mrtwallz

Win32/Olmarik.TDL4 trojan - mrtwallz

26 posts in this topic

ESET Smart Security 5 detected a "Win32/Olmarik.TDL4 trojan" in the operating memory and is unable to clean it.

I tried the recovery disc to clean it but for some reason the recovery disc doesn't detect it.

Here is the DDS:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7600.16385

Run by Jazzarah at 20:59:32 on 2011-10-30

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1790.646 [GMT -4:00]

.

AV: ESET Smart Security 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: ESET Smart Security 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe

C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\taskeng.exe

c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll

TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll

uRun: [spyware Doctor] C:\Users\Jazzarah\Desktop\sdsetup_revwire207.exe -min

mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{909799A3-85C7-4137-9C82-28400D4D7FCC} : DhcpNameServer = 192.168.1.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll

TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll

mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Jazzarah\AppData\Roaming\Mozilla\Firefox\Profiles\wx917g4m.default\

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

.

============= SERVICES / DRIVERS ===============

.

R0 epfwwfp;epfwwfp;C:\Windows\system32\DRIVERS\epfwwfp.sys --> C:\Windows\system32\DRIVERS\epfwwfp.sys [?]

R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\system32\DRIVERS\EpfwLWF.sys --> C:\Windows\system32\DRIVERS\EpfwLWF.sys [?]

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]

R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-8-9 974944]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-10-28 366152]

R3 DKRtWrt;DKRtWrt;C:\Windows\system32\DRIVERS\DKRtWrt.sys --> C:\Windows\system32\DRIVERS\DKRtWrt.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== File Associations ===============

.

inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1

VBEFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*

VBSFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*

.

=============== Created Last 30 ================

.

2011-10-30 23:51:23 -------- d-sh--w- C:\$RECYCLE.BIN

2011-10-30 22:54:08 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0CCC43AC-641B-4114-84BB-ECF3373D396F}\offreg.dll

2011-10-30 22:12:05 98816 ----a-w- C:\Windows\sed.exe

2011-10-30 22:12:05 518144 ----a-w- C:\Windows\SWREG.exe

2011-10-30 22:12:05 256000 ----a-w- C:\Windows\PEV.exe

2011-10-30 22:12:05 208896 ----a-w- C:\Windows\MBR.exe

2011-10-30 22:10:54 -------- d-----w- C:\commy.exe

2011-10-30 22:01:53 -------- d-----w- C:\ComboFix

2011-10-30 21:27:24 -------- d-----w- C:\ProgramData\PC Tools

2011-10-30 19:50:07 -------- d-----w- C:\Program Files\Windows Imaging

2011-10-30 19:48:52 -------- d-----w- C:\Program Files\Windows AIK

2011-10-30 17:56:13 -------- d-----w- C:\Users\Jazzarah\AppData\Local\Diagnostics

2011-10-30 17:20:14 -------- d-----w- C:\Diskeeper2011Patch

2011-10-30 17:19:27 44624 ----a-w- C:\Windows\System32\drivers\DKRtWrt.sys

2011-10-30 17:19:16 -------- d-----w- C:\ProgramData\Diskeeper Corporation

2011-10-30 17:19:16 -------- d-----w- C:\Program Files\Common Files\Diskeeper Corporation

2011-10-30 17:19:12 -------- d-----w- C:\Program Files\Diskeeper Corporation

2011-10-30 15:03:33 8570192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0CCC43AC-641B-4114-84BB-ECF3373D396F}\mpengine.dll

2011-10-30 14:57:00 -------- d-----w- C:\Users\Jazzarah\AppData\Roaming\ESET

2011-10-30 14:57:00 -------- d-----w- C:\Users\Jazzarah\AppData\Local\ESET

2011-10-30 14:53:11 -------- d-----w- C:\Program Files\ESET

2011-10-30 08:21:25 -------- d-----w- C:\Windows\SysWow64\Wat

2011-10-30 08:21:25 -------- d-----w- C:\Windows\System32\Wat

2011-10-30 07:56:05 367104 ----a-w- C:\Windows\System32\wcncsvc.dll

2011-10-30 07:56:05 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll

2011-10-30 07:21:46 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll

2011-10-30 07:21:46 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll

2011-10-30 07:21:46 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll

2011-10-30 07:21:46 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe

2011-10-30 07:21:46 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll

2011-10-30 07:21:46 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll

2011-10-30 07:21:45 48960 ----a-w- C:\Windows\System32\netfxperf.dll

2011-10-30 07:21:45 444752 ----a-w- C:\Windows\System32\mscoree.dll

2011-10-30 07:21:45 320352 ----a-w- C:\Windows\System32\PresentationHost.exe

2011-10-30 07:21:45 1942856 ----a-w- C:\Windows\System32\dfshim.dll

2011-10-30 07:00:46 243712 ----a-w- C:\Windows\System32\drivers\ks.sys

2011-10-29 22:09:59 -------- d-----w- C:\Users\Jazzarah\AppData\Local\ElevatedDiagnostics

2011-10-29 14:09:04 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2011-10-29 14:09:04 2048 ----a-w- C:\Windows\System32\tzres.dll

2011-10-29 14:04:55 714752 ----a-w- C:\Windows\System32\kerberos.dll

2011-10-29 14:04:54 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll

2011-10-29 14:01:59 1413632 ----a-w- C:\Windows\SysWow64\ole32.dll

2011-10-29 14:00:53 2228224 ----a-w- C:\Windows\System32\mssrch.dll

2011-10-29 13:59:47 422912 ----a-w- C:\Windows\System32\secproc_isv.dll

2011-10-29 13:58:59 1739176 ----a-w- C:\Windows\System32\ntdll.dll

2011-10-29 13:58:57 1293120 ----a-w- C:\Windows\SysWow64\ntdll.dll

2011-10-29 13:58:42 552960 ----a-w- C:\Windows\System32\msdri.dll

2011-10-29 13:58:28 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll

2011-10-29 13:58:28 1024512 ----a-w- C:\Windows\System32\wmpmde.dll

2011-10-29 13:58:06 3134976 ----a-w- C:\Windows\System32\win32k.sys

2011-10-29 13:56:20 461312 ----a-w- C:\Windows\System32\drivers\srv.sys

2011-10-29 13:55:55 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll

2011-10-29 13:54:20 2003968 ----a-w- C:\Windows\System32\msxml6.dll

2011-10-29 13:53:59 389632 ----a-w- C:\Windows\System32\winlogon.exe

2011-10-29 13:52:45 52224 ----a-w- C:\Windows\System32\rtutils.dll

2011-10-29 13:52:45 37376 ----a-w- C:\Windows\SysWow64\rtutils.dll

2011-10-29 13:52:40 1359872 ----a-w- C:\Windows\System32\mfc42u.dll

2011-10-29 13:52:39 1395712 ----a-w- C:\Windows\System32\mfc42.dll

2011-10-29 13:52:39 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll

2011-10-29 13:52:38 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll

2011-10-29 13:49:13 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll

2011-10-29 13:48:16 395776 ----a-w- C:\Windows\System32\webio.dll

2011-10-29 13:48:16 314368 ----a-w- C:\Windows\SysWow64\webio.dll

2011-10-29 13:45:49 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe

2011-10-29 13:45:49 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe

2011-10-29 13:45:46 12625920 ----a-w- C:\Windows\System32\wmploc.DLL

2011-10-29 13:45:46 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL

2011-10-29 13:45:40 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe

2011-10-29 13:45:40 31232 ----a-w- C:\Windows\System32\prevhost.exe

2011-10-29 13:45:31 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe

2011-10-29 13:45:23 976896 ----a-w- C:\Windows\System32\inetcomm.dll

2011-10-29 13:45:22 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll

2011-10-29 13:40:24 112000 ----a-w- C:\Windows\System32\consent.exe

2011-10-29 13:39:57 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys

2011-10-29 13:34:45 861184 ----a-w- C:\Windows\System32\oleaut32.dll

2011-10-29 13:34:45 331776 ----a-w- C:\Windows\System32\oleacc.dll

2011-10-29 13:34:44 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll

2011-10-29 13:34:43 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll

2011-10-29 13:33:43 720896 ----a-w- C:\Windows\System32\odbc32.dll

2011-10-29 13:33:43 573440 ----a-w- C:\Windows\SysWow64\odbc32.dll

2011-10-29 13:33:42 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll

2011-10-29 13:33:41 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll

2011-10-29 13:33:40 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll

2011-10-29 13:33:40 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll

2011-10-29 13:33:39 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll

2011-10-29 13:33:39 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll

2011-10-29 13:33:38 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll

2011-10-29 13:33:38 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll

2011-10-29 13:13:00 9728 ----a-w- C:\Windows\SysWow64\sscore.dll

2011-10-29 13:13:00 236032 ----a-w- C:\Windows\System32\srvsvc.dll

2011-10-29 13:12:35 5507968 ----a-w- C:\Windows\System32\ntoskrnl.exe

2011-10-29 13:12:32 3957120 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2011-10-29 13:12:32 3902336 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2011-10-29 05:07:35 -------- d-----w- C:\ProgramData\Recovery

2011-10-29 03:58:39 -------- d-----w- C:\ProgramData\Kaspersky Lab

2011-10-29 03:42:42 -------- d-----w- C:\Users\Jazzarah\AppData\Roaming\Malwarebytes

2011-10-29 03:41:57 -------- d-----w- C:\ProgramData\Malwarebytes

2011-10-29 03:41:52 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-10-29 03:41:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-10-29 02:19:16 -------- d-----w- C:\Users\Jazzarah\AppData\Local\Adobe

2011-10-29 02:13:05 8570192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-10-29 02:09:53 917840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4F27C297-953F-4CA0-A9B0-8A8FA371B6A8}\gapaengine.dll

2011-10-29 01:54:29 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client

2011-10-29 01:53:44 -------- d-----w- C:\Program Files\Microsoft Security Client

2011-10-29 01:53:30 374664 ----a-w- C:\Windows\System32\drivers\netio.sys

2011-10-29 01:42:17 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8

2011-10-29 01:41:09 -------- d-----w- C:\Users\Jazzarah\AppData\Local\Microsoft Help

2011-10-29 01:39:23 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F440A80E-0CEC-44D6-8E1F-7F8CBB78624C}\mpengine.dll

2011-10-29 01:39:21 270720 ------w- C:\Windows\System32\MpSigStub.exe

2011-10-29 01:26:19 -------- d-----w- C:\Users\Jazzarah\AppData\Roaming\HpUpdate

2011-10-29 01:25:31 220672 ----a-w- C:\Windows\System32\wintrust.dll

2011-10-29 01:25:30 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll

2011-10-29 01:25:29 139264 ----a-w- C:\Windows\System32\cabview.dll

2011-10-29 01:25:29 132608 ----a-w- C:\Windows\SysWow64\cabview.dll

2011-10-29 01:21:08 -------- d-----w- C:\Users\Jazzarah\AppData\Roaming\PictureMover

2011-10-29 01:20:19 -------- d-----w- C:\Users\Jazzarah\AppData\Local\Hewlett-Packard

.

==================== Find3M ====================

.

2011-10-01 03:21:20 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-10-01 02:59:14 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-08-20 05:45:20 1197568 ----a-w- C:\Windows\System32\wininet.dll

2011-08-20 05:41:16 57856 ----a-w- C:\Windows\System32\licmgr10.dll

2011-08-20 04:38:10 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-08-20 04:35:20 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2011-08-20 04:20:23 482816 ----a-w- C:\Windows\System32\html.iec

2011-08-20 03:26:38 386048 ----a-w- C:\Windows\SysWow64\html.iec

2011-08-17 05:32:24 613888 ----a-w- C:\Windows\System32\psisdecd.dll

2011-08-17 05:27:46 75776 ----a-w- C:\Windows\System32\MSDvbNP.ax

2011-08-17 05:27:46 288256 ----a-w- C:\Windows\System32\MSNP.ax

2011-08-17 05:27:46 108032 ----a-w- C:\Windows\System32\psisrndr.ax

2011-08-17 05:27:46 104960 ----a-w- C:\Windows\System32\Mpeg2Data.ax

2011-08-17 04:26:02 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll

2011-08-17 04:22:23 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax

2011-08-17 04:22:23 72704 ----a-w- C:\Windows\SysWow64\Mpeg2Data.ax

2011-08-17 04:22:23 59904 ----a-w- C:\Windows\SysWow64\MSDvbNP.ax

2011-08-17 04:22:23 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax

2011-08-09 17:57:12 202576 ----a-w- C:\Windows\System32\drivers\eamonm.sys

2011-08-04 13:20:38 62496 ----a-w- C:\Windows\System32\drivers\epfwwfp.sys

2011-08-04 13:20:38 38288 ----a-w- C:\Windows\System32\drivers\EpfwLWF.sys

2011-08-04 13:20:38 187632 ----a-w- C:\Windows\System32\drivers\epfw.sys

2011-08-04 13:20:38 146432 ----a-w- C:\Windows\System32\drivers\ehdrv.sys

.

============= FINISH: 21:07:38.63 ===============

Here is the Attach:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 10/28/2011 9:17:23 PM

System Uptime: 10/30/2011 8:05:47 PM (1 hours ago)

.

Motherboard: PEGATRON CORPORATION | | NARRA5

Processor: AMD Sempron Processor LE-1300 | Socket AM2 | 2300/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 287 GiB total, 247.194 GiB free.

D: is FIXED (NTFS) - 11 GiB total, 1.343 GiB free.

E: is CDROM (UDF)

F: is Removable

G: is FIXED (NTFS) - 466 GiB total, 46.31 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description: Photosmart Prem C310 series

Device ID: USB\VID_03F0&PID_8F11&MI_00\6&9712CBA&0&0000

Manufacturer:

Name: Photosmart Prem C310 series

PNP Device ID: USB\VID_03F0&PID_8F11&MI_00\6&9712CBA&0&0000

Service:

.

Class GUID:

Description: Photosmart Prem C310 series

Device ID: USB\VID_03F0&PID_8F11&MI_02\6&9712CBA&0&0002

Manufacturer:

Name: Photosmart Prem C310 series

PNP Device ID: USB\VID_03F0&PID_8F11&MI_02\6&9712CBA&0&0002

Service:

.

==== System Restore Points ===================

.

RP1: 10/28/2011 9:19:31 PM - Scripted restore

RP2: 10/28/2011 9:25:33 PM - Windows Update

RP3: 10/28/2011 9:36:56 PM - Installed Microsoft Office Enterprise 2007

RP4: 10/28/2011 9:38:01 PM - Windows Update

RP5: 10/28/2011 9:53:05 PM - Windows Update

RP6: 10/28/2011 10:07:18 PM - Windows Update

RP7: 10/28/2011 10:35:32 PM - Installed Adobe Reader X (10.1.0).

RP8: 10/30/2011 1:40:48 AM - Windows Update

RP9: 10/30/2011 3:00:29 AM - Windows Update

RP10: 10/30/2011 10:51:12 AM - Installed ESET Smart Security

RP11: 10/30/2011 1:18:49 PM - Installed Diskeeper 2011.

RP12: 10/30/2011 3:46:53 PM - Installed Windows Automated Installation Kit

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

ActiveCheck component for HP Active Support Library

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Reader X (10.1.1)

Compatibility Pack for the 2007 Office system

CyberLink DVD Suite Deluxe

DirectX for Managed Code Update (Summer 2004)

DVD Menu Pack for HP MediaSmart Video

HP Advisor

HP Customer Experience Enhancements

HP Games

HP MediaSmart Demo

HP MediaSmart DVD

HP MediaSmart Music/Photo/Video

HP MediaSmart/TouchSmart Netflix

HP Odometer

HP Remote Solution

HP Setup

HP Support Assistant

HP Support Information

HP Update

HPAsset component for HP Active Support Library

Junk Mail filter update

LabelPrint

LightScribe System Software

Malwarebytes' Anti-Malware version 1.51.2.1300

Microsoft Choice Guard

Microsoft Live Search Toolbar

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Works

Movie Theme Pack for HP MediaSmart Video

Mozilla Firefox 7.0.1 (x86 en-US)

MSVCRT

Norton Online Backup

PictureMover

Power2Go

PowerDirector

Realtek High Definition Audio Driver

Recovery Manager

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Update for Outlook 2007 Junk Email Filter (KB2596560)

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

WinRAR archiver

.

==== Event Viewer Messages From Past Week ========

.

10/30/2011 7:07:24 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.

10/30/2011 6:52:48 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

10/30/2011 6:48:42 PM, Error: Application Popup [1060] - \??\C:\commy.exe\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

10/30/2011 5:53:47 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

10/30/2011 5:35:25 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

10/30/2011 5:26:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

10/30/2011 5:26:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

10/30/2011 5:26:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

10/30/2011 5:26:52 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

10/30/2011 5:26:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

10/30/2011 5:25:35 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache ehdrv MpFilter spldr Wanarpv6

10/30/2011 4:28:41 AM, Error: Service Control Manager [7022] - The Windows Search service hung on starting.

10/30/2011 4:24:41 AM, Error: Service Control Manager [7023] -

10/30/2011 4:23:53 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

10/30/2011 4:22:26 AM, Error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).

10/30/2011 4:22:26 AM, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).

10/30/2011 4:19:09 AM, Error: Service Control Manager [7043] - The Windows Modules Installer service did not shut down properly after receiving a preshutdown control.

10/30/2011 3:48:05 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB2538243).

10/30/2011 3:33:53 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft XML Core Services 4.0 Service Pack 2 for x64-based Systems (KB973688).

10/30/2011 3:27:52 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft XML Core Services 4.0 Service Pack 2 for x64-based Systems (KB954430).

10/30/2011 3:00:12 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

10/30/2011 1:30:20 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

.

==== End Of File ===========================

Share this post


Link to post
Share on other sites

Hi and welcome to Malwarebytes' Forum,

Some background information on what we're planning to do can be found HERE

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Double-click on TDSSKiller.exe to run the application, then on Start Scan.
  • Click on "Change parameters" and place a checkmark next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
    tdss_2.jpg
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
    TDSSKillerSuspicious-1.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Share this post


Link to post
Share on other sites

Thank you for the assistance. And here is the report:

14:36:34.0829 2896 TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01

14:36:35.0318 2896 ============================================================

14:36:35.0318 2896 Current date / time: 2011/10/31 14:36:35.0318

14:36:35.0318 2896 SystemInfo:

14:36:35.0318 2896

14:36:35.0318 2896 OS Version: 6.1.7600 ServicePack: 0.0

14:36:35.0318 2896 Product type: Workstation

14:36:35.0318 2896 ComputerName: JAZZARAH-PC

14:36:35.0318 2896 UserName: Jazzarah

14:36:35.0318 2896 Windows directory: C:\Windows

14:36:35.0318 2896 System windows directory: C:\Windows

14:36:35.0318 2896 Running under WOW64

14:36:35.0318 2896 Processor architecture: Intel x64

14:36:35.0318 2896 Number of processors: 1

14:36:35.0318 2896 Page size: 0x1000

14:36:35.0318 2896 Boot type: Normal boot

14:36:35.0318 2896 ============================================================

14:36:37.0226 2896 Initialize success

14:37:55.0043 3600 ============================================================

14:37:55.0043 3600 Scan started

14:37:55.0043 3600 Mode: Manual; SigCheck; TDLFS;

14:37:55.0043 3600 ============================================================

14:37:56.0941 3600 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys

14:37:59.0525 3600 1394ohci - ok

14:37:59.0624 3600 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys

14:38:00.0188 3600 ACPI - ok

14:38:00.0237 3600 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys

14:38:00.0404 3600 AcpiPmi - ok

14:38:00.0447 3600 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

14:38:00.0572 3600 adp94xx - ok

14:38:00.0613 3600 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

14:38:00.0723 3600 adpahci - ok

14:38:00.0766 3600 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

14:38:00.0833 3600 adpu320 - ok

14:38:00.0923 3600 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys

14:38:01.0086 3600 AFD - ok

14:38:01.0148 3600 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys

14:38:01.0218 3600 agp440 - ok

14:38:01.0250 3600 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys

14:38:01.0325 3600 aliide - ok

14:38:01.0341 3600 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys

14:38:01.0481 3600 amdide - ok

14:38:01.0521 3600 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

14:38:01.0786 3600 AmdK8 - ok

14:38:01.0894 3600 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

14:38:02.0078 3600 AmdPPM - ok

14:38:02.0371 3600 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys

14:38:02.0781 3600 amdsata - ok

14:38:02.0823 3600 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

14:38:03.0013 3600 amdsbs - ok

14:38:03.0885 3600 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys

14:38:03.0964 3600 amdxata - ok

14:38:04.0014 3600 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys

14:38:04.0365 3600 AppID - ok

14:38:04.0457 3600 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

14:38:04.0491 3600 arc - ok

14:38:04.0510 3600 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

14:38:04.0534 3600 arcsas - ok

14:38:04.0568 3600 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

14:38:04.0784 3600 AsyncMac - ok

14:38:04.0806 3600 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys

14:38:04.0858 3600 atapi - ok

14:38:04.0934 3600 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

14:38:05.0156 3600 b06bdrv - ok

14:38:05.0236 3600 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

14:38:05.0308 3600 b57nd60a - ok

14:38:05.0364 3600 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

14:38:05.0567 3600 Beep - ok

14:38:05.0626 3600 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

14:38:05.0783 3600 blbdrive - ok

14:38:05.0820 3600 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys

14:38:06.0056 3600 bowser - ok

14:38:06.0103 3600 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

14:38:06.0149 3600 BrFiltLo - ok

14:38:06.0170 3600 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

14:38:06.0294 3600 BrFiltUp - ok

14:38:06.0330 3600 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

14:38:06.0527 3600 Brserid - ok

14:38:06.0576 3600 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

14:38:06.0843 3600 BrSerWdm - ok

14:38:06.0920 3600 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

14:38:07.0177 3600 BrUsbMdm - ok

14:38:07.0230 3600 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

14:38:07.0433 3600 BrUsbSer - ok

14:38:07.0521 3600 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

14:38:07.0681 3600 BTHMODEM - ok

14:38:07.0736 3600 catchme - ok

14:38:07.0843 3600 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

14:38:08.0058 3600 cdfs - ok

14:38:08.0101 3600 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys

14:38:08.0314 3600 cdrom - ok

14:38:08.0375 3600 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

14:38:08.0501 3600 circlass - ok

14:38:08.0557 3600 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

14:38:08.0639 3600 CLFS - ok

14:38:08.0669 3600 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

14:38:09.0035 3600 CmBatt - ok

14:38:09.0081 3600 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys

14:38:09.0203 3600 cmdide - ok

14:38:09.0242 3600 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys

14:38:09.0327 3600 CNG - ok

14:38:09.0344 3600 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

14:38:09.0379 3600 Compbatt - ok

14:38:09.0449 3600 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys

14:38:09.0590 3600 CompositeBus - ok

14:38:09.0646 3600 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

14:38:09.0734 3600 crcdisk - ok

14:38:09.0815 3600 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys

14:38:09.0994 3600 DfsC - ok

14:38:10.0165 3600 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

14:38:10.0451 3600 discache - ok

14:38:10.0479 3600 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

14:38:10.0565 3600 Disk - ok

14:38:10.0601 3600 DKRtWrt (3e3243506251da85c8cbe9a64a366ebf) C:\Windows\system32\DRIVERS\DKRtWrt.sys

14:38:10.0934 3600 DKRtWrt - ok

14:38:11.0169 3600 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

14:38:11.0436 3600 drmkaud - ok

14:38:11.0485 3600 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys

14:38:11.0644 3600 DXGKrnl - ok

14:38:11.0707 3600 eamonm (13533557d01b88c83110d5cf749f14d7) C:\Windows\system32\DRIVERS\eamonm.sys

14:38:11.0798 3600 eamonm - ok

14:38:12.0041 3600 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

14:38:12.0404 3600 ebdrv - ok

14:38:12.0459 3600 ehdrv (e097728129e7b79bf1089d7aef42332b) C:\Windows\system32\DRIVERS\ehdrv.sys

14:38:12.0625 3600 ehdrv - ok

14:38:12.0715 3600 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

14:38:12.0888 3600 elxstor - ok

14:38:12.0953 3600 epfw (198c6fbc30bbd9632ea051203dccf204) C:\Windows\system32\DRIVERS\epfw.sys

14:38:13.0045 3600 epfw - ok

14:38:13.0085 3600 EpfwLWF (56de463f517710a8aa44eef82c35b3c9) C:\Windows\system32\DRIVERS\EpfwLWF.sys

14:38:13.0221 3600 EpfwLWF - ok

14:38:13.0257 3600 epfwwfp (710b0442bb2f99278d7b8e02a8849c11) C:\Windows\system32\DRIVERS\epfwwfp.sys

14:38:13.0435 3600 epfwwfp - ok

14:38:13.0495 3600 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys

14:38:13.0849 3600 ErrDev - ok

14:38:13.0904 3600 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

14:38:14.0220 3600 exfat - ok

14:38:14.0508 3600 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

14:38:14.0716 3600 fastfat - ok

14:38:14.0750 3600 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

14:38:15.0242 3600 fdc - ok

14:38:15.0365 3600 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

14:38:15.0464 3600 FileInfo - ok

14:38:15.0540 3600 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

14:38:15.0992 3600 Filetrace - ok

14:38:16.0009 3600 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

14:38:16.0204 3600 flpydisk - ok

14:38:16.0230 3600 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys

14:38:16.0299 3600 FltMgr - ok

14:38:16.0333 3600 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

14:38:16.0402 3600 FsDepends - ok

14:38:16.0439 3600 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

14:38:16.0556 3600 Fs_Rec - ok

14:38:16.0617 3600 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys

14:38:16.0676 3600 fvevol - ok

14:38:16.0686 3600 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

14:38:16.0868 3600 gagp30kx - ok

14:38:16.0904 3600 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

14:38:17.0076 3600 hcw85cir - ok

14:38:17.0136 3600 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys

14:38:17.0247 3600 HDAudBus - ok

14:38:17.0264 3600 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

14:38:17.0470 3600 HidBatt - ok

14:38:17.0496 3600 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

14:38:18.0349 3600 HidBth - ok

14:38:18.0410 3600 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

14:38:18.0899 3600 HidIr - ok

14:38:18.0953 3600 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys

14:38:19.0135 3600 HidUsb - ok

14:38:19.0270 3600 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys

14:38:25.0175 3600 HpSAMD - ok

14:38:25.0317 3600 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys

14:38:25.0464 3600 HTTP - ok

14:38:25.0603 3600 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys

14:38:25.0644 3600 hwpolicy - ok

14:38:25.0681 3600 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

14:38:25.0724 3600 i8042prt - ok

14:38:25.0782 3600 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys

14:38:25.0823 3600 iaStorV - ok

14:38:25.0874 3600 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

14:38:25.0896 3600 iirsp - ok

14:38:25.0982 3600 IntcAzAudAddService (ef75c94792187a143871fbb87611b0b7) C:\Windows\system32\drivers\RTKVHD64.sys

14:38:26.0334 3600 IntcAzAudAddService - ok

14:38:26.0381 3600 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys

14:38:26.0404 3600 intelide - ok

14:38:26.0427 3600 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

14:38:26.0676 3600 intelppm - ok

14:38:26.0707 3600 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys

14:38:26.0827 3600 IpFilterDriver - ok

14:38:26.0888 3600 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys

14:38:27.0086 3600 IPMIDRV - ok

14:38:27.0124 3600 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

14:38:27.0320 3600 IPNAT - ok

14:38:27.0356 3600 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

14:38:27.0533 3600 IRENUM - ok

14:38:27.0573 3600 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys

14:38:27.0604 3600 isapnp - ok

14:38:27.0643 3600 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys

14:38:27.0715 3600 iScsiPrt - ok

14:38:27.0752 3600 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

14:38:27.0805 3600 kbdclass - ok

14:38:27.0839 3600 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys

14:38:28.0003 3600 kbdhid - ok

14:38:28.0051 3600 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys

14:38:28.0090 3600 KSecDD - ok

14:38:28.0151 3600 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys

14:38:28.0179 3600 KSecPkg - ok

14:38:28.0246 3600 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

14:38:28.0408 3600 ksthunk - ok

14:38:28.0580 3600 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

14:38:28.0744 3600 lltdio - ok

14:38:28.0825 3600 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

14:38:28.0865 3600 LSI_FC - ok

14:38:28.0898 3600 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

14:38:28.0940 3600 LSI_SAS - ok

14:38:28.0962 3600 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

14:38:29.0018 3600 LSI_SAS2 - ok

14:38:29.0056 3600 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

14:38:29.0107 3600 LSI_SCSI - ok

14:38:29.0227 3600 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

14:38:29.0324 3600 luafv - ok

14:38:29.0415 3600 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys

14:38:29.0541 3600 MBAMProtector - ok

14:38:29.0608 3600 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

14:38:29.0693 3600 megasas - ok

14:38:29.0765 3600 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

14:38:29.0956 3600 MegaSR - ok

14:38:29.0994 3600 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

14:38:30.0146 3600 Modem - ok

14:38:30.0206 3600 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

14:38:30.0347 3600 monitor - ok

14:38:30.0398 3600 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

14:38:30.0434 3600 mouclass - ok

14:38:30.0460 3600 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

14:38:30.0651 3600 mouhid - ok

14:38:30.0813 3600 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys

14:38:30.0831 3600 mountmgr - ok

14:38:30.0931 3600 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys

14:38:31.0036 3600 MpFilter - ok

14:38:31.0115 3600 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys

14:38:31.0156 3600 mpio - ok

14:38:31.0190 3600 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys

14:38:31.0232 3600 MpNWMon - ok

14:38:31.0266 3600 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

14:38:31.0565 3600 mpsdrv - ok

14:38:31.0627 3600 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys

14:38:31.0725 3600 MRxDAV - ok

14:38:31.0809 3600 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys

14:38:31.0966 3600 mrxsmb - ok

14:38:32.0027 3600 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys

14:38:32.0066 3600 mrxsmb10 - ok

14:38:32.0123 3600 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys

14:38:32.0477 3600 mrxsmb20 - ok

14:38:32.0529 3600 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys

14:38:32.0589 3600 msahci - ok

14:38:32.0616 3600 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys

14:38:32.0688 3600 msdsm - ok

14:38:32.0730 3600 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

14:38:32.0863 3600 Msfs - ok

14:38:32.0911 3600 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

14:38:32.0989 3600 mshidkmdf - ok

14:38:33.0030 3600 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys

14:38:33.0081 3600 msisadrv - ok

14:38:33.0139 3600 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

14:38:33.0268 3600 MSKSSRV - ok

14:38:33.0317 3600 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

14:38:33.0443 3600 MSPCLOCK - ok

14:38:33.0491 3600 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

14:38:33.0601 3600 MSPQM - ok

14:38:33.0768 3600 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys

14:38:33.0805 3600 MsRPC - ok

14:38:33.0872 3600 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

14:38:33.0891 3600 mssmbios - ok

14:38:33.0952 3600 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

14:38:34.0117 3600 MSTEE - ok

14:38:34.0188 3600 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

14:38:34.0256 3600 MTConfig - ok

14:38:34.0301 3600 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

14:38:34.0345 3600 Mup - ok

14:38:34.0396 3600 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

14:38:35.0215 3600 NativeWifiP - ok

14:38:35.0307 3600 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys

14:38:35.0340 3600 NDIS - ok

14:38:35.0371 3600 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

14:38:35.0788 3600 NdisCap - ok

14:38:35.0815 3600 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

14:38:35.0933 3600 NdisTapi - ok

14:38:35.0999 3600 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys

14:38:36.0308 3600 Ndisuio - ok

14:38:36.0333 3600 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys

14:38:36.0561 3600 NdisWan - ok

14:38:36.0583 3600 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys

14:38:36.0745 3600 NDProxy - ok

14:38:36.0782 3600 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

14:38:36.0935 3600 NetBIOS - ok

14:38:36.0959 3600 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys

14:38:37.0497 3600 NetBT - ok

14:38:37.0580 3600 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

14:38:37.0636 3600 nfrd960 - ok

14:38:37.0676 3600 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys

14:38:37.0714 3600 NisDrv - ok

14:38:37.0749 3600 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

14:38:38.0037 3600 Npfs - ok

14:38:38.0071 3600 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

14:38:38.0234 3600 nsiproxy - ok

14:38:38.0516 3600 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys

14:38:38.0694 3600 Ntfs - ok

14:38:38.0825 3600 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

14:38:39.0076 3600 Null - ok

14:38:39.0470 3600 nvlddmkm (181b6e6f49f9f3ad05589b48e29ba167) C:\Windows\system32\DRIVERS\nvlddmkm.sys

14:38:39.0964 3600 nvlddmkm - ok

14:38:40.0034 3600 NVNET (909eedcbd365bb81027d8e742e6b3416) C:\Windows\system32\DRIVERS\nvmf6264.sys

14:38:40.0099 3600 NVNET - ok

14:38:40.0151 3600 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys

14:38:40.0221 3600 nvraid - ok

14:38:40.0258 3600 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys

14:38:40.0306 3600 nvstor - ok

14:38:40.0355 3600 nvstor64 (1e45f96342429d63dc30e0d9117da3d8) C:\Windows\system32\DRIVERS\nvstor64.sys

14:38:40.0388 3600 nvstor64 - ok

14:38:40.0443 3600 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys

14:38:40.0486 3600 nv_agp - ok

14:38:40.0512 3600 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys

14:38:40.0605 3600 ohci1394 - ok

14:38:40.0676 3600 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

14:38:40.0748 3600 Parport - ok

14:38:40.0778 3600 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys

14:38:40.0880 3600 partmgr - ok

14:38:40.0911 3600 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys

14:38:41.0049 3600 pci - ok

14:38:41.0088 3600 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys

14:38:41.0173 3600 pciide - ok

14:38:41.0271 3600 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

14:38:41.0378 3600 pcmcia - ok

14:38:41.0400 3600 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

14:38:41.0453 3600 pcw - ok

14:38:41.0502 3600 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

14:38:41.0670 3600 PEAUTH - ok

14:38:41.0869 3600 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys

14:38:42.0061 3600 PptpMiniport - ok

14:38:42.0088 3600 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

14:38:42.0199 3600 Processor - ok

14:38:42.0260 3600 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys

14:38:42.0441 3600 Psched - ok

14:38:42.0581 3600 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

14:38:42.0665 3600 ql2300 - ok

14:38:42.0703 3600 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

14:38:42.0737 3600 ql40xx - ok

14:38:42.0826 3600 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

14:38:42.0929 3600 QWAVEdrv - ok

14:38:42.0977 3600 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

14:38:43.0056 3600 RasAcd - ok

14:38:43.0138 3600 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

14:38:43.0249 3600 RasAgileVpn - ok

14:38:43.0301 3600 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys

14:38:43.0390 3600 Rasl2tp - ok

14:38:43.0420 3600 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

14:38:43.0513 3600 RasPppoe - ok

14:38:43.0548 3600 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

14:38:43.0678 3600 RasSstp - ok

14:38:43.0720 3600 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys

14:38:43.0944 3600 rdbss - ok

14:38:44.0114 3600 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

14:38:44.0240 3600 rdpbus - ok

14:38:44.0281 3600 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

14:38:44.0374 3600 RDPCDD - ok

14:38:44.0411 3600 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

14:38:44.0561 3600 RDPENCDD - ok

14:38:44.0615 3600 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

14:38:44.0720 3600 RDPREFMP - ok

14:38:44.0796 3600 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys

14:38:44.0989 3600 RDPWD - ok

14:38:45.0080 3600 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys

14:38:45.0230 3600 rdyboost - ok

14:38:45.0339 3600 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

14:38:45.0419 3600 rspndr - ok

14:38:45.0465 3600 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys

14:38:45.0529 3600 sbp2port - ok

14:38:45.0564 3600 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys

14:38:45.0672 3600 scfilter - ok

14:38:45.0766 3600 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

14:38:45.0860 3600 secdrv - ok

14:38:45.0951 3600 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

14:38:46.0000 3600 Serenum - ok

14:38:46.0037 3600 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

14:38:46.0214 3600 Serial - ok

14:38:46.0233 3600 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

14:38:46.0319 3600 sermouse - ok

14:38:46.0367 3600 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys

14:38:46.0490 3600 sffdisk - ok

14:38:46.0556 3600 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys

14:38:46.0703 3600 sffp_mmc - ok

14:38:46.0724 3600 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys

14:38:46.0788 3600 sffp_sd - ok

14:38:46.0828 3600 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

14:38:46.0893 3600 sfloppy - ok

14:38:46.0961 3600 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

14:38:47.0018 3600 SiSRaid2 - ok

14:38:47.0046 3600 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

14:38:47.0095 3600 SiSRaid4 - ok

14:38:47.0138 3600 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

14:38:47.0253 3600 Smb - ok

14:38:47.0312 3600 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

14:38:47.0363 3600 spldr - ok

14:38:47.0455 3600 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys

14:38:47.0579 3600 srv - ok

14:38:47.0619 3600 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys

14:38:47.0718 3600 srv2 - ok

14:38:47.0780 3600 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys

14:38:47.0828 3600 srvnet - ok

14:38:47.0900 3600 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

14:38:47.0927 3600 stexstor - ok

14:38:47.0975 3600 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

14:38:48.0031 3600 swenum - ok

14:38:48.0199 3600 Tcpip (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\drivers\tcpip.sys

14:38:48.0303 3600 Tcpip - ok

14:38:48.0383 3600 TCPIP6 (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\DRIVERS\tcpip.sys

14:38:48.0476 3600 TCPIP6 - ok

14:38:48.0610 3600 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys

14:38:48.0735 3600 tcpipreg - ok

14:38:48.0889 3600 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

14:38:49.0006 3600 TDPIPE - ok

14:38:49.0044 3600 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

14:38:49.0137 3600 TDTCP - ok

14:38:49.0175 3600 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys

14:38:49.0351 3600 tdx - ok

14:38:49.0438 3600 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys

14:38:49.0468 3600 TermDD - ok

14:38:49.0609 3600 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys

14:38:49.0695 3600 tssecsrv - ok

14:38:49.0753 3600 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys

14:38:49.0855 3600 tunnel - ok

14:38:49.0920 3600 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

14:38:49.0958 3600 uagp35 - ok

14:38:50.0021 3600 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys

14:38:50.0111 3600 udfs - ok

14:38:50.0316 3600 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys

14:38:50.0413 3600 uliagpkx - ok

14:38:50.0461 3600 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys

14:38:50.0566 3600 umbus - ok

14:38:50.0588 3600 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

14:38:50.0650 3600 UmPass - ok

14:38:50.0746 3600 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys

14:38:50.0911 3600 usbccgp - ok

14:38:50.0965 3600 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys

14:38:51.0007 3600 usbcir - ok

14:38:51.0057 3600 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys

14:38:51.0112 3600 usbehci - ok

14:38:51.0263 3600 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys

14:38:51.0456 3600 usbhub - ok

14:38:51.0511 3600 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\DRIVERS\usbohci.sys

14:38:52.0057 3600 usbohci - ok

14:38:52.0140 3600 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

14:38:52.0206 3600 usbprint - ok

14:38:52.0264 3600 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS

14:38:52.0366 3600 USBSTOR - ok

14:38:52.0438 3600 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys

14:38:52.0488 3600 usbuhci - ok

14:38:52.0580 3600 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys

14:38:52.0673 3600 vdrvroot - ok

14:38:52.0749 3600 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

14:38:52.0777 3600 vga - ok

14:38:52.0822 3600 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

14:38:52.0924 3600 VgaSave - ok

14:38:52.0976 3600 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys

14:38:53.0048 3600 vhdmp - ok

14:38:53.0153 3600 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys

14:38:53.0427 3600 viaide - ok

14:38:53.0480 3600 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys

14:38:53.0554 3600 volmgr - ok

14:38:53.0603 3600 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys

14:38:53.0649 3600 volmgrx - ok

14:38:53.0688 3600 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys

14:38:53.0890 3600 volsnap - ok

14:38:54.0042 3600 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

14:38:54.0126 3600 vsmraid - ok

14:38:54.0418 3600 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

14:38:55.0100 3600 vwifibus - ok

14:38:55.0442 3600 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

14:38:55.0990 3600 WacomPen - ok

14:38:56.0558 3600 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

14:38:57.0041 3600 WANARP - ok

14:38:57.0090 3600 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

14:38:57.0178 3600 Wanarpv6 - ok

14:38:57.0704 3600 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

14:38:57.0754 3600 Wd - ok

14:38:58.0006 3600 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

14:38:58.0050 3600 Wdf01000 - ok

14:38:58.0520 3600 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

14:38:58.0595 3600 WfpLwf - ok

14:38:58.0702 3600 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

14:38:58.0775 3600 WIMMount - ok

14:38:58.0996 3600 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

14:38:59.0066 3600 WmiAcpi - ok

14:38:59.0168 3600 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

14:38:59.0270 3600 ws2ifsl - ok

14:38:59.0422 3600 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys

14:38:59.0499 3600 WudfPf - ok

14:38:59.0524 3600 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys

14:38:59.0624 3600 WUDFRd - ok

14:38:59.0685 3600 MBR (0x1B8) (bd85578ed40a5b15d5d665eecbdf254e) \Device\Harddisk0\DR0

14:38:59.0806 3600 \Device\Harddisk0\DR0 - ok

14:38:59.0888 3600 Boot (0x1200) (061ab3bb7ce4fd46765194f221867f50) \Device\Harddisk0\DR0\Partition0

14:38:59.0888 3600 \Device\Harddisk0\DR0\Partition0 - ok

14:38:59.0908 3600 Boot (0x1200) (c41e248259529766ea267e13c75126bc) \Device\Harddisk0\DR0\Partition1

14:38:59.0908 3600 \Device\Harddisk0\DR0\Partition1 - ok

14:38:59.0948 3600 Boot (0x1200) (7a4a912355ee8433b96875cc5bec9f1e) \Device\Harddisk0\DR0\Partition2

14:38:59.0948 3600 \Device\Harddisk0\DR0\Partition2 - ok

14:38:59.0958 3600 ============================================================

14:38:59.0958 3600 Scan finished

14:38:59.0958 3600 ============================================================

14:39:00.0008 3168 Detected object count: 0

14:39:00.0008 3168 Actual detected object count: 0

Share this post


Link to post
Share on other sites

You're Welcome!

The TDSSKiller report is clean so we'll try this:

Download aswMBR.exe to your desktop.

Double click aswMBR.exe to run it

Click the [scan] button to start scan

On completion of the scan click [save log], save the results to your desktop and post them in your next reply.

Share this post


Link to post
Share on other sites

Alrighty

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software

Run date: 2011-10-30 20:27:11

-----------------------------

20:27:11.782 OS Version: Windows x64 6.1.7600

20:27:11.782 Number of processors: 1 586 0x7F02

20:27:11.797 ComputerName: JAZZARAH-PC UserName: Jazzarah

20:27:13.030 Initialize success

20:27:19.956 AVAST engine defs: 11103001

20:27:25.369 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000056

20:27:25.369 Disk 0 Vendor: ST332041 HP34 Size: 305245MB BusType: 3

20:27:27.507 Disk 0 MBR read successfully

20:27:27.522 Disk 0 MBR scan

20:27:27.553 Disk 0 unknown MBR code

20:27:27.631 Service scanning

20:27:28.630 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32

20:27:29.503 Modules scanning

20:27:29.503 Disk 0 trace - called modules:

20:27:29.628 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80022bb334]<<

20:27:29.628 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800229f0b0]

20:27:29.628 3 CLASSPNP.SYS[fffff8800199c43f] -> nt!IofCallDriver -> [0xfffffa8001f6fe40]

20:27:29.628 5 ACPI.sys[fffff88000f62781] -> nt!IofCallDriver -> \Device\00000056[0xfffffa8001f7e9d0]

20:27:30.065 \Driver\nvstor64[0xfffffa8001f60550] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa80022bb334

20:27:32.405 AVAST engine scan C:\Windows

20:27:50.910 AVAST engine scan C:\Windows\system32

20:31:33.680 AVAST engine scan C:\Windows\system32\drivers

20:31:49.699 AVAST engine scan C:\Users\Jazzarah

20:33:06.481 AVAST engine scan C:\ProgramData

20:33:38.336 Scan finished successfully

20:33:53.905 Disk 0 MBR has been saved successfully to "C:\Users\Jazzarah\Desktop\MBR.dat"

20:33:53.936 The log file has been saved successfully to "C:\Users\Jazzarah\Desktop\aswMBR.txt"

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software

Run date: 2011-10-31 16:52:22

-----------------------------

16:52:22.471 OS Version: Windows x64 6.1.7600

16:52:22.472 Number of processors: 1 586 0x7F02

16:52:22.473 ComputerName: JAZZARAH-PC UserName: Jazzarah

16:52:23.518 Initialize success

16:52:31.264 AVAST engine defs: 11103001

16:52:34.434 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000056

16:52:34.444 Disk 0 Vendor: ST332041 HP34 Size: 305245MB BusType: 3

16:52:36.462 Disk 0 MBR read successfully

16:52:36.462 Disk 0 MBR scan

16:52:36.519 Disk 0 unknown MBR code

16:52:36.523 Service scanning

16:52:37.148 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32

16:52:37.964 Modules scanning

16:52:37.964 Disk 0 trace - called modules:

16:52:37.984 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8002690334]<<

16:52:37.984 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002674060]

16:52:37.994 3 CLASSPNP.SYS[fffff8800194f43f] -> nt!IofCallDriver -> [0xfffffa800208dca0]

16:52:38.004 5 ACPI.sys[fffff88000f93781] -> nt!IofCallDriver -> \Device\00000056[0xfffffa800209c9c0]

16:52:38.356 \Driver\nvstor64[0xfffffa80020833b0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8002690334

16:52:40.824 AVAST engine scan C:\Windows

16:52:47.702 AVAST engine scan C:\Windows\system32

16:54:57.297 AVAST engine scan C:\Windows\system32\drivers

16:55:08.804 AVAST engine scan C:\Users\Jazzarah

16:56:05.937 AVAST engine scan C:\ProgramData

16:57:13.271 Scan finished successfully

17:12:56.022 Disk 0 MBR has been saved successfully to "C:\Users\Jazzarah\Desktop\MBR.dat"

17:12:56.069 The log file has been saved successfully to "C:\Users\Jazzarah\Desktop\aswMBR.txt"

Share this post


Link to post
Share on other sites

What kind of PC do you have (PC Manufacturer) & does it have a Recovery Partition?

Please download MBRCheck to your desktop.

1. Right-click MBRCheck.exe and select "Run as Administrator" to launch it.

2. It will open a black window, please do not fix anything (if it gives you an option).

3. Exit that window and it will produce a log (MBRCheck_date_time).

4. Please copy/paste that log into your next reply.

When you said this:

I tried the recovery disc to clean it but for some reason the recovery disc doesn't detect it.

Specifically, what disk are you refering to (ie Windows or some ResQ CD)?

Share this post


Link to post
Share on other sites

This is an HP Pavilion. The disc I was referring to was the ESET SysRescue CD. And yes this computer does have an recovery partition.

Here is the log report

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows 7 Home Premium Edition

Windows Information: (build 7600), 64-bit

Base Board Manufacturer: PEGATRON CORPORATION

BIOS Manufacturer: Phoenix Technologies, LTD

System Manufacturer: HP-Pavilion

System Product Name: AZ205AV-ABA p6300z

Logical Drives Mask: 0x0000003c

Kernel Drivers (total 186):

0x02809000 \SystemRoot\system32\ntoskrnl.exe

0x02DE5000 \SystemRoot\system32\hal.dll

0x00BBF000 \SystemRoot\system32\kdcom.dll

0x00C21000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll

0x00C2E000 \SystemRoot\system32\PSHED.dll

0x00C42000 \SystemRoot\system32\CLFS.SYS

0x00CA0000 \SystemRoot\system32\CI.dll

0x00ED5000 \SystemRoot\system32\drivers\Wdf01000.sys

0x00F79000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x00F88000 \SystemRoot\system32\DRIVERS\ACPI.sys

0x00FDF000 \SystemRoot\system32\DRIVERS\WMILIB.SYS

0x00FE8000 \SystemRoot\system32\DRIVERS\msisadrv.sys

0x00E00000 \SystemRoot\system32\DRIVERS\pci.sys

0x00E33000 \SystemRoot\system32\DRIVERS\vdrvroot.sys

0x00E40000 \SystemRoot\System32\drivers\partmgr.sys

0x00E55000 \SystemRoot\system32\DRIVERS\volmgr.sys

0x00E6A000 \SystemRoot\System32\drivers\volmgrx.sys

0x00D60000 \SystemRoot\System32\drivers\mountmgr.sys

0x00D7A000 \SystemRoot\system32\DRIVERS\nvstor64.sys

0x01098000 \SystemRoot\system32\DRIVERS\storport.sys

0x010FA000 \SystemRoot\system32\drivers\amdxata.sys

0x01105000 \SystemRoot\system32\drivers\fltmgr.sys

0x01151000 \SystemRoot\system32\drivers\fileinfo.sys

0x01215000 \SystemRoot\System32\Drivers\Ntfs.sys

0x01165000 \SystemRoot\System32\Drivers\msrpc.sys

0x013B7000 \SystemRoot\System32\Drivers\ksecdd.sys

0x01000000 \SystemRoot\System32\Drivers\cng.sys

0x013D1000 \SystemRoot\System32\drivers\pcw.sys

0x013E2000 \SystemRoot\System32\Drivers\Fs_Rec.sys

0x0145B000 \SystemRoot\system32\drivers\ndis.sys

0x0154D000 \SystemRoot\system32\drivers\NETIO.SYS

0x015AD000 \SystemRoot\System32\Drivers\ksecpkg.sys

0x01603000 \SystemRoot\System32\drivers\tcpip.sys

0x01400000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x015D8000 \SystemRoot\system32\DRIVERS\epfwwfp.sys

0x01855000 \SystemRoot\system32\DRIVERS\volsnap.sys

0x018A1000 \SystemRoot\System32\Drivers\spldr.sys

0x018A9000 \SystemRoot\System32\drivers\rdyboost.sys

0x018E3000 \SystemRoot\System32\Drivers\mup.sys

0x018F5000 \SystemRoot\System32\drivers\hwpolicy.sys

0x018FE000 \SystemRoot\System32\DRIVERS\fvevol.sys

0x01938000 \SystemRoot\system32\DRIVERS\disk.sys

0x0194E000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS

0x01800000 \SystemRoot\system32\DRIVERS\cdrom.sys

0x011C3000 \SystemRoot\system32\DRIVERS\MpFilter.sys

0x0182A000 \SystemRoot\System32\Drivers\Null.SYS

0x01833000 \SystemRoot\System32\Drivers\Beep.SYS

0x00DB9000 \SystemRoot\system32\DRIVERS\ehdrv.sys

0x0183A000 \SystemRoot\System32\drivers\vga.sys

0x01073000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x019E8000 \SystemRoot\System32\drivers\watchdog.sys

0x01848000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x015ED000 \SystemRoot\system32\drivers\rdpencdd.sys

0x015F6000 \SystemRoot\system32\drivers\rdprefmp.sys

0x0144A000 \SystemRoot\System32\Drivers\Msfs.SYS

0x013EC000 \SystemRoot\System32\Drivers\Npfs.SYS

0x00DE0000 \SystemRoot\system32\DRIVERS\tdx.sys

0x01200000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x02C81000 \SystemRoot\system32\drivers\afd.sys

0x02D0A000 \SystemRoot\System32\DRIVERS\netbt.sys

0x02D4F000 \SystemRoot\system32\DRIVERS\wfplwf.sys

0x02D58000 \SystemRoot\system32\DRIVERS\pacer.sys

0x02D7E000 \SystemRoot\system32\DRIVERS\EpfwLWF.sys

0x02D8B000 \SystemRoot\system32\DRIVERS\netbios.sys

0x02D9A000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x02DB5000 \SystemRoot\system32\DRIVERS\termdd.sys

0x02C00000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x02C51000 \SystemRoot\system32\drivers\nsiproxy.sys

0x02C5D000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0x02C68000 \SystemRoot\System32\drivers\discache.sys

0x02DC9000 \SystemRoot\System32\Drivers\dfsc.sys

0x02DE7000 \SystemRoot\system32\DRIVERS\blbdrive.sys

0x03A6F000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x03A95000 \SystemRoot\system32\DRIVERS\amdk8.sys

0x03AAC000 \SystemRoot\system32\DRIVERS\usbohci.sys

0x03AB7000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0x03B0D000 \SystemRoot\system32\DRIVERS\usbehci.sys

0x03B1E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0x03B42000 \SystemRoot\system32\DRIVERS\nvmf6264.sys

0x04893000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys

0x05391000 \SystemRoot\system32\DRIVERS\nvBridge.kmd

0x03C1B000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x03D0F000 \SystemRoot\System32\drivers\dxgmms1.sys

0x03D55000 \SystemRoot\system32\DRIVERS\CompositeBus.sys

0x03D65000 \SystemRoot\system32\DRIVERS\AgileVpn.sys

0x03D7B000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x03D9F000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x03DAB000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x03DDA000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x05393000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x03C00000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x053B4000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0x053C3000 \SystemRoot\system32\DRIVERS\mouclass.sys

0x03DF5000 \SystemRoot\system32\DRIVERS\swenum.sys

0x04800000 \SystemRoot\system32\DRIVERS\ks.sys

0x04843000 \SystemRoot\system32\DRIVERS\umbus.sys

0x03B94000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x04855000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x04016000 \SystemRoot\system32\drivers\RTKVHD64.sys

0x03A00000 \SystemRoot\system32\drivers\portcls.sys

0x0486A000 \SystemRoot\system32\drivers\drmk.sys

0x04000000 \SystemRoot\system32\drivers\ksthunk.sys

0x00080000 \SystemRoot\System32\win32k.sys

0x04006000 \SystemRoot\System32\drivers\Dxapi.sys

0x0197E000 \SystemRoot\system32\DRIVERS\udfs.sys

0x053D2000 \SystemRoot\system32\DRIVERS\monitor.sys

0x00580000 \SystemRoot\System32\TSDDD.dll

0x00610000 \SystemRoot\System32\cdd.dll

0x053E0000 \SystemRoot\System32\Drivers\crashdmp.sys

0x053EE000 \SystemRoot\System32\Drivers\dump_diskdump.sys

0x024E1000 \SystemRoot\System32\Drivers\dump_nvstor64.sys

0x02520000 \SystemRoot\System32\Drivers\dump_dumpfve.sys

0x02533000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0x02550000 \SystemRoot\system32\DRIVERS\USBD.SYS

0x02552000 \SystemRoot\system32\DRIVERS\usbprint.sys

0x0255E000 \SystemRoot\system32\drivers\USBSTOR.SYS

0x00940000 \SystemRoot\System32\ATMFD.DLL

0x02579000 \SystemRoot\system32\DRIVERS\hidusb.sys

0x02587000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0x025A0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0x025A9000 \SystemRoot\system32\DRIVERS\kbdhid.sys

0x025B7000 \SystemRoot\system32\DRIVERS\mouhid.sys

0x025C4000 \SystemRoot\system32\drivers\luafv.sys

0x02629000 \SystemRoot\system32\DRIVERS\eamonm.sys

0x0270B000 \SystemRoot\system32\drivers\WudfPf.sys

0x0272C000 \SystemRoot\system32\DRIVERS\epfw.sys

0x0275D000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x02772000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x02400000 \SystemRoot\system32\drivers\HTTP.sys

0x0278A000 \SystemRoot\system32\DRIVERS\bowser.sys

0x027A8000 \SystemRoot\System32\drivers\mpsdrv.sys

0x027C0000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0x03863000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0x038B1000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0x038D4000 \SystemRoot\system32\drivers\peauth.sys

0x0397A000 \SystemRoot\System32\Drivers\secdrv.SYS

0x03985000 \SystemRoot\System32\DRIVERS\srvnet.sys

0x039B2000 \SystemRoot\System32\drivers\tcpipreg.sys

0x044B9000 \SystemRoot\System32\DRIVERS\srv2.sys

0x04520000 \SystemRoot\System32\DRIVERS\srv.sys

0x04400000 \SystemRoot\system32\DRIVERS\nwifi.sys

0x04453000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0x04466000 \SystemRoot\system32\DRIVERS\WUDFRd.sys

0x04497000 \SystemRoot\system32\DRIVERS\DKRtWrt.sys

0x044A5000 \??\C:\Windows\system32\drivers\mbam.sys

0x045B5000 \??\C:\Users\Jazzarah\AppData\Local\Temp\aswMBR.sys

0x76CB0000 \Windows\System32\ntdll.dll

0x47DB0000 \Windows\System32\smss.exe

0xFEFD0000 \Windows\System32\apisetschema.dll

0xFF410000 \Windows\System32\autochk.exe

0xFE230000 \Windows\System32\shell32.dll

0x76E80000 \Windows\System32\normaliz.dll

0xFE150000 \Windows\System32\oleaut32.dll

0xFE020000 \Windows\System32\rpcrt4.dll

0xFDF80000 \Windows\System32\comdlg32.dll

0xFDEE0000 \Windows\System32\clbcatq.dll

0xFDEC0000 \Windows\System32\sechost.dll

0xFDE20000 \Windows\System32\msvcrt.dll

0xFDDF0000 \Windows\System32\imm32.dll

0xFDDE0000 \Windows\System32\nsi.dll

0xFDBD0000 \Windows\System32\ole32.dll

0xFDBB0000 \Windows\System32\imagehlp.dll

0x76BB0000 \Windows\System32\user32.dll

0xFD950000 \Windows\System32\iertutil.dll

0xFD840000 \Windows\System32\msctf.dll

0xFD770000 \Windows\System32\usp10.dll

0xFD590000 \Windows\System32\setupapi.dll

0xFD410000 \Windows\System32\urlmon.dll

0xFD3C0000 \Windows\System32\ws2_32.dll

0xFD290000 \Windows\System32\wininet.dll

0xFD210000 \Windows\System32\shlwapi.dll

0x76A90000 \Windows\System32\kernel32.dll

0xFD200000 \Windows\System32\lpk.dll

0xFD120000 \Windows\System32\advapi32.dll

0xFD0D0000 \Windows\System32\Wldap32.dll

0x76E70000 \Windows\System32\psapi.dll

0xFD050000 \Windows\System32\difxapi.dll

0xFCFE0000 \Windows\System32\gdi32.dll

0xFCFA0000 \Windows\System32\wintrust.dll

0xFCF80000 \Windows\System32\devobj.dll

0xFCE10000 \Windows\System32\crypt32.dll

0xFCD70000 \Windows\System32\comctl32.dll

0xFCD00000 \Windows\System32\KernelBase.dll

0xFCCC0000 \Windows\System32\cfgmgr32.dll

0xFCCB0000 \Windows\System32\msasn1.dll

0x75A00000 \Windows\SysWOW64\normaliz.dll

Processes (total 53):

0 System Idle Process

4 System

284 C:\Windows\System32\smss.exe

436 csrss.exe

480 C:\Windows\System32\wininit.exe

492 csrss.exe

540 C:\Windows\System32\services.exe

568 C:\Windows\System32\lsass.exe

576 C:\Windows\System32\lsm.exe

584 C:\Windows\System32\winlogon.exe

708 C:\Windows\System32\svchost.exe

764 C:\Windows\System32\nvvsvc.exe

792 C:\Windows\System32\svchost.exe

840 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

928 C:\Windows\System32\svchost.exe

972 C:\Windows\System32\svchost.exe

1012 C:\Windows\System32\svchost.exe

1092 C:\Windows\System32\svchost.exe

1180 C:\Windows\System32\svchost.exe

1320 C:\Windows\System32\spoolsv.exe

1360 C:\Windows\System32\svchost.exe

1464 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

1516 C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe

1552 C:\Windows\System32\svchost.exe

1584 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

2072 WUDFHost.exe

2172 C:\Windows\System32\svchost.exe

2416 C:\Windows\System32\nvvsvc.exe

2672 C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

2784 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe

2832 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

2908 C:\Windows\System32\SearchIndexer.exe

992 C:\Windows\System32\taskhost.exe

2292 C:\Windows\System32\dwm.exe

1484 C:\Windows\explorer.exe

2392 C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

1952 C:\Program Files\Microsoft Security Client\msseces.exe

1084 C:\Program Files\ESET\ESET Smart Security\egui.exe

144 C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe

2756 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

1968 C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe

1444 C:\Windows\System32\wuauclt.exe

2092 C:\Windows\System32\svchost.exe

3388 C:\Program Files\Windows Media Player\wmpnetwk.exe

3484 C:\Program Files (x86)\Mozilla Firefox\firefox.exe

3728 C:\Windows\System32\notepad.exe

2432 C:\Windows\System32\audiodg.exe

3696 C:\Program Files (x86)\Internet Explorer\iexplore.exe

816 C:\Windows\System32\SearchProtocolHost.exe

912 C:\Windows\System32\SearchFilterHost.exe

3980 C:\Users\Jazzarah\Downloads\MBRCheck.exe

3340 C:\Windows\System32\conhost.exe

1160 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)

\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000047`caa00000 (NTFS)

PhysicalDrive0 Model Number: ST3320418AS, Rev: HP34

Size Device Name MBR Status

--------------------------------------------

298 GB \\.\PhysicalDrive0 MBR Code Faked!

SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

Share this post


Link to post
Share on other sites

So far your results are inconclusive, so I have a few questions for you. TDSKiller is negative, and MBRCheck and aswmbr.exe are both show unknown code in the MBR but that could be the code that your computer OEM (HP) inserted so you have access to your Recovery Partition.

Do you have an HP Restore CD or just the Recovery Partition?

Are you experiencing browser redirection or any other symptoms of infection?

I want you to upload the following file to VirusTotal for threat analysis:

C:\Users\Jazzarah\Desktop\MBR.dat

  • Just, Click the "Choose File" option and the browse to that file location on your desktop. Open the file, and click Send File.
  • Please post back the url to the scan results if any of the scanners detected it as a threat.

Please scan with Eset's OlmarikTDL4Cleaner.exe and let me know if it found anything:

http://download.eset.com/special/EOlmarikTdl4Cleaner.exe

Can I see the ESET log file in which this TDL4 threat was detected please:

ESET Smart Security 5 detected a "Win32/Olmarik.TDL4 trojan" in the operating memory and is unable to clean it.

  • Open ESET
  • Show the Advanced Display Mode
  • Select Tools
  • Select Logs

Please create a System Repair Disk if you have not done so already:

http://windows.microsoft.com/en-US/windows7/Create-a-system-repair-disc

Share this post


Link to post
Share on other sites

And that is the thing i dont get. Everything else seems to come back clean, but my anti-virus software seems to pick it up with ease. I am experiencing redirects to other irrelevant sites, usually from search engines, to other search engines or malicious sites. The computer is running slower than it once was. Especially when trying to use internet explorer, its extremely slow and after a few minutes of use an error message comes up saying it stopped working and restarts Windows explorer. It is rendered next to useless. Thats why i'm using firefox for now. If you go back and look at the last log from mbr it showes internet explorer as a running process near the bottom, even though there was NO iexplorer window open. And it keeps coming back after i use task manager to end the process. And it would even open iexplorer on its own, without anyone ever clicking on it.

I have both the partition and win7 x64 recovery disc.

Here is the link from VirusTotal: https://www.virustotal.com/file-scan/report.html?id=f926c8bb026928980b1cde50ece3e9dec0d74cf96c932c172323cd1897aab71a-1320121488

And it appears no threat is detected from there either.

I ran ESET's Win32/OlmarikTDL4Cleaner and it says Win32/Olmarik isn't found on my system. Just to make sure i scanned with ESET Smart Security again and it still shows its there.

Here is the log, i only ran it briefly to show that it picked it up, everything else is clean:

Scan Log

Version of virus signature database: 6590 (20111031)

Date: 11/1/2011 Time: 12:57:46 AM

Scanned disks, folders and files: Operating memory;C:\Boot sector;D:\Boot sector;C:\;D:\

Operating memory - Win32/Olmarik.TDL4 trojan - unable to clean

C:\hiberfil.sys - error opening [4]

C:\pagefile.sys - error opening [4]

Scan terminated by user.

Number of scanned objects: 438

Number of threats found: 1

Number of cleaned objects: 0

Time of completion: 12:58:02 AM Total scanning time: 16 sec (00:00:16)

Notes:

[4] Object cannot be opened. It may be in use by another application or operating system.

If it is really there then it is hiding itself pretty good if you ask me.

Update:

This is a pretty confusing and frustrating rootkit. The computer seems to be running smoother now, even internet explorer, but still having site redirects. Ran another scan and smart security still shows its in the operating memory.

Here is the story:

My mom ended up clicking on a link for some free stuff. It allowed all kinds of maleware and viruses to get on here. Alot of files, programs and data were lost. I ended up using a norton recovery disc to get rid of most of them. Then found out online how to manually find and delete the last one. My aunt ended up having to wipe the drive and re-install windows. Bt it was slow and getting alot of site redirects. She used various programs to see if she could find what it was but no luck. Then I installed ESET Smart Security 5 and thats how i found out it was there.

Share this post


Link to post
Share on other sites

This is what concerns me. It is easy enough to get rid of TDL4 from the Windows Recovery Environment by running a single command that will restore your MBR (where it hides) with default Windows 7 code. However, if we do that you will lose access to your recovery partition because HP is one of the manufacturers that inserts proprietary code in the MBR so you can gain access to the Recovery Partition. Since the dedicated programs that we use to detect TDL4 are returning inconclusive results, I hesitate to have you overwrite your MBR code (in the absence of infection symptoms). Redirects are a primary symptom of TDL4 so when you tell me you are experiencing that and IE slow down, plus am instance of IE running in the background I am very suspicious as to the nature of what is causing this. To investigate further I am going to have you run Combofix.

Please Run ComboFix by following the steps provided in exactly this sequence:

Here is a tutorial that describes how to download, install and run Combofix. Please thoroughly review it before proceeding:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Very Important! BEFORE downloading Combofix, temporarily disable your antivirus and antimalware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix and even remove onboard components so it is rendered ineffective:

http://www.bleepingcomputer.com/forums/topic114351.html

Note: The above tutorial does not tell you to rename Combofix as I am about to instruct you to do in the following instructions, so make sure you complete the renaming step before launching Combofix.

Using ComboFix ->

Please download Combofix from one of these locations:

HERE or HERE

I want you to rename Combofix.exe as you download it to explorer.exe

Notes:

  • It is very important that save the newly renamed EXE file to your desktop.
  • You must rename Combofixe.exe as you download it and not after it is on your computer.
    You may have to modify your browser settings if you use Firefox, so you can rename Combofix.exe as you download it. To do that:
    • Open Firefox
    • Click Tools -> Options -> Main
    • Under the downloads section check the button that says "Always ask me where to save files".
    • Click OK

    [*]For Internet Explorer:

    • Choose to save, not open the file
    • When prompted - save the file to your desktop, and rename it iexplore.exe.

Running Combofix

In the event you already have Combofix, please delete it as this is a new version.

  • Close any open browsers and programs.
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix.
  • If Combofix asks to update, please allow it to do so. If it renames itself back to Combofix.exe - this is normal!!
  • If You are running Windows XP, and Combofix asks to install the Recovery Console, please allow it to do so or it WILL NOT perform it's normal malware removal capabilities. This is for your safety !!

To Launch Combofix

1. Double-Click the renamed Combofix.exe icon (explorer.exe) on your desktop

2. When finished, it will produce a logfile located at C:\ComboFix.txt

3. Post the contents of that log in your next reply.

Note: Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.

Please post C:\ComboFix.txt in your next reply.

If You have problems running Combofix then try running it in "Safe Mode with Networking" as follows:

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading normally, the Advanced Options Menu should appear;
  • Select the option, to run Windows in "Safe Mode with Networking", then press Enter.
  • Choose your usual account, and launch Combofix as directed above.

=============

NOTE: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Share this post


Link to post
Share on other sites

Ok here it is:

ComboFix 11-11-01.03 - Jazzarah 11/01/2011 12:49:31.2.1 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1790.919 [GMT -4:00]

Running from: c:\users\Jazzarah\Desktop\ComboFix.exe

AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}

SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

c:\users\Jazzarah\Desktop\Internet Explorer.lnk

c:\windows\msxml4-KB954430-enu.LOG

c:\windows\msxml4-KB973688-enu.LOG

G:\Autorun.inf

.

.

((((((((((((((((((((((((( Files Created from 2011-10-01 to 2011-11-01 )))))))))))))))))))))))))))))))

.

.

2011-11-01 17:33 . 2011-11-01 17:33 -------- d-----w- C:\Diskeeper

2011-11-01 17:20 . 2011-11-01 17:20 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-11-01 11:07 . 2011-11-01 11:07 -------- d-----w- c:\program files (x86)\MSXML 4.0

2011-11-01 06:29 . 2011-11-01 17:23 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8BE08519-168F-4FD3-A14D-B7727555C5FA}\offreg.dll

2011-11-01 06:28 . 2011-10-07 01:16 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8BE08519-168F-4FD3-A14D-B7727555C5FA}\mpengine.dll

2011-10-30 21:27 . 2011-10-30 21:27 -------- d-----w- c:\programdata\PC Tools

2011-10-30 19:50 . 2011-10-30 19:50 -------- d-----w- c:\program files\Windows Imaging

2011-10-30 19:48 . 2011-10-30 19:51 -------- d-----w- c:\program files\Windows AIK

2011-10-30 19:12 . 2011-03-25 03:23 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys

2011-10-30 19:12 . 2011-03-25 03:23 324608 ----a-w- c:\windows\system32\drivers\usbport.sys

2011-10-30 19:12 . 2011-03-25 03:22 52224 ----a-w- c:\windows\system32\drivers\usbehci.sys

2011-10-30 19:12 . 2011-03-25 03:23 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2011-10-30 19:12 . 2011-03-25 03:22 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys

2011-10-30 19:12 . 2011-03-25 03:22 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2011-10-30 19:12 . 2011-03-25 03:22 7936 ----a-w- c:\windows\system32\drivers\usbd.sys

2011-10-30 19:11 . 2011-03-11 06:23 1657216 ----a-w- c:\windows\system32\drivers\ntfs.sys

2011-10-30 19:11 . 2011-03-11 06:18 2566144 ----a-w- c:\windows\system32\esent.dll

2011-10-30 19:11 . 2011-03-11 06:23 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys

2011-10-30 19:11 . 2011-03-11 06:23 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys

2011-10-30 19:11 . 2011-03-11 06:22 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys

2011-10-30 19:11 . 2011-03-11 06:23 187264 ----a-w- c:\windows\system32\drivers\storport.sys

2011-10-30 19:11 . 2011-03-11 06:23 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys

2011-10-30 19:11 . 2011-03-11 06:22 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys

2011-10-30 19:11 . 2011-03-11 05:39 1686016 ----a-w- c:\windows\SysWow64\esent.dll

2011-10-30 19:11 . 2011-03-11 06:15 96768 ----a-w- c:\windows\system32\fsutil.exe

2011-10-30 19:11 . 2011-03-11 05:37 74240 ----a-w- c:\windows\SysWow64\fsutil.exe

2011-10-30 17:19 . 2011-10-30 17:19 -------- dc----w- c:\windows\system32\DRVSTORE

2011-10-30 17:19 . 2011-06-13 21:22 44624 ----a-w- c:\windows\system32\drivers\DKRtWrt.sys

2011-10-30 17:19 . 2011-10-30 17:19 -------- d-----w- c:\programdata\Diskeeper Corporation

2011-10-30 17:19 . 2011-10-30 17:19 -------- d-----w- c:\program files\Common Files\Diskeeper Corporation

2011-10-30 17:19 . 2011-10-30 17:19 -------- d-----w- c:\program files\Diskeeper Corporation

2011-10-30 14:53 . 2011-10-30 14:53 -------- d-----w- c:\program files\ESET

2011-10-30 08:21 . 2011-10-30 08:21 -------- d-----w- c:\windows\SysWow64\Wat

2011-10-30 08:21 . 2011-10-30 08:21 -------- d-----w- c:\windows\system32\Wat

2011-10-30 07:56 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll

2011-10-30 07:56 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll

2011-10-30 07:21 . 2009-11-25 16:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll

2011-10-30 07:21 . 2009-11-25 16:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll

2011-10-30 07:21 . 2009-11-25 16:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll

2011-10-30 07:21 . 2009-11-25 16:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe

2011-10-30 07:21 . 2009-11-25 16:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll

2011-10-30 07:21 . 2009-11-25 16:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2011-10-30 07:21 . 2009-11-25 16:47 48960 ----a-w- c:\windows\system32\netfxperf.dll

2011-10-30 07:21 . 2009-11-25 16:47 444752 ----a-w- c:\windows\system32\mscoree.dll

2011-10-30 07:21 . 2009-11-25 16:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe

2011-10-30 07:21 . 2009-11-25 16:47 1942856 ----a-w- c:\windows\system32\dfshim.dll

2011-10-30 07:01 . 2011-10-30 07:01 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help

2011-10-30 07:00 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys

2011-10-29 14:09 . 2011-07-09 05:14 2048 ----a-w- c:\windows\system32\tzres.dll

2011-10-29 14:09 . 2011-07-09 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2011-10-29 14:04 . 2010-12-18 06:11 714752 ----a-w- c:\windows\system32\kerberos.dll

2011-10-29 14:04 . 2010-12-18 05:29 541184 ----a-w- c:\windows\SysWow64\kerberos.dll

2011-10-29 14:01 . 2010-06-29 05:02 1413632 ----a-w- c:\windows\SysWow64\ole32.dll

2011-10-29 14:00 . 2011-05-04 05:28 2228224 ----a-w- c:\windows\system32\mssrch.dll

2011-10-29 13:59 . 2010-01-19 09:05 422912 ----a-w- c:\windows\system32\secproc_isv.dll

2011-10-29 13:58 . 2010-10-27 05:16 1739176 ----a-w- c:\windows\system32\ntdll.dll

2011-10-29 13:58 . 2010-10-27 04:40 1293120 ----a-w- c:\windows\SysWow64\ntdll.dll

2011-10-29 13:58 . 2010-08-04 07:07 552960 ----a-w- c:\windows\system32\msdri.dll

2011-10-29 13:58 . 2010-08-21 06:38 1024512 ----a-w- c:\windows\system32\wmpmde.dll

2011-10-29 13:58 . 2010-08-21 05:36 738816 ----a-w- c:\windows\SysWow64\wmpmde.dll

2011-10-29 13:58 . 2011-09-06 03:07 3134976 ----a-w- c:\windows\system32\win32k.sys

2011-10-29 13:56 . 2011-04-29 03:13 461312 ----a-w- c:\windows\system32\drivers\srv.sys

2011-10-29 13:55 . 2010-11-02 05:12 320512 ----a-w- c:\windows\system32\d3d10_1core.dll

2011-10-29 13:54 . 2010-12-21 06:13 2003968 ----a-w- c:\windows\system32\msxml6.dll

2011-10-29 13:53 . 2009-10-28 06:24 389632 ----a-w- c:\windows\system32\winlogon.exe

2011-10-29 13:52 . 2010-06-19 06:53 52224 ----a-w- c:\windows\system32\rtutils.dll

2011-10-29 13:52 . 2010-06-19 06:23 37376 ----a-w- c:\windows\SysWow64\rtutils.dll

2011-10-29 13:52 . 2011-03-11 06:19 1359872 ----a-w- c:\windows\system32\mfc42u.dll

2011-10-29 13:52 . 2011-03-11 06:19 1395712 ----a-w- c:\windows\system32\mfc42.dll

2011-10-29 13:52 . 2011-03-11 05:40 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll

2011-10-29 13:52 . 2011-03-11 05:40 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll

2011-10-29 13:49 . 2010-11-02 05:12 1837568 ----a-w- c:\windows\system32\d3d10warp.dll

2011-10-29 13:48 . 2010-10-16 05:19 395776 ----a-w- c:\windows\system32\webio.dll

2011-10-29 13:48 . 2010-10-16 04:36 314368 ----a-w- c:\windows\SysWow64\webio.dll

2011-10-29 13:45 . 2010-09-01 05:14 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe

2011-10-29 13:45 . 2010-09-01 04:26 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe

2011-10-29 13:45 . 2010-09-01 05:12 12625920 ----a-w- c:\windows\system32\wmploc.DLL

2011-10-29 13:45 . 2010-09-01 04:23 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL

2011-10-29 13:45 . 2011-02-18 06:33 31232 ----a-w- c:\windows\system32\prevhost.exe

2011-10-29 13:45 . 2011-02-18 05:33 31232 ----a-w- c:\windows\SysWow64\prevhost.exe

2011-10-29 13:45 . 2011-02-12 06:14 267776 ----a-w- c:\windows\system32\FXSCOVER.exe

2011-10-29 13:45 . 2011-05-03 05:21 976896 ----a-w- c:\windows\system32\inetcomm.dll

2011-10-29 13:45 . 2011-05-03 04:50 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll

2011-10-29 13:40 . 2010-10-16 05:23 112000 ----a-w- c:\windows\system32\consent.exe

2011-10-29 13:39 . 2011-02-23 05:15 90624 ----a-w- c:\windows\system32\drivers\bowser.sys

2011-10-29 13:34 . 2011-08-27 05:40 861184 ----a-w- c:\windows\system32\oleaut32.dll

2011-10-29 13:34 . 2011-08-27 05:40 331776 ----a-w- c:\windows\system32\oleacc.dll

2011-10-29 13:34 . 2011-08-27 04:43 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll

2011-10-29 13:34 . 2011-08-27 04:43 233472 ----a-w- c:\windows\SysWow64\oleacc.dll

2011-10-29 13:33 . 2010-10-16 05:17 720896 ----a-w- c:\windows\system32\odbc32.dll

2011-10-29 13:33 . 2010-10-16 04:34 573440 ----a-w- c:\windows\SysWow64\odbc32.dll

2011-10-29 13:33 . 2010-10-16 05:16 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll

2011-10-29 13:33 . 2010-10-16 05:16 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll

2011-10-29 13:33 . 2010-10-16 05:16 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll

2011-10-29 13:33 . 2010-10-16 05:16 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll

2011-10-29 13:33 . 2010-10-16 04:33 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll

2011-10-29 13:33 . 2010-10-16 04:33 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll

2011-10-29 13:33 . 2010-10-16 04:33 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll

2011-10-29 13:33 . 2010-10-16 04:33 208896 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll

2011-10-29 13:13 . 2010-08-27 06:14 236032 ----a-w- c:\windows\system32\srvsvc.dll

2011-10-29 13:13 . 2010-08-27 05:46 9728 ----a-w- c:\windows\SysWow64\sscore.dll

2011-10-29 13:12 . 2011-06-23 05:29 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-10-29 13:12 . 2011-06-23 04:38 3957120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2011-10-29 13:12 . 2011-06-23 04:38 3902336 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2011-10-29 05:07 . 2011-10-29 05:07 -------- d-----w- c:\programdata\Recovery

2011-10-29 03:58 . 2011-10-29 03:58 -------- d-----w- c:\programdata\Kaspersky Lab

2011-10-29 03:41 . 2011-10-29 03:41 -------- d-----w- c:\programdata\Malwarebytes

2011-10-29 03:41 . 2011-10-29 03:42 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-10-29 03:41 . 2011-08-31 21:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-29 02:36 . 2011-10-29 02:37 -------- d-----w- c:\program files (x86)\Common Files\Adobe

2011-10-29 02:19 . 2011-10-29 02:19 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR

2011-10-29 02:13 . 2011-10-07 01:16 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-10-29 02:09 . 2011-10-29 02:08 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4F27C297-953F-4CA0-A9B0-8A8FA371B6A8}\gapaengine.dll

2011-10-29 01:54 . 2011-10-29 01:54 -------- d-----w- c:\program files (x86)\Microsoft Security Client

2011-10-29 01:53 . 2011-10-29 01:55 -------- d-----w- c:\program files\Microsoft Security Client

2011-10-29 01:53 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys

2011-10-29 01:46 . 2011-10-29 01:46 -------- d-----w- c:\program files (x86)\Microsoft.NET

2011-10-29 01:42 . 2011-10-29 01:42 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8

2011-10-29 01:41 . 2011-10-31 07:15 -------- d-----w- c:\programdata\Microsoft Help

2011-10-29 01:39 . 2011-10-18 06:27 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F440A80E-0CEC-44D6-8E1F-7F8CBB78624C}\mpengine.dll

2011-10-29 01:39 . 2010-10-19 20:51 270720 ------w- c:\windows\system32\MpSigStub.exe

2011-10-29 01:37 . 2011-10-29 01:37 -------- d-----r- C:\MSOCache

2011-10-29 01:25 . 2009-12-29 08:03 220672 ----a-w- c:\windows\system32\wintrust.dll

2011-10-29 01:25 . 2009-12-29 06:55 172032 ----a-w- c:\windows\SysWow64\wintrust.dll

2011-10-29 01:25 . 2010-01-09 07:19 139264 ----a-w- c:\windows\system32\cabview.dll

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-09 17:57 . 2011-08-09 17:57 202576 ----a-w- c:\windows\system32\drivers\eamonm.sys

2011-08-04 13:20 . 2011-08-04 13:20 62496 ----a-w- c:\windows\system32\drivers\epfwwfp.sys

2011-08-04 13:20 . 2011-08-04 13:20 38288 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys

2011-08-04 13:20 . 2011-08-04 13:20 187632 ----a-w- c:\windows\system32\drivers\epfw.sys

2011-08-04 13:20 . 2011-08-04 13:20 146432 ----a-w- c:\windows\system32\drivers\ehdrv.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2011-10-30_22.56.10 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-14 05:10 . 2011-10-31 00:07 35268 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

- 2009-07-14 05:30 . 2011-10-30 14:54 86016 c:\windows\system32\DriverStore\infpub.dat

+ 2009-07-14 05:30 . 2011-10-31 07:31 86016 c:\windows\system32\DriverStore\infpub.dat

+ 2011-10-30 19:11 . 2011-03-11 04:31 91136 c:\windows\system32\DriverStore\FileRepository\usbstor.inf_amd64_neutral_dd8b7470ecdd8b8b\USBSTOR.SYS

+ 2011-10-30 19:12 . 2011-03-25 03:22 30720 c:\windows\system32\DriverStore\FileRepository\usbport.inf_amd64_neutral_36529aeb1510bb0c\usbuhci.sys

+ 2011-10-30 19:12 . 2011-03-25 03:22 25600 c:\windows\system32\DriverStore\FileRepository\usbport.inf_amd64_neutral_36529aeb1510bb0c\usbohci.sys

+ 2011-10-30 19:12 . 2011-03-25 03:22 52224 c:\windows\system32\DriverStore\FileRepository\usbport.inf_amd64_neutral_36529aeb1510bb0c\usbehci.sys

+ 2011-10-30 19:12 . 2011-03-25 03:23 98816 c:\windows\system32\DriverStore\FileRepository\usb.inf_amd64_neutral_d378b476be3d939d\usbccgp.sys

+ 2011-10-30 19:12 . 2011-04-28 03:58 80384 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_6c7b4ac630551f33\BTHUSB.SYS

+ 2009-07-14 00:06 . 2009-07-14 00:06 41984 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_6c7b4ac630551f33\bthenum.sys

+ 2011-10-30 19:11 . 2011-03-11 06:22 27008 c:\windows\system32\DriverStore\FileRepository\amdsata.inf_amd64_neutral_66a166f5508d8f1c\amdxata.sys

+ 2011-10-30 19:11 . 2011-03-11 04:31 91136 c:\windows\system32\drivers\USBSTOR.SYS

+ 2011-10-29 05:11 . 2011-11-01 17:25 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-10-29 05:11 . 2011-10-30 21:55 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-10-29 05:11 . 2011-11-01 17:25 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2011-10-29 05:11 . 2011-10-30 21:55 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2011-11-01 17:25 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2011-10-30 21:55 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-10-29 05:15 . 2011-11-01 17:23 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-10-29 05:15 . 2011-10-30 22:54 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:46 . 2011-11-01 17:26 78512 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

- 2011-10-29 05:15 . 2011-10-30 22:54 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2011-10-29 05:15 . 2011-11-01 17:23 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2011-10-29 05:15 . 2011-11-01 17:23 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-10-29 05:15 . 2011-10-30 22:54 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-10-29 01:22 . 2011-10-30 22:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-10-29 01:22 . 2011-11-01 17:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-10-29 01:22 . 2011-10-30 22:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-10-29 01:22 . 2011-11-01 17:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-11-01 11:08 . 2011-11-01 11:08 32768 c:\windows\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}\icon.exe

- 2011-10-30 07:35 . 2011-10-30 07:35 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe

+ 2011-10-31 07:15 . 2011-10-31 07:15 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe

+ 2011-10-29 01:50 . 2011-10-31 07:15 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe

- 2011-10-29 01:50 . 2011-10-30 07:17 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe

- 2011-10-29 01:50 . 2011-10-30 07:17 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe

+ 2011-10-29 01:50 . 2011-10-31 07:15 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe

- 2011-10-29 01:50 . 2011-10-30 07:17 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe

+ 2011-10-29 01:50 . 2011-10-31 07:15 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe

- 2011-10-30 07:21 . 2011-10-30 07:21 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe

+ 2011-10-31 07:15 . 2011-10-31 07:15 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe

+ 2011-11-01 11:07 . 2011-11-01 11:07 32768 c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe

+ 2009-03-04 21:24 . 2009-03-04 21:24 54088 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\SCANOST.EXE

+ 2009-03-04 21:24 . 2009-03-04 21:24 75608 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\RM.DLL

+ 2009-03-04 21:24 . 2009-03-04 21:24 38240 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\RECALL.DLL

+ 2009-01-07 01:31 . 2009-01-07 01:31 48512 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\PUBTRAP.DLL

+ 2009-03-04 21:24 . 2009-03-04 21:24 52072 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OUTLVBA.DLL

+ 2008-10-25 12:18 . 2008-10-25 12:18 72568 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ONFILTER.DLL

+ 2008-10-25 12:18 . 2008-10-25 12:18 98696 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ONENOTEM.EXE

+ 2009-03-04 21:24 . 2009-03-04 21:24 34192 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\DUMPSTER.DLL

+ 2009-03-04 21:24 . 2009-03-04 21:24 87392 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\DLGSETP.DLL

+ 2006-10-27 02:58 . 2006-10-27 02:58 33080 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\VPREVIEW.EXE

+ 2011-10-31 07:32 . 2011-10-31 07:32 3886 c:\windows\system32\wdi\ERCQueuedResolutions.dat

+ 2011-10-29 01:20 . 2011-10-31 00:07 3360 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3874856960-2651343199-2381090643-1000_UserData.bin

+ 2011-10-30 19:12 . 2011-03-25 03:22 7936 c:\windows\system32\DriverStore\FileRepository\usbport.inf_amd64_neutral_36529aeb1510bb0c\usbd.sys

+ 2011-11-01 17:23 . 2011-11-01 17:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-10-30 22:54 . 2011-10-30 22:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-11-01 17:23 . 2011-11-01 17:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-10-30 22:54 . 2011-10-30 22:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-10-29 12:49 . 2011-11-01 17:16 182336 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin

+ 2009-07-14 02:36 . 2011-11-01 17:30 617222 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2011-10-30 21:57 617222 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2011-10-30 21:57 104496 c:\windows\system32\perfc009.dat

+ 2009-07-14 02:36 . 2011-11-01 17:30 104496 c:\windows\system32\perfc009.dat

+ 2009-07-14 05:30 . 2011-10-31 07:31 143360 c:\windows\system32\DriverStore\infstrng.dat

- 2009-07-14 05:30 . 2011-10-30 14:54 143360 c:\windows\system32\DriverStore\infstrng.dat

+ 2009-07-14 05:30 . 2011-10-31 07:31 143360 c:\windows\system32\DriverStore\infstor.dat

- 2009-07-14 05:30 . 2011-10-30 14:54 143360 c:\windows\system32\DriverStore\infstor.dat

+ 2011-10-30 19:12 . 2011-03-25 03:23 324608 c:\windows\system32\DriverStore\FileRepository\usbport.inf_amd64_neutral_36529aeb1510bb0c\usbport.sys

+ 2011-10-30 19:12 . 2011-03-25 03:23 343040 c:\windows\system32\DriverStore\FileRepository\usbport.inf_amd64_neutral_36529aeb1510bb0c\usbhub.sys

+ 2011-10-30 19:12 . 2011-03-25 03:23 343040 c:\windows\system32\DriverStore\FileRepository\usb.inf_amd64_neutral_d378b476be3d939d\usbhub.sys

+ 2011-10-30 19:11 . 2011-03-11 06:23 166272 c:\windows\system32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys

+ 2011-10-30 19:11 . 2011-03-11 06:23 148352 c:\windows\system32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvraid.sys

+ 2011-10-30 19:11 . 2011-03-11 06:23 410496 c:\windows\system32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys

+ 2009-07-14 00:06 . 2009-07-14 01:39 229376 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_6c7b4ac630551f33\fsquirt.exe

+ 2011-10-30 19:12 . 2011-04-28 03:58 552448 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_6c7b4ac630551f33\bthport.sys

+ 2011-10-30 19:11 . 2011-03-11 06:22 107904 c:\windows\system32\DriverStore\FileRepository\amdsata.inf_amd64_neutral_66a166f5508d8f1c\amdsata.sys

+ 2009-07-14 05:31 . 2011-10-31 07:31 399360 c:\windows\system32\DriverStore\drvindex.dat

- 2009-07-14 05:31 . 2011-10-30 08:21 399360 c:\windows\system32\DriverStore\drvindex.dat

- 2009-07-14 05:01 . 2011-10-30 22:53 399624 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2011-11-01 17:22 399624 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2011-10-30 08:19 . 2011-10-30 22:53 400392 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3874856960-2651343199-2381090643-1000-8192.dat

+ 2011-10-30 08:19 . 2011-11-01 17:22 400392 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3874856960-2651343199-2381090643-1000-8192.dat

+ 2011-04-19 08:54 . 2011-04-19 08:54 227328 c:\windows\Installer\5e8a5ca.msi

+ 2011-04-19 08:21 . 2011-04-19 08:21 235520 c:\windows\Installer\5e8a5c3.msi

+ 2011-03-18 00:03 . 2011-03-18 00:03 308736 c:\windows\Installer\17c3bd2.msp

+ 2010-08-04 19:13 . 2010-08-04 19:13 686080 c:\windows\Installer\17c3ab7.msp

+ 2009-05-26 22:53 . 2009-05-26 22:53 579072 c:\windows\Installer\17c399e.msp

+ 2010-07-23 05:03 . 2010-07-23 05:03 338432 c:\windows\Installer\17c3971.msp

- 2011-10-29 01:50 . 2011-10-30 07:17 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe

+ 2011-10-29 01:50 . 2011-10-31 07:15 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe

- 2011-10-29 01:50 . 2011-10-30 07:17 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe

+ 2011-10-29 01:50 . 2011-10-31 07:15 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe

+ 2011-10-29 01:50 . 2011-10-31 07:15 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe

- 2011-10-29 01:50 . 2011-10-30 07:17 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe

- 2011-10-29 01:50 . 2011-10-30 07:17 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe

+ 2011-10-29 01:50 . 2011-10-31 07:15 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe

+ 2011-10-29 01:50 . 2011-10-31 07:15 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe

- 2011-10-29 01:50 . 2011-10-30 07:17 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe

- 2011-10-29 01:50 . 2011-10-30 07:17 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe

+ 2011-10-29 01:50 . 2011-10-31 07:15 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe

- 2011-10-29 01:50 . 2011-10-30 07:17 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe

+ 2011-10-29 01:50 . 2011-10-31 07:15 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe

+ 2009-04-03 22:11 . 2009-04-03 22:11 408424 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\WINWORD.EXE

+ 2009-03-06 06:37 . 2009-03-06 06:37 501640 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\SOA.DLL

+ 2009-03-04 21:24 . 2009-03-04 21:24 282032 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\SCNPST64.DLL

+ 2009-03-04 21:24 . 2009-03-04 21:24 273320 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\SCNPST32.DLL

+ 2009-03-06 06:06 . 2009-03-06 06:06 407904 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\RTFHTML.DLL

+ 2009-03-06 08:26 . 2009-03-06 08:26 770464 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\REGFORM.EXE

+ 2009-03-06 07:41 . 2009-03-06 07:41 589704 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\PUBCONV.DLL

+ 2009-01-08 14:59 . 2009-01-08 14:59 624520 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\PTXT9.DLL

+ 2009-03-04 21:24 . 2009-03-04 21:24 420696 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\PSTPRX32.DLL

+ 2008-10-25 10:21 . 2008-10-25 10:21 136072 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\PRTF9.DLL

+ 2011-10-30 07:12 . 2011-10-30 07:12 350064 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\PPTPIA.DLL

+ 2009-04-03 22:04 . 2009-04-03 22:04 521064 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\POWERPNT.EXE

+ 2008-11-21 04:49 . 2008-11-21 04:49 169360 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OUTLPH.DLL

+ 2009-03-06 06:05 . 2009-03-06 06:05 593288 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OUTLMIME.DLL

+ 2008-10-31 01:24 . 2008-10-31 01:24 137552 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OUTLCTL.DLL

+ 2008-10-25 11:52 . 2008-10-25 11:52 664968 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ONBTTNOL.DLL

+ 2008-10-25 11:52 . 2008-10-25 11:52 604056 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ONBTTNIE.DLL

+ 2009-03-06 08:55 . 2009-03-06 08:55 194448 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OMSXP32.DLL

+ 2009-03-06 08:55 . 2009-03-06 08:55 661888 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OMSMAIN.DLL

+ 2009-03-04 21:24 . 2009-03-04 21:24 253808 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OLKFSTUB.DLL

+ 2008-11-04 08:13 . 2008-11-04 08:13 118128 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSCONV97.DLL

+ 2009-03-04 21:24 . 2009-03-04 21:24 340304 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MIMEDIR.DLL

+ 2011-10-30 07:12 . 2011-10-30 07:12 118176 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\IPOMINT.DLL

+ 2008-10-25 13:27 . 2008-10-25 13:27 177040 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\IPOLK.DLL

+ 2009-03-04 21:24 . 2009-03-04 21:24 138072 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\IMPMAIL.DLL

+ 2009-02-14 10:04 . 2009-02-14 10:04 625520 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVEWEBSERVICES.DLL

+ 2009-02-12 19:19 . 2009-02-12 19:19 688512 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVEWEBPLATFORMSERVICES.DLL

+ 2009-03-06 08:33 . 2009-03-06 08:33 961888 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVEUTIL.DLL

+ 2009-02-14 10:03 . 2009-02-14 10:03 337264 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVE.EXE

+ 2008-11-21 04:48 . 2008-11-21 04:48 116600 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\EMABLT32.DLL

+ 2009-03-06 06:05 . 2009-03-06 06:05 127336 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\CONTAB32.DLL

+ 2008-10-26 10:26 . 2008-10-26 10:26 162680 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ACCWIZ.DLL

+ 2011-10-31 07:08 . 2011-10-31 07:08 117144 c:\windows\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.Interop.dll

+ 2011-10-31 07:09 . 2011-10-31 07:09 350064 c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll

- 2011-10-30 07:12 . 2011-10-30 07:12 350064 c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll

+ 2011-10-30 08:52 . 2011-03-04 06:17 135168 c:\windows\AppPatch\AppPatch64\AcXtrnal.dll

- 2011-10-29 13:49 . 2010-09-10 05:35 135168 c:\windows\AppPatch\AppPatch64\AcXtrnal.dll

- 2011-10-29 13:49 . 2010-09-10 05:35 347648 c:\windows\AppPatch\AppPatch64\AcLayers.dll

+ 2011-10-30 08:52 . 2011-03-04 06:17 347648 c:\windows\AppPatch\AppPatch64\AcLayers.dll

+ 2009-07-21 04:05 . 2009-07-21 04:05 1348432 c:\windows\SysWOW64\msxml4.dll

+ 2009-08-18 03:33 . 2009-08-18 03:33 1193832 c:\windows\SysWOW64\FM20.DLL

+ 2009-07-14 04:45 . 2011-11-01 17:25 3801160 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

- 2009-07-14 04:45 . 2011-10-30 10:24 3801160 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

+ 2009-07-21 04:29 . 2009-07-21 04:29 6057984 c:\windows\Installer\5e8a5bc.msi

+ 2008-10-01 01:07 . 2008-10-01 01:07 6042112 c:\windows\Installer\5e8a5b5.msi

+ 2011-08-10 21:43 . 2011-08-10 21:43 3795968 c:\windows\Installer\17c3ba0.msp

+ 2011-04-29 16:28 . 2011-04-29 16:28 1995264 c:\windows\Installer\17c3b7b.msp

+ 2010-10-21 22:10 . 2010-10-21 22:10 3995136 c:\windows\Installer\17c3b6b.msp

+ 2011-09-07 01:46 . 2011-09-07 01:46 9006080 c:\windows\Installer\17c3b50.msp

+ 2011-06-21 15:59 . 2011-06-21 15:59 1764352 c:\windows\Installer\17c3b39.msp

+ 2010-02-21 05:03 . 2010-02-21 05:03 4472832 c:\windows\Installer\17c3b1e.msp

+ 2010-08-13 22:02 . 2010-08-13 22:02 2545664 c:\windows\Installer\17c3ae5.msp

+ 2011-08-10 21:42 . 2011-08-10 21:42 7070208 c:\windows\Installer\17c3ac7.msp

+ 2011-04-29 16:27 . 2011-04-29 16:27 4158464 c:\windows\Installer\17c3aa0.msp

+ 2010-08-13 22:00 . 2010-08-13 22:00 9404928 c:\windows\Installer\17c3a78.msp

+ 2009-08-05 11:49 . 2009-08-05 11:49 3457024 c:\windows\Installer\17c3a5f.msp

+ 2010-03-24 22:54 . 2010-03-24 22:54 3126272 c:\windows\Installer\17c3a45.msp

+ 2010-03-24 22:54 . 2010-03-24 22:54 2516992 c:\windows\Installer\17c3a44.msp

+ 2009-07-27 08:31 . 2009-07-27 08:31 3738624 c:\windows\Installer\17c39fe.msp

+ 2010-05-20 23:57 . 2010-05-20 23:57 4989952 c:\windows\Installer\17c39f4.msp

+ 2010-05-20 23:57 . 2010-05-20 23:57 5907456 c:\windows\Installer\17c39f3.msp

+ 2011-09-07 01:48 . 2011-09-07 01:48 8181248 c:\windows\Installer\17c39be.msp

+ 2009-10-16 11:08 . 2009-10-16 11:08 2237952 c:\windows\Installer\17c39b5.msp

+ 2009-08-18 17:08 . 2009-08-18 17:08 1373696 c:\windows\Installer\17c3988.msp

+ 2010-08-04 19:12 . 2010-08-04 19:12 1004544 c:\windows\Installer\17c395a.msp

+ 2011-07-27 11:39 . 2011-07-27 11:39 9892352 c:\windows\Installer\17c3911.msp

+ 2010-11-21 03:33 . 2010-11-21 03:33 1980928 c:\windows\Installer\17c3901.msp

+ 2011-04-16 04:14 . 2011-04-16 04:14 3186176 c:\windows\Installer\17c38eb.msi

+ 2011-04-29 16:30 . 2011-04-29 16:30 1197056 c:\windows\Installer\17c38dd.msp

- 2011-10-29 01:50 . 2011-10-30 07:17 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe

+ 2011-10-29 01:50 . 2011-10-31 07:15 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe

- 2011-10-29 01:50 . 2011-10-30 07:17 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe

+ 2011-10-29 01:50 . 2011-10-31 07:15 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe

+ 2008-11-21 07:12 . 2008-11-21 07:12 3750256 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\VVIEWER.DLL

+ 2008-10-25 13:35 . 2008-10-25 13:35 1847160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\VVIEWDWG.DLL

+ 2008-08-26 02:50 . 2008-08-26 02:50 2585592 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\VBE6.DLL

+ 2008-11-10 06:41 . 2008-11-10 06:41 2014584 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\PPTVIEW.EXE

+ 2009-04-03 22:04 . 2009-04-03 22:04 8468840 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\PPCORE.DLL

+ 2009-03-06 08:00 . 2009-03-06 08:00 6596472 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ONMAIN.DLL

+ 2008-11-10 14:49 . 2008-11-10 14:49 1165680 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ONLIBS.DLL

+ 2008-11-25 02:16 . 2008-11-25 02:16 1020776 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ONENOTE.EXE

+ 2009-03-06 06:05 . 2009-03-06 06:05 2964336 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OLMAPI32.DLL

+ 2009-03-06 07:41 . 2009-03-06 07:41 9589096 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSPUB.EXE

+ 2009-03-06 08:26 . 2009-03-06 08:26 5291376 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\IPEDITOR.DLL

+ 2009-03-06 08:26 . 2009-03-06 08:26 5466488 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\IPDESIGN.DLL

+ 2008-11-04 04:40 . 2008-11-04 04:40 1442160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\INFOPATH.EXE

+ 2009-02-14 10:03 . 2009-02-14 10:03 3070832 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVEDOCUMENTSHARETOOL.DLL

+ 2008-11-21 03:06 . 2008-11-21 03:06 1194848 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\FM20.DLL

+ 2009-04-02 18:35 . 2009-04-02 18:35 1787216 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6425\PPCNV.DLL

- 2009-07-14 02:34 . 2011-10-30 19:14 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT

+ 2009-07-14 02:34 . 2011-11-01 17:43 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT

+ 2011-07-27 11:37 . 2011-07-27 11:37 11592192 c:\windows\Installer\17c3952.msp

+ 2010-07-23 05:04 . 2010-07-23 05:04 11395072 c:\windows\Installer\17c38d4.msp

+ 2009-04-03 22:21 . 2009-04-03 22:21 16037736 c:\windows\Installer\$PatchCache$\Managed\00002159FA0090400000000000F01FEC\12.0.6425\OART.DLL

+ 2009-04-03 22:11 . 2009-04-03 22:11 17740136 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\WWLIB.DLL

+ 2009-03-06 06:06 . 2009-03-06 06:06 12707696 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OUTLOOK.EXE

+ 2009-03-06 06:37 . 2009-03-06 06:37 10222432 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSACCESS.EXE

+ 2009-04-03 22:11 . 2009-04-03 22:11 18330984 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\EXCEL.EXE

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Spyware Doctor"="c:\users\Jazzarah\Desktop\sdsetup_revwire207.exe" [bU]

"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2009-07-27 3883856]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2009-6-3 430080]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]

S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]

S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]

S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-08-10 974944]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]

S3 DKRtWrt;DKRtWrt;c:\windows\system32\DRIVERS\DKRtWrt.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

.

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-29 16333856]

"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-09-15 610360]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]

"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-08-10 4030008]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"PCDrProfiler"="c:\program files\PC-Doctor for Windows\RunProfiler.exe" [2009-09-17 89584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Jazzarah\AppData\Roaming\Mozilla\Firefox\Profiles\wx917g4m.default\

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

c:\program files (x86)\Internet Explorer\iexplore.exe

.

**************************************************************************

.

Completion time: 2011-11-01 14:17:11 - machine was rebooted

ComboFix-quarantined-files.txt 2011-11-01 18:16

.

Pre-Run: 266,946,281,472 bytes free

Post-Run: 266,754,822,144 bytes free

.

- - End Of File - - FC99C0198A0CED5EA836FFDFB5666B31

Share this post


Link to post
Share on other sites

Open an Elevated Command Prompt

  • Click the Windows 7 Start Orb
  • Type cmd in the Start - Search box
  • In the search results at the top, Right-click the cmd.exe & Select "Run as Administrator"

-----------------

After the command prompt opens:

  • Type diskpart and Hit Enter
  • You should see this:
    DISKPART>
  • Type list disk, and Hit Enter

You'll either see an listing of the disks on your system similar but not exactly like this:

Disk 0 Online 931 GB 0 B

or a message like this:

"There are no fixed disks to show"

What response do you get?

Share this post


Link to post
Share on other sites

Disk### Status Size Free Dyn Gpt

Disk 0 Online 298 GB 0 B

Disk 1 No Media 0 B 0 B

Share this post


Link to post
Share on other sites

I can see you have two antivirus programs running:

  1. ESET Smart Security
  2. Microsoft Security Essentials (MSE)

Since, ESET is the one that is flagging TDL4 in memory, I want you to completely remove MSE for now. Should you want it again later, then by all means, reinstall it again. However, I have to warn you that running two antivirus at the same time, can lead to a whole host of problems many of which mimic infection symptoms. After you remove MSE, you need to REBOOT.

As soon as you reboot, I immediately want you to open Task Manager (Ctrl + Shift + Esc simultaneously OR right-click the Task Bar & select "Start Task Manager") -

I want you to click the Process Tab and see if iexplore.exe is running at system startup.

Please let me know if it is, because we will proceed differently depending on that outcome.

ALso, let me know if you see any improvement in your comptuer with only one antivirus running.

Share this post


Link to post
Share on other sites

Uninstalled Microsoft Essentials, Restarted and yes iexplorer is running. It even opened the browser on its own to my default msn homepage. So what's next doc, lol.

Share this post


Link to post
Share on other sites

This is to see if we can identify where IE is starting from:

Download Autoruns:

http://technet.microsoft.com/en-us/sysinternals/bb963902

Create a folder called C:\Program Files\Autoruns and unzip Autoruns to that location.

  • If you have XP, Double-click autoruns.exe or its desktop shortcut to launch Autoruns
  • If you have Windows 7 or Vista, Right-click autoruns.exe or its desktop shortcut & select "Run as Administrator" to lauch the program
  • Once Autoruns opens & begins scanning - Hit "Esc" to abort the scan
  • Then, under the Options menu set the following options:
    • CHECK - Hide Windows Entries
    • CHECK - Verify code signatures
    • UNCHECK - Include Empty Locations

    [*]Important!!: Hit F5 or choose File | Refresh to update the scan results to reflect the above configuration settings.

    [*]Let Autoruns finish scanning (you will see 'Ready' in bottom left corner when it is done)

    [*]Click File | Save and save the file to Autoruns.txt by changing the Save as Type to "Text" in the pull down menu.

    [*]Now, exit Autoruns.

Please zip up Autoruns.txt and attach it to your next post.

---------

Go HERE and Click:

"Run Process Explorer now from Live.Sysinternals.com" to launch Process Explorer

  • Once Process Explorer is open, on the Process Explorer Menu:
    • Click View and Select (place a checkmark next to) Show Lower Pane
    • Click View -> Lower Pane View and Select (checkmark) DLLs
    • Click Options -> Select (checkmark) Verify Image Signatures

    [*]In the Upper Pane, Select (left-click only once) the iexplore.exe process so it is highlighted in blue

    [*] The lower pane should refresh to display a list of DLL files loaded by the iexplore.exe process

    [*]On the Process Explorer Menu, Click File -> Save

    [*]Save the Log as PE.txt & post it in your next reply, along with the autoruns.txt log

Share this post


Link to post
Share on other sites

Collect the following information when you can confirm that the phantom iexplore.exe is running.

I don't want you to use Internet Explorer to run the live version of Process Explorer because we want to troubleshoot why iexplore.exe is running in the background so I want you to download and run Process Explorer this time.

1. Create a folder called C:\ProcessExplorer

2. Next, go HERE and download Process Explorer.

3. Unzip Process Explorer to the C:\ProcessExplorer folder

Important: Close your browser!

  • Right-click procexp.exe or its desktop short-cut and select "Run as Administrator" to launch the program
  • Once Process Explorer is open, on the Process Explorer Menu:
    • Click View and Select (place a checkmark next to) Show Lower Pane
    • Click View -> Lower Pane View and Select (checkmark) DLLs
    • Click Options -> Select (checkmark) Verify Image Signatures

    [*]In the Upper Pane, Select (left-click only once) the System process with PID = 4 (located at the top of the Process Tree), so it is highlighted in blue

    [*] The lower pane should refresh to display a list of drivers (SYS files)

    [*]On the Process Explorer Menu, Click File -> Save

    [*]Save the Log as system.txt & post it in your next reply (no zipping required).

Share this post


Link to post
Share on other sites

Here you go

Process PID CPU Private Bytes Working Set Description Company Name

Interrupts n/a 1.74 0 K 0 K Hardware Interrupts and DPCs

System Idle Process 0 38.86 0 K 24 K

System 4 1.30 128 K 1,244 K

svchost.exe 252 0.11 37,284 K 19,776 K Host Process for Windows Services Microsoft Corporation

smss.exe 272 352 K 456 K Windows Session Manager Microsoft Corporation

egui.exe 316 0.02 6,952 K 4,992 K ESET GUI ESET

csrss.exe 424 < 0.01 2,336 K 1,988 K Client Server Runtime Process Microsoft Corporation

taskhost.exe 444 7,804 K 3,576 K Host Process for Windows Tasks Microsoft Corporation

wininit.exe 480 1,280 K 392 K Windows Start-Up Application Microsoft Corporation

csrss.exe 492 0.50 6,180 K 8,788 K Client Server Runtime Process Microsoft Corporation

svchost.exe 496 0.01 8,624 K 6,476 K Host Process for Windows Services Microsoft Corporation

dwm.exe 532 2.53 45,576 K 43,364 K Desktop Window Manager Microsoft Corporation

services.exe 540 5,388 K 3,828 K Services and Controller app Microsoft Corporation

lsass.exe 556 0.02 4,024 K 5,192 K Local Security Authority Process Microsoft Corporation

lsm.exe 564 2,344 K 1,692 K Local Session Manager Service Microsoft Corporation

winlogon.exe 608 2,432 K 1,800 K Windows Logon Application Microsoft Corporation

SmartMenu.exe 712 6,864 K 988 K SmartMenu

svchost.exe 724 3,760 K 3,308 K Host Process for Windows Services Microsoft Corporation

nvvsvc.exe 788 1,116 K 500 K NVIDIA Driver Helper Service, Version 186.55 NVIDIA Corporation

WUDFHost.exe 812 1,980 K 2,024 K Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation

svchost.exe 816 0.03 4,956 K 4,640 K Host Process for Windows Services Microsoft Corporation

svchost.exe 864 20,120 K 9,904 K Host Process for Windows Services Microsoft Corporation

svchost.exe 984 < 0.01 90,572 K 81,136 K Host Process for Windows Services Microsoft Corporation

nvvsvc.exe 1096 0.01 2,632 K 948 K NVIDIA Driver Helper Service, Version 186.55 NVIDIA Corporation

audiodg.exe 1132 3.44 30,640 K 27,772 K Windows Audio Device Graph Isolation Microsoft Corporation

svchost.exe 1140 < 0.01 38,264 K 9,016 K Host Process for Windows Services Microsoft Corporation

spoolsv.exe 1248 5,964 K 1,464 K Spooler SubSystem App Microsoft Corporation

svchost.exe 1284 9,304 K 4,576 K Host Process for Windows Services Microsoft Corporation

armsvc.exe 1392 1,120 K 708 K Adobe Acrobat Update Service Adobe Systems Incorporated

ekrn.exe 1444 0.26 87,144 K 47,964 K ESET Service ESET

svchost.exe 1476 5,016 K 2,296 K Host Process for Windows Services Microsoft Corporation

LSSrvc.exe 1504 1,152 K 420 K LightScribe Service Hewlett-Packard Company

svchost.exe 1848 1,548 K 644 K Host Process for Windows Services Microsoft Corporation

DkService.exe 2492 0.12 12,716 K 6,472 K Diskeeper Service Diskeeper Corporation

hpwuschd2.exe 2524 852 K 736 K hpwuSchd Application Hewlett-Packard

HPHC_Service.exe 2600 < 0.01 26,868 K 3,368 K HP Health Check Service Hewlett-Packard

mbamservice.exe 2664 2,508 K 868 K Malwarebytes' Anti-Malware Malwarebytes Corporation

svchost.exe 2724 0.02 79,668 K 22,164 K Host Process for Windows Services Microsoft Corporation

SearchIndexer.exe 2780 0.01 21,048 K 14,208 K Microsoft Windows Search Indexer Microsoft Corporation

procexp64.exe 2844 5.17 19,768 K 39,720 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com

procexp.exe 2956 1,876 K 6,536 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com

PictureMover.exe 2976 < 0.01 7,604 K 1,804 K PictureMover Application Hewlett-Packard Company

CLMLSvc.exe 3048 0.22 22,696 K 5,500 K CyberLink MediaLibray Service CyberLink

StikyNot.exe 3056 5,372 K 15,068 K Sticky Notes Microsoft Corporation

svchost.exe 3248 1,680 K 696 K Host Process for Windows Services Microsoft Corporation

explorer.exe 3348 0.17 48,548 K 80,296 K Windows Explorer Microsoft Corporation

wmpnetwk.exe 3372 < 0.01 4,108 K 3,928 K Windows Media Player Network Sharing Service Microsoft Corporation

wuauclt.exe 3496 1,700 K 1,280 K Windows Update Microsoft Corporation

iexplore.exe 3700 45.44 437,504 K 460,044 K Internet Explorer Microsoft Corporation

dllhost.exe 3856 1,716 K 5,368 K COM Surrogate Microsoft Corporation

WmiPrvSE.exe 3964 2,124 K 5,600 K WMI Provider Host Microsoft Corporation

svchost.exe 4024 1,224 K 3,856 K Host Process for Windows Services Microsoft Corporation

Process: System Pid: 4

Name Description Company Name Version

ACPI.sys ACPI Driver for NT Microsoft Corporation 6.1.7600.16385

afd.sys Ancillary Function Driver for WinSock Microsoft Corporation 6.1.7600.16802

AgileVpn.sys RAS Agile Vpn Miniport Call Manager Microsoft Corporation 6.1.7600.16385

amdk8.sys Processor Device Driver Microsoft Corporation 6.1.7600.16385

amdxata.sys Storage Filter Driver Advanced Micro Devices 1.1.2.5

ATMFD.DLL Windows NT OpenType/Type 1 Font Driver Adobe Systems Incorporated 5.1.2.234

Beep.SYS BEEP Driver Microsoft Corporation 6.1.7600.16385

blbdrive.sys BLB Drive Driver Microsoft Corporation 6.1.7600.16385

bowser.sys NT Lan Manager Datagram Receiver Driver Microsoft Corporation 6.1.7600.16765

cdd.dll Canonical Display Driver Microsoft Corporation 6.1.7600.16748

cdrom.sys SCSI CD-ROM Driver Microsoft Corporation 6.1.7600.16385

CI.dll Code Integrity Module Microsoft Corporation 6.1.7600.16385

CLASSPNP.SYS SCSI Class System Dll Microsoft Corporation 6.1.7600.16385

CLFS.SYS Common Log File System Driver Microsoft Corporation 6.1.7600.16385

cng.sys Kernel Cryptography, Next Generation Microsoft Corporation 6.1.7600.16385

CompositeBus.sys Multi-Transport Composite Bus Enumerator Microsoft Corporation 6.1.7600.16385

crashdmp.sys Crash Dump Driver Microsoft Corporation 6.1.7600.16385

dfsc.sys DFS Namespace Client Driver Microsoft Corporation 6.1.7600.16804

discache.sys System Indexer/Cache Driver Microsoft Corporation 6.1.7600.16385

disk.sys PnP Disk Driver Microsoft Corporation 6.1.7600.16385

DKRtWrt.sys Diskeeper IntelliWrite Mini-Filter Driver Diskeeper Corporation 3.0.1.0

drmk.sys Microsoft Trusted Audio Drivers Microsoft Corporation 6.1.7600.16385

dump_diskdump.sys

dump_dumpfve.sys

dump_nvstor64.sys

Dxapi.sys DirectX API Driver Microsoft Corporation 6.1.7600.16385

dxgkrnl.sys DirectX Graphics Kernel Microsoft Corporation 6.1.7600.16748

dxgmms1.sys DirectX Graphics MMS Microsoft Corporation 6.1.7600.16748

eamonm.sys Amon monitor ESET 5.0.91.0

ehdrv.sys ESET Helper driver ESET 5.0.87.0

epfw.sys ESET Personal Firewall driver ESET 5.0.87.0

EpfwLWF.sys Epfw NDIS LightWeight Filter ESET 5.0.90.0

epfwwfp.sys ESET Personal Firewall driver ESET 5.0.87.0

fastfat.SYS Fast FAT File System Driver Microsoft Corporation 6.1.7600.16385

fileinfo.sys FileInfo Filter Driver Microsoft Corporation 6.1.7600.16385

fltmgr.sys Microsoft Filesystem Filter Manager Microsoft Corporation 6.1.7600.16385

Fs_Rec.sys File System Recognizer Driver Microsoft Corporation 6.1.7600.16385

fvevol.sys BitLocker Drive Encryption Driver Microsoft Corporation 6.1.7600.16429

fwpkclnt.sys FWP/IPsec Kernel-Mode API Microsoft Corporation 6.1.7600.16385

hal.dll Hardware Abstraction Layer DLL Microsoft Corporation 6.1.7600.16385

HDAudBus.sys High Definition Audio Bus Driver Microsoft Corporation 6.1.7600.16385

HIDCLASS.SYS Hid Class Library Microsoft Corporation 6.1.7600.16385

HIDPARSE.SYS Hid Parsing Library Microsoft Corporation 6.1.7600.16385

hidusb.sys USB Miniport Driver for Input Devices Microsoft Corporation 6.1.7600.16385

HTTP.sys HTTP Protocol Stack Microsoft Corporation 6.1.7600.16385

hwpolicy.sys Hardware Policy Driver Microsoft Corporation 6.1.7600.16385

kbdclass.sys Keyboard Class Driver Microsoft Corporation 6.1.7600.16385

kbdhid.sys HID Keyboard Filter Driver Microsoft Corporation 6.1.7600.16385

kdcom.dll Serial Kernel Debugger Microsoft Corporation 6.1.7600.16757

ks.sys Kernel CSA Library Microsoft Corporation 6.1.7600.16543

ksecdd.sys Kernel Security Support Provider Interface Microsoft Corporation 6.1.7600.16385

ksecpkg.sys Kernel Security Support Provider Interface Packages Microsoft Corporation 6.1.7600.16484

ksthunk.sys Kernel Streaming WOW Thunk Service Microsoft Corporation 6.1.7600.16385

lltdio.sys Link-Layer Topology Mapper I/O Driver Microsoft Corporation 6.1.7600.16385

luafv.sys LUA File Virtualization Filter Driver Microsoft Corporation 6.1.7600.16385

mbam.sys Malwarebytes' Anti-Malware Malwarebytes Corporation 1.50.1.0

mcupdate_AuthenticAMD.dll AMD Microcode Update Library Microsoft Corporation 6.1.7600.16385

monitor.sys Monitor Driver Microsoft Corporation 6.1.7600.16385

mouclass.sys Mouse Class Driver Microsoft Corporation 6.1.7600.16385

mouhid.sys HID Mouse Filter Driver Microsoft Corporation 6.1.7600.16385

mountmgr.sys Mount Point Manager Microsoft Corporation 6.1.7600.16385

mpsdrv.sys Microsoft Protection Service Driver Microsoft Corporation 6.1.7600.16385

mrxsmb.sys Windows NT SMB Minirdr Microsoft Corporation 6.1.7600.16808

mrxsmb10.sys Longhorn SMB Downlevel SubRdr Microsoft Corporation 6.1.7600.16847

mrxsmb20.sys Longhorn SMB 2.0 Redirector Microsoft Corporation 6.1.7600.16808

Msfs.SYS Mailslot driver Microsoft Corporation 6.1.7600.16385

msisadrv.sys ISA Driver Microsoft Corporation 6.1.7600.16385

msrpc.sys Kernel Remote Procedure Call Provider Microsoft Corporation 6.1.7600.16385

mssmbios.sys System Management BIOS Driver Microsoft Corporation 6.1.7600.16385

mup.sys Multiple UNC Provider Driver Microsoft Corporation 6.1.7600.16385

ndis.sys NDIS 6.20 driver Microsoft Corporation 6.1.7600.16385

ndistapi.sys NDIS 3.0 connection wrapper driver Microsoft Corporation 6.1.7600.16385

ndisuio.sys NDIS User mode I/O driver Microsoft Corporation 6.1.7600.16385

ndiswan.sys MS PPP Framing Driver (Strong Encryption) Microsoft Corporation 6.1.7600.16385

NDProxy.SYS NDIS Proxy Microsoft Corporation 6.1.7600.16385

netbios.sys NetBIOS interface driver Microsoft Corporation 6.1.7600.16385

netbt.sys MBT Transport driver Microsoft Corporation 6.1.7600.16385

NETIO.SYS Network I/O Subsystem Microsoft Corporation 6.1.7600.16569

Npfs.SYS NPFS Driver Microsoft Corporation 6.1.7600.16385

nsiproxy.sys NSI Proxy Microsoft Corporation 6.1.7600.16385

Ntfs.sys NT File System Driver Microsoft Corporation 6.1.7600.16778

ntoskrnl.exe NT Kernel & System Microsoft Corporation 6.1.7600.16841

Null.SYS NULL Driver Microsoft Corporation 6.1.7600.16385

nvBridge.kmd NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 186.55 NVIDIA Corporation 8.15.11.8655

nvlddmkm.sys NVIDIA Windows Kernel Mode Driver, Version 186.55 NVIDIA Corporation 8.15.11.8655

nvmf6264.sys NVIDIA MCP Networking Function Driver. NVIDIA Corporation 7.3.1.7314

nvstor64.sys NVIDIA® nForce Sata Performance Driver NVIDIA Corporation 11.1.0.33

nwifi.sys NativeWiFi Miniport Driver Microsoft Corporation 6.1.7600.16385

pacer.sys QoS Packet Scheduler Microsoft Corporation 6.1.7600.16385

partmgr.sys Partition Management Driver Microsoft Corporation 6.1.7600.16385

pci.sys NT Plug and Play PCI Enumerator Microsoft Corporation 6.1.7600.16385

pcw.sys Performance Counters for Windows Driver Microsoft Corporation 6.1.7600.16385

peauth.sys Protected Environment Authentication and Authorization Export Driver Microsoft Corporation 6.1.7600.16385

portcls.sys Port Class (Class Driver for Port/Miniport Devices) Microsoft Corporation 6.1.7600.16385

PROCEXP141.SYS

PSHED.dll Platform Specific Hardware Error Driver Microsoft Corporation 6.1.7600.16385

rasl2tp.sys RAS L2TP mini-port/call-manager driver Microsoft Corporation 6.1.7600.16385

raspppoe.sys RAS PPPoE mini-port/call-manager driver Microsoft Corporation 6.1.7600.16385

raspptp.sys Peer-to-Peer Tunneling Protocol Microsoft Corporation 6.1.7600.16385

rassstp.sys RAS SSTP Miniport Call Manager Microsoft Corporation 6.1.7600.16385

rdbss.sys Redirected Drive Buffering SubSystem Driver Microsoft Corporation 6.1.7600.16385

RDPCDD.sys RDP Miniport Microsoft Corporation 6.1.7600.16385

rdpencdd.sys RDP Encoder Miniport Microsoft Corporation 6.1.7600.16385

rdprefmp.sys RDP Reflector Driver Miniport Microsoft Corporation 6.1.7600.16385

rdyboost.sys ReadyBoost Driver Microsoft Corporation 6.1.7600.16385

rspndr.sys Link-Layer Topology Responder Driver for NDIS 6 Microsoft Corporation 6.1.7600.16385

RTKVHD64.sys Realtek® High Definition Audio Function Driver Realtek Semiconductor Corp. 6.0.1.5938

secdrv.SYS Macrovision SECURITY Driver Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. 4.3.86.0

spldr.sys loader for security processor Microsoft Corporation 6.1.7127.0

srv.sys Server driver Microsoft Corporation 6.1.7600.16806

srv2.sys Smb 2.0 Server driver Microsoft Corporation 6.1.7600.16806

srvnet.sys Server Network driver Microsoft Corporation 6.1.7600.16806

storport.sys Microsoft Storage Port Driver Microsoft Corporation 6.1.7600.16778

swenum.sys Plug and Play Software Device Enumerator Microsoft Corporation 6.1.7600.16385

tcpip.sys TCP/IP Driver Microsoft Corporation 6.1.7600.16839

tcpipreg.sys TCP/IP Registry Compatibility Driver Microsoft Corporation 6.1.7600.16385

TDI.SYS TDI Wrapper Microsoft Corporation 6.1.7600.16385

tdx.sys TDI Translation Driver Microsoft Corporation 6.1.7600.16385

termdd.sys Remote Desktop Server Driver Microsoft Corporation 6.1.7600.16385

TSDDD.dll Framebuffer Display Driver Microsoft Corporation 6.1.7600.16385

tunnel.sys Microsoft Tunnel Interface Driver Microsoft Corporation 6.1.7600.16385

udfs.sys UDF File System Driver Microsoft Corporation 6.1.7600.16385

umbus.sys User-Mode Bus Enumerator Microsoft Corporation 6.1.7600.16385

usbccgp.sys USB Common Class Generic Parent Driver Microsoft Corporation 6.1.7600.16788

USBD.SYS Universal Serial Bus Driver Microsoft Corporation 6.1.7600.16788

usbehci.sys EHCI eUSB Miniport Driver Microsoft Corporation 6.1.7600.16788

usbhub.sys Default Hub Driver for USB Microsoft Corporation 6.1.7600.16788

usbohci.sys OHCI USB Miniport Driver Microsoft Corporation 6.1.7600.16788

USBPORT.SYS USB 1.1 & 2.0 Port Driver Microsoft Corporation 6.1.7600.16788

usbprint.sys USB Printer driver Microsoft Corporation 6.1.7600.16385

USBSTOR.SYS USB Mass Storage Class Driver Microsoft Corporation 6.1.7600.16778

vdrvroot.sys Virtual Drive Root Enumerator Microsoft Corporation 6.1.7600.16385

vga.sys VGA/Super VGA Video Driver Microsoft Corporation 6.1.7600.16385

VIDEOPRT.SYS Video Port Driver Microsoft Corporation 6.1.7600.16385

volmgr.sys Volume Manager Driver Microsoft Corporation 6.1.7600.16385

volmgrx.sys Volume Manager Extension Driver Microsoft Corporation 6.1.7600.16385

volsnap.sys Volume Shadow Copy Driver Microsoft Corporation 6.1.7600.16385

wanarp.sys MS Remote Access and Routing ARP Driver Microsoft Corporation 6.1.7600.16385

watchdog.sys Watchdog Driver Microsoft Corporation 6.1.7600.16385

Wdf01000.sys Kernel Mode Driver Framework Runtime Microsoft Corporation 1.9.7600.16385

WDFLDR.SYS Kernel Mode Driver Framework Loader Microsoft Corporation 1.9.7600.16385

wfplwf.sys WFP NDIS 6.20 Lightweight Filter Driver Microsoft Corporation 6.1.7600.16385

win32k.sys Multi-User Win32 Driver Microsoft Corporation 6.1.7600.16878

WMILIB.SYS WMILIB WMI support library Dll Microsoft Corporation 6.1.7600.16385

WudfPf.sys Windows Driver Foundation - User-mode Driver Framework Platform Driver Microsoft Corporation 6.1.7600.16385

WUDFRd.sys Windows Driver Foundation - User-mode Driver Framework Reflector Microsoft Corporation 6.1.7600.16385

Share this post


Link to post
Share on other sites

There is nothing noteworthy or suspicious in your logs so I want you to do the following:

I want you to boot to the Windows Recovery Environment (WRE) by booting to your Recovery Partition or by using the System Recovery Disk I asked you to make earlier. Please familiarize yourself with the Bleeping Computer Tutorial.

If you boot to the WRE using the Recovery Partition, select the "Repair your Computer" Option

Startup repair will proceed automatically.

If Startup Repair finds no issues to fix, it will ask if you want to perform a System Restore - You should Click Cancel

When the repair process has finished, if it states that it cannot fix the problem and asks if you would like to submit the information to Microsoft, press the Don't Send button.

On that same screen Click the "View advanced options for system recovery and support" (in the lower left corner) and you will be presented with an Advanced Options Menu with the following options:


  1. Startup Repair
  2. System Restore
  3. System Image Recovery
  4. Windows Memory Diagnostic
  5. Command Prompt

Choose Option 1- Startup Repair (give it one more try)

When Startup Repair is finished, reboot normally and see if anything has changed for the better.

NOTE: THE FOLLOWING ACTIONS WILL MOST LIKELY PREVENT YOU FROM BEING ABLE TO ACCESS YOUR RECOVERY PARTITION IN THE FUTURE - but you can order a Windows 7 Installation DVD for your HP Pavillion here:

http://h10025.www1.hp.com/ewfrf/wc/document?docname=c00810334&lc=en&cc=us&dlc=en&product=18703

If you are still experiencing redirection issues:

  • Please reboot into the Windows Recovery Environment one more time -
  • Again, choose the Repair Your Computer option, but this time:
  • Choose Option 5 - Command Prompt
  • When the Black Command Prompt Window Opens to x:\windows\system32>
  • Type C:
  • Hit Enter
  • You should now see this:
    C:>
  • Type:
    bootrec /fixmbr
  • Hit Enter
  • You should see a message that states "the operation was completely successfully"

Reboot, and let me know if you see any improvement in your redirection issues and ESET Win32/Olmarik.TDL4 trojan alerts.

Share this post


Link to post
Share on other sites

Hi mrtwallz,

I haven't heard back from your for a while. How is your computer running?

Share this post


Link to post
Share on other sites

If you are still "out there" and still having redirection issues can you please try bootrec with another commnd, as follows:

Please reboot into the Windows Recovery Environment one more time -

  • Choose the Repair Your Computer option
  • Select the operating system that you want to repair, and then click Next
  • Choose Option 5 - Command Prompt
  • When the Black Command Prompt Window Opens to x:\windows\system32>
  • Type C:
  • Hit Enter
  • You should now see this:
  • C:>
  • Type the following (there is a space between the c and /):
    bootrec /fixboot
  • Hit Enter
  • You should see a message that states "the operation was completely successfully"

Please let me know if after completing this process, whether you are still experiencing redirection. Thanks!

Share this post


Link to post
Share on other sites

Are you still with us? This topic will be closed in a few days if we do not hear back from you.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.