Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google Redirects / Invis Internet Explorer / Slow Shutdown all survive

Started by mm0945 , Dec 08 2011 01:54 PM

  • This topic is locked This topic is locked

#1
mm0945
Posted 08 December 2011 - 01:54 PM

mm0945

    New Member

  • Member
  • Pip
  • 5 posts
Hello and thank you for your help GeeksToGo,
I am running Win 7 on an Acer Laptop

Brief summary of problems:

I first noticed that an invisible iexplore.exe process was using an enormous amount of memory. Every time I tried to end the process, it would reappear some time later and eat up more memory.

Then, the Google redirects began, and around the same time, I noticed that google image search only shows a few rows of results (may not be malware related?).

Moreover, I notice that my computer always takes about 15 seconds to close an invisible process whenever I shut down or log off. This was occurring even right after I removed Internet Explorer I reformatted my computer(one of my failed attempts to fix the issues.).

I have been oscillating between battling and trying to ignore the issues with my laptop for a couple months now. I've done as much as I feel safe doing on my own.

Steps that I've taken (among others I may not be recalling) // result

-Removed the internet explorer program through Add/Remove Windows Updates // no more invisible iexplore.exe process, to the best of my knowledge
-Ran MBAM, WinSecEssentials, other scan programs suggested to fix redirects // Occasional hits and quarantines, but no visible change in any problems
-Wiped my laptop with Acer's factory restore // no change
-Followed the guide for fixing Google redirects on the GeeksToGo site, running Goored and TDSS // no change
-Ran combofix (for 32-bit now that I remember it, not sure if this is relevant) // less Google redirects for a small period of time (maybe just one session), but they returned almost immediately in full force.
-Cleared cache/history etc. // Google image search still only shows a few lines of images

Where I stand:

-No internet explorer (not an ideal situation)
-Google search always redirects, have to click back 3x to get to the desired page
-Google image search shows only a few rows of images, nothing else loads
-Computer always seems to be waiting to close an invisible program on shut down

The most pressing problems are those that are hampering Google. I appreciate your help in ridding from my future and my memory alike the vision of 'get-answers-fast.com' among other ridiculous ad sites that have overrun my Google experience.

My OTL Paste:

OTL logfile created on: 08/12/2011 2:15:08 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\1\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.75 Gb Total Physical Memory | 1.83 Gb Available Physical Memory | 48.88% Memory free
7.49 Gb Paging File | 5.52 Gb Available in Paging File | 73.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582.07 Gb Total Space | 512.56 Gb Free Space | 88.06% Space Free | Partition Type: NTFS

Computer Name: 1-LT | User Name: 1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/08 14:13:46 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\1\Desktop\OTL.exe
PRC - [2011/11/20 23:04:51 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla\firefox.exe
PRC - [2011/11/20 23:04:51 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla\plugin-container.exe
PRC - [2011/10/09 10:54:58 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2011/04/27 08:56:10 | 000,232,896 | ---- | M] (Vuze Inc.) -- C:\Program Files (x86)\Vuze\Azureus.exe
PRC - [2010/06/22 01:34:48 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010/06/22 01:34:48 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010/06/22 01:34:46 | 000,968,272 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010/06/09 17:54:22 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2010/05/26 21:41:24 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
PRC - [2010/05/26 21:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
PRC - [2010/05/24 19:21:56 | 000,265,984 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2010/05/24 19:21:50 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2010/03/11 00:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2010/03/11 00:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/02 11:09:51 | 000,028,160 | ---- | M] () -- C:\Users\1\AppData\Roaming\Azureus\plugins\azutp\win32\utp.dll
MOD - [2011/11/20 23:04:51 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla\mozjs.dll
MOD - [2011/11/18 09:18:33 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/04/27 08:56:18 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\Vuze\plugins\azitunes\jacob-1.14.3-x86.dll
MOD - [2011/04/27 08:56:18 | 000,015,884 | ---- | M] () -- C:\Program Files (x86)\Vuze\plugins\azitunes\libProcessAccess.dll
MOD - [2011/04/27 08:56:10 | 000,087,480 | ---- | M] () -- C:\Program Files (x86)\Vuze\aereg.dll
MOD - [2010/06/09 17:54:22 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2010/05/24 19:16:18 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
MOD - [2009/05/20 01:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/27 16:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 16:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/06/11 13:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/05/11 09:16:12 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/07/19 23:34:07 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/06/22 01:34:48 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/06/01 17:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/05/26 21:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [Auto | Running] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010/05/24 19:21:50 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/04/03 18:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/11/24 13:46:00 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/08/02 16:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/08/01 14:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/04/27 14:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/07/08 22:51:50 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2010/06/17 04:18:28 | 000,246,376 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/05/14 16:48:28 | 000,384,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2010/05/11 09:46:18 | 006,790,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/05/11 08:24:20 | 000,221,184 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/05/11 05:11:38 | 002,229,608 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/04/19 21:35:14 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2010/04/13 05:15:04 | 000,135,560 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010/04/07 15:12:02 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/03/09 09:03:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/12/21 02:56:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/02 21:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/02 21:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/02 21:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...24z125v47m2184n
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...24z125v47m2184n

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...24z125v47m2184n
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 0.0.0.0:80

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Users\1\Downloads\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Users\1\Downloads\Java\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla\components [2011/11/22 22:00:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla\plugins

[2011/10/21 17:42:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\1\AppData\Roaming\Mozilla\Extensions
[2011/10/27 22:49:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\ktzou0uw.default\extensions
File not found (No name found) -- C:\USERS\Ã…\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KTZOU0UW.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
File not found (No name found) -- C:\USERS\Ã…\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KTZOU0UW.DEFAULT\EXTENSIONS\[email protected]

O1 HOSTS File: ([2011/11/03 14:39:39 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Users\1\Downloads\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - Startup: C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Exstora - Shortcut.lnk = C:\Users\1\Downloads\Exstora Pro\Exstora.exe (Slotix s.r.o.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18C9DD11-FAB1-47B1-82B4-925C58137E7E}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/08 14:13:39 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\1\Desktop\OTL.exe
[2011/12/02 10:59:53 | 000,000,000 | ---D | C] -- C:\Users\1\Documents\Vuze Downloads
[2011/12/02 10:58:43 | 000,000,000 | ---D | C] -- C:\Users\1\.swt
[2011/12/02 10:58:40 | 000,000,000 | ---D | C] -- C:\Users\1\AppData\Roaming\Azureus
[2011/12/02 10:57:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vuze
[2011/11/24 13:55:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2011/11/24 13:46:00 | 000,279,616 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2011/11/24 13:45:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2011/11/24 13:45:20 | 000,000,000 | ---D | C] -- C:\Users\1\AppData\Roaming\DAEMON Tools Lite
[2011/11/24 13:45:16 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2011/11/22 22:10:39 | 000,000,000 | -H-D | C] -- C:\MyWinLockerData
[2011/11/22 17:04:57 | 000,000,000 | ---D | C] -- C:\Users\1\Desktop\Music Temp
[2011/11/20 19:01:03 | 000,000,000 | ---D | C] -- C:\Users\1\Desktop\Portfolio
[2011/11/18 18:05:53 | 000,000,000 | ---D | C] -- C:\Users\1\AppData\Local\Adobe
[2011/11/14 12:04:33 | 000,000,000 | ---D | C] -- C:\Users\1\AppData\Roaming\mIRC
[2011/11/11 05:57:34 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/11/08 18:12:00 | 000,000,000 | ---D | C] -- C:\Users\1\Documents\Animator
[2011/10/21 16:55:02 | 000,051,712 | ---- | C] ( ) -- C:\Windows\AutosetFrequency.exe

========== Files - Modified Within 30 Days ==========

[2011/12/08 14:13:46 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\1\Desktop\OTL.exe
[2011/12/08 14:10:01 | 007,230,106 | ---- | M] () -- C:\Users\1\Desktop\Desktop.rar
[2011/12/08 14:07:14 | 000,131,912 | ---- | M] () -- C:\Users\1\Desktop\exstora_dat.xml
[2011/12/06 21:48:16 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/06 21:48:16 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/06 21:41:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/06 21:40:57 | 3015,884,800 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/30 04:44:53 | 436,199,857 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/11/30 03:59:11 | 000,000,321 | ---- | M] () -- C:\Windows\WPE PRO.INI
[2011/11/29 23:59:24 | 000,782,206 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/29 23:59:24 | 000,666,880 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/29 23:59:24 | 000,126,484 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/24 13:46:00 | 000,279,616 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2011/11/16 21:16:43 | 000,413,096 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2011/12/08 14:07:41 | 007,230,106 | ---- | C] () -- C:\Users\1\Desktop\Desktop.rar
==
[2011/12/02 10:57:37 | 000,001,856 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
[2011/11/30 00:18:02 | 000,000,321 | ---- | C] () -- C:\Windows\WPE PRO.INI
[2011/11/11 05:57:32 | 436,199,857 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/11/03 13:58:53 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/03 13:58:53 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/03 13:58:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/03 13:58:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/03 13:58:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/10/21 17:52:07 | 000,768,118 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/21 16:55:02 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2011/10/21 16:55:02 | 000,000,637 | ---- | C] () -- C:\Windows\AutoSetFrequency.ini
[2011/10/21 16:55:02 | 000,000,378 | ---- | C] () -- C:\Windows\PidList.ini
[2011/10/21 16:45:40 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/10/13 15:30:24 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2010/07/19 23:43:16 | 000,002,110 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/10/21 19:02:38 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\acccore
[2011/12/08 14:15:36 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\Azureus
[2011/11/24 13:47:18 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\DAEMON Tools Lite
[2011/11/21 02:31:47 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\Exstora
[2011/12/07 20:06:01 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\uTorrent
[2009/07/14 00:08:49 | 000,027,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
Essexboy
Posted 08 December 2011 - 03:43 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
A mystery - I like those

OK first a little investigation

Do the following:
  • Click on the Start button and then choose Control Panel.
  • Click on the System and Security link.

    Note: If you're viewing the Large icons or Small icons view of Control Panel, you won't see this link so just click on the Administrative Tools icon and skip to Step 4.
  • In the System and Security window, click on the Administrative Tools heading located near the bottom of the window.
  • In the Administrative Tools window, double-click on the Computer Management icon.
  • When Computer Management opens, click on Disk Management on the left side of the window, located under Storage.

    After a brief loading period, Disk Management should now appear on the right side of the Computer Management window.

    Note: If you don't see Disk Management listed, you may need to click on the |> icon to the left of the Storage icon.
Take a screen Shot of the Disk Management Window and attach the screen shot to your reply.

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#3
mm0945
Posted 08 December 2011 - 06:39 PM

mm0945

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
The scan and disk management also reminded me of another perhaps not unrelated issue: I can't halt USB keys and external HDs in order to 'safely remove' them. It always says that they cannot be stopped from running, so I just have to yank them out manually.

Looks like the scan provides some good information:

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-08 19:29:17
-----------------------------
19:29:17.216 OS Version: Windows x64 6.1.7601 Service Pack 1
19:29:17.217 Number of processors: 2 586 0x603
19:29:17.218 ComputerName: 1-LT UserName: 1
19:29:20.599 Initialize success
19:30:11.107 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:30:11.112 Disk 0 Vendor: WDC_WD6400BEVT-22A0RT0 01.01A01 Size: 610480MB BusType: 11
19:30:13.131 Disk 0 MBR read successfully
19:30:13.137 Disk 0 MBR scan
19:30:13.142 Disk 0 TDL4@MBR code has been found
19:30:13.147 Disk 0 Windows 7 default MBR code found via API
19:30:13.151 Disk 0 MBR hidden
19:30:13.154 Disk 0 MBR [TDL4] **ROOTKIT**
19:30:13.159 Disk 0 trace - called modules:
19:30:13.165 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8004354254]<<
19:30:13.171 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80042d9060]
19:30:13.178 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800429c060]
19:30:13.184 \Driver\atapi[0xfffffa8003d59060] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8004354254
19:30:13.189 Scan finished successfully
19:30:34.952 Disk 0 MBR has been saved successfully to "C:\Users\1\Desktop\MBR.dat"
19:30:34.977 The log file has been saved successfully to "C:\Users\1\Desktop\aswMBR.txt"


Also, security essentials picked up a supposed trojan upon completion of the scan. I clicked remove, for what it's worth.

"Trojan:DOS/Alureon.C"

Category: Trojan

Description: This program is dangerous and executes commands from an attacker.

Recommended action: Remove this software immediately.

Security Essentials detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the Allow action and click Apply actions. If this option is not available, log on as administrator or ask the security administrator for help.

Items:
file:C:\Users\1\Desktop\MBR.dat

Attached Thumbnails

  • Dmanagement.png

  • 0

#4
Essexboy
Posted 09 December 2011 - 12:34 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets go for the kill now - nice of MSE to join in :lol:

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#5
mm0945
Posted 09 December 2011 - 03:16 PM

mm0945

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
No change to pre-existing issues (I am assuming the iexplore problem remains as well.).

TDSS and ComboFix logs below; ComboFix took 40 minutes.

14:11:27.0454 1244 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06
14:11:27.0916 1244 ============================================================
14:11:27.0917 1244 Current date / time: 2011/12/09 14:11:27.0916
14:11:27.0917 1244 SystemInfo:
14:11:27.0917 1244
14:11:27.0917 1244 OS Version: 6.1.7601 ServicePack: 1.0
14:11:27.0917 1244 Product type: Workstation
14:11:27.0917 1244 ComputerName: 1-LT
14:11:27.0918 1244 UserName: 1
14:11:27.0918 1244 Windows directory: C:\Windows
14:11:27.0918 1244 System windows directory: C:\Windows
14:11:27.0918 1244 Running under WOW64
14:11:27.0918 1244 Processor architecture: Intel x64
14:11:27.0918 1244 Number of processors: 2
14:11:27.0918 1244 Page size: 0x1000
14:11:27.0918 1244 Boot type: Normal boot
14:11:27.0918 1244 ============================================================
14:11:29.0190 1244 Initialize success
14:11:48.0804 4776 ============================================================
14:11:48.0804 4776 Scan started
14:11:48.0804 4776 Mode: Manual; SigCheck; TDLFS;
14:11:48.0804 4776 ============================================================
14:11:49.0178 4776 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
14:11:49.0295 4776 1394ohci - ok
14:11:49.0388 4776 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:11:49.0420 4776 ACPI - ok
14:11:49.0456 4776 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:11:49.0575 4776 AcpiPmi - ok
14:11:49.0696 4776 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
14:11:49.0752 4776 adp94xx - ok
14:11:49.0798 4776 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
14:11:49.0830 4776 adpahci - ok
14:11:49.0858 4776 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
14:11:49.0882 4776 adpu320 - ok
14:11:49.0998 4776 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
14:11:50.0093 4776 AFD - ok
14:11:50.0183 4776 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:11:50.0223 4776 agp440 - ok
14:11:50.0262 4776 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:11:50.0291 4776 aliide - ok
14:11:50.0409 4776 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:11:50.0443 4776 amdide - ok
14:11:50.0491 4776 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
14:11:50.0565 4776 AmdK8 - ok
14:11:50.0776 4776 amdkmdag (75e4baca583ae02c11e9ac8747e2abe0) C:\Windows\system32\DRIVERS\atikmdag.sys
14:11:51.0004 4776 amdkmdag - ok
14:11:51.0119 4776 amdkmdap (b765cf4b32f347be747b21ae22641025) C:\Windows\system32\DRIVERS\atikmpag.sys
14:11:51.0209 4776 amdkmdap - ok
14:11:51.0297 4776 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
14:11:51.0339 4776 AmdPPM - ok
14:11:51.0415 4776 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
14:11:51.0446 4776 amdsata - ok
14:11:51.0540 4776 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
14:11:51.0589 4776 amdsbs - ok
14:11:51.0622 4776 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
14:11:51.0645 4776 amdxata - ok
14:11:51.0696 4776 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:11:51.0940 4776 AppID - ok
14:11:52.0096 4776 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
14:11:52.0120 4776 arc - ok
14:11:52.0136 4776 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
14:11:52.0155 4776 arcsas - ok
14:11:52.0202 4776 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:11:52.0409 4776 AsyncMac - ok
14:11:52.0496 4776 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:11:52.0537 4776 atapi - ok
14:11:52.0633 4776 athr (e642491f64e58cd5bc8fb8b347dcf65f) C:\Windows\system32\DRIVERS\athrx.sys
14:11:52.0701 4776 athr - ok
14:11:52.0822 4776 AtiHdmiService (637e0753bd6deb8ea5314a5c357ec1a0) C:\Windows\system32\drivers\AtiHdmi.sys
14:11:52.0946 4776 AtiHdmiService - ok
14:11:53.0065 4776 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys
14:11:53.0097 4776 AtiPcie - ok
14:11:53.0214 4776 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
14:11:53.0282 4776 b06bdrv - ok
14:11:53.0323 4776 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:11:53.0384 4776 b57nd60a - ok
14:11:53.0475 4776 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:11:53.0593 4776 Beep - ok
14:11:53.0687 4776 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:11:53.0766 4776 blbdrive - ok
14:11:54.0023 4776 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:11:54.0111 4776 bowser - ok
14:11:54.0198 4776 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:11:54.0291 4776 BrFiltLo - ok
14:11:54.0314 4776 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:11:54.0352 4776 BrFiltUp - ok
14:11:54.0379 4776 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:11:54.0457 4776 Brserid - ok
14:11:54.0536 4776 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:11:54.0604 4776 BrSerWdm - ok
14:11:54.0655 4776 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:11:54.0701 4776 BrUsbMdm - ok
14:11:54.0757 4776 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:11:54.0809 4776 BrUsbSer - ok
14:11:54.0839 4776 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
14:11:54.0902 4776 BTHMODEM - ok
14:11:54.0943 4776 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:11:55.0002 4776 cdfs - ok
14:11:55.0115 4776 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
14:11:55.0196 4776 cdrom - ok
14:11:55.0295 4776 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
14:11:55.0349 4776 circlass - ok
14:11:55.0398 4776 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:11:55.0433 4776 CLFS - ok
14:11:55.0500 4776 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
14:11:55.0537 4776 CmBatt - ok
14:11:55.0577 4776 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:11:55.0600 4776 cmdide - ok
14:11:55.0646 4776 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
14:11:55.0705 4776 CNG - ok
14:11:55.0783 4776 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
14:11:55.0820 4776 Compbatt - ok
14:11:55.0866 4776 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
14:11:55.0906 4776 CompositeBus - ok
14:11:55.0952 4776 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
14:11:55.0972 4776 crcdisk - ok
14:11:56.0037 4776 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:11:56.0100 4776 DfsC - ok
14:11:56.0140 4776 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:11:56.0203 4776 discache - ok
14:11:56.0237 4776 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
14:11:56.0273 4776 Disk - ok
14:11:56.0311 4776 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:11:56.0344 4776 drmkaud - ok
14:11:56.0441 4776 dtsoftbus01 (400582b09e0bb557d0ec28a945150eeb) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
14:11:56.0484 4776 dtsoftbus01 - ok
14:11:56.0542 4776 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:11:56.0583 4776 DXGKrnl - ok
14:11:56.0690 4776 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
14:11:56.0804 4776 ebdrv - ok
14:11:56.0928 4776 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
14:11:56.0984 4776 elxstor - ok
14:11:57.0032 4776 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:11:57.0087 4776 ErrDev - ok
14:11:57.0204 4776 ETD (0975bf32399a24117e317b5bf1d5d0aa) C:\Windows\system32\DRIVERS\ETD.sys
14:11:57.0247 4776 ETD - ok
14:11:57.0316 4776 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:11:57.0402 4776 exfat - ok
14:11:57.0431 4776 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:11:57.0505 4776 fastfat - ok
14:11:57.0547 4776 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
14:11:57.0581 4776 fdc - ok
14:11:57.0670 4776 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:11:57.0700 4776 FileInfo - ok
14:11:57.0715 4776 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:11:57.0767 4776 Filetrace - ok
14:11:57.0850 4776 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
14:11:57.0892 4776 flpydisk - ok
14:11:57.0936 4776 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:11:57.0981 4776 FltMgr - ok
14:11:58.0016 4776 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:11:58.0037 4776 FsDepends - ok
14:11:58.0062 4776 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
14:11:58.0084 4776 Fs_Rec - ok
14:11:58.0149 4776 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:11:58.0202 4776 fvevol - ok
14:11:58.0244 4776 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:11:58.0283 4776 gagp30kx - ok
14:11:58.0335 4776 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:11:58.0355 4776 GEARAspiWDM - ok
14:11:58.0397 4776 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:11:58.0448 4776 hcw85cir - ok
14:11:58.0551 4776 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
14:11:58.0595 4776 HdAudAddService - ok
14:11:58.0635 4776 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
14:11:58.0676 4776 HDAudBus - ok
14:11:58.0753 4776 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
14:11:58.0813 4776 HidBatt - ok
14:11:58.0842 4776 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
14:11:58.0890 4776 HidBth - ok
14:11:58.0917 4776 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
14:11:58.0967 4776 HidIr - ok
14:11:59.0082 4776 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
14:11:59.0145 4776 HidUsb - ok
14:11:59.0250 4776 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:11:59.0288 4776 HpSAMD - ok
14:11:59.0341 4776 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:11:59.0434 4776 HTTP - ok
14:11:59.0480 4776 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:11:59.0496 4776 hwpolicy - ok
14:11:59.0539 4776 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
14:11:59.0571 4776 i8042prt - ok
14:11:59.0629 4776 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:11:59.0671 4776 iaStorV - ok
14:11:59.0712 4776 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
14:11:59.0741 4776 iirsp - ok
14:11:59.0830 4776 IntcAzAudAddService (235362d403d9d677514649d88db31914) C:\Windows\system32\drivers\RTKVHD64.sys
14:11:59.0902 4776 IntcAzAudAddService - ok
14:11:59.0934 4776 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:11:59.0952 4776 intelide - ok
14:11:59.0993 4776 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:12:00.0022 4776 intelppm - ok
14:12:00.0063 4776 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:12:00.0117 4776 IpFilterDriver - ok
14:12:00.0160 4776 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:12:00.0203 4776 IPMIDRV - ok
14:12:00.0237 4776 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:12:00.0311 4776 IPNAT - ok
14:12:00.0393 4776 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:12:00.0482 4776 IRENUM - ok
14:12:00.0527 4776 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:12:00.0554 4776 isapnp - ok
14:12:00.0586 4776 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:12:00.0613 4776 iScsiPrt - ok
14:12:00.0682 4776 k57nd60a (37e053a2cf8f0082b689ed74106e0cec) C:\Windows\system32\DRIVERS\k57nd60a.sys
14:12:00.0708 4776 k57nd60a - ok
14:12:00.0813 4776 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
14:12:00.0844 4776 kbdclass - ok
14:12:00.0882 4776 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
14:12:00.0917 4776 kbdhid - ok
14:12:00.0951 4776 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
14:12:00.0976 4776 KSecDD - ok
14:12:01.0014 4776 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
14:12:01.0036 4776 KSecPkg - ok
14:12:01.0075 4776 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:12:01.0136 4776 ksthunk - ok
14:12:01.0243 4776 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:12:01.0316 4776 lltdio - ok
14:12:01.0356 4776 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:12:01.0375 4776 LSI_FC - ok
14:12:01.0500 4776 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:12:01.0545 4776 LSI_SAS - ok
14:12:01.0576 4776 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:12:01.0599 4776 LSI_SAS2 - ok
14:12:01.0631 4776 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:12:01.0657 4776 LSI_SCSI - ok
14:12:01.0689 4776 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:12:01.0754 4776 luafv - ok
14:12:01.0828 4776 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
14:12:01.0869 4776 megasas - ok
14:12:01.0915 4776 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
14:12:01.0957 4776 MegaSR - ok
14:12:02.0010 4776 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:12:02.0069 4776 Modem - ok
14:12:02.0155 4776 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:12:02.0215 4776 monitor - ok
14:12:02.0309 4776 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:12:02.0343 4776 mouclass - ok
14:12:02.0378 4776 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:12:02.0422 4776 mouhid - ok
14:12:02.0460 4776 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:12:02.0489 4776 mountmgr - ok
14:12:02.0532 4776 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
14:12:02.0569 4776 MpFilter - ok
14:12:02.0609 4776 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:12:02.0634 4776 mpio - ok
14:12:02.0667 4776 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
14:12:02.0688 4776 MpNWMon - ok
14:12:02.0725 4776 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:12:02.0803 4776 mpsdrv - ok
14:12:02.0838 4776 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:12:02.0933 4776 MRxDAV - ok
14:12:02.0973 4776 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:12:03.0038 4776 mrxsmb - ok
14:12:03.0065 4776 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:12:03.0107 4776 mrxsmb10 - ok
14:12:03.0146 4776 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:12:03.0173 4776 mrxsmb20 - ok
14:12:03.0207 4776 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:12:03.0225 4776 msahci - ok
14:12:03.0261 4776 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:12:03.0286 4776 msdsm - ok
14:12:03.0332 4776 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:12:03.0379 4776 Msfs - ok
14:12:03.0394 4776 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:12:03.0491 4776 mshidkmdf - ok
14:12:03.0533 4776 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:12:03.0550 4776 msisadrv - ok
14:12:03.0620 4776 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:12:03.0677 4776 MSKSSRV - ok
14:12:03.0769 4776 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:12:03.0835 4776 MSPCLOCK - ok
14:12:03.0864 4776 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:12:03.0959 4776 MSPQM - ok
14:12:04.0001 4776 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:12:04.0037 4776 MsRPC - ok
14:12:04.0075 4776 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
14:12:04.0096 4776 mssmbios - ok
14:12:04.0137 4776 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:12:04.0220 4776 MSTEE - ok
14:12:04.0247 4776 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
14:12:04.0287 4776 MTConfig - ok
14:12:04.0392 4776 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:12:04.0433 4776 Mup - ok
14:12:04.0494 4776 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
14:12:04.0530 4776 mwlPSDFilter - ok
14:12:04.0556 4776 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
14:12:04.0576 4776 mwlPSDNServ - ok
14:12:04.0596 4776 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
14:12:04.0617 4776 mwlPSDVDisk - ok
14:12:04.0743 4776 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:12:04.0804 4776 NativeWifiP - ok
14:12:04.0919 4776 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
14:12:05.0013 4776 NDIS - ok
14:12:05.0064 4776 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:12:05.0144 4776 NdisCap - ok
14:12:05.0236 4776 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:12:05.0324 4776 NdisTapi - ok
14:12:05.0432 4776 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:12:05.0537 4776 Ndisuio - ok
14:12:05.0579 4776 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:12:05.0646 4776 NdisWan - ok
14:12:05.0678 4776 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:12:05.0737 4776 NDProxy - ok
14:12:05.0795 4776 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:12:05.0896 4776 NetBIOS - ok
14:12:05.0941 4776 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:12:06.0053 4776 NetBT - ok
14:12:06.0192 4776 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
14:12:06.0234 4776 nfrd960 - ok
14:12:06.0281 4776 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
14:12:06.0303 4776 NisDrv - ok
14:12:06.0403 4776 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:12:06.0468 4776 Npfs - ok
14:12:06.0481 4776 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:12:06.0542 4776 nsiproxy - ok
14:12:06.0614 4776 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:12:06.0685 4776 Ntfs - ok
14:12:06.0730 4776 NTIDrvr (ee3ba1024594d5d09e314f206b94069e) C:\Windows\system32\drivers\NTIDrvr.sys
14:12:06.0747 4776 NTIDrvr - ok
14:12:06.0792 4776 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:12:06.0845 4776 Null - ok
14:12:06.0951 4776 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:12:06.0994 4776 nvraid - ok
14:12:07.0056 4776 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:12:07.0088 4776 nvstor - ok
14:12:07.0109 4776 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:12:07.0133 4776 nv_agp - ok
14:12:07.0175 4776 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:12:07.0216 4776 ohci1394 - ok
14:12:07.0317 4776 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
14:12:07.0352 4776 Parport - ok
14:12:07.0391 4776 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
14:12:07.0415 4776 partmgr - ok
14:12:07.0456 4776 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:12:07.0485 4776 pci - ok
14:12:07.0516 4776 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:12:07.0533 4776 pciide - ok
14:12:07.0577 4776 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
14:12:07.0618 4776 pcmcia - ok
14:12:07.0635 4776 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:12:07.0654 4776 pcw - ok
14:12:07.0672 4776 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:12:07.0736 4776 PEAUTH - ok
14:12:07.0860 4776 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
14:12:07.0893 4776 Point64 - ok
14:12:07.0945 4776 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:12:08.0017 4776 PptpMiniport - ok
14:12:08.0046 4776 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
14:12:08.0081 4776 Processor - ok
14:12:08.0183 4776 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:12:08.0298 4776 Psched - ok
14:12:08.0436 4776 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
14:12:08.0526 4776 ql2300 - ok
14:12:08.0617 4776 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
14:12:08.0647 4776 ql40xx - ok
14:12:08.0684 4776 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:12:08.0720 4776 QWAVEdrv - ok
14:12:08.0742 4776 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:12:08.0805 4776 RasAcd - ok
14:12:08.0885 4776 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:12:08.0932 4776 RasAgileVpn - ok
14:12:08.0972 4776 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:12:09.0035 4776 Rasl2tp - ok
14:12:09.0067 4776 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:12:09.0123 4776 RasPppoe - ok
14:12:09.0145 4776 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:12:09.0207 4776 RasSstp - ok
14:12:09.0248 4776 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:12:09.0311 4776 rdbss - ok
14:12:09.0355 4776 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:12:09.0381 4776 rdpbus - ok
14:12:09.0404 4776 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:12:09.0468 4776 RDPCDD - ok
14:12:09.0505 4776 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:12:09.0599 4776 RDPENCDD - ok
14:12:09.0612 4776 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:12:09.0668 4776 RDPREFMP - ok
14:12:09.0714 4776 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
14:12:09.0762 4776 RDPWD - ok
14:12:09.0813 4776 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:12:09.0837 4776 rdyboost - ok
14:12:09.0942 4776 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:12:10.0027 4776 rspndr - ok
14:12:10.0133 4776 RSUSBSTOR (763ae0c6d9df4c24b7e2c26036a8188a) C:\Windows\system32\Drivers\RtsUStor.sys
14:12:10.0170 4776 RSUSBSTOR - ok
14:12:10.0224 4776 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:12:10.0245 4776 sbp2port - ok
14:12:10.0283 4776 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:12:10.0346 4776 scfilter - ok
14:12:10.0386 4776 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:12:10.0433 4776 secdrv - ok
14:12:10.0465 4776 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:12:10.0495 4776 Serenum - ok
14:12:10.0514 4776 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:12:10.0538 4776 Serial - ok
14:12:10.0573 4776 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
14:12:10.0613 4776 sermouse - ok
14:12:10.0653 4776 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:12:10.0689 4776 sffdisk - ok
14:12:10.0714 4776 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:12:10.0748 4776 sffp_mmc - ok
14:12:10.0771 4776 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:12:10.0803 4776 sffp_sd - ok
14:12:10.0832 4776 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
14:12:10.0866 4776 sfloppy - ok
14:12:10.0902 4776 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:12:10.0920 4776 SiSRaid2 - ok
14:12:10.0941 4776 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
14:12:10.0959 4776 SiSRaid4 - ok
14:12:10.0990 4776 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:12:11.0053 4776 Smb - ok
14:12:11.0153 4776 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:12:11.0171 4776 spldr - ok
14:12:11.0225 4776 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:12:11.0301 4776 srv - ok
14:12:11.0345 4776 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:12:11.0376 4776 srv2 - ok
14:12:11.0415 4776 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:12:11.0441 4776 srvnet - ok
14:12:11.0482 4776 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
14:12:11.0500 4776 stexstor - ok
14:12:11.0543 4776 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
14:12:11.0562 4776 swenum - ok
14:12:11.0650 4776 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
14:12:11.0761 4776 Tcpip - ok
14:12:11.0889 4776 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
14:12:11.0955 4776 TCPIP6 - ok
14:12:11.0998 4776 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:12:12.0050 4776 tcpipreg - ok
14:12:12.0101 4776 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:12:12.0157 4776 TDPIPE - ok
14:12:12.0229 4776 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
14:12:12.0292 4776 TDTCP - ok
14:12:12.0365 4776 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:12:12.0435 4776 tdx - ok
14:12:12.0477 4776 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
14:12:12.0496 4776 TermDD - ok
14:12:12.0562 4776 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:12:12.0615 4776 tssecsrv - ok
14:12:12.0649 4776 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:12:12.0709 4776 TsUsbFlt - ok
14:12:12.0817 4776 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:12:12.0899 4776 tunnel - ok
14:12:12.0940 4776 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
14:12:12.0977 4776 uagp35 - ok
14:12:13.0009 4776 UBHelper (a17d5e1a6df4eab0a480f2c490de4c9d) C:\Windows\system32\drivers\UBHelper.sys
14:12:13.0026 4776 UBHelper - ok
14:12:13.0070 4776 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:12:13.0154 4776 udfs - ok
14:12:13.0208 4776 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:12:13.0228 4776 uliagpkx - ok
14:12:13.0266 4776 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
14:12:13.0298 4776 umbus - ok
14:12:13.0322 4776 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
14:12:13.0391 4776 UmPass - ok
14:12:13.0443 4776 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
14:12:13.0491 4776 USBAAPL64 - ok
14:12:13.0581 4776 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
14:12:13.0650 4776 usbccgp - ok
14:12:13.0694 4776 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:12:13.0742 4776 usbcir - ok
14:12:13.0769 4776 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
14:12:13.0821 4776 usbehci - ok
14:12:13.0873 4776 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys
14:12:13.0909 4776 usbfilter - ok
14:12:13.0956 4776 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
14:12:14.0004 4776 usbhub - ok
14:12:14.0043 4776 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
14:12:14.0086 4776 usbohci - ok
14:12:14.0119 4776 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:12:14.0159 4776 usbprint - ok
14:12:14.0200 4776 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:12:14.0257 4776 USBSTOR - ok
14:12:14.0300 4776 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
14:12:14.0359 4776 usbuhci - ok
14:12:14.0464 4776 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
14:12:14.0508 4776 usbvideo - ok
14:12:14.0550 4776 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:12:14.0570 4776 vdrvroot - ok
14:12:14.0615 4776 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:12:14.0638 4776 vga - ok
14:12:14.0713 4776 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:12:14.0865 4776 VgaSave - ok
14:12:14.0907 4776 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:12:14.0936 4776 vhdmp - ok
14:12:14.0957 4776 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:12:14.0984 4776 viaide - ok
14:12:15.0012 4776 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:12:15.0035 4776 volmgr - ok
14:12:15.0076 4776 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:12:15.0110 4776 volmgrx - ok
14:12:15.0136 4776 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
14:12:15.0166 4776 volsnap - ok
14:12:15.0211 4776 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
14:12:15.0240 4776 vsmraid - ok
14:12:15.0267 4776 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
14:12:15.0305 4776 vwifibus - ok
14:12:15.0402 4776 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
14:12:15.0464 4776 vwififlt - ok
14:12:15.0512 4776 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
14:12:15.0555 4776 WacomPen - ok
14:12:15.0632 4776 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:12:15.0716 4776 WANARP - ok
14:12:15.0729 4776 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:12:15.0783 4776 Wanarpv6 - ok
14:12:15.0900 4776 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
14:12:15.0942 4776 Wd - ok
14:12:15.0991 4776 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:12:16.0035 4776 Wdf01000 - ok
14:12:16.0146 4776 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:12:16.0191 4776 WfpLwf - ok
14:12:16.0225 4776 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:12:16.0246 4776 WIMMount - ok
14:12:16.0382 4776 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
14:12:16.0431 4776 WmiAcpi - ok
14:12:16.0533 4776 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:12:16.0637 4776 ws2ifsl - ok
14:12:16.0716 4776 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:12:16.0770 4776 WudfPf - ok
14:12:16.0808 4776 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:12:16.0930 4776 WUDFRd - ok
14:12:16.0987 4776 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:12:17.0140 4776 \Device\Harddisk0\DR0 - ok
14:12:17.0148 4776 Boot (0x1200) (cc8a747f3c0dd7cc49425d3430b13078) \Device\Harddisk0\DR0\Partition0
14:12:17.0150 4776 \Device\Harddisk0\DR0\Partition0 - ok
14:12:17.0183 4776 Boot (0x1200) (ab5ca6f3bf22ff4ab103c69ebd67c3d6) \Device\Harddisk0\DR0\Partition1
14:12:17.0184 4776 \Device\Harddisk0\DR0\Partition1 - ok
14:12:17.0185 4776 ============================================================
14:12:17.0186 4776 Scan finished
14:12:17.0186 4776 ============================================================
14:12:17.0211 3132 Detected object count: 0
14:12:17.0211 3132 Actual detected object count: 0
14:12:47.0240 2484 Deinitialize success

ComboFix 11-12-09.02 - 1 09/12/2011 15:12:41.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3835.2719 [GMT -5:00]
Running from: c:\users\+\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-11-09 to 2011-12-09 )))))))))))))))))))))))))))))))
.
.
2011-12-09 20:44 . 2011-12-09 20:44 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DC0200B6-F28C-4E7E-B870-F54727304A3A}\offreg.dll
2011-12-09 20:42 . 2011-12-09 20:42 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-12-09 20:42 . 2011-12-09 20:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-09 02:46 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DC0200B6-F28C-4E7E-B870-F54727304A3A}\mpengine.dll
2011-12-02 15:58 . 2011-12-02 15:58 -------- d-----w- c:\users\1\.swt
2011-12-02 15:58 . 2011-12-09 11:41 -------- d-----w- c:\users\1\AppData\Roaming\Azureus
2011-12-02 15:57 . 2011-12-02 15:57 -------- d-----w- c:\program files (x86)\Vuze
2011-11-24 18:55 . 2011-11-24 18:55 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-11-24 18:46 . 2011-11-24 18:46 279616 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-11-24 18:45 . 2011-11-24 18:46 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2011-11-24 18:45 . 2011-11-24 18:47 -------- d-----w- c:\users\1\AppData\Roaming\DAEMON Tools Lite
2011-11-24 18:45 . 2011-11-24 18:45 -------- d-----w- c:\programdata\DAEMON Tools Lite
2011-11-23 23:27 . 2011-11-26 10:24 -------- d-----w- c:\users\1\AppData\Roaming\Xfire
2011-11-23 23:27 . 2011-11-23 23:35 -------- d-----w- c:\programdata\Xfire
2011-11-23 23:27 . 2011-11-23 23:27 -------- d-----w- c:\program files (x86)\Xfire
2011-11-23 03:10 . 2011-11-23 03:10 -------- d-----w- C:\MyWinLockerData
2011-11-18 23:05 . 2011-11-18 23:06 -------- d-----w- c:\users\1\AppData\Local\Adobe
2011-11-14 17:04 . 2011-12-02 03:01 -------- d-----w- c:\users\1\AppData\Roaming\mIRC
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-21 11:40 . 2011-10-21 23:00 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-18 14:18 . 2011-10-22 00:19 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-25 17:33 . 2011-10-25 17:34 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-10-23 12:33 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-10-23 12:33 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-10-21 22:59 . 2011-10-21 22:59 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{974D77EC-11DB-4A75-96AE-EF9B747A694A}\gapaengine.dll
2011-10-21 21:58 . 2011-10-21 21:58 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll
2011-10-21 21:58 . 2011-10-21 21:58 505128 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-10-21 21:58 . 2011-10-21 21:58 353576 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-10-21 21:44 . 2011-10-21 21:44 3 ----a-w- c:\windows\system32\PLD_Framework.cmd
2011-10-13 20:30 . 2011-10-13 20:30 42392 ----a-w- c:\windows\SysWow64\xfcodec.dll
2011-10-13 20:30 . 2011-10-13 20:30 28056 ----a-w- c:\windows\system32\xfcodec64.dll
2011-10-01 03:25 . 2011-10-21 23:53 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-01 02:42 . 2011-10-21 23:53 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-09-29 16:29 . 2011-11-08 21:18 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-09-29 04:03 . 2011-11-08 21:18 3144704 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-03_19.40.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2003-04-18 21:29 . 2003-04-18 21:29 82432 c:\windows\SysWOW64\msxml4r.dll
+ 2010-07-20 03:56 . 2011-12-09 20:46 39350 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-12-09 20:46 44684 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:30 . 2011-11-24 18:46 86016 c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2011-10-24 10:38 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2011-10-21 22:22 . 2011-11-30 18:28 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-10-21 22:22 . 2011-11-01 23:17 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-10-27 18:26 . 2011-11-01 23:17 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-10-27 18:26 . 2011-11-30 18:28 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-01 23:17 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-30 18:28 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-10-21 21:39 . 2011-11-03 19:39 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-10-21 21:39 . 2011-12-09 20:44 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2011-12-02 16:02 94640 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2011-10-21 22:55 . 2011-11-03 16:48 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2011-10-21 22:55 . 2011-12-09 18:58 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2011-10-21 22:55 . 2011-11-03 16:48 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2011-10-21 22:55 . 2011-12-09 18:58 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2011-10-21 22:55 . 2011-12-09 18:58 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
- 2011-10-21 22:55 . 2011-11-03 16:48 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
+ 2011-10-21 21:39 . 2011-12-09 20:44 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-10-21 21:39 . 2011-11-03 19:39 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-10-21 21:39 . 2011-11-03 19:39 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-10-21 21:39 . 2011-12-09 20:44 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-10-21 22:55 . 2011-12-09 20:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-10-21 22:55 . 2011-11-03 19:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-10-21 22:55 . 2011-12-09 20:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-10-21 22:55 . 2011-11-03 19:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-25 17:15 . 2011-11-25 17:15 32768 c:\windows\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}\icon.exe
+ 2011-10-23 03:30 . 2011-11-16 18:18 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2011-10-23 03:30 . 2011-10-25 01:23 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2011-10-23 03:30 . 2011-10-25 01:23 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2011-10-23 03:30 . 2011-11-16 18:18 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2011-10-23 03:30 . 2011-11-16 18:18 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2011-10-23 03:30 . 2011-10-25 01:23 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2011-11-25 17:14 . 2011-11-25 17:14 32768 c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
+ 2011-11-24 18:55 . 2011-11-24 18:55 32768 c:\windows\Installer\{716E0306-8318-4364-8B8F-0CC4E9376BAC}\icon.exe
+ 2011-10-21 22:55 . 2011-12-09 20:46 7604 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1589579867-1370445272-1581056280-1001_UserData.bin
+ 2011-11-25 21:53 . 2011-11-25 21:53 9560 c:\windows\system32\NetworkList\Icons\{C31D1156-1B22-44CC-8958-97E77B4E1934}_48.bin
+ 2011-11-25 21:53 . 2011-11-25 21:53 4280 c:\windows\system32\NetworkList\Icons\{C31D1156-1B22-44CC-8958-97E77B4E1934}_32.bin
+ 2011-11-25 21:53 . 2011-11-25 21:53 2456 c:\windows\system32\NetworkList\Icons\{C31D1156-1B22-44CC-8958-97E77B4E1934}_24.bin
+ 2011-12-02 19:43 . 2011-12-02 19:43 9560 c:\windows\system32\NetworkList\Icons\{11632274-D755-4F5C-8AF5-65F43619234D}_48.bin
+ 2011-12-02 19:43 . 2011-12-02 19:43 4280 c:\windows\system32\NetworkList\Icons\{11632274-D755-4F5C-8AF5-65F43619234D}_32.bin
+ 2011-12-02 19:43 . 2011-12-02 19:43 2456 c:\windows\system32\NetworkList\Icons\{11632274-D755-4F5C-8AF5-65F43619234D}_24.bin
+ 2011-12-09 20:44 . 2011-12-09 20:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-03 19:39 . 2011-11-03 19:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-09 20:44 . 2011-12-09 20:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-11-03 19:39 . 2011-11-03 19:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-11-18 14:18 . 2011-11-18 14:18 247968 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11e_Plugin.exe
+ 2011-10-22 04:07 . 2011-11-30 00:45 224584 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2011-12-09 04:36 666880 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-10-27 16:08 666880 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-10-27 16:08 126484 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-12-09 04:36 126484 c:\windows\system32\perfc009.dat
+ 2011-11-18 14:18 . 2011-11-18 14:18 461984 c:\windows\system32\Macromed\Flash\FlashUtil64_11_1_102_Plugin.exe
+ 2009-07-14 04:45 . 2011-11-17 02:16 413096 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 05:30 . 2011-11-24 18:46 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2011-10-24 10:38 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2011-11-24 18:46 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2011-10-24 10:38 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2011-11-24 18:46 . 2011-11-24 18:46 279616 c:\windows\system32\DriverStore\FileRepository\dtsoftbus01.inf_amd64_neutral_4ac220a6c52452a8\dtsoftbus01.sys
+ 2011-10-23 12:23 . 2011-12-09 20:43 592888 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-07-14 05:01 . 2011-11-03 19:38 391740 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-12-09 20:43 391740 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-11-21 18:15 . 2011-11-21 18:15 217864 c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
- 2011-10-23 13:47 . 2011-10-23 13:47 217864 c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2011-10-23 03:30 . 2011-11-16 18:18 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2011-10-23 03:30 . 2011-10-25 01:23 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2011-10-23 03:30 . 2011-11-16 18:18 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2011-10-23 03:30 . 2011-10-25 01:23 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2011-10-23 03:30 . 2011-11-16 18:18 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2011-10-23 03:30 . 2011-10-25 01:23 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2011-10-23 03:30 . 2011-10-25 01:23 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2011-10-23 03:30 . 2011-11-16 18:18 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2011-10-23 03:30 . 2011-11-16 18:18 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2011-10-23 03:30 . 2011-10-25 01:23 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2011-10-23 03:30 . 2011-11-16 18:18 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2011-10-23 03:30 . 2011-10-25 01:23 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2011-10-23 03:30 . 2011-10-25 01:23 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2011-10-23 03:30 . 2011-11-16 18:18 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-07-21 05:05 . 2009-07-21 05:05 1348432 c:\windows\SysWOW64\msxml4.dll
+ 2011-10-22 00:19 . 2011-11-18 14:18 8527008 c:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
+ 2009-07-14 04:45 . 2011-11-25 18:56 7113258 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2011-10-24 10:11 7113258 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-10-21 22:52 . 2011-12-09 20:43 2338492 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1589579867-1370445272-1581056280-1001-8192.dat
+ 2009-07-21 05:29 . 2009-07-21 05:29 6057984 c:\windows\Installer\998afe.msi
+ 2008-10-01 02:07 . 2008-10-01 02:07 6042112 c:\windows\Installer\998af8.msi
+ 2003-08-13 21:48 . 2003-08-13 21:48 5289984 c:\windows\Installer\10a999a.msi
+ 2011-10-23 03:30 . 2011-11-16 18:18 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2011-10-23 03:30 . 2011-10-25 01:23 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2011-10-23 03:30 . 2011-11-16 18:18 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2011-10-23 03:30 . 2011-10-25 01:23 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-07-14 02:34 . 2011-11-11 11:44 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2011-10-24 02:27 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2011-10-22 00:06 . 2011-11-08 23:33 52174280 c:\windows\system32\MRT.exe
+ 2011-11-18 14:18 . 2011-11-18 14:18 11336864 c:\windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:40 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-05-25 265984]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-12 102400]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-06-22 968272]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\users\1\Downloads\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Exstora - Shortcut.lnk - c:\users\1\Downloads\Exstora Pro\Exstora.exe [2011-10-21 416768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-06-22 321104]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-06-11 868896]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-27 305520]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-05-25 255744]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:42 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]
"ETDWare"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-06-09 206208]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 861216]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&m=aspire_5552&r=273610110805l0424z125v47m2184n
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&m=aspire_5552&r=273610110805l0424z125v47m2184n
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 0.0.0.0:80
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 208.67.220.220 208.67.222.222
FF - ProfilePath - c:\users\1\AppData\Roaming\Mozilla\Firefox\Profiles\ktzou0uw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-Halo - c:\users\1\Downloads\Halo\UNINSTAL.EXE
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\0c\05\02\0f9)ƒ"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft Office\Office12\WINWORD.EXE
.
**************************************************************************
.
Completion time: 2011-12-09 16:04:17 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-09 21:04
ComboFix2.txt 2011-11-03 20:00
.
Pre-Run: 559,781,871,616 bytes free
Post-Run: 559,390,167,040 bytes free
.
- - End Of File - - B96E2639487158528C094EE899DA1E09
  • 0

#6
Essexboy
Posted 09 December 2011 - 03:57 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK looks like the latest super duper variant..

Before I commence any fixes I would like a confirmatory run

Re-Run aswMBR

Click Scan

On completion of the scanClick the Fix Button

Posted Image

Save the log as before and post in your next reply

THEN

Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:



Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.
  • 0

#7
mm0945
Posted 09 December 2011 - 05:54 PM

mm0945

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Upon reboot, it looks like both the redirects are gone and the image search works again.

What's next? Is it safe to re-enable Internet Explorer? I am getting ahead of myself, here are the logs:

aswMBR Log

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-09 18:48:56
-----------------------------
18:48:56.929 OS Version: Windows x64 6.1.7601 Service Pack 1
18:48:56.929 Number of processors: 2 586 0x603
18:48:56.930 ComputerName: 1-LT UserName: 1
18:49:00.248 Initialize success
18:49:11.832 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:49:11.837 Disk 0 Vendor: WDC_WD6400BEVT-22A0RT0 01.01A01 Size: 610480MB BusType: 11
18:49:13.856 Disk 0 MBR read successfully
18:49:13.862 Disk 0 MBR scan
18:49:13.867 Disk 0 TDL4@MBR code has been found
18:49:13.873 Disk 0 Windows 7 default MBR code found via API
18:49:13.879 Disk 0 MBR hidden
18:49:13.887 Disk 0 MBR [TDL4] **ROOTKIT**
18:49:13.891 Disk 0 trace - called modules:
18:49:13.899 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8004370254]<<
18:49:13.909 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80042e9060]
18:49:13.917 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80042ba060]
18:49:13.921 \Driver\atapi[0xfffffa8003d78430] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8004370254
18:49:13.926 Scan finished successfully
18:49:29.631 Disk 0 MBR read successfully
18:49:29.644 Disk 0 TDL4@MBR code has been found
18:49:29.657 Disk 0 fixing MBR ...
18:49:39.671 Disk 0 MBR restored successfully
18:49:39.730 Verifying disinfection
18:49:51.756 Infection fixed successfully - please reboot ASAP
18:50:16.031 Disk 0 MBR has been saved successfully to "C:\Users\1\Desktop\MBR.dat"
18:50:16.037 The log file has been saved successfully to "C:\Users\1\Desktop\aswMBRdec 9.txt"


MBRCheck Log

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Acer
System Manufacturer: Acer
System Product Name: Aspire 5552
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 164):
0x02C64000 \SystemRoot\system32\ntoskrnl.exe
0x02C1B000 \SystemRoot\system32\hal.dll
0x00BD0000 \SystemRoot\system32\kdcom.dll
0x00C1C000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00C29000 \SystemRoot\system32\PSHED.dll
0x00C3D000 \SystemRoot\system32\CLFS.SYS
0x00C9B000 \SystemRoot\system32\CI.dll
0x00D5B000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00C00000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00EAE000 \SystemRoot\system32\drivers\ACPI.sys
0x00F05000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00F0E000 \SystemRoot\system32\drivers\msisadrv.sys
0x00F18000 \SystemRoot\system32\drivers\pci.sys
0x00F4B000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00F58000 \SystemRoot\System32\drivers\partmgr.sys
0x00F6D000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00F76000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00F82000 \SystemRoot\system32\drivers\volmgr.sys
0x00F97000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FF3000 \SystemRoot\system32\drivers\pciide.sys
0x00E00000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00E10000 \SystemRoot\System32\drivers\mountmgr.sys
0x00E2A000 \SystemRoot\system32\drivers\atapi.sys
0x00E33000 \SystemRoot\system32\drivers\ataport.SYS
0x00E5D000 \SystemRoot\system32\drivers\msahci.sys
0x00E68000 \SystemRoot\system32\drivers\amdxata.sys
0x01032000 \SystemRoot\system32\drivers\fltmgr.sys
0x0107E000 \SystemRoot\system32\drivers\fileinfo.sys
0x01201000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01092000 \SystemRoot\System32\Drivers\msrpc.sys
0x013A4000 \SystemRoot\System32\Drivers\ksecdd.sys
0x010F0000 \SystemRoot\System32\Drivers\cng.sys
0x013BF000 \SystemRoot\System32\drivers\pcw.sys
0x013D0000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x0149A000 \SystemRoot\system32\drivers\ndis.sys
0x0158D000 \SystemRoot\system32\drivers\NETIO.SYS
0x01400000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01690000 \SystemRoot\System32\drivers\tcpip.sys
0x01894000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x018DE000 \SystemRoot\system32\drivers\volsnap.sys
0x0192A000 \SystemRoot\System32\Drivers\spldr.sys
0x01932000 \SystemRoot\System32\drivers\rdyboost.sys
0x0196C000 \SystemRoot\System32\Drivers\mup.sys
0x0197E000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01987000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x019C1000 \SystemRoot\system32\DRIVERS\disk.sys
0x01600000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01630000 \SystemRoot\system32\DRIVERS\AtiPcie64.sys
0x0142B000 \SystemRoot\system32\DRIVERS\dtsoftbus01.sys
0x01162000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x0118C000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x01670000 \SystemRoot\system32\DRIVERS\mwlPSDFilter.sys
0x01679000 \SystemRoot\System32\Drivers\Null.SYS
0x01682000 \SystemRoot\System32\Drivers\Beep.SYS
0x019D7000 \SystemRoot\System32\drivers\vga.sys
0x01473000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x019E5000 \SystemRoot\System32\drivers\watchdog.sys
0x019F5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x015ED000 \SystemRoot\system32\drivers\rdpencdd.sys
0x015F6000 \SystemRoot\system32\drivers\rdprefmp.sys
0x013DA000 \SystemRoot\System32\Drivers\Msfs.SYS
0x013E5000 \SystemRoot\System32\Drivers\Npfs.SYS
0x011BD000 \SystemRoot\system32\DRIVERS\tdx.sys
0x011DF000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x066EF000 \SystemRoot\System32\DRIVERS\netbt.sys
0x06734000 \SystemRoot\system32\drivers\afd.sys
0x067BD000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x067C6000 \SystemRoot\system32\DRIVERS\pacer.sys
0x06600000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x06616000 \SystemRoot\system32\DRIVERS\netbios.sys
0x06625000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x06640000 \SystemRoot\system32\drivers\termdd.sys
0x06654000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x066A5000 \SystemRoot\system32\drivers\nsiproxy.sys
0x066B1000 \SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys
0x066C4000 \SystemRoot\system32\DRIVERS\mwlPSDNServ.sys
0x066CC000 \SystemRoot\system32\drivers\mssmbios.sys
0x066D7000 \SystemRoot\System32\drivers\discache.sys
0x01000000 \SystemRoot\System32\Drivers\dfsc.sys
0x067EC000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x00E73000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x00E99000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x03A54000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x06874000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x03A8F000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x06F3F000 \SystemRoot\System32\drivers\dxgmms1.sys
0x06F85000 \SystemRoot\system32\drivers\HDAudBus.sys
0x06800000 \SystemRoot\system32\DRIVERS\k57nd60a.sys
0x07411000 \SystemRoot\system32\DRIVERS\athrx.sys
0x07637000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x07644000 \??\C:\Windows\system32\drivers\UBHelper.sys
0x0764C000 \??\C:\Windows\system32\drivers\NTIDrvr.sys
0x07654000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x07661000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x0766C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x076C2000 \SystemRoot\system32\DRIVERS\usbfilter.sys
0x076CF000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x076E0000 \SystemRoot\system32\drivers\i8042prt.sys
0x076FE000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x0770D000 \SystemRoot\system32\DRIVERS\ETD.sys
0x07732000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x07741000 \SystemRoot\system32\drivers\wmiacpi.sys
0x0774A000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x0774F000 \SystemRoot\system32\drivers\CompositeBus.sys
0x0775F000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x07775000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x07799000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x077A5000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x077D4000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x06FA9000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x06FCA000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x077EF000 \SystemRoot\system32\drivers\swenum.sys
0x03B83000 \SystemRoot\system32\drivers\ks.sys
0x06FE4000 \SystemRoot\system32\drivers\umbus.sys
0x07A83000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x07ADD000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x07AF2000 \SystemRoot\system32\drivers\AtiHdmi.sys
0x07B15000 \SystemRoot\system32\drivers\portcls.sys
0x07B52000 \SystemRoot\system32\drivers\drmk.sys
0x07B74000 \SystemRoot\system32\drivers\ksthunk.sys
0x08211000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x0845A000 \SystemRoot\System32\Drivers\crashdmp.sys
0x08468000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x08474000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x0847F000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x08492000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x084AF000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x084B1000 \SystemRoot\System32\Drivers\usbvideo.sys
0x000A0000 \SystemRoot\System32\win32k.sys
0x0851E000 \SystemRoot\System32\drivers\Dxapi.sys
0x00550000 \SystemRoot\System32\TSDDD.dll
0x00750000 \SystemRoot\System32\cdd.dll
0x00960000 \SystemRoot\System32\ATMFD.DLL
0x08538000 \SystemRoot\system32\drivers\luafv.sys
0x0855B000 \SystemRoot\system32\drivers\WudfPf.sys
0x0857C000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x08591000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x085E4000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x084DF000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x0347A000 \SystemRoot\system32\drivers\HTTP.sys
0x03543000 \SystemRoot\system32\DRIVERS\bowser.sys
0x03561000 \SystemRoot\System32\drivers\mpsdrv.sys
0x03579000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x035A6000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x03400000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x04609000 \SystemRoot\system32\drivers\peauth.sys
0x046AF000 \SystemRoot\System32\Drivers\secdrv.SYS
0x046BA000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x046EB000 \SystemRoot\System32\drivers\tcpipreg.sys
0x046FD000 \SystemRoot\System32\DRIVERS\srv2.sys
0x04766000 \SystemRoot\System32\DRIVERS\srv.sys
0x03424000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x07A00000 \SystemRoot\System32\Drivers\fastfat.SYS
0x04600000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x0343F000 \SystemRoot\system32\DRIVERS\monitor.sys
0x0344D000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x0345B000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x08507000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x08200000 \SystemRoot\system32\DRIVERS\point64.sys
0x084F7000 \??\C:\Users\2F42~1\AppData\Local\Temp\aswMBR.sys
0x77A00000 \Windows\System32\ntdll.dll
0x475F0000 \Windows\System32\smss.exe
0xFFD20000 \Windows\System32\apisetschema.dll
0xFFB70000 \Windows\System32\autochk.exe

Processes (total 71):
0 System Idle Process
4 System
284 C:\Windows\System32\smss.exe
456 csrss.exe
520 C:\Windows\System32\wininit.exe
556 csrss.exe
588 C:\Windows\System32\services.exe
604 C:\Windows\System32\lsass.exe
612 C:\Windows\System32\lsm.exe
712 C:\Windows\System32\svchost.exe
780 C:\Windows\System32\svchost.exe
836 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
884 C:\Windows\System32\winlogon.exe
980 C:\Windows\System32\atiesrxx.exe
1012 C:\Windows\System32\svchost.exe
300 C:\Windows\System32\svchost.exe
344 C:\Windows\System32\svchost.exe
1060 C:\Windows\System32\svchost.exe
1152 C:\Windows\System32\svchost.exe
1256 C:\Windows\System32\atieclxx.exe
1384 C:\Windows\System32\spoolsv.exe
1420 C:\Windows\System32\svchost.exe
1508 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1644 C:\Program Files\Bonjour\mDNSResponder.exe
1688 C:\Program Files (x86)\Launch Manager\dsiwmis.exe
1728 C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
1756 C:\Windows\System32\svchost.exe
1780 C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
1816 C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
1876 C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
1928 C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
2004 C:\Program Files\Acer\Acer Updater\UpdaterService.exe
2092 C:\Windows\System32\taskhost.exe
2180 C:\Windows\System32\dwm.exe
2212 C:\Windows\explorer.exe
2508 C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
2580 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
2588 C:\Program Files\Elantech\ETDCtrl.exe
2620 C:\Windows\PLFSetI.exe
2660 C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
2672 C:\Program Files\Microsoft Security Client\msseces.exe
2824 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
2872 C:\Users\1\Downloads\Exstora Pro\Exstora.exe
2960 C:\Windows\System32\SearchIndexer.exe
3052 C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
2116 C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
2312 C:\Windows\System32\wbem\unsecapp.exe
2020 WmiPrvSE.exe
2300 C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
2292 C:\Program Files (x86)\Launch Manager\LManager.exe
3092 C:\Program Files\Elantech\ETDCtrlHelper.exe
3156 C:\Users\1\Downloads\iTunes\iTunesHelper.exe
3172 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
3204 C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
3232 C:\Program Files (x86)\Launch Manager\LMworker.exe
3376 C:\Program Files\iPod\bin\iPodService.exe
3472 C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
3532 <unknown>
3888 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
3964 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
648 C:\Program Files\Windows Media Player\wmpnetwk.exe
1036 C:\Windows\System32\wuauclt.exe
2980 C:\Windows\System32\dllhost.exe
3120 C:\Program Files\Mozilla\firefox.exe
3764 C:\Program Files\Mozilla\plugin-container.exe
3568 C:\Windows\System32\audiodg.exe
3708 C:\Windows\System32\SearchProtocolHost.exe
880 C:\Windows\System32\SearchFilterHost.exe
3680 C:\Users\1\Desktop\MBRCheck.exe
452 C:\Windows\System32\conhost.exe
3088 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`86500000 (NTFS)

PhysicalDrive0 Model Number: WDCWD6400BEVT-22A0RT0, Rev: 01.01A01

Size Device Name MBR Status
--------------------------------------------
596 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

Edited by mm0945, 09 December 2011 - 05:59 PM.

  • 0

#8
Essexboy
Posted 10 December 2011 - 05:30 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yep re-enable IE and once this run is complete then let me know of any outstanding problems

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#9
mm0945
Posted 10 December 2011 - 05:29 PM

mm0945

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Comp shuts down normally
Full Google functionality is back
iexplore.exe does not seem to be appearing since reenabling I.E.

I feel like this did not turn out to be quite the challenge for which I think you might have been hoping.

Thanks for your timely and effective help, and keep fighting the good fight.

MBAM

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8349

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

10/12/2011 6:24:06 PM
mbam-log-2011-12-10 (18-24-06).txt

Scan type: Quick scan
Objects scanned: 174491
Time elapsed: 3 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by mm0945, 10 December 2011 - 05:32 PM.

  • 0

#10
Essexboy
Posted 11 December 2011 - 06:28 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Remove ComboFix

  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/") then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point
  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

Now we can purge the infected ones
  • GoStart > All programs > Accessories > system tools
  • Right click Disc cleanup and select run as administrator
  • Select Your main drive and accept the warning if you get one
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image
Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe :wave:
  • 0

#11
Essexboy
Posted 13 December 2011 - 03:33 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP