Jump to content


Photo
- - - - -

Win32/Olmarik.TDL4 trojan - mrtwallz


  • This topic is locked This topic is locked
25 replies to this topic

#1 mrtwallz

mrtwallz

    New Member

  • Members
  • Pip
  • 12 posts

Posted 30 October 2011 - 08:22 PM

ESET Smart Security 5 detected a "Win32/Olmarik.TDL4 trojan" in the operating memory and is unable to clean it.
I tried the recovery disc to clean it but for some reason the recovery disc doesn't detect it.


Here is the DDS:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Jazzarah at 20:59:32 on 2011-10-30
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1790.646 [GMT -4:00]
.
AV: ESET Smart Security 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: ESET Smart Security 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
uRun: [Spyware Doctor] C:\Users\Jazzarah\Desktop\sdsetup_revwire207.exe -min
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{909799A3-85C7-4137-9C82-28400D4D7FCC} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jazzarah\AppData\Roaming\Mozilla\Firefox\Profiles\wx917g4m.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 epfwwfp;epfwwfp;C:\Windows\system32\DRIVERS\epfwwfp.sys --> C:\Windows\system32\DRIVERS\epfwwfp.sys [?]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\system32\DRIVERS\EpfwLWF.sys --> C:\Windows\system32\DRIVERS\EpfwLWF.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-8-9 974944]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-10-28 366152]
R3 DKRtWrt;DKRtWrt;C:\Windows\system32\DRIVERS\DKRtWrt.sys --> C:\Windows\system32\DRIVERS\DKRtWrt.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== File Associations ===============
.
inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
VBEFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
VBSFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-10-30 23:51:23 -------- d-sh--w- C:\$RECYCLE.BIN
2011-10-30 22:54:08 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0CCC43AC-641B-4114-84BB-ECF3373D396F}\offreg.dll
2011-10-30 22:12:05 98816 ----a-w- C:\Windows\sed.exe
2011-10-30 22:12:05 518144 ----a-w- C:\Windows\SWREG.exe
2011-10-30 22:12:05 256000 ----a-w- C:\Windows\PEV.exe
2011-10-30 22:12:05 208896 ----a-w- C:\Windows\MBR.exe
2011-10-30 22:10:54 -------- d-----w- C:\commy.exe
2011-10-30 22:01:53 -------- d-----w- C:\ComboFix
2011-10-30 21:27:24 -------- d-----w- C:\ProgramData\PC Tools
2011-10-30 19:50:07 -------- d-----w- C:\Program Files\Windows Imaging
2011-10-30 19:48:52 -------- d-----w- C:\Program Files\Windows AIK
2011-10-30 17:56:13 -------- d-----w- C:\Users\Jazzarah\AppData\Local\Diagnostics
2011-10-30 17:20:14 -------- d-----w- C:\Diskeeper2011Patch
2011-10-30 17:19:27 44624 ----a-w- C:\Windows\System32\drivers\DKRtWrt.sys
2011-10-30 17:19:16 -------- d-----w- C:\ProgramData\Diskeeper Corporation
2011-10-30 17:19:16 -------- d-----w- C:\Program Files\Common Files\Diskeeper Corporation
2011-10-30 17:19:12 -------- d-----w- C:\Program Files\Diskeeper Corporation
2011-10-30 15:03:33 8570192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0CCC43AC-641B-4114-84BB-ECF3373D396F}\mpengine.dll
2011-10-30 14:57:00 -------- d-----w- C:\Users\Jazzarah\AppData\Roaming\ESET
2011-10-30 14:57:00 -------- d-----w- C:\Users\Jazzarah\AppData\Local\ESET
2011-10-30 14:53:11 -------- d-----w- C:\Program Files\ESET
2011-10-30 08:21:25 -------- d-----w- C:\Windows\SysWow64\Wat
2011-10-30 08:21:25 -------- d-----w- C:\Windows\System32\Wat
2011-10-30 07:56:05 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
2011-10-30 07:56:05 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
2011-10-30 07:21:46 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2011-10-30 07:21:46 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2011-10-30 07:21:46 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2011-10-30 07:21:46 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2011-10-30 07:21:46 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2011-10-30 07:21:46 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2011-10-30 07:21:45 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2011-10-30 07:21:45 444752 ----a-w- C:\Windows\System32\mscoree.dll
2011-10-30 07:21:45 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2011-10-30 07:21:45 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2011-10-30 07:00:46 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2011-10-29 22:09:59 -------- d-----w- C:\Users\Jazzarah\AppData\Local\ElevatedDiagnostics
2011-10-29 14:09:04 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-10-29 14:09:04 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-10-29 14:04:55 714752 ----a-w- C:\Windows\System32\kerberos.dll
2011-10-29 14:04:54 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll
2011-10-29 14:01:59 1413632 ----a-w- C:\Windows\SysWow64\ole32.dll
2011-10-29 14:00:53 2228224 ----a-w- C:\Windows\System32\mssrch.dll
2011-10-29 13:59:47 422912 ----a-w- C:\Windows\System32\secproc_isv.dll
2011-10-29 13:58:59 1739176 ----a-w- C:\Windows\System32\ntdll.dll
2011-10-29 13:58:57 1293120 ----a-w- C:\Windows\SysWow64\ntdll.dll
2011-10-29 13:58:42 552960 ----a-w- C:\Windows\System32\msdri.dll
2011-10-29 13:58:28 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2011-10-29 13:58:28 1024512 ----a-w- C:\Windows\System32\wmpmde.dll
2011-10-29 13:58:06 3134976 ----a-w- C:\Windows\System32\win32k.sys
2011-10-29 13:56:20 461312 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-10-29 13:55:55 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2011-10-29 13:54:20 2003968 ----a-w- C:\Windows\System32\msxml6.dll
2011-10-29 13:53:59 389632 ----a-w- C:\Windows\System32\winlogon.exe
2011-10-29 13:52:45 52224 ----a-w- C:\Windows\System32\rtutils.dll
2011-10-29 13:52:45 37376 ----a-w- C:\Windows\SysWow64\rtutils.dll
2011-10-29 13:52:40 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2011-10-29 13:52:39 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2011-10-29 13:52:39 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-10-29 13:52:38 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-10-29 13:49:13 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
2011-10-29 13:48:16 395776 ----a-w- C:\Windows\System32\webio.dll
2011-10-29 13:48:16 314368 ----a-w- C:\Windows\SysWow64\webio.dll
2011-10-29 13:45:49 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2011-10-29 13:45:49 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2011-10-29 13:45:46 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2011-10-29 13:45:46 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2011-10-29 13:45:40 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2011-10-29 13:45:40 31232 ----a-w- C:\Windows\System32\prevhost.exe
2011-10-29 13:45:31 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
2011-10-29 13:45:23 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-10-29 13:45:22 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-10-29 13:40:24 112000 ----a-w- C:\Windows\System32\consent.exe
2011-10-29 13:39:57 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2011-10-29 13:34:45 861184 ----a-w- C:\Windows\System32\oleaut32.dll
2011-10-29 13:34:45 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-10-29 13:34:44 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-10-29 13:34:43 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-10-29 13:33:43 720896 ----a-w- C:\Windows\System32\odbc32.dll
2011-10-29 13:33:43 573440 ----a-w- C:\Windows\SysWow64\odbc32.dll
2011-10-29 13:33:42 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2011-10-29 13:33:41 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
2011-10-29 13:33:40 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
2011-10-29 13:33:40 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
2011-10-29 13:33:39 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2011-10-29 13:33:39 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
2011-10-29 13:33:38 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
2011-10-29 13:33:38 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
2011-10-29 13:13:00 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2011-10-29 13:13:00 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2011-10-29 13:12:35 5507968 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-10-29 13:12:32 3957120 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-10-29 13:12:32 3902336 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-10-29 05:07:35 -------- d-----w- C:\ProgramData\Recovery
2011-10-29 03:58:39 -------- d-----w- C:\ProgramData\Kaspersky Lab
2011-10-29 03:42:42 -------- d-----w- C:\Users\Jazzarah\AppData\Roaming\Malwarebytes
2011-10-29 03:41:57 -------- d-----w- C:\ProgramData\Malwarebytes
2011-10-29 03:41:52 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-10-29 03:41:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-10-29 02:19:16 -------- d-----w- C:\Users\Jazzarah\AppData\Local\Adobe
2011-10-29 02:13:05 8570192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-29 02:09:53 917840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4F27C297-953F-4CA0-A9B0-8A8FA371B6A8}\gapaengine.dll
2011-10-29 01:54:29 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2011-10-29 01:53:44 -------- d-----w- C:\Program Files\Microsoft Security Client
2011-10-29 01:53:30 374664 ----a-w- C:\Windows\System32\drivers\netio.sys
2011-10-29 01:42:17 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2011-10-29 01:41:09 -------- d-----w- C:\Users\Jazzarah\AppData\Local\Microsoft Help
2011-10-29 01:39:23 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F440A80E-0CEC-44D6-8E1F-7F8CBB78624C}\mpengine.dll
2011-10-29 01:39:21 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-10-29 01:26:19 -------- d-----w- C:\Users\Jazzarah\AppData\Roaming\HpUpdate
2011-10-29 01:25:31 220672 ----a-w- C:\Windows\System32\wintrust.dll
2011-10-29 01:25:30 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
2011-10-29 01:25:29 139264 ----a-w- C:\Windows\System32\cabview.dll
2011-10-29 01:25:29 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
2011-10-29 01:21:08 -------- d-----w- C:\Users\Jazzarah\AppData\Roaming\PictureMover
2011-10-29 01:20:19 -------- d-----w- C:\Users\Jazzarah\AppData\Local\Hewlett-Packard
.
==================== Find3M ====================
.
2011-10-01 03:21:20 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-10-01 02:59:14 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-08-20 05:45:20 1197568 ----a-w- C:\Windows\System32\wininet.dll
2011-08-20 05:41:16 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2011-08-20 04:38:10 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-08-20 04:35:20 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-08-20 04:20:23 482816 ----a-w- C:\Windows\System32\html.iec
2011-08-20 03:26:38 386048 ----a-w- C:\Windows\SysWow64\html.iec
2011-08-17 05:32:24 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2011-08-17 05:27:46 75776 ----a-w- C:\Windows\System32\MSDvbNP.ax
2011-08-17 05:27:46 288256 ----a-w- C:\Windows\System32\MSNP.ax
2011-08-17 05:27:46 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2011-08-17 05:27:46 104960 ----a-w- C:\Windows\System32\Mpeg2Data.ax
2011-08-17 04:26:02 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-08-17 04:22:23 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2011-08-17 04:22:23 72704 ----a-w- C:\Windows\SysWow64\Mpeg2Data.ax
2011-08-17 04:22:23 59904 ----a-w- C:\Windows\SysWow64\MSDvbNP.ax
2011-08-17 04:22:23 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
2011-08-09 17:57:12 202576 ----a-w- C:\Windows\System32\drivers\eamonm.sys
2011-08-04 13:20:38 62496 ----a-w- C:\Windows\System32\drivers\epfwwfp.sys
2011-08-04 13:20:38 38288 ----a-w- C:\Windows\System32\drivers\EpfwLWF.sys
2011-08-04 13:20:38 187632 ----a-w- C:\Windows\System32\drivers\epfw.sys
2011-08-04 13:20:38 146432 ----a-w- C:\Windows\System32\drivers\ehdrv.sys
.
============= FINISH: 21:07:38.63 ===============

Here is the Attach:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 10/28/2011 9:17:23 PM
System Uptime: 10/30/2011 8:05:47 PM (1 hours ago)
.
Motherboard: PEGATRON CORPORATION | | NARRA5
Processor: AMD Sempron™ Processor LE-1300 | Socket AM2 | 2300/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 287 GiB total, 247.194 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.343 GiB free.
E: is CDROM (UDF)
F: is Removable
G: is FIXED (NTFS) - 466 GiB total, 46.31 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Photosmart Prem C310 series
Device ID: USB\VID_03F0&PID_8F11&MI_00\6&9712CBA&0&0000
Manufacturer:
Name: Photosmart Prem C310 series
PNP Device ID: USB\VID_03F0&PID_8F11&MI_00\6&9712CBA&0&0000
Service:
.
Class GUID:
Description: Photosmart Prem C310 series
Device ID: USB\VID_03F0&PID_8F11&MI_02\6&9712CBA&0&0002
Manufacturer:
Name: Photosmart Prem C310 series
PNP Device ID: USB\VID_03F0&PID_8F11&MI_02\6&9712CBA&0&0002
Service:
.
==== System Restore Points ===================
.
RP1: 10/28/2011 9:19:31 PM - Scripted restore
RP2: 10/28/2011 9:25:33 PM - Windows Update
RP3: 10/28/2011 9:36:56 PM - Installed Microsoft Office Enterprise 2007
RP4: 10/28/2011 9:38:01 PM - Windows Update
RP5: 10/28/2011 9:53:05 PM - Windows Update
RP6: 10/28/2011 10:07:18 PM - Windows Update
RP7: 10/28/2011 10:35:32 PM - Installed Adobe Reader X (10.1.0).
RP8: 10/30/2011 1:40:48 AM - Windows Update
RP9: 10/30/2011 3:00:29 AM - Windows Update
RP10: 10/30/2011 10:51:12 AM - Installed ESET Smart Security
RP11: 10/30/2011 1:18:49 PM - Installed Diskeeper 2011.
RP12: 10/30/2011 3:46:53 PM - Installed Windows Automated Installation Kit
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.1.1)
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite Deluxe
DirectX for Managed Code Update (Summer 2004)
DVD Menu Pack for HP MediaSmart Video
HP Advisor
HP Customer Experience Enhancements
HP Games
HP MediaSmart Demo
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP MediaSmart/TouchSmart Netflix
HP Odometer
HP Remote Solution
HP Setup
HP Support Assistant
HP Support Information
HP Update
HPAsset component for HP Active Support Library
Junk Mail filter update
LabelPrint
LightScribe System Software
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft Choice Guard
Microsoft Live Search Toolbar
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Movie Theme Pack for HP MediaSmart Video
Mozilla Firefox 7.0.1 (x86 en-US)
MSVCRT
Norton Online Backup
PictureMover
Power2Go
PowerDirector
Realtek High Definition Audio Driver
Recovery Manager
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2596560)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
10/30/2011 7:07:24 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
10/30/2011 6:52:48 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
10/30/2011 6:48:42 PM, Error: Application Popup [1060] - \??\C:\commy.exe\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
10/30/2011 5:53:47 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
10/30/2011 5:35:25 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
10/30/2011 5:26:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/30/2011 5:26:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/30/2011 5:26:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/30/2011 5:26:52 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
10/30/2011 5:26:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
10/30/2011 5:25:35 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache ehdrv MpFilter spldr Wanarpv6
10/30/2011 4:28:41 AM, Error: Service Control Manager [7022] - The Windows Search service hung on starting.
10/30/2011 4:24:41 AM, Error: Service Control Manager [7023] -
10/30/2011 4:23:53 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
10/30/2011 4:22:26 AM, Error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).
10/30/2011 4:22:26 AM, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).
10/30/2011 4:19:09 AM, Error: Service Control Manager [7043] - The Windows Modules Installer service did not shut down properly after receiving a preshutdown control.
10/30/2011 3:48:05 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB2538243).
10/30/2011 3:33:53 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft XML Core Services 4.0 Service Pack 2 for x64-based Systems (KB973688).
10/30/2011 3:27:52 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft XML Core Services 4.0 Service Pack 2 for x64-based Systems (KB954430).
10/30/2011 3:00:12 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
10/30/2011 1:30:20 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
.
==== End Of File ===========================

#2 negster22

negster22

    Elite Member

  • Experts
  • PipPipPipPipPip
  • 1,151 posts
  • Location:Westchester County, NY

Posted 30 October 2011 - 10:26 PM

Hi and welcome to Malwarebytes' Forum,

Some background information on what we're planning to do can be found HERE

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Double-click on TDSSKiller.exe to run the application, then on Start Scan.
  • Click on "Change parameters" and place a checkmark next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK

    Posted Image
  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Posted Image Microsoft MVP - Consumer Security 2006 - 2011

BITS n PC's Blog

#3 mrtwallz

mrtwallz

    New Member

  • Members
  • Pip
  • 12 posts

Posted 31 October 2011 - 01:42 PM

Thank you for the assistance. And here is the report:


14:36:34.0829 2896 TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01
14:36:35.0318 2896 ============================================================
14:36:35.0318 2896 Current date / time: 2011/10/31 14:36:35.0318
14:36:35.0318 2896 SystemInfo:
14:36:35.0318 2896
14:36:35.0318 2896 OS Version: 6.1.7600 ServicePack: 0.0
14:36:35.0318 2896 Product type: Workstation
14:36:35.0318 2896 ComputerName: JAZZARAH-PC
14:36:35.0318 2896 UserName: Jazzarah
14:36:35.0318 2896 Windows directory: C:\Windows
14:36:35.0318 2896 System windows directory: C:\Windows
14:36:35.0318 2896 Running under WOW64
14:36:35.0318 2896 Processor architecture: Intel x64
14:36:35.0318 2896 Number of processors: 1
14:36:35.0318 2896 Page size: 0x1000
14:36:35.0318 2896 Boot type: Normal boot
14:36:35.0318 2896 ============================================================
14:36:37.0226 2896 Initialize success
14:37:55.0043 3600 ============================================================
14:37:55.0043 3600 Scan started
14:37:55.0043 3600 Mode: Manual; SigCheck; TDLFS;
14:37:55.0043 3600 ============================================================
14:37:56.0941 3600 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
14:37:59.0525 3600 1394ohci - ok
14:37:59.0624 3600 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
14:38:00.0188 3600 ACPI - ok
14:38:00.0237 3600 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
14:38:00.0404 3600 AcpiPmi - ok
14:38:00.0447 3600 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
14:38:00.0572 3600 adp94xx - ok
14:38:00.0613 3600 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
14:38:00.0723 3600 adpahci - ok
14:38:00.0766 3600 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
14:38:00.0833 3600 adpu320 - ok
14:38:00.0923 3600 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
14:38:01.0086 3600 AFD - ok
14:38:01.0148 3600 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
14:38:01.0218 3600 agp440 - ok
14:38:01.0250 3600 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
14:38:01.0325 3600 aliide - ok
14:38:01.0341 3600 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
14:38:01.0481 3600 amdide - ok
14:38:01.0521 3600 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
14:38:01.0786 3600 AmdK8 - ok
14:38:01.0894 3600 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
14:38:02.0078 3600 AmdPPM - ok
14:38:02.0371 3600 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
14:38:02.0781 3600 amdsata - ok
14:38:02.0823 3600 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
14:38:03.0013 3600 amdsbs - ok
14:38:03.0885 3600 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
14:38:03.0964 3600 amdxata - ok
14:38:04.0014 3600 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
14:38:04.0365 3600 AppID - ok
14:38:04.0457 3600 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
14:38:04.0491 3600 arc - ok
14:38:04.0510 3600 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
14:38:04.0534 3600 arcsas - ok
14:38:04.0568 3600 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:38:04.0784 3600 AsyncMac - ok
14:38:04.0806 3600 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
14:38:04.0858 3600 atapi - ok
14:38:04.0934 3600 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
14:38:05.0156 3600 b06bdrv - ok
14:38:05.0236 3600 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:38:05.0308 3600 b57nd60a - ok
14:38:05.0364 3600 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:38:05.0567 3600 Beep - ok
14:38:05.0626 3600 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:38:05.0783 3600 blbdrive - ok
14:38:05.0820 3600 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
14:38:06.0056 3600 bowser - ok
14:38:06.0103 3600 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:38:06.0149 3600 BrFiltLo - ok
14:38:06.0170 3600 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:38:06.0294 3600 BrFiltUp - ok
14:38:06.0330 3600 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:38:06.0527 3600 Brserid - ok
14:38:06.0576 3600 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:38:06.0843 3600 BrSerWdm - ok
14:38:06.0920 3600 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:38:07.0177 3600 BrUsbMdm - ok
14:38:07.0230 3600 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:38:07.0433 3600 BrUsbSer - ok
14:38:07.0521 3600 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
14:38:07.0681 3600 BTHMODEM - ok
14:38:07.0736 3600 catchme - ok
14:38:07.0843 3600 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:38:08.0058 3600 cdfs - ok
14:38:08.0101 3600 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
14:38:08.0314 3600 cdrom - ok
14:38:08.0375 3600 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
14:38:08.0501 3600 circlass - ok
14:38:08.0557 3600 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:38:08.0639 3600 CLFS - ok
14:38:08.0669 3600 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
14:38:09.0035 3600 CmBatt - ok
14:38:09.0081 3600 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
14:38:09.0203 3600 cmdide - ok
14:38:09.0242 3600 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
14:38:09.0327 3600 CNG - ok
14:38:09.0344 3600 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
14:38:09.0379 3600 Compbatt - ok
14:38:09.0449 3600 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
14:38:09.0590 3600 CompositeBus - ok
14:38:09.0646 3600 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
14:38:09.0734 3600 crcdisk - ok
14:38:09.0815 3600 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
14:38:09.0994 3600 DfsC - ok
14:38:10.0165 3600 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:38:10.0451 3600 discache - ok
14:38:10.0479 3600 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
14:38:10.0565 3600 Disk - ok
14:38:10.0601 3600 DKRtWrt (3e3243506251da85c8cbe9a64a366ebf) C:\Windows\system32\DRIVERS\DKRtWrt.sys
14:38:10.0934 3600 DKRtWrt - ok
14:38:11.0169 3600 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:38:11.0436 3600 drmkaud - ok
14:38:11.0485 3600 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
14:38:11.0644 3600 DXGKrnl - ok
14:38:11.0707 3600 eamonm (13533557d01b88c83110d5cf749f14d7) C:\Windows\system32\DRIVERS\eamonm.sys
14:38:11.0798 3600 eamonm - ok
14:38:12.0041 3600 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
14:38:12.0404 3600 ebdrv - ok
14:38:12.0459 3600 ehdrv (e097728129e7b79bf1089d7aef42332b) C:\Windows\system32\DRIVERS\ehdrv.sys
14:38:12.0625 3600 ehdrv - ok
14:38:12.0715 3600 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
14:38:12.0888 3600 elxstor - ok
14:38:12.0953 3600 epfw (198c6fbc30bbd9632ea051203dccf204) C:\Windows\system32\DRIVERS\epfw.sys
14:38:13.0045 3600 epfw - ok
14:38:13.0085 3600 EpfwLWF (56de463f517710a8aa44eef82c35b3c9) C:\Windows\system32\DRIVERS\EpfwLWF.sys
14:38:13.0221 3600 EpfwLWF - ok
14:38:13.0257 3600 epfwwfp (710b0442bb2f99278d7b8e02a8849c11) C:\Windows\system32\DRIVERS\epfwwfp.sys
14:38:13.0435 3600 epfwwfp - ok
14:38:13.0495 3600 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
14:38:13.0849 3600 ErrDev - ok
14:38:13.0904 3600 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:38:14.0220 3600 exfat - ok
14:38:14.0508 3600 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:38:14.0716 3600 fastfat - ok
14:38:14.0750 3600 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
14:38:15.0242 3600 fdc - ok
14:38:15.0365 3600 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:38:15.0464 3600 FileInfo - ok
14:38:15.0540 3600 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:38:15.0992 3600 Filetrace - ok
14:38:16.0009 3600 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
14:38:16.0204 3600 flpydisk - ok
14:38:16.0230 3600 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
14:38:16.0299 3600 FltMgr - ok
14:38:16.0333 3600 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:38:16.0402 3600 FsDepends - ok
14:38:16.0439 3600 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
14:38:16.0556 3600 Fs_Rec - ok
14:38:16.0617 3600 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:38:16.0676 3600 fvevol - ok
14:38:16.0686 3600 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:38:16.0868 3600 gagp30kx - ok
14:38:16.0904 3600 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:38:17.0076 3600 hcw85cir - ok
14:38:17.0136 3600 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:38:17.0247 3600 HDAudBus - ok
14:38:17.0264 3600 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
14:38:17.0470 3600 HidBatt - ok
14:38:17.0496 3600 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
14:38:18.0349 3600 HidBth - ok
14:38:18.0410 3600 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
14:38:18.0899 3600 HidIr - ok
14:38:18.0953 3600 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
14:38:19.0135 3600 HidUsb - ok
14:38:19.0270 3600 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
14:38:25.0175 3600 HpSAMD - ok
14:38:25.0317 3600 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
14:38:25.0464 3600 HTTP - ok
14:38:25.0603 3600 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
14:38:25.0644 3600 hwpolicy - ok
14:38:25.0681 3600 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
14:38:25.0724 3600 i8042prt - ok
14:38:25.0782 3600 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
14:38:25.0823 3600 iaStorV - ok
14:38:25.0874 3600 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
14:38:25.0896 3600 iirsp - ok
14:38:25.0982 3600 IntcAzAudAddService (ef75c94792187a143871fbb87611b0b7) C:\Windows\system32\drivers\RTKVHD64.sys
14:38:26.0334 3600 IntcAzAudAddService - ok
14:38:26.0381 3600 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
14:38:26.0404 3600 intelide - ok
14:38:26.0427 3600 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:38:26.0676 3600 intelppm - ok
14:38:26.0707 3600 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:38:26.0827 3600 IpFilterDriver - ok
14:38:26.0888 3600 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
14:38:27.0086 3600 IPMIDRV - ok
14:38:27.0124 3600 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:38:27.0320 3600 IPNAT - ok
14:38:27.0356 3600 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:38:27.0533 3600 IRENUM - ok
14:38:27.0573 3600 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
14:38:27.0604 3600 isapnp - ok
14:38:27.0643 3600 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
14:38:27.0715 3600 iScsiPrt - ok
14:38:27.0752 3600 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
14:38:27.0805 3600 kbdclass - ok
14:38:27.0839 3600 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
14:38:28.0003 3600 kbdhid - ok
14:38:28.0051 3600 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
14:38:28.0090 3600 KSecDD - ok
14:38:28.0151 3600 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
14:38:28.0179 3600 KSecPkg - ok
14:38:28.0246 3600 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:38:28.0408 3600 ksthunk - ok
14:38:28.0580 3600 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:38:28.0744 3600 lltdio - ok
14:38:28.0825 3600 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:38:28.0865 3600 LSI_FC - ok
14:38:28.0898 3600 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:38:28.0940 3600 LSI_SAS - ok
14:38:28.0962 3600 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:38:29.0018 3600 LSI_SAS2 - ok
14:38:29.0056 3600 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:38:29.0107 3600 LSI_SCSI - ok
14:38:29.0227 3600 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:38:29.0324 3600 luafv - ok
14:38:29.0415 3600 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys
14:38:29.0541 3600 MBAMProtector - ok
14:38:29.0608 3600 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
14:38:29.0693 3600 megasas - ok
14:38:29.0765 3600 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
14:38:29.0956 3600 MegaSR - ok
14:38:29.0994 3600 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:38:30.0146 3600 Modem - ok
14:38:30.0206 3600 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:38:30.0347 3600 monitor - ok
14:38:30.0398 3600 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:38:30.0434 3600 mouclass - ok
14:38:30.0460 3600 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:38:30.0651 3600 mouhid - ok
14:38:30.0813 3600 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
14:38:30.0831 3600 mountmgr - ok
14:38:30.0931 3600 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
14:38:31.0036 3600 MpFilter - ok
14:38:31.0115 3600 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
14:38:31.0156 3600 mpio - ok
14:38:31.0190 3600 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
14:38:31.0232 3600 MpNWMon - ok
14:38:31.0266 3600 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:38:31.0565 3600 mpsdrv - ok
14:38:31.0627 3600 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
14:38:31.0725 3600 MRxDAV - ok
14:38:31.0809 3600 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:38:31.0966 3600 mrxsmb - ok
14:38:32.0027 3600 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:38:32.0066 3600 mrxsmb10 - ok
14:38:32.0123 3600 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:38:32.0477 3600 mrxsmb20 - ok
14:38:32.0529 3600 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
14:38:32.0589 3600 msahci - ok
14:38:32.0616 3600 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
14:38:32.0688 3600 msdsm - ok
14:38:32.0730 3600 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:38:32.0863 3600 Msfs - ok
14:38:32.0911 3600 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:38:32.0989 3600 mshidkmdf - ok
14:38:33.0030 3600 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
14:38:33.0081 3600 msisadrv - ok
14:38:33.0139 3600 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:38:33.0268 3600 MSKSSRV - ok
14:38:33.0317 3600 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:38:33.0443 3600 MSPCLOCK - ok
14:38:33.0491 3600 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:38:33.0601 3600 MSPQM - ok
14:38:33.0768 3600 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
14:38:33.0805 3600 MsRPC - ok
14:38:33.0872 3600 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
14:38:33.0891 3600 mssmbios - ok
14:38:33.0952 3600 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:38:34.0117 3600 MSTEE - ok
14:38:34.0188 3600 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
14:38:34.0256 3600 MTConfig - ok
14:38:34.0301 3600 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:38:34.0345 3600 Mup - ok
14:38:34.0396 3600 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:38:35.0215 3600 NativeWifiP - ok
14:38:35.0307 3600 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
14:38:35.0340 3600 NDIS - ok
14:38:35.0371 3600 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:38:35.0788 3600 NdisCap - ok
14:38:35.0815 3600 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:38:35.0933 3600 NdisTapi - ok
14:38:35.0999 3600 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
14:38:36.0308 3600 Ndisuio - ok
14:38:36.0333 3600 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
14:38:36.0561 3600 NdisWan - ok
14:38:36.0583 3600 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
14:38:36.0745 3600 NDProxy - ok
14:38:36.0782 3600 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:38:36.0935 3600 NetBIOS - ok
14:38:36.0959 3600 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
14:38:37.0497 3600 NetBT - ok
14:38:37.0580 3600 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
14:38:37.0636 3600 nfrd960 - ok
14:38:37.0676 3600 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
14:38:37.0714 3600 NisDrv - ok
14:38:37.0749 3600 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:38:38.0037 3600 Npfs - ok
14:38:38.0071 3600 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:38:38.0234 3600 nsiproxy - ok
14:38:38.0516 3600 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
14:38:38.0694 3600 Ntfs - ok
14:38:38.0825 3600 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:38:39.0076 3600 Null - ok
14:38:39.0470 3600 nvlddmkm (181b6e6f49f9f3ad05589b48e29ba167) C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:38:39.0964 3600 nvlddmkm - ok
14:38:40.0034 3600 NVNET (909eedcbd365bb81027d8e742e6b3416) C:\Windows\system32\DRIVERS\nvmf6264.sys
14:38:40.0099 3600 NVNET - ok
14:38:40.0151 3600 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
14:38:40.0221 3600 nvraid - ok
14:38:40.0258 3600 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
14:38:40.0306 3600 nvstor - ok
14:38:40.0355 3600 nvstor64 (1e45f96342429d63dc30e0d9117da3d8) C:\Windows\system32\DRIVERS\nvstor64.sys
14:38:40.0388 3600 nvstor64 - ok
14:38:40.0443 3600 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
14:38:40.0486 3600 nv_agp - ok
14:38:40.0512 3600 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
14:38:40.0605 3600 ohci1394 - ok
14:38:40.0676 3600 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
14:38:40.0748 3600 Parport - ok
14:38:40.0778 3600 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
14:38:40.0880 3600 partmgr - ok
14:38:40.0911 3600 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
14:38:41.0049 3600 pci - ok
14:38:41.0088 3600 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
14:38:41.0173 3600 pciide - ok
14:38:41.0271 3600 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
14:38:41.0378 3600 pcmcia - ok
14:38:41.0400 3600 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:38:41.0453 3600 pcw - ok
14:38:41.0502 3600 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:38:41.0670 3600 PEAUTH - ok
14:38:41.0869 3600 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
14:38:42.0061 3600 PptpMiniport - ok
14:38:42.0088 3600 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
14:38:42.0199 3600 Processor - ok
14:38:42.0260 3600 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
14:38:42.0441 3600 Psched - ok
14:38:42.0581 3600 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
14:38:42.0665 3600 ql2300 - ok
14:38:42.0703 3600 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
14:38:42.0737 3600 ql40xx - ok
14:38:42.0826 3600 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:38:42.0929 3600 QWAVEdrv - ok
14:38:42.0977 3600 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:38:43.0056 3600 RasAcd - ok
14:38:43.0138 3600 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:38:43.0249 3600 RasAgileVpn - ok
14:38:43.0301 3600 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:38:43.0390 3600 Rasl2tp - ok
14:38:43.0420 3600 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:38:43.0513 3600 RasPppoe - ok
14:38:43.0548 3600 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:38:43.0678 3600 RasSstp - ok
14:38:43.0720 3600 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
14:38:43.0944 3600 rdbss - ok
14:38:44.0114 3600 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:38:44.0240 3600 rdpbus - ok
14:38:44.0281 3600 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:38:44.0374 3600 RDPCDD - ok
14:38:44.0411 3600 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:38:44.0561 3600 RDPENCDD - ok
14:38:44.0615 3600 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:38:44.0720 3600 RDPREFMP - ok
14:38:44.0796 3600 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
14:38:44.0989 3600 RDPWD - ok
14:38:45.0080 3600 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
14:38:45.0230 3600 rdyboost - ok
14:38:45.0339 3600 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:38:45.0419 3600 rspndr - ok
14:38:45.0465 3600 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
14:38:45.0529 3600 sbp2port - ok
14:38:45.0564 3600 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
14:38:45.0672 3600 scfilter - ok
14:38:45.0766 3600 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:38:45.0860 3600 secdrv - ok
14:38:45.0951 3600 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:38:46.0000 3600 Serenum - ok
14:38:46.0037 3600 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:38:46.0214 3600 Serial - ok
14:38:46.0233 3600 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
14:38:46.0319 3600 sermouse - ok
14:38:46.0367 3600 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
14:38:46.0490 3600 sffdisk - ok
14:38:46.0556 3600 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
14:38:46.0703 3600 sffp_mmc - ok
14:38:46.0724 3600 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
14:38:46.0788 3600 sffp_sd - ok
14:38:46.0828 3600 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
14:38:46.0893 3600 sfloppy - ok
14:38:46.0961 3600 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:38:47.0018 3600 SiSRaid2 - ok
14:38:47.0046 3600 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
14:38:47.0095 3600 SiSRaid4 - ok
14:38:47.0138 3600 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:38:47.0253 3600 Smb - ok
14:38:47.0312 3600 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:38:47.0363 3600 spldr - ok
14:38:47.0455 3600 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
14:38:47.0579 3600 srv - ok
14:38:47.0619 3600 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
14:38:47.0718 3600 srv2 - ok
14:38:47.0780 3600 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
14:38:47.0828 3600 srvnet - ok
14:38:47.0900 3600 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
14:38:47.0927 3600 stexstor - ok
14:38:47.0975 3600 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
14:38:48.0031 3600 swenum - ok
14:38:48.0199 3600 Tcpip (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\drivers\tcpip.sys
14:38:48.0303 3600 Tcpip - ok
14:38:48.0383 3600 TCPIP6 (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\DRIVERS\tcpip.sys
14:38:48.0476 3600 TCPIP6 - ok
14:38:48.0610 3600 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
14:38:48.0735 3600 tcpipreg - ok
14:38:48.0889 3600 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:38:49.0006 3600 TDPIPE - ok
14:38:49.0044 3600 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
14:38:49.0137 3600 TDTCP - ok
14:38:49.0175 3600 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
14:38:49.0351 3600 tdx - ok
14:38:49.0438 3600 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
14:38:49.0468 3600 TermDD - ok
14:38:49.0609 3600 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:38:49.0695 3600 tssecsrv - ok
14:38:49.0753 3600 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
14:38:49.0855 3600 tunnel - ok
14:38:49.0920 3600 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
14:38:49.0958 3600 uagp35 - ok
14:38:50.0021 3600 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
14:38:50.0111 3600 udfs - ok
14:38:50.0316 3600 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
14:38:50.0413 3600 uliagpkx - ok
14:38:50.0461 3600 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
14:38:50.0566 3600 umbus - ok
14:38:50.0588 3600 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
14:38:50.0650 3600 UmPass - ok
14:38:50.0746 3600 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
14:38:50.0911 3600 usbccgp - ok
14:38:50.0965 3600 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
14:38:51.0007 3600 usbcir - ok
14:38:51.0057 3600 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
14:38:51.0112 3600 usbehci - ok
14:38:51.0263 3600 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
14:38:51.0456 3600 usbhub - ok
14:38:51.0511 3600 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\DRIVERS\usbohci.sys
14:38:52.0057 3600 usbohci - ok
14:38:52.0140 3600 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:38:52.0206 3600 usbprint - ok
14:38:52.0264 3600 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS
14:38:52.0366 3600 USBSTOR - ok
14:38:52.0438 3600 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
14:38:52.0488 3600 usbuhci - ok
14:38:52.0580 3600 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
14:38:52.0673 3600 vdrvroot - ok
14:38:52.0749 3600 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:38:52.0777 3600 vga - ok
14:38:52.0822 3600 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:38:52.0924 3600 VgaSave - ok
14:38:52.0976 3600 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
14:38:53.0048 3600 vhdmp - ok
14:38:53.0153 3600 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
14:38:53.0427 3600 viaide - ok
14:38:53.0480 3600 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
14:38:53.0554 3600 volmgr - ok
14:38:53.0603 3600 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
14:38:53.0649 3600 volmgrx - ok
14:38:53.0688 3600 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
14:38:53.0890 3600 volsnap - ok
14:38:54.0042 3600 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
14:38:54.0126 3600 vsmraid - ok
14:38:54.0418 3600 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
14:38:55.0100 3600 vwifibus - ok
14:38:55.0442 3600 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
14:38:55.0990 3600 WacomPen - ok
14:38:56.0558 3600 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
14:38:57.0041 3600 WANARP - ok
14:38:57.0090 3600 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
14:38:57.0178 3600 Wanarpv6 - ok
14:38:57.0704 3600 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
14:38:57.0754 3600 Wd - ok
14:38:58.0006 3600 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:38:58.0050 3600 Wdf01000 - ok
14:38:58.0520 3600 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:38:58.0595 3600 WfpLwf - ok
14:38:58.0702 3600 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:38:58.0775 3600 WIMMount - ok
14:38:58.0996 3600 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
14:38:59.0066 3600 WmiAcpi - ok
14:38:59.0168 3600 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:38:59.0270 3600 ws2ifsl - ok
14:38:59.0422 3600 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
14:38:59.0499 3600 WudfPf - ok
14:38:59.0524 3600 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:38:59.0624 3600 WUDFRd - ok
14:38:59.0685 3600 MBR (0x1B8) (bd85578ed40a5b15d5d665eecbdf254e) \Device\Harddisk0\DR0
14:38:59.0806 3600 \Device\Harddisk0\DR0 - ok
14:38:59.0888 3600 Boot (0x1200) (061ab3bb7ce4fd46765194f221867f50) \Device\Harddisk0\DR0\Partition0
14:38:59.0888 3600 \Device\Harddisk0\DR0\Partition0 - ok
14:38:59.0908 3600 Boot (0x1200) (c41e248259529766ea267e13c75126bc) \Device\Harddisk0\DR0\Partition1
14:38:59.0908 3600 \Device\Harddisk0\DR0\Partition1 - ok
14:38:59.0948 3600 Boot (0x1200) (7a4a912355ee8433b96875cc5bec9f1e) \Device\Harddisk0\DR0\Partition2
14:38:59.0948 3600 \Device\Harddisk0\DR0\Partition2 - ok
14:38:59.0958 3600 ============================================================
14:38:59.0958 3600 Scan finished
14:38:59.0958 3600 ============================================================
14:39:00.0008 3168 Detected object count: 0
14:39:00.0008 3168 Actual detected object count: 0

#4 negster22

negster22

    Elite Member

  • Experts
  • PipPipPipPipPip
  • 1,151 posts
  • Location:Westchester County, NY

Posted 31 October 2011 - 03:18 PM

You're Welcome!

The TDSSKiller report is clean so we'll try this:

Download aswMBR.exe to your desktop.

Double click aswMBR.exe to run it

Click the [Scan] button to start scan

On completion of the scan click [Save log], save the results to your desktop and post them in your next reply.
Posted Image Microsoft MVP - Consumer Security 2006 - 2011

BITS n PC's Blog

#5 mrtwallz

mrtwallz

    New Member

  • Members
  • Pip
  • 12 posts

Posted 31 October 2011 - 04:14 PM

Alrighty


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-30 20:27:11
-----------------------------
20:27:11.782 OS Version: Windows x64 6.1.7600
20:27:11.782 Number of processors: 1 586 0x7F02
20:27:11.797 ComputerName: JAZZARAH-PC UserName: Jazzarah
20:27:13.030 Initialize success
20:27:19.956 AVAST engine defs: 11103001
20:27:25.369 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000056
20:27:25.369 Disk 0 Vendor: ST332041 HP34 Size: 305245MB BusType: 3
20:27:27.507 Disk 0 MBR read successfully
20:27:27.522 Disk 0 MBR scan
20:27:27.553 Disk 0 unknown MBR code
20:27:27.631 Service scanning
20:27:28.630 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
20:27:29.503 Modules scanning
20:27:29.503 Disk 0 trace - called modules:
20:27:29.628 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80022bb334]<<
20:27:29.628 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800229f0b0]
20:27:29.628 3 CLASSPNP.SYS[fffff8800199c43f] -> nt!IofCallDriver -> [0xfffffa8001f6fe40]
20:27:29.628 5 ACPI.sys[fffff88000f62781] -> nt!IofCallDriver -> \Device\00000056[0xfffffa8001f7e9d0]
20:27:30.065 \Driver\nvstor64[0xfffffa8001f60550] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa80022bb334
20:27:32.405 AVAST engine scan C:\Windows
20:27:50.910 AVAST engine scan C:\Windows\system32
20:31:33.680 AVAST engine scan C:\Windows\system32\drivers
20:31:49.699 AVAST engine scan C:\Users\Jazzarah
20:33:06.481 AVAST engine scan C:\ProgramData
20:33:38.336 Scan finished successfully
20:33:53.905 Disk 0 MBR has been saved successfully to "C:\Users\Jazzarah\Desktop\MBR.dat"
20:33:53.936 The log file has been saved successfully to "C:\Users\Jazzarah\Desktop\aswMBR.txt"


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-31 16:52:22
-----------------------------
16:52:22.471 OS Version: Windows x64 6.1.7600
16:52:22.472 Number of processors: 1 586 0x7F02
16:52:22.473 ComputerName: JAZZARAH-PC UserName: Jazzarah
16:52:23.518 Initialize success
16:52:31.264 AVAST engine defs: 11103001
16:52:34.434 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000056
16:52:34.444 Disk 0 Vendor: ST332041 HP34 Size: 305245MB BusType: 3
16:52:36.462 Disk 0 MBR read successfully
16:52:36.462 Disk 0 MBR scan
16:52:36.519 Disk 0 unknown MBR code
16:52:36.523 Service scanning
16:52:37.148 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
16:52:37.964 Modules scanning
16:52:37.964 Disk 0 trace - called modules:
16:52:37.984 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8002690334]<<
16:52:37.984 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002674060]
16:52:37.994 3 CLASSPNP.SYS[fffff8800194f43f] -> nt!IofCallDriver -> [0xfffffa800208dca0]
16:52:38.004 5 ACPI.sys[fffff88000f93781] -> nt!IofCallDriver -> \Device\00000056[0xfffffa800209c9c0]
16:52:38.356 \Driver\nvstor64[0xfffffa80020833b0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8002690334
16:52:40.824 AVAST engine scan C:\Windows
16:52:47.702 AVAST engine scan C:\Windows\system32
16:54:57.297 AVAST engine scan C:\Windows\system32\drivers
16:55:08.804 AVAST engine scan C:\Users\Jazzarah
16:56:05.937 AVAST engine scan C:\ProgramData
16:57:13.271 Scan finished successfully
17:12:56.022 Disk 0 MBR has been saved successfully to "C:\Users\Jazzarah\Desktop\MBR.dat"
17:12:56.069 The log file has been saved successfully to "C:\Users\Jazzarah\Desktop\aswMBR.txt"

#6 negster22

negster22

    Elite Member

  • Experts
  • PipPipPipPipPip
  • 1,151 posts
  • Location:Westchester County, NY

Posted 31 October 2011 - 06:44 PM

What kind of PC do you have (PC Manufacturer) & does it have a Recovery Partition?

Please download MBRCheck to your desktop.

1. Right-click MBRCheck.exe and select "Run as Administrator" to launch it.
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please copy/paste that log into your next reply.

When you said this:

I tried the recovery disc to clean it but for some reason the recovery disc doesn't detect it.


Specifically, what disk are you refering to (ie Windows or some ResQ CD)?
Posted Image Microsoft MVP - Consumer Security 2006 - 2011

BITS n PC's Blog

#7 mrtwallz

mrtwallz

    New Member

  • Members
  • Pip
  • 12 posts

Posted 31 October 2011 - 07:00 PM

This is an HP Pavilion. The disc I was referring to was the ESET SysRescue CD. And yes this computer does have an recovery partition.

Here is the log report


MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: PEGATRON CORPORATION
BIOS Manufacturer: Phoenix Technologies, LTD
System Manufacturer: HP-Pavilion
System Product Name: AZ205AV-ABA p6300z
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 186):
0x02809000 \SystemRoot\system32\ntoskrnl.exe
0x02DE5000 \SystemRoot\system32\hal.dll
0x00BBF000 \SystemRoot\system32\kdcom.dll
0x00C21000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00C2E000 \SystemRoot\system32\PSHED.dll
0x00C42000 \SystemRoot\system32\CLFS.SYS
0x00CA0000 \SystemRoot\system32\CI.dll
0x00ED5000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F79000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F88000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00FDF000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00FE8000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00E00000 \SystemRoot\system32\DRIVERS\pci.sys
0x00E33000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00E40000 \SystemRoot\System32\drivers\partmgr.sys
0x00E55000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00E6A000 \SystemRoot\System32\drivers\volmgrx.sys
0x00D60000 \SystemRoot\System32\drivers\mountmgr.sys
0x00D7A000 \SystemRoot\system32\DRIVERS\nvstor64.sys
0x01098000 \SystemRoot\system32\DRIVERS\storport.sys
0x010FA000 \SystemRoot\system32\drivers\amdxata.sys
0x01105000 \SystemRoot\system32\drivers\fltmgr.sys
0x01151000 \SystemRoot\system32\drivers\fileinfo.sys
0x01215000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01165000 \SystemRoot\System32\Drivers\msrpc.sys
0x013B7000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01000000 \SystemRoot\System32\Drivers\cng.sys
0x013D1000 \SystemRoot\System32\drivers\pcw.sys
0x013E2000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x0145B000 \SystemRoot\system32\drivers\ndis.sys
0x0154D000 \SystemRoot\system32\drivers\NETIO.SYS
0x015AD000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01603000 \SystemRoot\System32\drivers\tcpip.sys
0x01400000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x015D8000 \SystemRoot\system32\DRIVERS\epfwwfp.sys
0x01855000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x018A1000 \SystemRoot\System32\Drivers\spldr.sys
0x018A9000 \SystemRoot\System32\drivers\rdyboost.sys
0x018E3000 \SystemRoot\System32\Drivers\mup.sys
0x018F5000 \SystemRoot\System32\drivers\hwpolicy.sys
0x018FE000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01938000 \SystemRoot\system32\DRIVERS\disk.sys
0x0194E000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01800000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x011C3000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x0182A000 \SystemRoot\System32\Drivers\Null.SYS
0x01833000 \SystemRoot\System32\Drivers\Beep.SYS
0x00DB9000 \SystemRoot\system32\DRIVERS\ehdrv.sys
0x0183A000 \SystemRoot\System32\drivers\vga.sys
0x01073000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x019E8000 \SystemRoot\System32\drivers\watchdog.sys
0x01848000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x015ED000 \SystemRoot\system32\drivers\rdpencdd.sys
0x015F6000 \SystemRoot\system32\drivers\rdprefmp.sys
0x0144A000 \SystemRoot\System32\Drivers\Msfs.SYS
0x013EC000 \SystemRoot\System32\Drivers\Npfs.SYS
0x00DE0000 \SystemRoot\system32\DRIVERS\tdx.sys
0x01200000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02C81000 \SystemRoot\system32\drivers\afd.sys
0x02D0A000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02D4F000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02D58000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02D7E000 \SystemRoot\system32\DRIVERS\EpfwLWF.sys
0x02D8B000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02D9A000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x02DB5000 \SystemRoot\system32\DRIVERS\termdd.sys
0x02C00000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x02C51000 \SystemRoot\system32\drivers\nsiproxy.sys
0x02C5D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x02C68000 \SystemRoot\System32\drivers\discache.sys
0x02DC9000 \SystemRoot\System32\Drivers\dfsc.sys
0x02DE7000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03A6F000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03A95000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x03AAC000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x03AB7000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x03B0D000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x03B1E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x03B42000 \SystemRoot\system32\DRIVERS\nvmf6264.sys
0x04893000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x05391000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x03C1B000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x03D0F000 \SystemRoot\System32\drivers\dxgmms1.sys
0x03D55000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x03D65000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x03D7B000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x03D9F000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x03DAB000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x03DDA000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x05393000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x03C00000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x053B4000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x053C3000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x03DF5000 \SystemRoot\system32\DRIVERS\swenum.sys
0x04800000 \SystemRoot\system32\DRIVERS\ks.sys
0x04843000 \SystemRoot\system32\DRIVERS\umbus.sys
0x03B94000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x04855000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04016000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x03A00000 \SystemRoot\system32\drivers\portcls.sys
0x0486A000 \SystemRoot\system32\drivers\drmk.sys
0x04000000 \SystemRoot\system32\drivers\ksthunk.sys
0x00080000 \SystemRoot\System32\win32k.sys
0x04006000 \SystemRoot\System32\drivers\Dxapi.sys
0x0197E000 \SystemRoot\system32\DRIVERS\udfs.sys
0x053D2000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00580000 \SystemRoot\System32\TSDDD.dll
0x00610000 \SystemRoot\System32\cdd.dll
0x053E0000 \SystemRoot\System32\Drivers\crashdmp.sys
0x053EE000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x024E1000 \SystemRoot\System32\Drivers\dump_nvstor64.sys
0x02520000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x02533000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x02550000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x02552000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x0255E000 \SystemRoot\system32\drivers\USBSTOR.SYS
0x00940000 \SystemRoot\System32\ATMFD.DLL
0x02579000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x02587000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x025A0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x025A9000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x025B7000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x025C4000 \SystemRoot\system32\drivers\luafv.sys
0x02629000 \SystemRoot\system32\DRIVERS\eamonm.sys
0x0270B000 \SystemRoot\system32\drivers\WudfPf.sys
0x0272C000 \SystemRoot\system32\DRIVERS\epfw.sys
0x0275D000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x02772000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x02400000 \SystemRoot\system32\drivers\HTTP.sys
0x0278A000 \SystemRoot\system32\DRIVERS\bowser.sys
0x027A8000 \SystemRoot\System32\drivers\mpsdrv.sys
0x027C0000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x03863000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x038B1000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x038D4000 \SystemRoot\system32\drivers\peauth.sys
0x0397A000 \SystemRoot\System32\Drivers\secdrv.SYS
0x03985000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x039B2000 \SystemRoot\System32\drivers\tcpipreg.sys
0x044B9000 \SystemRoot\System32\DRIVERS\srv2.sys
0x04520000 \SystemRoot\System32\DRIVERS\srv.sys
0x04400000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x04453000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x04466000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x04497000 \SystemRoot\system32\DRIVERS\DKRtWrt.sys
0x044A5000 \??\C:\Windows\system32\drivers\mbam.sys
0x045B5000 \??\C:\Users\Jazzarah\AppData\Local\Temp\aswMBR.sys
0x76CB0000 \Windows\System32\ntdll.dll
0x47DB0000 \Windows\System32\smss.exe
0xFEFD0000 \Windows\System32\apisetschema.dll
0xFF410000 \Windows\System32\autochk.exe
0xFE230000 \Windows\System32\shell32.dll
0x76E80000 \Windows\System32\normaliz.dll
0xFE150000 \Windows\System32\oleaut32.dll
0xFE020000 \Windows\System32\rpcrt4.dll
0xFDF80000 \Windows\System32\comdlg32.dll
0xFDEE0000 \Windows\System32\clbcatq.dll
0xFDEC0000 \Windows\System32\sechost.dll
0xFDE20000 \Windows\System32\msvcrt.dll
0xFDDF0000 \Windows\System32\imm32.dll
0xFDDE0000 \Windows\System32\nsi.dll
0xFDBD0000 \Windows\System32\ole32.dll
0xFDBB0000 \Windows\System32\imagehlp.dll
0x76BB0000 \Windows\System32\user32.dll
0xFD950000 \Windows\System32\iertutil.dll
0xFD840000 \Windows\System32\msctf.dll
0xFD770000 \Windows\System32\usp10.dll
0xFD590000 \Windows\System32\setupapi.dll
0xFD410000 \Windows\System32\urlmon.dll
0xFD3C0000 \Windows\System32\ws2_32.dll
0xFD290000 \Windows\System32\wininet.dll
0xFD210000 \Windows\System32\shlwapi.dll
0x76A90000 \Windows\System32\kernel32.dll
0xFD200000 \Windows\System32\lpk.dll
0xFD120000 \Windows\System32\advapi32.dll
0xFD0D0000 \Windows\System32\Wldap32.dll
0x76E70000 \Windows\System32\psapi.dll
0xFD050000 \Windows\System32\difxapi.dll
0xFCFE0000 \Windows\System32\gdi32.dll
0xFCFA0000 \Windows\System32\wintrust.dll
0xFCF80000 \Windows\System32\devobj.dll
0xFCE10000 \Windows\System32\crypt32.dll
0xFCD70000 \Windows\System32\comctl32.dll
0xFCD00000 \Windows\System32\KernelBase.dll
0xFCCC0000 \Windows\System32\cfgmgr32.dll
0xFCCB0000 \Windows\System32\msasn1.dll
0x75A00000 \Windows\SysWOW64\normaliz.dll

Processes (total 53):
0 System Idle Process
4 System
284 C:\Windows\System32\smss.exe
436 csrss.exe
480 C:\Windows\System32\wininit.exe
492 csrss.exe
540 C:\Windows\System32\services.exe
568 C:\Windows\System32\lsass.exe
576 C:\Windows\System32\lsm.exe
584 C:\Windows\System32\winlogon.exe
708 C:\Windows\System32\svchost.exe
764 C:\Windows\System32\nvvsvc.exe
792 C:\Windows\System32\svchost.exe
840 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
928 C:\Windows\System32\svchost.exe
972 C:\Windows\System32\svchost.exe
1012 C:\Windows\System32\svchost.exe
1092 C:\Windows\System32\svchost.exe
1180 C:\Windows\System32\svchost.exe
1320 C:\Windows\System32\spoolsv.exe
1360 C:\Windows\System32\svchost.exe
1464 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1516 C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
1552 C:\Windows\System32\svchost.exe
1584 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
2072 WUDFHost.exe
2172 C:\Windows\System32\svchost.exe
2416 C:\Windows\System32\nvvsvc.exe
2672 C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
2784 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
2832 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
2908 C:\Windows\System32\SearchIndexer.exe
992 C:\Windows\System32\taskhost.exe
2292 C:\Windows\System32\dwm.exe
1484 C:\Windows\explorer.exe
2392 C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
1952 C:\Program Files\Microsoft Security Client\msseces.exe
1084 C:\Program Files\ESET\ESET Smart Security\egui.exe
144 C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
2756 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
1968 C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
1444 C:\Windows\System32\wuauclt.exe
2092 C:\Windows\System32\svchost.exe
3388 C:\Program Files\Windows Media Player\wmpnetwk.exe
3484 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
3728 C:\Windows\System32\notepad.exe
2432 C:\Windows\System32\audiodg.exe
3696 C:\Program Files (x86)\Internet Explorer\iexplore.exe
816 C:\Windows\System32\SearchProtocolHost.exe
912 C:\Windows\System32\SearchFilterHost.exe
3980 C:\Users\Jazzarah\Downloads\MBRCheck.exe
3340 C:\Windows\System32\conhost.exe
1160 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000047`caa00000 (NTFS)

PhysicalDrive0 Model Number: ST3320418AS, Rev: HP34

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

#8 negster22

negster22

    Elite Member

  • Experts
  • PipPipPipPipPip
  • 1,151 posts
  • Location:Westchester County, NY

Posted 31 October 2011 - 09:58 PM

So far your results are inconclusive, so I have a few questions for you. TDSKiller is negative, and MBRCheck and aswmbr.exe are both show unknown code in the MBR but that could be the code that your computer OEM (HP) inserted so you have access to your Recovery Partition.

Do you have an HP Restore CD or just the Recovery Partition?

Are you experiencing browser redirection or any other symptoms of infection?

I want you to upload the following file to VirusTotal for threat analysis:
C:\Users\Jazzarah\Desktop\MBR.dat

  • Just, Click the "Choose File" option and the browse to that file location on your desktop. Open the file, and click Send File.
  • Please post back the url to the scan results if any of the scanners detected it as a threat.

Please scan with Eset's OlmarikTDL4Cleaner.exe and let me know if it found anything:
http://download.eset...Tdl4Cleaner.exe

Can I see the ESET log file in which this TDL4 threat was detected please:
ESET Smart Security 5 detected a "Win32/Olmarik.TDL4 trojan" in the operating memory and is unable to clean it.
  • Open ESET
  • Show the Advanced Display Mode
  • Select Tools
  • Select Logs

Please create a System Repair Disk if you have not done so already:
http://windows.micro...tem-repair-disc
Posted Image Microsoft MVP - Consumer Security 2006 - 2011

BITS n PC's Blog

#9 mrtwallz

mrtwallz

    New Member

  • Members
  • Pip
  • 12 posts

Posted 01 November 2011 - 12:24 AM

And that is the thing i dont get. Everything else seems to come back clean, but my anti-virus software seems to pick it up with ease. I am experiencing redirects to other irrelevant sites, usually from search engines, to other search engines or malicious sites. The computer is running slower than it once was. Especially when trying to use internet explorer, its extremely slow and after a few minutes of use an error message comes up saying it stopped working and restarts Windows explorer. It is rendered next to useless. Thats why i'm using firefox for now. If you go back and look at the last log from mbr it showes internet explorer as a running process near the bottom, even though there was NO iexplorer window open. And it keeps coming back after i use task manager to end the process. And it would even open iexplorer on its own, without anyone ever clicking on it.

I have both the partition and win7 x64 recovery disc.

Here is the link from VirusTotal: https://www.virustot...b71a-1320121488
And it appears no threat is detected from there either.

I ran ESET's Win32/OlmarikTDL4Cleaner and it says Win32/Olmarik isn't found on my system. Just to make sure i scanned with ESET Smart Security again and it still shows its there.

Here is the log, i only ran it briefly to show that it picked it up, everything else is clean:

Scan Log
Version of virus signature database: 6590 (20111031)
Date: 11/1/2011 Time: 12:57:46 AM
Scanned disks, folders and files: Operating memory;C:\Boot sector;D:\Boot sector;C:\;D:\
Operating memory - Win32/Olmarik.TDL4 trojan - unable to clean
C:\hiberfil.sys - error opening [4]
C:\pagefile.sys - error opening [4]
Scan terminated by user.
Number of scanned objects: 438
Number of threats found: 1
Number of cleaned objects: 0
Time of completion: 12:58:02 AM Total scanning time: 16 sec (00:00:16)

Notes:
[4] Object cannot be opened. It may be in use by another application or operating system.


If it is really there then it is hiding itself pretty good if you ask me.

Update:
This is a pretty confusing and frustrating rootkit. The computer seems to be running smoother now, even internet explorer, but still having site redirects. Ran another scan and smart security still shows its in the operating memory.

Here is the story:

My mom ended up clicking on a link for some free stuff. It allowed all kinds of maleware and viruses to get on here. Alot of files, programs and data were lost. I ended up using a norton recovery disc to get rid of most of them. Then found out online how to manually find and delete the last one. My aunt ended up having to wipe the drive and re-install windows. Bt it was slow and getting alot of site redirects. She used various programs to see if she could find what it was but no luck. Then I installed ESET Smart Security 5 and thats how i found out it was there.

#10 mrtwallz

mrtwallz

    New Member

  • Members
  • Pip
  • 12 posts

Posted 01 November 2011 - 12:29 AM

Alright I'll take that back about internet explorer. It still lags

#11 negster22

negster22

    Elite Member

  • Experts
  • PipPipPipPipPip
  • 1,151 posts
  • Location:Westchester County, NY

Posted 01 November 2011 - 11:23 AM

This is what concerns me. It is easy enough to get rid of TDL4 from the Windows Recovery Environment by running a single command that will restore your MBR (where it hides) with default Windows 7 code. However, if we do that you will lose access to your recovery partition because HP is one of the manufacturers that inserts proprietary code in the MBR so you can gain access to the Recovery Partition. Since the dedicated programs that we use to detect TDL4 are returning inconclusive results, I hesitate to have you overwrite your MBR code (in the absence of infection symptoms). Redirects are a primary symptom of TDL4 so when you tell me you are experiencing that and IE slow down, plus am instance of IE running in the background I am very suspicious as to the nature of what is causing this. To investigate further I am going to have you run Combofix.

Please Run ComboFix by following the steps provided in exactly this sequence:

Here is a tutorial that describes how to download, install and run Combofix. Please thoroughly review it before proceeding:
http://www.bleepingc...to-use-combofix

Very Important! BEFORE downloading Combofix, temporarily disable your antivirus and antimalware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix and even remove onboard components so it is rendered ineffective:

http://www.bleepingc...opic114351.html

Note: The above tutorial does not tell you to rename Combofix as I am about to instruct you to do in the following instructions, so make sure you complete the renaming step before launching Combofix.

Using ComboFix ->

Please download Combofix from one of these locations:
HERE or HERE

I want you to rename Combofix.exe as you download it to explorer.exe

Notes:
  • It is very important that save the newly renamed EXE file to your desktop.
  • You must rename Combofixe.exe as you download it and not after it is on your computer.

    You may have to modify your browser settings if you use Firefox, so you can rename Combofix.exe as you download it. To do that:
    • Open Firefox
    • Click Tools -> Options -> Main
    • Under the downloads section check the button that says "Always ask me where to save files".
    • Click OK
  • For Internet Explorer:
    • Choose to save, not open the file
    • When prompted - save the file to your desktop, and rename it iexplore.exe.
Running Combofix

In the event you already have Combofix, please delete it as this is a new version.
  • Close any open browsers and programs.
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix.
  • If Combofix asks to update, please allow it to do so. If it renames itself back to Combofix.exe - this is normal!!
  • If You are running Windows XP, and Combofix asks to install the Recovery Console, please allow it to do so or it WILL NOT perform it's normal malware removal capabilities. This is for your safety !!
To Launch Combofix
1. Double-Click the renamed Combofix.exe icon (explorer.exe) on your desktop
2. When finished, it will produce a logfile located at C:\ComboFix.txt
3. Post the contents of that log in your next reply.

Note: Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.

Please post C:\ComboFix.txt in your next reply.

If You have problems running Combofix then try running it in "Safe Mode with Networking" as follows:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading normally, the Advanced Options Menu should appear;
  • Select the option, to run Windows in "Safe Mode with Networking", then press Enter.
  • Choose your usual account, and launch Combofix as directed above.
=============
NOTE: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Posted Image Microsoft MVP - Consumer Security 2006 - 2011

BITS n PC's Blog

#12 mrtwallz

mrtwallz

    New Member

  • Members
  • Pip
  • 12 posts

Posted 01 November 2011 - 01:32 PM

Ok here it is:


ComboFix 11-11-01.03 - Jazzarah 11/01/2011 12:49:31.2.1 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1790.919 [GMT -4:00]
Running from: c:\users\Jazzarah\Desktop\ComboFix.exe
AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\users\Jazzarah\Desktop\Internet Explorer.lnk
c:\windows\msxml4-KB954430-enu.LOG
c:\windows\msxml4-KB973688-enu.LOG
G:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-10-01 to 2011-11-01 )))))))))))))))))))))))))))))))
.
.
2011-11-01 17:33 . 2011-11-01 17:33 -------- d-----w- C:\Diskeeper
2011-11-01 17:20 . 2011-11-01 17:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-01 11:07 . 2011-11-01 11:07 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-11-01 06:29 . 2011-11-01 17:23 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8BE08519-168F-4FD3-A14D-B7727555C5FA}\offreg.dll
2011-11-01 06:28 . 2011-10-07 01:16 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8BE08519-168F-4FD3-A14D-B7727555C5FA}\mpengine.dll
2011-10-30 21:27 . 2011-10-30 21:27 -------- d-----w- c:\programdata\PC Tools
2011-10-30 19:50 . 2011-10-30 19:50 -------- d-----w- c:\program files\Windows Imaging
2011-10-30 19:48 . 2011-10-30 19:51 -------- d-----w- c:\program files\Windows AIK
2011-10-30 19:12 . 2011-03-25 03:23 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-10-30 19:12 . 2011-03-25 03:23 324608 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-10-30 19:12 . 2011-03-25 03:22 52224 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-10-30 19:12 . 2011-03-25 03:23 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-10-30 19:12 . 2011-03-25 03:22 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-10-30 19:12 . 2011-03-25 03:22 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-10-30 19:12 . 2011-03-25 03:22 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-10-30 19:11 . 2011-03-11 06:23 1657216 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-10-30 19:11 . 2011-03-11 06:18 2566144 ----a-w- c:\windows\system32\esent.dll
2011-10-30 19:11 . 2011-03-11 06:23 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-10-30 19:11 . 2011-03-11 06:23 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-10-30 19:11 . 2011-03-11 06:22 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-10-30 19:11 . 2011-03-11 06:23 187264 ----a-w- c:\windows\system32\drivers\storport.sys
2011-10-30 19:11 . 2011-03-11 06:23 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-10-30 19:11 . 2011-03-11 06:22 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-10-30 19:11 . 2011-03-11 05:39 1686016 ----a-w- c:\windows\SysWow64\esent.dll
2011-10-30 19:11 . 2011-03-11 06:15 96768 ----a-w- c:\windows\system32\fsutil.exe
2011-10-30 19:11 . 2011-03-11 05:37 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2011-10-30 17:19 . 2011-10-30 17:19 -------- dc----w- c:\windows\system32\DRVSTORE
2011-10-30 17:19 . 2011-06-13 21:22 44624 ----a-w- c:\windows\system32\drivers\DKRtWrt.sys
2011-10-30 17:19 . 2011-10-30 17:19 -------- d-----w- c:\programdata\Diskeeper Corporation
2011-10-30 17:19 . 2011-10-30 17:19 -------- d-----w- c:\program files\Common Files\Diskeeper Corporation
2011-10-30 17:19 . 2011-10-30 17:19 -------- d-----w- c:\program files\Diskeeper Corporation
2011-10-30 14:53 . 2011-10-30 14:53 -------- d-----w- c:\program files\ESET
2011-10-30 08:21 . 2011-10-30 08:21 -------- d-----w- c:\windows\SysWow64\Wat
2011-10-30 08:21 . 2011-10-30 08:21 -------- d-----w- c:\windows\system32\Wat
2011-10-30 07:56 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2011-10-30 07:56 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2011-10-30 07:21 . 2009-11-25 16:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2011-10-30 07:21 . 2009-11-25 16:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2011-10-30 07:21 . 2009-11-25 16:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2011-10-30 07:21 . 2009-11-25 16:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2011-10-30 07:21 . 2009-11-25 16:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2011-10-30 07:21 . 2009-11-25 16:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-10-30 07:21 . 2009-11-25 16:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2011-10-30 07:21 . 2009-11-25 16:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2011-10-30 07:21 . 2009-11-25 16:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2011-10-30 07:21 . 2009-11-25 16:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2011-10-30 07:01 . 2011-10-30 07:01 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-10-30 07:00 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys
2011-10-29 14:09 . 2011-07-09 05:14 2048 ----a-w- c:\windows\system32\tzres.dll
2011-10-29 14:09 . 2011-07-09 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-10-29 14:04 . 2010-12-18 06:11 714752 ----a-w- c:\windows\system32\kerberos.dll
2011-10-29 14:04 . 2010-12-18 05:29 541184 ----a-w- c:\windows\SysWow64\kerberos.dll
2011-10-29 14:01 . 2010-06-29 05:02 1413632 ----a-w- c:\windows\SysWow64\ole32.dll
2011-10-29 14:00 . 2011-05-04 05:28 2228224 ----a-w- c:\windows\system32\mssrch.dll
2011-10-29 13:59 . 2010-01-19 09:05 422912 ----a-w- c:\windows\system32\secproc_isv.dll
2011-10-29 13:58 . 2010-10-27 05:16 1739176 ----a-w- c:\windows\system32\ntdll.dll
2011-10-29 13:58 . 2010-10-27 04:40 1293120 ----a-w- c:\windows\SysWow64\ntdll.dll
2011-10-29 13:58 . 2010-08-04 07:07 552960 ----a-w- c:\windows\system32\msdri.dll
2011-10-29 13:58 . 2010-08-21 06:38 1024512 ----a-w- c:\windows\system32\wmpmde.dll
2011-10-29 13:58 . 2010-08-21 05:36 738816 ----a-w- c:\windows\SysWow64\wmpmde.dll
2011-10-29 13:58 . 2011-09-06 03:07 3134976 ----a-w- c:\windows\system32\win32k.sys
2011-10-29 13:56 . 2011-04-29 03:13 461312 ----a-w- c:\windows\system32\drivers\srv.sys
2011-10-29 13:55 . 2010-11-02 05:12 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-10-29 13:54 . 2010-12-21 06:13 2003968 ----a-w- c:\windows\system32\msxml6.dll
2011-10-29 13:53 . 2009-10-28 06:24 389632 ----a-w- c:\windows\system32\winlogon.exe
2011-10-29 13:52 . 2010-06-19 06:53 52224 ----a-w- c:\windows\system32\rtutils.dll
2011-10-29 13:52 . 2010-06-19 06:23 37376 ----a-w- c:\windows\SysWow64\rtutils.dll
2011-10-29 13:52 . 2011-03-11 06:19 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2011-10-29 13:52 . 2011-03-11 06:19 1395712 ----a-w- c:\windows\system32\mfc42.dll
2011-10-29 13:52 . 2011-03-11 05:40 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2011-10-29 13:52 . 2011-03-11 05:40 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2011-10-29 13:49 . 2010-11-02 05:12 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2011-10-29 13:48 . 2010-10-16 05:19 395776 ----a-w- c:\windows\system32\webio.dll
2011-10-29 13:48 . 2010-10-16 04:36 314368 ----a-w- c:\windows\SysWow64\webio.dll
2011-10-29 13:45 . 2010-09-01 05:14 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2011-10-29 13:45 . 2010-09-01 04:26 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2011-10-29 13:45 . 2010-09-01 05:12 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2011-10-29 13:45 . 2010-09-01 04:23 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2011-10-29 13:45 . 2011-02-18 06:33 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-10-29 13:45 . 2011-02-18 05:33 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2011-10-29 13:45 . 2011-02-12 06:14 267776 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-10-29 13:45 . 2011-05-03 05:21 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-29 13:45 . 2011-05-03 04:50 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-10-29 13:40 . 2010-10-16 05:23 112000 ----a-w- c:\windows\system32\consent.exe
2011-10-29 13:39 . 2011-02-23 05:15 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-10-29 13:34 . 2011-08-27 05:40 861184 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-29 13:34 . 2011-08-27 05:40 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-10-29 13:34 . 2011-08-27 04:43 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-29 13:34 . 2011-08-27 04:43 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-10-29 13:33 . 2010-10-16 05:17 720896 ----a-w- c:\windows\system32\odbc32.dll
2011-10-29 13:33 . 2010-10-16 04:34 573440 ----a-w- c:\windows\SysWow64\odbc32.dll
2011-10-29 13:33 . 2010-10-16 05:16 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-10-29 13:33 . 2010-10-16 05:16 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-10-29 13:33 . 2010-10-16 05:16 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-10-29 13:33 . 2010-10-16 05:16 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-10-29 13:33 . 2010-10-16 04:33 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2011-10-29 13:33 . 2010-10-16 04:33 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2011-10-29 13:33 . 2010-10-16 04:33 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
2011-10-29 13:33 . 2010-10-16 04:33 208896 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
2011-10-29 13:13 . 2010-08-27 06:14 236032 ----a-w- c:\windows\system32\srvsvc.dll
2011-10-29 13:13 . 2010-08-27 05:46 9728 ----a-w- c:\windows\SysWow64\sscore.dll
2011-10-29 13:12 . 2011-06-23 05:29 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-29 13:12 . 2011-06-23 04:38 3957120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-10-29 13:12 . 2011-06-23 04:38 3902336 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-10-29 05:07 . 2011-10-29 05:07 -------- d-----w- c:\programdata\Recovery
2011-10-29 03:58 . 2011-10-29 03:58 -------- d-----w- c:\programdata\Kaspersky Lab
2011-10-29 03:41 . 2011-10-29 03:41 -------- d-----w- c:\programdata\Malwarebytes
2011-10-29 03:41 . 2011-10-29 03:42 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-10-29 03:41 . 2011-08-31 21:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-29 02:36 . 2011-10-29 02:37 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-10-29 02:19 . 2011-10-29 02:19 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2011-10-29 02:13 . 2011-10-07 01:16 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-29 02:09 . 2011-10-29 02:08 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4F27C297-953F-4CA0-A9B0-8A8FA371B6A8}\gapaengine.dll
2011-10-29 01:54 . 2011-10-29 01:54 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-10-29 01:53 . 2011-10-29 01:55 -------- d-----w- c:\program files\Microsoft Security Client
2011-10-29 01:53 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
2011-10-29 01:46 . 2011-10-29 01:46 -------- d-----w- c:\program files (x86)\Microsoft.NET
2011-10-29 01:42 . 2011-10-29 01:42 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2011-10-29 01:41 . 2011-10-31 07:15 -------- d-----w- c:\programdata\Microsoft Help
2011-10-29 01:39 . 2011-10-18 06:27 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F440A80E-0CEC-44D6-8E1F-7F8CBB78624C}\mpengine.dll
2011-10-29 01:39 . 2010-10-19 20:51 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-10-29 01:37 . 2011-10-29 01:37 -------- d-----r- C:\MSOCache
2011-10-29 01:25 . 2009-12-29 08:03 220672 ----a-w- c:\windows\system32\wintrust.dll
2011-10-29 01:25 . 2009-12-29 06:55 172032 ----a-w- c:\windows\SysWow64\wintrust.dll
2011-10-29 01:25 . 2010-01-09 07:19 139264 ----a-w- c:\windows\system32\cabview.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-09 17:57 . 2011-08-09 17:57 202576 ----a-w- c:\windows\system32\drivers\eamonm.sys
2011-08-04 13:20 . 2011-08-04 13:20 62496 ----a-w- c:\windows\system32\drivers\epfwwfp.sys
2011-08-04 13:20 . 2011-08-04 13:20 38288 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys
2011-08-04 13:20 . 2011-08-04 13:20 187632 ----a-w- c:\windows\system32\drivers\epfw.sys
2011-08-04 13:20 . 2011-08-04 13:20 146432 ----a-w- c:\windows\system32\drivers\ehdrv.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-30_22.56.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 05:10 . 2011-10-31 00:07 35268 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:30 . 2011-10-30 14:54 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2011-10-31 07:31 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2011-10-30 19:11 . 2011-03-11 04:31 91136 c:\windows\system32\DriverStore\FileRepository\usbstor.inf_amd64_neutral_dd8b7470ecdd8b8b\USBSTOR.SYS
+ 2011-10-30 19:12 . 2011-03-25 03:22 30720 c:\windows\system32\DriverStore\FileRepository\usbport.inf_amd64_neutral_36529aeb1510bb0c\usbuhci.sys
+ 2011-10-30 19:12 . 2011-03-25 03:22 25600 c:\windows\system32\DriverStore\FileRepository\usbport.inf_amd64_neutral_36529aeb1510bb0c\usbohci.sys
+ 2011-10-30 19:12 . 2011-03-25 03:22 52224 c:\windows\system32\DriverStore\FileRepository\usbport.inf_amd64_neutral_36529aeb1510bb0c\usbehci.sys
+ 2011-10-30 19:12 . 2011-03-25 03:23 98816 c:\windows\system32\DriverStore\FileRepository\usb.inf_amd64_neutral_d378b476be3d939d\usbccgp.sys
+ 2011-10-30 19:12 . 2011-04-28 03:58 80384 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_6c7b4ac630551f33\BTHUSB.SYS
+ 2009-07-14 00:06 . 2009-07-14 00:06 41984 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_6c7b4ac630551f33\bthenum.sys
+ 2011-10-30 19:11 . 2011-03-11 06:22 27008 c:\windows\system32\DriverStore\FileRepository\amdsata.inf_amd64_neutral_66a166f5508d8f1c\amdxata.sys
+ 2011-10-30 19:11 . 2011-03-11 04:31 91136 c:\windows\system32\drivers\USBSTOR.SYS
+ 2011-10-29 05:11 . 2011-11-01 17:25 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-10-29 05:11 . 2011-10-30 21:55 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-10-29 05:11 . 2011-11-01 17:25 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-10-29 05:11 . 2011-10-30 21:55 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-01 17:25 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-10-30 21:55 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-10-29 05:15 . 2011-11-01 17:23 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-10-29 05:15 . 2011-10-30 22:54 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2011-11-01 17:26 78512 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2011-10-29 05:15 . 2011-10-30 22:54 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-10-29 05:15 . 2011-11-01 17:23 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-10-29 05:15 . 2011-11-01 17:23 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-10-29 05:15 . 2011-10-30 22:54 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-10-29 01:22 . 2011-10-30 22:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-10-29 01:22 . 2011-11-01 17:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-10-29 01:22 . 2011-10-30 22:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-10-29 01:22 . 2011-11-01 17:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-01 11:08 . 2011-11-01 11:08 32768 c:\windows\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}\icon.exe
- 2011-10-30 07:35 . 2011-10-30 07:35 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
+ 2011-10-31 07:15 . 2011-10-31 07:15 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
+ 2011-10-29 01:50 . 2011-10-31 07:15 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2011-10-29 01:50 . 2011-10-30 07:17 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2011-10-29 01:50 . 2011-10-30 07:17 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2011-10-29 01:50 . 2011-10-31 07:15 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2011-10-29 01:50 . 2011-10-30 07:17 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2011-10-29 01:50 . 2011-10-31 07:15 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2011-10-30 07:21 . 2011-10-30 07:21 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2011-10-31 07:15 . 2011-10-31 07:15 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2011-11-01 11:07 . 2011-11-01 11:07 32768 c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
+ 2009-03-04 21:24 . 2009-03-04 21:24 54088 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\SCANOST.EXE
+ 2009-03-04 21:24 . 2009-03-04 21:24 75608 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\RM.DLL
+ 2009-03-04 21:24 . 2009-03-04 21:24 38240 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\RECALL.DLL
+ 2009-01-07 01:31 . 2009-01-07 01:31 48512 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\PUBTRAP.DLL
+ 2009-03-04 21:24 . 2009-03-04 21:24 52072 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OUTLVBA.DLL
+ 2008-10-25 12:18 . 2008-10-25 12:18 72568 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ONFILTER.DLL
+ 2008-10-25 12:18 . 2008-10-25 12:18 98696 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ONENOTEM.EXE
+ 2009-03-04 21:24 . 2009-03-04 21:24 34192 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\DUMPSTER.DLL
+ 2009-03-04 21:24 . 2009-03-04 21:24 87392 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\DLGSETP.DLL
+ 2006-10-27 02:58 . 2006-10-27 02:58 33080 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\VPREVIEW.EXE
+ 2011-10-31 07:32 . 2011-10-31 07:32 3886 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-10-29 01:20 . 2011-10-31 00:07 3360 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3874856960-2651343199-2381090643-1000_UserData.bin
+ 2011-10-30 19:12 . 2011-03-25 03:22 7936 c:\windows\system32\DriverStore\FileRepository\usbport.inf_amd64_neutral_36529aeb1510bb0c\usbd.sys
+ 2011-11-01 17:23 . 2011-11-01 17:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-10-30 22:54 . 2011-10-30 22:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-01 17:23 . 2011-11-01 17:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-10-30 22:54 . 2011-10-30 22:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-10-29 12:49 . 2011-11-01 17:16 182336 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2009-07-14 02:36 . 2011-11-01 17:30 617222 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-10-30 21:57 617222 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-10-30 21:57 104496 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-11-01 17:30 104496 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:30 . 2011-10-31 07:31 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2011-10-30 14:54 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2011-10-31 07:31 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2011-10-30 14:54 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2011-10-30 19:12 . 2011-03-25 03:23 324608 c:\windows\system32\DriverStore\FileRepository\usbport.inf_amd64_neutral_36529aeb1510bb0c\usbport.sys
+ 2011-10-30 19:12 . 2011-03-25 03:23 343040 c:\windows\system32\DriverStore\FileRepository\usbport.inf_amd64_neutral_36529aeb1510bb0c\usbhub.sys
+ 2011-10-30 19:12 . 2011-03-25 03:23 343040 c:\windows\system32\DriverStore\FileRepository\usb.inf_amd64_neutral_d378b476be3d939d\usbhub.sys
+ 2011-10-30 19:11 . 2011-03-11 06:23 166272 c:\windows\system32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
+ 2011-10-30 19:11 . 2011-03-11 06:23 148352 c:\windows\system32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvraid.sys
+ 2011-10-30 19:11 . 2011-03-11 06:23 410496 c:\windows\system32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
+ 2009-07-14 00:06 . 2009-07-14 01:39 229376 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_6c7b4ac630551f33\fsquirt.exe
+ 2011-10-30 19:12 . 2011-04-28 03:58 552448 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_6c7b4ac630551f33\bthport.sys
+ 2011-10-30 19:11 . 2011-03-11 06:22 107904 c:\windows\system32\DriverStore\FileRepository\amdsata.inf_amd64_neutral_66a166f5508d8f1c\amdsata.sys
+ 2009-07-14 05:31 . 2011-10-31 07:31 399360 c:\windows\system32\DriverStore\drvindex.dat
- 2009-07-14 05:31 . 2011-10-30 08:21 399360 c:\windows\system32\DriverStore\drvindex.dat
- 2009-07-14 05:01 . 2011-10-30 22:53 399624 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-11-01 17:22 399624 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-10-30 08:19 . 2011-10-30 22:53 400392 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3874856960-2651343199-2381090643-1000-8192.dat
+ 2011-10-30 08:19 . 2011-11-01 17:22 400392 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3874856960-2651343199-2381090643-1000-8192.dat
+ 2011-04-19 08:54 . 2011-04-19 08:54 227328 c:\windows\Installer\5e8a5ca.msi
+ 2011-04-19 08:21 . 2011-04-19 08:21 235520 c:\windows\Installer\5e8a5c3.msi
+ 2011-03-18 00:03 . 2011-03-18 00:03 308736 c:\windows\Installer\17c3bd2.msp
+ 2010-08-04 19:13 . 2010-08-04 19:13 686080 c:\windows\Installer\17c3ab7.msp
+ 2009-05-26 22:53 . 2009-05-26 22:53 579072 c:\windows\Installer\17c399e.msp
+ 2010-07-23 05:03 . 2010-07-23 05:03 338432 c:\windows\Installer\17c3971.msp
- 2011-10-29 01:50 . 2011-10-30 07:17 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2011-10-29 01:50 . 2011-10-31 07:15 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2011-10-29 01:50 . 2011-10-30 07:17 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2011-10-29 01:50 . 2011-10-31 07:15 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2011-10-29 01:50 . 2011-10-31 07:15 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2011-10-29 01:50 . 2011-10-30 07:17 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2011-10-29 01:50 . 2011-10-30 07:17 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2011-10-29 01:50 . 2011-10-31 07:15 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2011-10-29 01:50 . 2011-10-31 07:15 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2011-10-29 01:50 . 2011-10-30 07:17 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2011-10-29 01:50 . 2011-10-30 07:17 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2011-10-29 01:50 . 2011-10-31 07:15 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2011-10-29 01:50 . 2011-10-30 07:17 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2011-10-29 01:50 . 2011-10-31 07:15 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-04-03 22:11 . 2009-04-03 22:11 408424 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\WINWORD.EXE
+ 2009-03-06 06:37 . 2009-03-06 06:37 501640 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\SOA.DLL
+ 2009-03-04 21:24 . 2009-03-04 21:24 282032 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\SCNPST64.DLL
+ 2009-03-04 21:24 . 2009-03-04 21:24 273320 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\SCNPST32.DLL
+ 2009-03-06 06:06 . 2009-03-06 06:06 407904 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\RTFHTML.DLL
+ 2009-03-06 08:26 . 2009-03-06 08:26 770464 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\REGFORM.EXE
+ 2009-03-06 07:41 . 2009-03-06 07:41 589704 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\PUBCONV.DLL
+ 2009-01-08 14:59 . 2009-01-08 14:59 624520 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\PTXT9.DLL
+ 2009-03-04 21:24 . 2009-03-04 21:24 420696 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\PSTPRX32.DLL
+ 2008-10-25 10:21 . 2008-10-25 10:21 136072 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\PRTF9.DLL
+ 2011-10-30 07:12 . 2011-10-30 07:12 350064 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\PPTPIA.DLL
+ 2009-04-03 22:04 . 2009-04-03 22:04 521064 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\POWERPNT.EXE
+ 2008-11-21 04:49 . 2008-11-21 04:49 169360 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OUTLPH.DLL
+ 2009-03-06 06:05 . 2009-03-06 06:05 593288 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OUTLMIME.DLL
+ 2008-10-31 01:24 . 2008-10-31 01:24 137552 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OUTLCTL.DLL
+ 2008-10-25 11:52 . 2008-10-25 11:52 664968 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ONBTTNOL.DLL
+ 2008-10-25 11:52 . 2008-10-25 11:52 604056 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ONBTTNIE.DLL
+ 2009-03-06 08:55 . 2009-03-06 08:55 194448 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OMSXP32.DLL
+ 2009-03-06 08:55 . 2009-03-06 08:55 661888 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OMSMAIN.DLL
+ 2009-03-04 21:24 . 2009-03-04 21:24 253808 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OLKFSTUB.DLL
+ 2008-11-04 08:13 . 2008-11-04 08:13 118128 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSCONV97.DLL
+ 2009-03-04 21:24 . 2009-03-04 21:24 340304 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MIMEDIR.DLL
+ 2011-10-30 07:12 . 2011-10-30 07:12 118176 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\IPOMINT.DLL
+ 2008-10-25 13:27 . 2008-10-25 13:27 177040 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\IPOLK.DLL
+ 2009-03-04 21:24 . 2009-03-04 21:24 138072 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\IMPMAIL.DLL
+ 2009-02-14 10:04 . 2009-02-14 10:04 625520 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVEWEBSERVICES.DLL
+ 2009-02-12 19:19 . 2009-02-12 19:19 688512 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVEWEBPLATFORMSERVICES.DLL
+ 2009-03-06 08:33 . 2009-03-06 08:33 961888 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVEUTIL.DLL
+ 2009-02-14 10:03 . 2009-02-14 10:03 337264 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVE.EXE
+ 2008-11-21 04:48 . 2008-11-21 04:48 116600 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\EMABLT32.DLL
+ 2009-03-06 06:05 . 2009-03-06 06:05 127336 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\CONTAB32.DLL
+ 2008-10-26 10:26 . 2008-10-26 10:26 162680 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ACCWIZ.DLL
+ 2011-10-31 07:08 . 2011-10-31 07:08 117144 c:\windows\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.Interop.dll
+ 2011-10-31 07:09 . 2011-10-31 07:09 350064 c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
- 2011-10-30 07:12 . 2011-10-30 07:12 350064 c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
+ 2011-10-30 08:52 . 2011-03-04 06:17 135168 c:\windows\AppPatch\AppPatch64\AcXtrnal.dll
- 2011-10-29 13:49 . 2010-09-10 05:35 135168 c:\windows\AppPatch\AppPatch64\AcXtrnal.dll
- 2011-10-29 13:49 . 2010-09-10 05:35 347648 c:\windows\AppPatch\AppPatch64\AcLayers.dll
+ 2011-10-30 08:52 . 2011-03-04 06:17 347648 c:\windows\AppPatch\AppPatch64\AcLayers.dll
+ 2009-07-21 04:05 . 2009-07-21 04:05 1348432 c:\windows\SysWOW64\msxml4.dll
+ 2009-08-18 03:33 . 2009-08-18 03:33 1193832 c:\windows\SysWOW64\FM20.DLL
+ 2009-07-14 04:45 . 2011-11-01 17:25 3801160 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2011-10-30 10:24 3801160 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-21 04:29 . 2009-07-21 04:29 6057984 c:\windows\Installer\5e8a5bc.msi
+ 2008-10-01 01:07 . 2008-10-01 01:07 6042112 c:\windows\Installer\5e8a5b5.msi
+ 2011-08-10 21:43 . 2011-08-10 21:43 3795968 c:\windows\Installer\17c3ba0.msp
+ 2011-04-29 16:28 . 2011-04-29 16:28 1995264 c:\windows\Installer\17c3b7b.msp
+ 2010-10-21 22:10 . 2010-10-21 22:10 3995136 c:\windows\Installer\17c3b6b.msp
+ 2011-09-07 01:46 . 2011-09-07 01:46 9006080 c:\windows\Installer\17c3b50.msp
+ 2011-06-21 15:59 . 2011-06-21 15:59 1764352 c:\windows\Installer\17c3b39.msp
+ 2010-02-21 05:03 . 2010-02-21 05:03 4472832 c:\windows\Installer\17c3b1e.msp
+ 2010-08-13 22:02 . 2010-08-13 22:02 2545664 c:\windows\Installer\17c3ae5.msp
+ 2011-08-10 21:42 . 2011-08-10 21:42 7070208 c:\windows\Installer\17c3ac7.msp
+ 2011-04-29 16:27 . 2011-04-29 16:27 4158464 c:\windows\Installer\17c3aa0.msp
+ 2010-08-13 22:00 . 2010-08-13 22:00 9404928 c:\windows\Installer\17c3a78.msp
+ 2009-08-05 11:49 . 2009-08-05 11:49 3457024 c:\windows\Installer\17c3a5f.msp
+ 2010-03-24 22:54 . 2010-03-24 22:54 3126272 c:\windows\Installer\17c3a45.msp
+ 2010-03-24 22:54 . 2010-03-24 22:54 2516992 c:\windows\Installer\17c3a44.msp
+ 2009-07-27 08:31 . 2009-07-27 08:31 3738624 c:\windows\Installer\17c39fe.msp
+ 2010-05-20 23:57 . 2010-05-20 23:57 4989952 c:\windows\Installer\17c39f4.msp
+ 2010-05-20 23:57 . 2010-05-20 23:57 5907456 c:\windows\Installer\17c39f3.msp
+ 2011-09-07 01:48 . 2011-09-07 01:48 8181248 c:\windows\Installer\17c39be.msp
+ 2009-10-16 11:08 . 2009-10-16 11:08 2237952 c:\windows\Installer\17c39b5.msp
+ 2009-08-18 17:08 . 2009-08-18 17:08 1373696 c:\windows\Installer\17c3988.msp
+ 2010-08-04 19:12 . 2010-08-04 19:12 1004544 c:\windows\Installer\17c395a.msp
+ 2011-07-27 11:39 . 2011-07-27 11:39 9892352 c:\windows\Installer\17c3911.msp
+ 2010-11-21 03:33 . 2010-11-21 03:33 1980928 c:\windows\Installer\17c3901.msp
+ 2011-04-16 04:14 . 2011-04-16 04:14 3186176 c:\windows\Installer\17c38eb.msi
+ 2011-04-29 16:30 . 2011-04-29 16:30 1197056 c:\windows\Installer\17c38dd.msp
- 2011-10-29 01:50 . 2011-10-30 07:17 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2011-10-29 01:50 . 2011-10-31 07:15 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2011-10-29 01:50 . 2011-10-30 07:17 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2011-10-29 01:50 . 2011-10-31 07:15 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-11-21 07:12 . 2008-11-21 07:12 3750256 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\VVIEWER.DLL
+ 2008-10-25 13:35 . 2008-10-25 13:35 1847160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\VVIEWDWG.DLL
+ 2008-08-26 02:50 . 2008-08-26 02:50 2585592 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\VBE6.DLL
+ 2008-11-10 06:41 . 2008-11-10 06:41 2014584 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\PPTVIEW.EXE
+ 2009-04-03 22:04 . 2009-04-03 22:04 8468840 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\PPCORE.DLL
+ 2009-03-06 08:00 . 2009-03-06 08:00 6596472 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ONMAIN.DLL
+ 2008-11-10 14:49 . 2008-11-10 14:49 1165680 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ONLIBS.DLL
+ 2008-11-25 02:16 . 2008-11-25 02:16 1020776 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ONENOTE.EXE
+ 2009-03-06 06:05 . 2009-03-06 06:05 2964336 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OLMAPI32.DLL
+ 2009-03-06 07:41 . 2009-03-06 07:41 9589096 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSPUB.EXE
+ 2009-03-06 08:26 . 2009-03-06 08:26 5291376 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\IPEDITOR.DLL
+ 2009-03-06 08:26 . 2009-03-06 08:26 5466488 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\IPDESIGN.DLL
+ 2008-11-04 04:40 . 2008-11-04 04:40 1442160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\INFOPATH.EXE
+ 2009-02-14 10:03 . 2009-02-14 10:03 3070832 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVEDOCUMENTSHARETOOL.DLL
+ 2008-11-21 03:06 . 2008-11-21 03:06 1194848 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\FM20.DLL
+ 2009-04-02 18:35 . 2009-04-02 18:35 1787216 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6425\PPCNV.DLL
- 2009-07-14 02:34 . 2011-10-30 19:14 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2011-11-01 17:43 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2011-07-27 11:37 . 2011-07-27 11:37 11592192 c:\windows\Installer\17c3952.msp
+ 2010-07-23 05:04 . 2010-07-23 05:04 11395072 c:\windows\Installer\17c38d4.msp
+ 2009-04-03 22:21 . 2009-04-03 22:21 16037736 c:\windows\Installer\$PatchCache$\Managed\00002159FA0090400000000000F01FEC\12.0.6425\OART.DLL
+ 2009-04-03 22:11 . 2009-04-03 22:11 17740136 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\WWLIB.DLL
+ 2009-03-06 06:06 . 2009-03-06 06:06 12707696 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OUTLOOK.EXE
+ 2009-03-06 06:37 . 2009-03-06 06:37 10222432 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSACCESS.EXE
+ 2009-04-03 22:11 . 2009-04-03 22:11 18330984 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\EXCEL.EXE
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spyware Doctor"="c:\users\Jazzarah\Desktop\sdsetup_revwire207.exe" [BU]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2009-07-27 3883856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2009-6-3 430080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-08-10 974944]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S3 DKRtWrt;DKRtWrt;c:\windows\system32\DRIVERS\DKRtWrt.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-29 16333856]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-09-15 610360]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-08-10 4030008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"PCDrProfiler"="c:\program files\PC-Doctor for Windows\RunProfiler.exe" [2009-09-17 89584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Jazzarah\AppData\Roaming\Mozilla\Firefox\Profiles\wx917g4m.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2011-11-01 14:17:11 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-01 18:16
.
Pre-Run: 266,946,281,472 bytes free
Post-Run: 266,754,822,144 bytes free
.
- - End Of File - - FC99C0198A0CED5EA836FFDFB5666B31

#13 negster22

negster22

    Elite Member

  • Experts
  • PipPipPipPipPip
  • 1,151 posts
  • Location:Westchester County, NY

Posted 01 November 2011 - 04:38 PM

Open an Elevated Command Prompt
  • Click the Windows 7 Start Orb
  • Type cmd in the Start - Search box
  • In the search results at the top, Right-click the cmd.exe & Select "Run as Administrator"
-----------------
After the command prompt opens:
  • Type diskpart and Hit Enter
  • You should see this:
    DISKPART>
  • Type list disk, and Hit Enter
You'll either see an listing of the disks on your system similar but not exactly like this:

Disk 0 Online 931 GB 0 B


or a message like this:

"There are no fixed disks to show"


What response do you get?
Posted Image Microsoft MVP - Consumer Security 2006 - 2011

BITS n PC's Blog

#14 mrtwallz

mrtwallz

    New Member

  • Members
  • Pip
  • 12 posts

Posted 01 November 2011 - 08:16 PM

Disk### Status Size Free Dyn Gpt
Disk 0 Online 298 GB 0 B
Disk 1 No Media 0 B 0 B

#15 negster22

negster22

    Elite Member

  • Experts
  • PipPipPipPipPip
  • 1,151 posts
  • Location:Westchester County, NY

Posted 02 November 2011 - 10:25 AM

I can see you have two antivirus programs running:
  • ESET Smart Security
  • Microsoft Security Essentials (MSE)

Since, ESET is the one that is flagging TDL4 in memory, I want you to completely remove MSE for now. Should you want it again later, then by all means, reinstall it again. However, I have to warn you that running two antivirus at the same time, can lead to a whole host of problems many of which mimic infection symptoms. After you remove MSE, you need to REBOOT.

As soon as you reboot, I immediately want you to open Task Manager (Ctrl + Shift + Esc simultaneously OR right-click the Task Bar & select "Start Task Manager") -
I want you to click the Process Tab and see if iexplore.exe is running at system startup.
Please let me know if it is, because we will proceed differently depending on that outcome.

ALso, let me know if you see any improvement in your comptuer with only one antivirus running.
Posted Image Microsoft MVP - Consumer Security 2006 - 2011

BITS n PC's Blog

#16 mrtwallz

mrtwallz

    New Member

  • Members
  • Pip
  • 12 posts

Posted 02 November 2011 - 08:50 PM

Uninstalled Microsoft Essentials, Restarted and yes iexplorer is running. It even opened the browser on its own to my default msn homepage. So what's next doc, lol.

#17 mrtwallz

mrtwallz

    New Member

  • Members
  • Pip
  • 12 posts

Posted 02 November 2011 - 08:53 PM

And still getting site redirects from search engines

#18 negster22

negster22

    Elite Member

  • Experts
  • PipPipPipPipPip
  • 1,151 posts
  • Location:Westchester County, NY

Posted 02 November 2011 - 10:29 PM

This is to see if we can identify where IE is starting from:

Download Autoruns:
http://technet.micro...ernals/bb963902

Create a folder called C:\Program Files\Autoruns and unzip Autoruns to that location.
  • If you have XP, Double-click autoruns.exe or its desktop shortcut to launch Autoruns
  • If you have Windows 7 or Vista, Right-click autoruns.exe or its desktop shortcut & select "Run as Administrator" to lauch the program
  • Once Autoruns opens & begins scanning - Hit "Esc" to abort the scan
  • Then, under the Options menu set the following options:
    • CHECK - Hide Windows Entries
    • CHECK - Verify code signatures
    • UNCHECK - Include Empty Locations
  • Important!!: Hit F5 or choose File | Refresh to update the scan results to reflect the above configuration settings.
  • Let Autoruns finish scanning (you will see 'Ready' in bottom left corner when it is done)
  • Click File | Save and save the file to Autoruns.txt by changing the Save as Type to "Text" in the pull down menu.
  • Now, exit Autoruns.

Please zip up Autoruns.txt and attach it to your next post.

---------
Go HERE and Click:
"Run Process Explorer now from Live.Sysinternals.com" to launch Process Explorer
  • Once Process Explorer is open, on the Process Explorer Menu:
    • Click View and Select (place a checkmark next to) Show Lower Pane
    • Click View -> Lower Pane View and Select (checkmark) DLLs
    • Click Options -> Select (checkmark) Verify Image Signatures
  • In the Upper Pane, Select (left-click only once) the iexplore.exe process so it is highlighted in blue
  • The lower pane should refresh to display a list of DLL files loaded by the iexplore.exe process
  • On the Process Explorer Menu, Click File -> Save
  • Save the Log as PE.txt & post it in your next reply, along with the autoruns.txt log

Posted Image Microsoft MVP - Consumer Security 2006 - 2011

BITS n PC's Blog

#19 mrtwallz

mrtwallz

    New Member

  • Members
  • Pip
  • 12 posts

Posted 02 November 2011 - 10:56 PM

Alright, here they are

Attached Files

  • Attached File  Logs.rar   8.17KB   25 downloads


#20 negster22

negster22

    Elite Member

  • Experts
  • PipPipPipPipPip
  • 1,151 posts
  • Location:Westchester County, NY

Posted 03 November 2011 - 09:52 PM

Collect the following information when you can confirm that the phantom iexplore.exe is running.
I don't want you to use Internet Explorer to run the live version of Process Explorer because we want to troubleshoot why iexplore.exe is running in the background so I want you to download and run Process Explorer this time.

1. Create a folder called C:\ProcessExplorer
2. Next, go HERE and download Process Explorer.
3. Unzip Process Explorer to the C:\ProcessExplorer folder
Important: Close your browser!

  • Right-click procexp.exe or its desktop short-cut and select "Run as Administrator" to launch the program
  • Once Process Explorer is open, on the Process Explorer Menu:
    • Click View and Select (place a checkmark next to) Show Lower Pane
    • Click View -> Lower Pane View and Select (checkmark) DLLs
    • Click Options -> Select (checkmark) Verify Image Signatures
  • In the Upper Pane, Select (left-click only once) the System process with PID = 4 (located at the top of the Process Tree), so it is highlighted in blue
  • The lower pane should refresh to display a list of drivers (SYS files)
  • On the Process Explorer Menu, Click File -> Save
  • Save the Log as system.txt & post it in your next reply (no zipping required).

Posted Image Microsoft MVP - Consumer Security 2006 - 2011

BITS n PC's Blog




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users