52 PM

I did not have any version of adwCleaner because it would not download.

The only issue the pc appears to have now is the redirection of IE. Firefox does not redirect, but it's a new download and install.


# AdwCleaner v1.701 - Logfile created 08/07/2012 at 15:50:25
# Updated 02/07/2012 by Xplode
# Operating system : Windows Vista ™ Home Basic Service Pack 1 (32 bits)
# User : Beau - BEAU-PC
# Running from : C:\Users\Beau\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Registre - GUID] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.6001.18000

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Users\Beau\AppData\Roaming\Mozilla\Firefox\Profiles\3dql1cxw.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [712 octets] - [07/08/2012 15:50:25]

########## EOF - C:\AdwCleaner[R1].txt - [839 octets] ##########

Also, when I use easy transfer to return the old settings and photographs, the pc reads 100 per cent of the file then reports an error of not being able to read the file. I need those photos.

Edited by Cassiopeia, 07 August 2012 - 02:53 PM.


#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:17 PM

Posted 08 August 2012 - 07:27 AM

Go Posted Image > run box and type cmd and hit OK
type
ipconfig /flushdns <-- (The space between g and / is needed) press the Enter key.

repeat with
ipconfig /renew

Then type Exit, hit the Enter key
*/*

Launch Notepad, and copy/paste all the blue instructions below to it.
Save in: Desktop
File Name: fixme.reg
Save as Type: All files
Click: Save

REGEDIT4

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains]


Then, disconnect from the Internet!
Next,
Back on the Desktop, double-click on the fixme.reg file you just saved and click on Yes when asked to merge the information.

On a Vista or Windows 7 operating system right click on the fixme.reg file and run as Administrator.

Optional if the following programs are in your computer.
Note that since the Domains are deleted SpywareBlaster protection must be re-enabled. Spybot's Immunize feature must be used again, also you have to re-install IE-SpyAd if installed.
===

If your computer is connected to a router it might just be that it's infected, execute this.

How to Reset a Router Back to the Factory Default Settings
http://www.ehow.com/how_2110924_reset-back-factory-default-settings.html

Then, please reconfigure it back to your preferred setting.. Below is the list of default username and password, should you don't know it ;)

http://www.routerpasswords.com/
http://www.phenoelit-us.org/dpl/dpl.html
===

Reset for Linksys, Netgear, D-Link and Belkin Routers
http://www.techsupportforum.com/2763-reset-for-linksys-netgear-d-link-and-belkin-routers/

How to Secure Your Wireless Router
http://www.ehow.com/how_2253625_secure-wireless-router.html
===

Also, when I use easy transfer to return the old settings and photographs, the pc reads 100 per cent of the file then reports an error of not being able to read the file. I need those photos.

Nothing was changed by the tools we used. It may be caused by some bad download.
Let see what the situation is after we have stopped these redirection.

#13 Cassiopeia

Cassiopeia
  • Topic Starter

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 11 August 2012 - 07:35 AM

I don't know why there is information about a router, this pc is not connected to one.

While I waited for a response, I ran hijack this! I removed the redirect using it. I still followed all the directions in the last reply.

So far, no more redirect.

The windows easy transfer still will not complete using the files saved on the thumb drive.

Thanks for all your help getting rid of the other problems. The files I am restoring are all her photos and she really has no other way of retrieving them.

Cass

#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:17 PM

Posted 11 August 2012 - 09:40 AM

Please run the DDS tool again.

The scan will also create this Attach.txt log I would also like to see the content.
Please post it for my review, do not attach the file.

#15 Cassiopeia

Cassiopeia
  • Topic Starter

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 13 August 2012 - 06:18 AM

Here are the results. The file mentions McAfee, but that was removed before the format and install. Avast replaced it. McAfee has not been on the pc since it was formatted and installed. I am ready to take out the dam hard drive, place it in an external case, and use a different pc to wipe it!

Attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume3
Install Date: 7/30/2012 9:42:30 AM
System Uptime: 8/11/2012 6:20:37 PM (37 hours ago)
.
Motherboard: Dell Inc. | | 0RY007
Processor: Intel® Celeron® CPU 450 @ 2.20GHz | Socket 775 | 2194/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 218 GiB total, 196.541 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 14.543 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP11: 8/6/2012 7:49:56 AM - Scheduled Checkpoint
RP12: 8/6/2012 5:20:56 PM - avast! Free Antivirus Setup
RP13: 8/7/2012 8:40:47 AM - Installed Dell Resource CD.
RP14: 8/7/2012 8:42:43 AM - Device Driver Package Install: Intel System devices
RP15: 8/7/2012 8:43:04 AM - Device Driver Package Install: Intel IDE ATA/ATAPI controllers
RP16: 8/7/2012 8:44:55 AM - Device Driver Package Install: Intel System devices
RP17: 8/7/2012 8:51:38 AM - Device Driver Package Install: Realtek Semiconductor Corp. Sound, video and game controllers
RP18: 8/7/2012 8:54:57 AM - Device Driver Package Install: Conexant Modems
RP19: 8/7/2012 9:38:31 AM - Device Driver Package Install: Intel Corporation Display adapters
RP20: 8/10/2012 11:04:06 AM - Scheduled Checkpoint
RP21: 8/10/2012 7:11:54 PM - Windows Update
RP22: 8/11/2012 9:57:55 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Ad-Aware Antivirus
Ad-Aware Browsing Protection
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
avast! Free Antivirus
Conexant D850 PCI V.92 Modem
Dell Resource CD
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections 12.1.11.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 14.0.1 (x86 en-US)
PowerDVD
Realtek High Definition Audio Driver
Recover My Files
.
==== Event Viewer Messages From Past Week ========
.
8/7/2012 8:44:15 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.
8/7/2012 8:38:43 AM, Error: EventLog [6008] - The previous system shutdown at 8:37:08 AM on 8/7/2012 was unexpected.
8/7/2012 4:28:24 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\C:\Users\Beau\AppData\Local\Microsoft\Windows\UsrClass.dat' was corrupted and it has been recovered. Some data might have been lost.
8/6/2012 6:15:16 AM, Error: Service Control Manager [7003] - The McAfee Network Agent service depends the following service: mfefire. This service might not be installed.
8/6/2012 6:14:55 AM, Error: Service Control Manager [7003] - The McAfee Proxy Service service depends the following service: mfefire. This service might not be installed.
8/6/2012 5:05:21 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
8/6/2012 4:56:14 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.64 for the Network Card with network address 00219B258D38 has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).
8/10/2012 5:51:16 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
.
==== End Of File ===========================






DDS:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6001.18000
Run by Beau at 7:25:39 on 2012-08-13
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.2036.1303 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Lavasoft Ad-Aware *Disabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
SP: Lavasoft Ad-Aware *Disabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\AERTSrv.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_268_ActiveX.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://msn.com/
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Ad-Aware Antivirus] "c:\program files\ad-aware antivirus\AdAwareLauncher" --windows-run
mRun: [Ad-Aware Browsing Protection] "c:\programdata\ad-aware browsing protection\adawarebp.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{8AE08224-9867-4DE1-819E-162793EB8A03} : DhcpNameServer = 192.168.1.254
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\beau\appdata\roaming\mozilla\firefox\profiles\3dql1cxw.default\
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2012-2-22 464304]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-8-6 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-8-6 353688]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-10-26 101112]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2012-8-7 81920]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-8-6 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-8-6 57656]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-8-6 44808]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-7-30 151912]
R2 SBAMSvc;Ad-Aware;c:\program files\ad-aware antivirus\SBAMSvc.exe [2011-12-19 3289032]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2011-11-29 77816]
S2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-7-30 214904]
S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2012-8-7 93816]
S3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2008-1-20 987648]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2008-1-20 251904]
S4 Ad-Aware Service;Ad-Aware Service;c:\program files\ad-aware antivirus\AdAwareService.exe [2012-7-12 1239952]
.
=============== Created Last 30 ================
.
2012-08-11 23:38:30 -------- d-----w- c:\program files\GetData
2012-08-07 20:42:22 2042368 ----a-w- c:\windows\system32\win32k.sys
2012-08-07 20:34:29 276992 ----a-w- c:\windows\system32\schannel.dll
2012-08-07 20:20:02 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-07 19:59:03 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-07 13:46:19 -------- d-----w- c:\users\beau\appdata\local\PowerDVD DX
2012-08-07 12:57:00 69632 ----a-w- c:\windows\system32\oemdspif.dll
2012-08-07 12:57:00 170520 ----a-w- c:\windows\system32\igfxzoom.exe
2012-08-07 12:57:00 147456 ----a-w- c:\windows\system32\igfxCoIn_v1472.dll
2012-08-07 12:55:15 -------- d-----w- c:\program files\CONEXANT
2012-08-07 12:54:29 94208 ----a-w- c:\windows\system32\mdmxsdk.dll
2012-08-07 12:54:29 266752 ----a-w- c:\windows\system32\drivers\HSXHWBS2.sys
2012-08-07 12:54:29 12672 ----a-w- c:\windows\system32\drivers\mdmxsdk.sys
2012-08-07 12:54:28 980992 ----a-w- c:\windows\system32\drivers\HSX_DPV.sys
2012-08-07 12:54:28 8704 ----a-w- c:\windows\system32\drivers\XAudio.sys
2012-08-07 12:54:28 661504 ----a-w- c:\windows\system32\drivers\HSX_CNXT.sys
2012-08-07 12:54:28 386560 ----a-w- c:\windows\system32\drivers\XAudio.exe
2012-08-07 12:54:28 237568 ----a-w- c:\windows\system32\UCI32M30.dll
2012-08-07 12:41:08 45056 ----a-r- c:\users\beau\appdata\roaming\microsoft\installer\{42929f0f-ce14-47af-9fc7-ff297a603021}\NewShortcut1_42929F0FCE1447AF9FC7FF297A603021_1.exe
2012-08-07 12:41:03 -------- d-----w- c:\windows\system32\vmm32
2012-08-07 12:41:03 -------- d-----w- c:\program files\Dell
2012-08-07 12:25:46 -------- d-----w- c:\users\beau\appdata\local\adaware
2012-08-07 12:25:44 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-08-07 12:25:35 93816 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-08-07 12:25:29 -------- d-----w- c:\windows\system32\drivers\VDD
2012-08-07 12:25:28 -------- d-----w- c:\program files\Ad-Aware Antivirus
2012-08-07 12:25:15 -------- d-----w- c:\users\beau\appdata\local\Downloaded Installations
2012-08-07 12:24:20 -------- d-----w- c:\users\beau\appdata\roaming\Ad-Aware Antivirus
2012-08-06 21:23:02 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-06 21:23:01 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-06 21:21:57 41224 ----a-w- c:\windows\avastSS.scr
2012-08-06 21:11:20 -------- d-----w- c:\users\beau\appdata\local\temp
2012-08-06 21:10:53 -------- d-sh--w- C:\$RECYCLE.BIN
2012-08-06 21:04:37 98816 ----a-w- c:\windows\sed.exe
2012-08-06 21:04:37 518144 ----a-w- c:\windows\SWREG.exe
2012-08-06 21:04:37 256000 ----a-w- c:\windows\PEV.exe
2012-08-06 21:04:37 208896 ----a-w- c:\windows\MBR.exe
2012-08-06 00:04:38 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-30 20:18:26 -------- d-----w- c:\users\beau\appdata\roaming\McAfee
2012-07-30 20:14:44 -------- d-----w- c:\program files\common files\Mcafee
2012-07-30 20:14:43 -------- d-----w- c:\program files\McAfee.com
2012-07-30 20:14:42 -------- d-----w- c:\program files\McAfee
2012-07-30 20:06:58 151912 ----a-w- c:\windows\system32\mfevtps.exe
2012-07-30 19:54:41 -------- d-----w- c:\windows\pss
2012-07-30 19:50:27 -------- d-----w- c:\programdata\AVAST Software
2012-07-30 19:50:27 -------- d-----w- c:\program files\AVAST Software
2012-07-30 14:38:19 -------- d-----w- c:\windows\Panther
2012-07-30 14:38:03 -------- d-----w- C:\Boot
2012-07-30 14:37:46 -------- d-----w- c:\windows\system32\OEM
2012-07-30 11:31:21 -------- d-sh--w- c:\windows\Installer
2012-07-30 11:31:19 39288 ----a-w- c:\windows\system32\NicInE6.dll
2012-07-30 11:31:19 28536 ----a-w- c:\windows\system32\NicCo6.dll
2012-07-30 11:31:19 228224 ----a-w- c:\windows\system32\drivers\e1e6032.sys
2012-07-30 11:31:19 154496 ----a-w- c:\windows\system32\Prounstl.exe
2012-07-30 11:31:18 179048 ----a-w- c:\windows\system32\e1000msg.dll
2012-07-30 11:19:11 920088 ----a-w- c:\windows\system32\igxpun.exe
2012-07-30 11:19:11 319456 ----a-w- c:\windows\system32\difxapi.dll
2012-07-30 11:19:11 -------- d-----w- c:\windows\system32\Lang
2012-07-30 10:48:46 -------- d-----w- c:\users\beau\appdata\local\MigWiz
.
==================== Find3M ====================
.
2012-08-07 12:51:29 319456 ----a-w- c:\windows\DIFxAPI.dll
2012-08-07 12:51:22 319488 ----a-w- c:\windows\HideWin.exe
.
============= FINISH: 7:26:07.90 ===============

Edited by Cassiopeia, 13 August 2012 - 06:32 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users