TechSpot

Browser Hijacker NOT Fixed Even by Factory Reset!

By drjlo1
Oct 21, 2011
  1. It's unbelievable. I have a browser hijacker (both google and yahoo) that simply will not go away with any program. Tried unsuccessfully so far in and out of normal and safe mode: Malwarebytes, Spyware Doctor, AVG, Superantispyware, microsoft security essentials, etc, etc. In some cases, the browser will work correctly for one or two searches but goes right back to redirecting to another nonsense site. Tried system restore to factory reset, and it worked for a search or two but almost instantly went back to redirecting! Any help would certainly be appreciated.

    [HJT log removed by Broni]
     
  2. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. drjlo1

    drjlo1 TS Rookie Topic Starter

    Malwarebytes Log

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 7996

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    10/21/2011 6:36:39 PM
    mbam-log-2011-10-21 (18-36-39).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 259490
    Time elapsed: 19 minute(s), 0 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    ---------

    GMER log

    At the end, it just said "No system modifications were idenitifed" and blank log.

    ---------------

    DDS.text

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7600.16385
    Run by Sera at 18:45:07 on 2011-10-21
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3767.2366 [GMT -7:00]
    .
    AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
    C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
    C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\PLFSetI.exe
    C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Windows\system32\igfxext.exe
    C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files (x86)\Launch Manager\LManager.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
    C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
    C:\Program Files (x86)\Launch Manager\LMworker.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\REGSVR32.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5741&r=273610116545l0434z135t4542n41r
    mStart Page = about:blank
    mWinlogon: Userinit=userinit.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
    mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
    mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{30D78CC0-0811-43D9-9132-E9C48892828E} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{35C6CC6C-8F4E-4E1A-BC14-57D46E7F8C3E} : DhcpNameServer = 192.168.1.1
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
    BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
    mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
    mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    mRunOnce-x64: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Sera\AppData\Roaming\Mozilla\Firefox\Profiles\ts1a5owq.default\
    FF - prefs.js: browser.startup.homepage - yahoo.com
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-9-12 5265248]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
    R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-4-23 312400]
    R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-10-20 866336]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-4-23 13336]
    R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-3-8 250368]
    R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-5 144640]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-4-23 2320920]
    R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-4-23 243232]
    R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
    R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
    R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
    S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-5 50432]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2011-10-22 01:17:01 -------- d-----w- C:\ProgramData\Malwarebytes
    2011-10-22 01:16:57 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-10-21 23:14:49 -------- d-----w- C:\ProgramData\SecTaskMan
    2011-10-21 23:14:46 -------- d-----w- C:\Program Files (x86)\Security Task Manager
    2011-10-21 21:37:04 -------- d-----w- C:\Windows\SysWow64\Wat
    2011-10-21 21:35:49 -------- d-----w- C:\Windows\System32\WAT
    2011-10-21 21:35:01 -------- d--h--w- C:\kleaner.tmp
    2011-10-21 21:25:34 9049936 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2011-10-21 21:25:21 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4DC4B536-BE6F-4B65-8579-14F4BAF83506}\mpengine.dll
    2011-10-21 21:09:23 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
    2011-10-21 21:09:23 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
    2011-10-21 20:55:13 -------- d-----w- C:\Program Files (x86)\ewido anti-malware
    2011-10-21 20:48:16 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
    2011-10-21 20:48:16 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
    2011-10-21 20:48:16 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
    2011-10-21 20:48:15 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
    2011-10-21 20:48:15 48960 ----a-w- C:\Windows\System32\netfxperf.dll
    2011-10-21 20:48:15 444752 ----a-w- C:\Windows\System32\mscoree.dll
    2011-10-21 20:48:15 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
    2011-10-21 20:48:15 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
    2011-10-21 20:48:15 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
    2011-10-21 20:48:14 1942856 ----a-w- C:\Windows\System32\dfshim.dll
    2011-10-21 20:46:40 -------- d-----w- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
    2011-10-21 20:41:24 -------- d-----w- C:\Users\Sera\AppData\Roaming\Malwarebytes
    2011-10-21 20:41:05 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-10-21 02:40:13 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
    2011-10-21 02:10:45 388096 ----a-r- C:\Users\Sera\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-10-21 02:10:45 -------- d-----w- C:\Program Files (x86)\Trend Micro
    2011-10-21 00:55:08 -------- d-----w- C:\Users\Sera\AppData\Local\Mozilla
    2011-10-21 00:23:01 -------- d-----w- C:\Windows\NAPP_Dism_Log
    2011-10-21 00:16:59 -------- d-----w- C:\Users\Sera\AppData\Roaming\AVG2012
    2011-10-21 00:16:20 -------- d--h--w- C:\ProgramData\Common Files
    2011-10-21 00:16:05 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
    2011-10-21 00:15:44 -------- d-----w- C:\Windows\System32\drivers\AVG
    2011-10-21 00:15:44 -------- d-----w- C:\ProgramData\AVG2012
    2011-10-21 00:14:22 -------- d-----w- C:\Program Files (x86)\AVG
    2011-10-21 00:10:41 -------- d-----w- C:\ProgramData\MFAData
    2011-10-21 00:05:13 52224 ----a-w- C:\Windows\System32\rtutils.dll
    2011-10-21 00:05:13 37376 ----a-w- C:\Windows\SysWow64\rtutils.dll
    2011-10-21 00:05:12 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
    2011-10-21 00:05:12 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
    2011-10-21 00:03:57 142336 ----a-w- C:\Windows\System32\poqexec.exe
    2011-10-21 00:02:59 2003968 ----a-w- C:\Windows\System32\msxml6.dll
    2011-10-21 00:01:59 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
    2011-10-21 00:00:57 367104 ----a-w- C:\Windows\System32\atmfd.dll
    2011-10-20 23:53:56 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
    2011-10-20 23:53:56 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
    2011-10-20 23:53:40 5507968 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2011-10-20 23:53:39 3957120 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2011-10-20 23:53:39 3902336 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2011-10-20 23:53:37 220672 ----a-w- C:\Windows\System32\wintrust.dll
    2011-10-20 23:53:37 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
    2011-10-20 23:53:35 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
    2011-10-20 23:52:55 -------- d-----w- C:\Program Files (x86)\Microsoft
    2011-10-20 23:52:31 139264 ----a-w- C:\Windows\System32\cabview.dll
    2011-10-20 23:52:31 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
    2011-10-20 23:52:30 -------- d-----w- C:\Program Files (x86)\Windows Live SkyDrive
    2011-10-20 23:51:52 74520 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\3db06f951cc8f83\DSETUP.dll
    2011-10-20 23:51:52 484632 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\3db06f951cc8f83\DXSETUP.exe
    2011-10-20 23:51:52 1670936 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\3db06f951cc8f83\dsetup32.dll
    2011-10-20 23:51:14 141402440 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\wlcA390.tmp
    2011-10-20 23:50:58 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
    2011-10-20 23:49:58 -------- d-----w- C:\Program Files (x86)\Common Files\CyberLink
    2011-10-20 23:48:50 505128 ----a-w- C:\Windows\SysWow64\msvcp71.dll
    2011-10-20 23:48:50 353576 ----a-w- C:\Windows\SysWow64\msvcr71.dll
    2011-10-20 23:48:50 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll
    2011-10-20 23:48:32 270720 ------w- C:\Windows\System32\MpSigStub.exe
    2011-10-20 23:46:54 9168 ----a-w- C:\Windows\Suyin.reg
    2011-10-20 23:46:54 632056 ----a-w- C:\Windows\Image.dll
    2011-10-20 23:46:54 49464 ----a-w- C:\Windows\AutosetFrequency.exe
    2011-10-20 23:46:54 25848 ----a-w- C:\Windows\USB_VIDEO_REG.exe
    2011-10-20 23:46:54 206208 ----a-w- C:\Windows\PLFSetI.exe
    2011-10-20 23:46:53 1664248 ----a-w- C:\Windows\Acer Crystal Eye webcam.exe
    2011-10-20 23:46:34 -------- d-----w- C:\Users\Sera\AppData\Local\Google
    2011-10-20 23:44:54 -------- d-----w- C:\Program Files\Synaptics
    2011-10-20 23:42:51 -------- d-----w- C:\Users\Sera\AppData\Local\Diagnostics
    2011-10-20 23:41:43 -------- d-----w- C:\Program Files (x86)\Launch Manager
    2011-10-20 23:40:59 -------- d-----w- C:\Users\Sera\AppData\Roaming\Intel Corporation
    2011-10-20 23:40:42 -------- d---a-w- C:\book
    2011-10-20 23:40:41 -------- d-----w- C:\Users\Sera\AppData\Local\EgisTec IPS
    2011-10-20 23:39:51 -------- d-----w- C:\Users\Sera\AppData\Local\VirtualStore
    2011-10-20 23:37:56 -------- d-----w- C:\ProgramData\OEM_E471269A730D
    2011-10-20 23:32:26 3 ----a-w- C:\Windows\System32\PLD_Framework.cmd
    2011-10-20 23:30:58 -------- d-----w- C:\Program Files\Common Files\Intel
    2011-10-20 23:30:58 -------- d-----w- C:\Program Files (x86)\Common Files\Intel
    .
    ==================== Find3M ====================
    .
    2011-09-13 13:30:08 37456 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
    2011-09-06 03:07:02 3134976 ----a-w- C:\Windows\System32\win32k.sys
    2011-08-27 05:40:28 861184 ----a-w- C:\Windows\System32\oleaut32.dll
    2011-08-27 05:40:28 331776 ----a-w- C:\Windows\System32\oleacc.dll
    2011-08-27 04:43:07 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
    2011-08-27 04:43:06 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
    2011-08-17 05:32:24 613888 ----a-w- C:\Windows\System32\psisdecd.dll
    2011-08-17 05:27:46 75776 ----a-w- C:\Windows\System32\MSDvbNP.ax
    2011-08-17 05:27:46 288256 ----a-w- C:\Windows\System32\MSNP.ax
    2011-08-17 05:27:46 108032 ----a-w- C:\Windows\System32\psisrndr.ax
    2011-08-17 05:27:46 104960 ----a-w- C:\Windows\System32\Mpeg2Data.ax
    2011-08-17 04:26:02 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
    2011-08-17 04:22:23 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
    2011-08-17 04:22:23 72704 ----a-w- C:\Windows\SysWow64\Mpeg2Data.ax
    2011-08-17 04:22:23 59904 ----a-w- C:\Windows\SysWow64\MSDvbNP.ax
    2011-08-17 04:22:23 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
    2011-08-08 13:08:58 46672 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
    .
    ============= FINISH: 18:52:29.99 ===============



    ----------------------

    Attach.txt

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 10/20/2011 4:35:32 PM
    System Uptime: 10/21/2011 5:27:56 PM (1 hours ago)
    .
    Motherboard: Acer | | Aspire 5741
    Processor: Intel(R) Core(TM) i3 CPU M 350 @ 2.27GHz | CPU | 1586/1066mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 284 GiB total, 252.798 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP1: 10/20/2011 4:46:42 PM - Installed Acer Crystal Eye Webcam
    RP2: 10/20/2011 4:47:13 PM - Installed Acer ePower Management
    RP3: 10/20/2011 4:48:19 PM - Windows Update
    RP4: 10/20/2011 4:48:23 PM - Installed PowerDVD
    RP5: 10/20/2011 4:53:39 PM - Installed DirectX
    RP6: 10/20/2011 5:14:07 PM - Installed AVG 2012
    RP7: 10/20/2011 5:14:31 PM - Installed AVG 2012
    RP8: 10/20/2011 5:30:53 PM - Removed Norton Online Backup
    RP9: 10/20/2011 5:32:54 PM - Removed MyWinLocker Suite
    RP10: 10/20/2011 5:44:49 PM - Removed eBay Worldwide
    RP11: 10/20/2011 5:45:55 PM - Removed Microsoft Office Home and Student 2007
    RP12: 10/20/2011 5:57:51 PM - Windows Modules Installer
    RP13: 10/20/2011 7:10:26 PM - Installed HiJackThis
    RP14: 10/20/2011 7:40:04 PM - Windows Update
    RP15: 10/21/2011 1:33:41 PM - Windows Update
    RP16: 10/21/2011 2:24:49 PM - Windows Update
    RP17: 10/21/2011 4:15:35 PM - Move file to quarantine: {5C255C8A-E604-49b4-9D64-90988571CECB}
    RP18: 10/21/2011 4:16:45 PM - Move file to quarantine: DefaultSettingEXE MFC Application
    RP19: 10/21/2011 4:19:53 PM - Uninstall "Google Toolbar"
    RP20: 10/21/2011 4:20:17 PM - Move file to quarantine: GoogleToolbarNotifier
    RP21: 10/21/2011 4:50:35 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Acer Backup Manager
    Acer Crystal Eye Webcam
    Acer ePower Management
    Acer eRecovery Management
    Acer ScreenSaver
    Acer Updater
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Reader 9.1 MUI
    Backup Manager Basic
    Compatibility Pack for the 2007 Office system
    CyberLink PowerDVD 9
    eSobi v2
    HiJackThis
    Identity Card
    Intel(R) Control Center
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Management Engine Components
    Intel(R) Rapid Storage Technology
    Junk Mail filter update
    Launch Manager
    Malwarebytes' Anti-Malware version 1.51.2.1300
    Microsoft Choice Guard
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Suite Activation Assistant
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works
    Mozilla Firefox 7.0.1 (x86 en-US)
    MSVCRT
    NTI Backup Now 5
    NTI Backup Now Standard
    NTI Media Maker 8
    Realtek High Definition Audio Driver
    Realtek USB 2.0 Card Reader
    Security Task Manager 1.8d
    Visual Studio 2008 x64 Redistributables
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    .
    ==== Event Viewer Messages From Past Week ========
    .
    10/21/2011 4:38:10 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    10/21/2011 4:30:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    10/21/2011 4:24:34 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    10/21/2011 4:24:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    10/21/2011 4:24:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    10/21/2011 4:24:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    10/21/2011 4:24:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    10/21/2011 4:23:41 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error Code: 21
    10/21/2011 4:23:24 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx64 Avgmfx64 discache spldr Wanarpv6
    10/21/2011 2:44:18 PM, Error: Service Control Manager [7022] - The Windows Search service hung on starting.
    10/21/2011 2:40:42 PM, Error: Service Control Manager [7023] -
    10/21/2011 2:35:53 PM, Error: Service Control Manager [7023] - The Windows Modules Installer service terminated with the following error: The process cannot access the file because it is being used by another process.
    10/21/2011 1:59:11 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ewido security suite guard service.
    10/21/2011 1:55:24 PM, Error: Application Popup [1060] - \??\C:\Program Files (x86)\ewido anti-malware\guard.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    10/21/2011 1:55:18 PM, Error: Service Control Manager [7030] - The ewido security suite guard service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    10/21/2011 1:55:18 PM, Error: Service Control Manager [7030] - The ewido security suite control service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    10/21/2011 1:32:54 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 for x64-based Systems (KB2345886).
    10/21/2011 1:32:54 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 for x64-based Systems (KB2564958).
    10/21/2011 1:32:54 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 for x64-based Systems (KB2556532).
    10/21/2011 1:32:54 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 for x64-based Systems (KB2511455).
    10/21/2011 1:32:54 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 for x64-based Systems (KB2419640).
    10/20/2011 4:29:37 PM, Error: Microsoft-Windows-Application-Experience [205] - The Program Compatibility Assistant service failed to perform the phase two initialization.
    .
    ==== End Of File ===========================
     
  4. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    You posted DDS.txt twice.
    I still need Attach.txt log.

    I don't see anything malicious so far.

    Let's try to reset your router....

    Go Start>Run (Start search in Vista), type in:
    cmd
    Click OK (Vista and Windows 7 users: while holding CTRL, and SHIFT, press Enter).

    In Command Prompt window, type in following commands, and hit Enter after each one:
    ipconfig /flushdns
    ipconfig /registerdns
    ipconfig /release
    ipconfig /renew
    net stop "dns client"
    net start "dns client"


    Turn the computer off.

    On your router, you'll find a pinhole marked "Reset".
    Keep pushing the hole, using a pencil, or a paperclip until all lights briefly come off and on.
    NOTE. Simple router disconnecting from a power source will NOT do.
    Restart computer and check for redirections.

    NOTE. You may need to re-check your router security settings, as described HERE
     
  5. drjlo1

    drjlo1 TS Rookie Topic Starter

    OK, I fixed the Attach.txt above.

    I also went through the router reset as above. It threw me off a little since after the reset, the wireless network disappeared until I went in and re-named the SSID to what it used to be (different from what came with router).

    Then I tested the browser, and it is still hijacked...
     
  6. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ===================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  7. drjlo1

    drjlo1 TS Rookie Topic Starter

    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-10-22 12:48:18
    -----------------------------
    12:48:18.035 OS Version: Windows x64 6.1.7600
    12:48:18.035 Number of processors: 4 586 0x2502
    12:48:18.035 ComputerName: SERA-PC UserName: Sera
    12:48:20.812 Initialize success
    12:49:23.923 AVAST engine defs: 11102201
    12:49:32.737 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    12:49:32.737 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
    12:49:32.784 Disk 0 MBR read successfully
    12:49:32.784 Disk 0 MBR scan
    12:49:32.784 Disk 0 MBR:Alureon-I [Rtk]
    12:49:32.784 Disk 0 TDL4@MBR code has been found
    12:49:32.784 Disk 0 Windows 7 default MBR code found via API
    12:49:32.799 Disk 0 MBR hidden
    12:49:32.799 Disk 0 MBR [TDL4] **ROOTKIT**
    12:49:32.799 Disk 0 trace - called modules:
    12:49:32.799 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8006fd5254]<<
    12:49:32.799 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005203060]
    12:49:32.815 3 CLASSPNP.SYS[fffff88001a6543f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004f87050]
    12:49:32.815 \Driver\iaStor[0xfffffa8004f51cb0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8006fd5254
    12:49:58.196 AVAST engine scan C:\Windows
    12:50:31.346 Disk 0 MBR has been saved successfully to "C:\Users\Sera\Desktop\MBR.dat"
    12:50:31.362 The log file has been saved successfully to "C:\Users\Sera\Desktop\aswMBR.txt"
    12:50:42.007 AVAST engine scan C:\Windows\system32
    12:52:32.533 AVAST engine scan C:\Windows\system32\drivers
    12:52:42.564 AVAST engine scan C:\Users\Sera
    12:54:12.217 AVAST engine scan C:\ProgramData
    12:54:44.541 Scan finished successfully
    12:55:37.456 Disk 0 MBR has been saved successfully to "C:\Users\Sera\Desktop\MBR.dat"
    12:55:37.456 The log file has been saved successfully to "C:\Users\Sera\Desktop\aswMBR.txt"
     
  8. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Hold on with Combofix for now....

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  9. drjlo1

    drjlo1 TS Rookie Topic Starter

    Oh, well, too late. ComboFix has been running a while, currently at "Stage 50." I suppose I will let it finish.
    I presume TDSSKiller should kill that TDL4 Rootkit?

    *Edit*

    Combofix log

    ComboFix 11-10-21.06 - Sera 10/22/2011 13:34:02.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3767.2445 [GMT -7:00]
    Running from: c:\users\Sera\Desktop\ComboFix.exe
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-09-22 to 2011-10-22 )))))))))))))))))))))))))))))))
    .
    .
    2011-10-22 21:01 . 2011-10-22 21:01 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-10-22 01:17 . 2011-10-22 01:17 -------- d-----w- c:\programdata\Malwarebytes
    2011-10-21 23:14 . 2011-10-21 23:48 -------- d-----w- c:\programdata\SecTaskMan
    2011-10-21 23:14 . 2011-10-21 23:27 -------- d-----w- c:\program files (x86)\Security Task Manager
    2011-10-21 21:37 . 2011-10-21 21:37 -------- d-----w- c:\windows\SysWow64\Wat
    2011-10-21 21:35 . 2011-10-21 21:37 -------- d-----w- c:\windows\system32\WAT
    2011-10-21 21:35 . 2011-10-21 21:35 -------- d-----w- C:\kleaner.tmp
    2011-10-21 21:25 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4DC4B536-BE6F-4B65-8579-14F4BAF83506}\mpengine.dll
    2011-10-21 21:09 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
    2011-10-21 21:09 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
    2011-10-21 20:55 . 2011-10-21 20:59 -------- d-----w- c:\program files (x86)\ewido anti-malware
    2011-10-21 20:48 . 2009-11-25 19:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
    2011-10-21 20:48 . 2009-11-25 19:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
    2011-10-21 20:48 . 2009-11-25 19:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
    2011-10-21 20:48 . 2009-11-25 19:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
    2011-10-21 20:48 . 2009-11-25 19:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
    2011-10-21 20:48 . 2009-11-25 19:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
    2011-10-21 20:48 . 2009-11-25 19:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
    2011-10-21 20:48 . 2009-11-25 19:47 444752 ----a-w- c:\windows\system32\mscoree.dll
    2011-10-21 20:48 . 2009-11-25 19:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
    2011-10-21 20:48 . 2009-11-25 19:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
    2011-10-21 20:46 . 2011-10-22 01:17 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
    2011-10-21 02:40 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys
    2011-10-21 02:10 . 2011-10-21 02:10 -------- d-----w- c:\program files (x86)\Trend Micro
    2011-10-21 00:23 . 2011-10-21 00:23 -------- d-----w- c:\windows\NAPP_Dism_Log
    2011-10-21 00:16 . 2011-10-21 00:16 -------- d--h--w- c:\programdata\Common Files
    2011-10-21 00:10 . 2011-10-22 20:06 -------- d-----w- c:\programdata\MFAData
    2011-10-21 00:05 . 2010-06-19 06:53 52224 ----a-w- c:\windows\system32\rtutils.dll
    2011-10-21 00:05 . 2010-06-19 06:23 37376 ----a-w- c:\windows\SysWow64\rtutils.dll
    2011-10-21 00:05 . 2010-08-31 04:32 954752 ----a-w- c:\windows\SysWow64\mfc40.dll
    2011-10-21 00:05 . 2010-08-31 04:32 954288 ----a-w- c:\windows\SysWow64\mfc40u.dll
    2011-10-21 00:03 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
    2011-10-21 00:02 . 2010-12-21 06:13 2003968 ----a-w- c:\windows\system32\msxml6.dll
    2011-10-21 00:01 . 2010-09-01 05:14 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
    2011-10-21 00:00 . 2011-02-19 04:13 367104 ----a-w- c:\windows\system32\atmfd.dll
    2011-10-20 23:53 . 2006-11-29 20:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
    2011-10-20 23:53 . 2006-11-29 20:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
    2011-10-20 23:53 . 2011-06-23 05:29 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-10-20 23:53 . 2011-06-23 04:38 3957120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2011-10-20 23:53 . 2011-06-23 04:38 3902336 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2011-10-20 23:53 . 2009-12-29 08:03 220672 ----a-w- c:\windows\system32\wintrust.dll
    2011-10-20 23:53 . 2009-12-29 06:55 172032 ----a-w- c:\windows\SysWow64\wintrust.dll
    2011-10-20 23:53 . 2011-10-20 23:53 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
    2011-10-20 23:52 . 2011-10-20 23:52 -------- d-----w- c:\program files (x86)\Microsoft
    2011-10-20 23:52 . 2010-01-09 07:19 139264 ----a-w- c:\windows\system32\cabview.dll
    2011-10-20 23:52 . 2010-01-09 06:52 132608 ----a-w- c:\windows\SysWow64\cabview.dll
    2011-10-20 23:52 . 2011-10-20 23:52 -------- d-----w- c:\program files (x86)\Windows Live SkyDrive
    2011-10-20 23:52 . 2011-10-20 23:54 -------- d-----w- c:\program files (x86)\Windows Live
    2011-10-20 23:50 . 2011-10-20 23:50 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
    2011-10-20 23:49 . 2011-10-20 23:49 -------- d-----w- c:\program files (x86)\Common Files\CyberLink
    2011-10-20 23:48 . 2011-10-20 23:49 -------- d-----w- c:\program files (x86)\CyberLink
    2011-10-20 23:48 . 2011-10-20 23:48 505128 ----a-w- c:\windows\SysWow64\msvcp71.dll
    2011-10-20 23:48 . 2011-10-20 23:48 353576 ----a-w- c:\windows\SysWow64\msvcr71.dll
    2011-10-20 23:48 . 2011-10-20 23:48 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll
    2011-10-20 23:48 . 2011-05-25 02:14 270720 ------w- c:\windows\system32\MpSigStub.exe
    2011-10-20 23:46 . 2010-01-14 20:12 632056 ----a-w- c:\windows\Image.dll
    2011-10-20 23:46 . 2010-01-13 17:47 206208 ----a-w- c:\windows\PLFSetI.exe
    2011-10-20 23:46 . 2010-01-11 23:16 49464 ----a-w- c:\windows\AutosetFrequency.exe
    2011-10-20 23:46 . 2009-12-14 17:05 25848 ----a-w- c:\windows\USB_VIDEO_REG.exe
    2011-10-20 23:46 . 2009-11-12 17:29 9168 ----a-w- c:\windows\Suyin.reg
    2011-10-20 23:46 . 2010-01-14 20:11 1664248 ----a-w- c:\windows\Acer Crystal Eye webcam.exe
    2011-10-20 23:44 . 2011-10-20 23:44 -------- d-----w- c:\program files\Synaptics
    2011-10-20 23:41 . 2011-10-20 23:41 -------- d-----w- c:\program files (x86)\Launch Manager
    2011-10-20 23:40 . 2011-10-20 23:40 -------- d---a-w- C:\book
    2011-10-20 23:37 . 2011-10-20 23:37 -------- d-----w- c:\programdata\OEM_E471269A730D
    2011-10-20 23:35 . 2011-10-20 23:40 -------- d-----w- c:\users\Sera
    2011-10-20 23:35 . 2011-10-20 23:35 -------- d-----w- C:\Recovery
    2011-10-20 23:32 . 2011-10-20 23:32 3 ----a-w- c:\windows\system32\PLD_Framework.cmd
    2011-10-20 23:30 . 2011-10-20 23:30 -------- d-----w- c:\program files\Common Files\Intel
    2011-10-20 23:30 . 2011-10-20 23:30 -------- d-----w- c:\program files (x86)\Common Files\Intel
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-10-22 21:07 . 2011-10-22 21:07 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4DC4B536-BE6F-4B65-8579-14F4BAF83506}\offreg.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-12-24 284696]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
    "BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-03-08 260608]
    "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-04-08 908368]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVXV1UtV0JEWEMtVllGTjMtUURKTUgtNDJBT0EtSzZIVTk&inst=NzctODY0MDM1OTI0LVNUMTJGT0krMS1ERFQrMC1FVUxBKzEtU1QxMkZBUFArMQ&prod=90&ver=2012.0.1831&mid=3d720b752d8847d1ad0ba113f0100082-1fc1b400056ed3528f3ecfcaab2643c4916260be" [?]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-06 50432]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-04-08 312400]
    S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-03-17 866336]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-24 13336]
    S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-03-08 250368]
    S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-06 144640]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
    S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
    S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
    .
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-29 9913376]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-04 166424]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-04 391192]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-04 410648]
    "PLFSetI"="c:\windows\PLFSetI.exe" [2010-01-13 206208]
    "Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-03-17 860704]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:blank
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = about:blank
    IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Sera\AppData\Roaming\Mozilla\Firefox\Profiles\ts1a5owq.default\
    FF - prefs.js: browser.startup.homepage - yahoo.com
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Toolbar-Locked - (no file)
    HKLM-Run-mwlDaemon - c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker3"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    c:\program files (x86)\Launch Manager\LMworker.exe
    .
    **************************************************************************
    .
    Completion time: 2011-10-22 14:23:55 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-10-22 21:23
    .
    Pre-Run: 266,657,427,456 bytes free
    Post-Run: 265,990,651,904 bytes free
    .
    - - End Of File - - 7FE860F294DBEA580C64C9B1F683DF55
     
  10. drjlo1

    drjlo1 TS Rookie Topic Starter

    TDSSKiller (after ComboFix was run) found zero threats.

    14:28:49.0369 2568 TDSS rootkit removing tool 2.6.12.0 Oct 21 2011 11:23:48
    14:28:49.0806 2568 ============================================================
    14:28:49.0806 2568 Current date / time: 2011/10/22 14:28:49.0806
    14:28:49.0806 2568 SystemInfo:
    14:28:49.0806 2568
    14:28:49.0806 2568 OS Version: 6.1.7600 ServicePack: 0.0
    14:28:49.0806 2568 Product type: Workstation
    14:28:49.0806 2568 ComputerName: SERA-PC
    14:28:49.0806 2568 UserName: Sera
    14:28:49.0806 2568 Windows directory: C:\Windows
    14:28:49.0806 2568 System windows directory: C:\Windows
    14:28:49.0806 2568 Running under WOW64
    14:28:49.0806 2568 Processor architecture: Intel x64
    14:28:49.0806 2568 Number of processors: 4
    14:28:49.0806 2568 Page size: 0x1000
    14:28:49.0806 2568 Boot type: Normal boot
    14:28:49.0806 2568 ============================================================
    14:28:50.0180 2568 Initialize success
    14:28:58.0214 1128 ============================================================
    14:28:58.0214 1128 Scan started
    14:28:58.0214 1128 Mode: Manual;
    14:28:58.0214 1128 ============================================================
    14:29:00.0398 1128 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
    14:29:00.0398 1128 1394ohci - ok
    14:29:00.0929 1128 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
    14:29:00.0944 1128 ACPI - ok
    14:29:01.0334 1128 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
    14:29:01.0350 1128 AcpiPmi - ok
    14:29:01.0740 1128 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    14:29:01.0756 1128 adp94xx - ok
    14:29:02.0177 1128 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    14:29:02.0192 1128 adpahci - ok
    14:29:02.0614 1128 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    14:29:02.0614 1128 adpu320 - ok
    14:29:03.0113 1128 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
    14:29:03.0113 1128 AFD - ok
    14:29:03.0550 1128 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
    14:29:03.0550 1128 agp440 - ok
    14:29:03.0971 1128 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
    14:29:03.0971 1128 aliide - ok
    14:29:04.0376 1128 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
    14:29:04.0376 1128 amdide - ok
    14:29:04.0798 1128 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    14:29:04.0798 1128 AmdK8 - ok
    14:29:05.0203 1128 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    14:29:05.0203 1128 AmdPPM - ok
    14:29:05.0593 1128 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
    14:29:05.0593 1128 amdsata - ok
    14:29:06.0030 1128 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    14:29:06.0030 1128 amdsbs - ok
    14:29:06.0529 1128 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
    14:29:06.0529 1128 amdxata - ok
    14:29:06.0950 1128 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
    14:29:06.0966 1128 AppID - ok
    14:29:07.0387 1128 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    14:29:07.0387 1128 arc - ok
    14:29:07.0777 1128 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    14:29:07.0793 1128 arcsas - ok
    14:29:08.0167 1128 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    14:29:08.0167 1128 AsyncMac - ok
    14:29:08.0620 1128 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
    14:29:08.0620 1128 atapi - ok
    14:29:09.0041 1128 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    14:29:09.0056 1128 b06bdrv - ok
    14:29:09.0478 1128 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    14:29:09.0493 1128 b57nd60a - ok
    14:29:10.0024 1128 BCM43XX (fde8c8dc07e75347e4c6b455a0964217) C:\Windows\system32\DRIVERS\bcmwl664.sys
    14:29:10.0055 1128 BCM43XX - ok
    14:29:10.0492 1128 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    14:29:10.0492 1128 Beep - ok
    14:29:10.0913 1128 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    14:29:10.0913 1128 blbdrive - ok
    14:29:11.0303 1128 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
    14:29:11.0303 1128 bowser - ok
    14:29:11.0724 1128 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    14:29:11.0724 1128 BrFiltLo - ok
    14:29:12.0098 1128 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    14:29:12.0098 1128 BrFiltUp - ok
    14:29:12.0535 1128 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    14:29:12.0551 1128 Brserid - ok
    14:29:12.0956 1128 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    14:29:12.0972 1128 BrSerWdm - ok
    14:29:13.0378 1128 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    14:29:13.0378 1128 BrUsbMdm - ok
    14:29:13.0768 1128 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    14:29:13.0783 1128 BrUsbSer - ok
    14:29:14.0173 1128 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    14:29:14.0173 1128 BTHMODEM - ok
    14:29:14.0626 1128 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    14:29:14.0626 1128 cdfs - ok
    14:29:15.0000 1128 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
    14:29:15.0000 1128 cdrom - ok
    14:29:15.0390 1128 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    14:29:15.0390 1128 circlass - ok
    14:29:15.0671 1128 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    14:29:15.0671 1128 CLFS - ok
    14:29:16.0123 1128 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    14:29:16.0123 1128 CmBatt - ok
    14:29:16.0513 1128 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
    14:29:16.0513 1128 cmdide - ok
    14:29:16.0919 1128 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
    14:29:16.0934 1128 CNG - ok
    14:29:17.0356 1128 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    14:29:17.0356 1128 Compbatt - ok
    14:29:17.0730 1128 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
    14:29:17.0730 1128 CompositeBus - ok
    14:29:18.0120 1128 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    14:29:18.0120 1128 crcdisk - ok
    14:29:18.0557 1128 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
    14:29:18.0557 1128 DfsC - ok
    14:29:18.0962 1128 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    14:29:18.0962 1128 discache - ok
    14:29:19.0352 1128 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    14:29:19.0368 1128 Disk - ok
    14:29:19.0789 1128 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    14:29:19.0789 1128 drmkaud - ok
    14:29:20.0210 1128 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
    14:29:20.0210 1128 DXGKrnl - ok
    14:29:20.0866 1128 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    14:29:20.0912 1128 ebdrv - ok
    14:29:21.0365 1128 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    14:29:21.0380 1128 elxstor - ok
    14:29:21.0786 1128 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
    14:29:21.0786 1128 ErrDev - ok
    14:29:22.0176 1128 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    14:29:22.0192 1128 exfat - ok
    14:29:22.0613 1128 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    14:29:22.0613 1128 fastfat - ok
    14:29:23.0050 1128 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    14:29:23.0050 1128 fdc - ok
    14:29:23.0471 1128 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    14:29:23.0471 1128 FileInfo - ok
    14:29:23.0908 1128 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    14:29:23.0908 1128 Filetrace - ok
    14:29:24.0282 1128 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    14:29:24.0298 1128 flpydisk - ok
    14:29:24.0688 1128 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
    14:29:24.0688 1128 FltMgr - ok
    14:29:25.0124 1128 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    14:29:25.0124 1128 FsDepends - ok
    14:29:25.0514 1128 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    14:29:25.0514 1128 Fs_Rec - ok
    14:29:25.0904 1128 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
    14:29:25.0904 1128 fvevol - ok
    14:29:26.0341 1128 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    14:29:26.0341 1128 gagp30kx - ok
    14:29:26.0794 1128 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    14:29:26.0794 1128 hcw85cir - ok
    14:29:27.0215 1128 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
    14:29:27.0230 1128 HdAudAddService - ok
    14:29:27.0652 1128 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
    14:29:27.0652 1128 HDAudBus - ok
    14:29:28.0026 1128 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
    14:29:28.0026 1128 HECIx64 - ok
    14:29:28.0385 1128 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    14:29:28.0385 1128 HidBatt - ok
    14:29:28.0790 1128 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    14:29:28.0790 1128 HidBth - ok
    14:29:29.0180 1128 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    14:29:29.0180 1128 HidIr - ok
    14:29:29.0555 1128 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
    14:29:29.0555 1128 HidUsb - ok
    14:29:29.0945 1128 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
    14:29:29.0945 1128 HpSAMD - ok
    14:29:30.0335 1128 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
    14:29:30.0350 1128 HTTP - ok
    14:29:30.0756 1128 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
    14:29:30.0756 1128 hwpolicy - ok
    14:29:31.0115 1128 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
    14:29:31.0115 1128 i8042prt - ok
    14:29:31.0567 1128 iaStor (42e00996dfc13c46366689c0ea8abc5e) C:\Windows\system32\DRIVERS\iaStor.sys
    14:29:31.0567 1128 iaStor - ok
    14:29:32.0004 1128 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
    14:29:32.0020 1128 iaStorV - ok
    14:29:32.0597 1128 igfx (898ab5bfed7040d7ab07af01885eb944) C:\Windows\system32\DRIVERS\igdkmd64.sys
    14:29:32.0784 1128 igfx - ok
    14:29:33.0158 1128 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    14:29:33.0158 1128 iirsp - ok
    14:29:33.0595 1128 Impcd (4b6363cd4610bb848531bb260b15dfcc) C:\Windows\system32\DRIVERS\Impcd.sys
    14:29:33.0595 1128 Impcd - ok
    14:29:34.0063 1128 IntcAzAudAddService (51c98815721b44bf70e8aeb3ff3f57d6) C:\Windows\system32\drivers\RTKVHD64.sys
    14:29:34.0079 1128 IntcAzAudAddService - ok
    14:29:34.0500 1128 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys
    14:29:34.0516 1128 IntcDAud - ok
    14:29:34.0890 1128 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
    14:29:34.0890 1128 intelide - ok
    14:29:35.0264 1128 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    14:29:35.0264 1128 intelppm - ok
    14:29:35.0639 1128 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    14:29:35.0639 1128 IpFilterDriver - ok
    14:29:36.0029 1128 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
    14:29:36.0029 1128 IPMIDRV - ok
    14:29:36.0450 1128 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    14:29:36.0450 1128 IPNAT - ok
    14:29:36.0856 1128 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    14:29:36.0856 1128 IRENUM - ok
    14:29:37.0246 1128 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
    14:29:37.0246 1128 isapnp - ok
    14:29:37.0651 1128 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
    14:29:37.0651 1128 iScsiPrt - ok
    14:29:38.0072 1128 k57nd60a (c9b4ecc187581e5bf3f76648884b7829) C:\Windows\system32\DRIVERS\k57nd60a.sys
    14:29:38.0072 1128 k57nd60a - ok
    14:29:38.0462 1128 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    14:29:38.0462 1128 kbdclass - ok
    14:29:38.0821 1128 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
    14:29:38.0821 1128 kbdhid - ok
    14:29:39.0196 1128 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
    14:29:39.0211 1128 KSecDD - ok
    14:29:39.0570 1128 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
    14:29:39.0586 1128 KSecPkg - ok
    14:29:39.0944 1128 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    14:29:39.0944 1128 ksthunk - ok
    14:29:40.0412 1128 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    14:29:40.0412 1128 lltdio - ok
    14:29:40.0802 1128 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    14:29:40.0802 1128 LSI_FC - ok
    14:29:41.0161 1128 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    14:29:41.0177 1128 LSI_SAS - ok
    14:29:41.0551 1128 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    14:29:41.0551 1128 LSI_SAS2 - ok
    14:29:41.0910 1128 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    14:29:41.0910 1128 LSI_SCSI - ok
    14:29:42.0269 1128 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    14:29:42.0269 1128 luafv - ok
    14:29:42.0612 1128 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    14:29:42.0628 1128 megasas - ok
    14:29:43.0064 1128 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    14:29:43.0064 1128 MegaSR - ok
    14:29:43.0454 1128 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    14:29:43.0454 1128 Modem - ok
    14:29:43.0813 1128 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    14:29:43.0813 1128 monitor - ok
    14:29:44.0188 1128 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    14:29:44.0188 1128 mouclass - ok
    14:29:44.0593 1128 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    14:29:44.0593 1128 mouhid - ok
    14:29:44.0968 1128 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
    14:29:44.0968 1128 mountmgr - ok
    14:29:45.0389 1128 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
    14:29:45.0389 1128 mpio - ok
    14:29:45.0919 1128 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    14:29:45.0919 1128 mpsdrv - ok
    14:29:46.0356 1128 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
    14:29:46.0356 1128 MRxDAV - ok
    14:29:46.0793 1128 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
    14:29:46.0793 1128 mrxsmb - ok
    14:29:47.0214 1128 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    14:29:47.0214 1128 mrxsmb10 - ok
    14:29:47.0620 1128 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    14:29:47.0620 1128 mrxsmb20 - ok
    14:29:48.0025 1128 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
    14:29:48.0025 1128 msahci - ok
    14:29:48.0415 1128 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
    14:29:48.0415 1128 msdsm - ok
    14:29:48.0837 1128 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    14:29:48.0837 1128 Msfs - ok
    14:29:49.0227 1128 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    14:29:49.0227 1128 mshidkmdf - ok
    14:29:49.0617 1128 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
    14:29:49.0617 1128 msisadrv - ok
    14:29:50.0007 1128 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    14:29:50.0007 1128 MSKSSRV - ok
    14:29:50.0397 1128 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    14:29:50.0397 1128 MSPCLOCK - ok
    14:29:50.0802 1128 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    14:29:50.0802 1128 MSPQM - ok
    14:29:51.0239 1128 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
    14:29:51.0239 1128 MsRPC - ok
    14:29:51.0645 1128 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
    14:29:51.0645 1128 mssmbios - ok
    14:29:52.0019 1128 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    14:29:52.0019 1128 MSTEE - ok
    14:29:52.0393 1128 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    14:29:52.0393 1128 MTConfig - ok
    14:29:52.0799 1128 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    14:29:52.0799 1128 Mup - ok
    14:29:53.0267 1128 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    14:29:53.0283 1128 NativeWifiP - ok
    14:29:53.0719 1128 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
    14:29:53.0735 1128 NDIS - ok
    14:29:54.0109 1128 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    14:29:54.0109 1128 NdisCap - ok
    14:29:54.0499 1128 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    14:29:54.0499 1128 NdisTapi - ok
    14:29:54.0889 1128 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
    14:29:54.0889 1128 Ndisuio - ok
    14:29:55.0295 1128 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
    14:29:55.0295 1128 NdisWan - ok
    14:29:55.0716 1128 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
    14:29:55.0716 1128 NDProxy - ok
    14:29:56.0106 1128 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    14:29:56.0106 1128 NetBIOS - ok
    14:29:56.0559 1128 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
    14:29:56.0574 1128 NetBT - ok
    14:29:56.0995 1128 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    14:29:56.0995 1128 nfrd960 - ok
    14:29:57.0370 1128 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    14:29:57.0385 1128 Npfs - ok
    14:29:57.0729 1128 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    14:29:57.0729 1128 nsiproxy - ok
    14:29:58.0306 1128 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
    14:29:58.0337 1128 Ntfs - ok
    14:29:58.0727 1128 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
    14:29:58.0727 1128 NTIDrvr - ok
    14:29:59.0086 1128 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    14:29:59.0086 1128 Null - ok
    14:29:59.0507 1128 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
    14:29:59.0523 1128 nvraid - ok
    14:29:59.0913 1128 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
    14:29:59.0928 1128 nvstor - ok
    14:30:00.0287 1128 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
    14:30:00.0287 1128 nv_agp - ok
    14:30:00.0693 1128 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
    14:30:00.0693 1128 ohci1394 - ok
    14:30:01.0114 1128 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    14:30:01.0129 1128 Parport - ok
    14:30:01.0535 1128 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
    14:30:01.0535 1128 partmgr - ok
    14:30:01.0956 1128 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
    14:30:01.0956 1128 pci - ok
    14:30:02.0362 1128 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
    14:30:02.0377 1128 pciide - ok
    14:30:02.0783 1128 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    14:30:02.0799 1128 pcmcia - ok
    14:30:03.0173 1128 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    14:30:03.0173 1128 pcw - ok
    14:30:03.0641 1128 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    14:30:03.0657 1128 PEAUTH - ok
    14:30:04.0093 1128 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
    14:30:04.0093 1128 PptpMiniport - ok
    14:30:04.0468 1128 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    14:30:04.0468 1128 Processor - ok
    14:30:04.0936 1128 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
    14:30:04.0936 1128 Psched - ok
    14:30:05.0466 1128 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    14:30:05.0497 1128 ql2300 - ok
    14:30:05.0856 1128 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    14:30:05.0872 1128 ql40xx - ok
    14:30:06.0231 1128 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    14:30:06.0231 1128 QWAVEdrv - ok
    14:30:06.0636 1128 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    14:30:06.0636 1128 RasAcd - ok
    14:30:07.0042 1128 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    14:30:07.0042 1128 RasAgileVpn - ok
    14:30:07.0463 1128 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
    14:30:07.0463 1128 Rasl2tp - ok
    14:30:07.0869 1128 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    14:30:07.0869 1128 RasPppoe - ok
    14:30:08.0243 1128 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    14:30:08.0259 1128 RasSstp - ok
    14:30:08.0680 1128 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
    14:30:08.0680 1128 rdbss - ok
    14:30:09.0085 1128 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    14:30:09.0085 1128 rdpbus - ok
    14:30:09.0491 1128 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    14:30:09.0491 1128 RDPCDD - ok
    14:30:09.0897 1128 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    14:30:09.0897 1128 RDPENCDD - ok
    14:30:10.0271 1128 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    14:30:10.0287 1128 RDPREFMP - ok
    14:30:10.0645 1128 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
    14:30:10.0661 1128 RDPWD - ok
    14:30:11.0035 1128 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
    14:30:11.0035 1128 rdyboost - ok
    14:30:11.0425 1128 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    14:30:11.0425 1128 rspndr - ok
    14:30:11.0800 1128 RSUSBSTOR (3ceee53bbf8ba284ff44585cec0162fe) C:\Windows\System32\Drivers\RtsUStor.sys
    14:30:11.0815 1128 RSUSBSTOR - ok
    14:30:12.0174 1128 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
    14:30:12.0174 1128 sbp2port - ok
    14:30:12.0580 1128 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
    14:30:12.0580 1128 scfilter - ok
    14:30:13.0001 1128 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    14:30:13.0001 1128 secdrv - ok
    14:30:13.0407 1128 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    14:30:13.0407 1128 Serenum - ok
    14:30:13.0812 1128 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    14:30:13.0812 1128 Serial - ok
    14:30:14.0218 1128 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    14:30:14.0218 1128 sermouse - ok
    14:30:14.0639 1128 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
    14:30:14.0639 1128 sffdisk - ok
    14:30:15.0060 1128 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
    14:30:15.0060 1128 sffp_mmc - ok
    14:30:15.0466 1128 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
    14:30:15.0466 1128 sffp_sd - ok
    14:30:15.0871 1128 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    14:30:15.0887 1128 sfloppy - ok
    14:30:16.0308 1128 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    14:30:16.0308 1128 SiSRaid2 - ok
    14:30:16.0667 1128 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    14:30:16.0667 1128 SiSRaid4 - ok
    14:30:17.0041 1128 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    14:30:17.0041 1128 Smb - ok
    14:30:17.0447 1128 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    14:30:17.0447 1128 spldr - ok
    14:30:17.0899 1128 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
    14:30:17.0899 1128 srv - ok
    14:30:18.0305 1128 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
    14:30:18.0321 1128 srv2 - ok
    14:30:18.0695 1128 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
    14:30:18.0695 1128 srvnet - ok
    14:30:19.0069 1128 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    14:30:19.0069 1128 stexstor - ok
    14:30:19.0428 1128 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
    14:30:19.0428 1128 swenum - ok
    14:30:19.0834 1128 SynTP (064a2530a4a7c7cec1be6a1945645be4) C:\Windows\system32\DRIVERS\SynTP.sys
    14:30:19.0834 1128 SynTP - ok
    14:30:20.0271 1128 Tcpip (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\drivers\tcpip.sys
    14:30:20.0286 1128 Tcpip - ok
    14:30:20.0707 1128 TCPIP6 (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\DRIVERS\tcpip.sys
    14:30:20.0723 1128 TCPIP6 - ok
    14:30:21.0113 1128 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
    14:30:21.0113 1128 tcpipreg - ok
    14:30:21.0487 1128 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    14:30:21.0487 1128 TDPIPE - ok
    14:30:21.0862 1128 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    14:30:21.0862 1128 TDTCP - ok
    14:30:22.0221 1128 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
    14:30:22.0221 1128 tdx - ok
    14:30:22.0611 1128 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
    14:30:22.0611 1128 TermDD - ok
    14:30:23.0047 1128 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
    14:30:23.0047 1128 tssecsrv - ok
    14:30:23.0453 1128 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
    14:30:23.0453 1128 tunnel - ok
    14:30:23.0859 1128 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    14:30:23.0859 1128 uagp35 - ok
    14:30:24.0264 1128 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
    14:30:24.0264 1128 UBHelper - ok
    14:30:24.0701 1128 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
    14:30:24.0701 1128 udfs - ok
    14:30:25.0138 1128 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
    14:30:25.0138 1128 uliagpkx - ok
    14:30:25.0512 1128 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
    14:30:25.0512 1128 umbus - ok
    14:30:25.0871 1128 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    14:30:25.0871 1128 UmPass - ok
    14:30:26.0308 1128 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
    14:30:26.0308 1128 usbccgp - ok
    14:30:26.0713 1128 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
    14:30:26.0713 1128 usbcir - ok
    14:30:27.0119 1128 usbehci (cb490987a7f6928a04bb838e3bd8a936) C:\Windows\system32\DRIVERS\usbehci.sys
    14:30:27.0119 1128 usbehci - ok
    14:30:27.0556 1128 usbhub (18124ef0a881a00ee222d02a3ee30270) C:\Windows\system32\DRIVERS\usbhub.sys
    14:30:27.0571 1128 usbhub - ok
    14:30:27.0961 1128 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
    14:30:27.0961 1128 usbohci - ok
    14:30:28.0351 1128 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    14:30:28.0351 1128 usbprint - ok
    14:30:28.0773 1128 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    14:30:28.0773 1128 USBSTOR - ok
    14:30:29.0209 1128 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
    14:30:29.0209 1128 usbuhci - ok
    14:30:29.0615 1128 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys
    14:30:29.0631 1128 usbvideo - ok
    14:30:30.0036 1128 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
    14:30:30.0036 1128 vdrvroot - ok
    14:30:30.0473 1128 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    14:30:30.0473 1128 vga - ok
    14:30:30.0832 1128 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    14:30:30.0832 1128 VgaSave - ok
    14:30:31.0222 1128 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
    14:30:31.0222 1128 vhdmp - ok
    14:30:31.0612 1128 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
    14:30:31.0612 1128 viaide - ok
    14:30:32.0017 1128 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
    14:30:32.0017 1128 volmgr - ok
    14:30:32.0423 1128 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
    14:30:32.0423 1128 volmgrx - ok
    14:30:32.0797 1128 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
    14:30:32.0813 1128 volsnap - ok
    14:30:33.0203 1128 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    14:30:33.0203 1128 vsmraid - ok
    14:30:33.0562 1128 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    14:30:33.0562 1128 vwifibus - ok
    14:30:33.0936 1128 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    14:30:33.0936 1128 vwififlt - ok
    14:30:34.0357 1128 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    14:30:34.0357 1128 WacomPen - ok
    14:30:34.0763 1128 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    14:30:34.0763 1128 WANARP - ok
    14:30:34.0779 1128 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    14:30:34.0779 1128 Wanarpv6 - ok
    14:30:35.0200 1128 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    14:30:35.0200 1128 Wd - ok
    14:30:35.0574 1128 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    14:30:35.0590 1128 Wdf01000 - ok
    14:30:36.0027 1128 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    14:30:36.0027 1128 WfpLwf - ok
    14:30:36.0385 1128 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    14:30:36.0385 1128 WIMMount - ok
    14:30:36.0838 1128 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
    14:30:36.0838 1128 WmiAcpi - ok
    14:30:37.0259 1128 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    14:30:37.0275 1128 ws2ifsl - ok
    14:30:37.0696 1128 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
    14:30:37.0696 1128 WudfPf - ok
    14:30:37.0727 1128 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    14:30:37.0758 1128 \Device\Harddisk0\DR0 - ok
    14:30:37.0758 1128 Boot (0x1200) (fecbb432cf37e836dfd845ff07da652f) \Device\Harddisk0\DR0\Partition0
    14:30:37.0758 1128 \Device\Harddisk0\DR0\Partition0 - ok
    14:30:37.0774 1128 Boot (0x1200) (ccc0c62b3284e18a13611efa867e85b3) \Device\Harddisk0\DR0\Partition1
    14:30:37.0774 1128 \Device\Harddisk0\DR0\Partition1 - ok
    14:30:37.0774 1128 ============================================================
    14:30:37.0774 1128 Scan finished
    14:30:37.0774 1128 ============================================================
    14:30:37.0789 1952 Detected object count: 0
    14:30:37.0789 1952 Actual detected object count: 0
     
  11. drjlo1

    drjlo1 TS Rookie Topic Starter

    Good Lord, after all this, the browser is still redirecting!!

    What could possibly be remaining, even after I do a system restore to factory reset? Which I tried even before posting here on Techspot? Should clean install of Windows be next?
     
  12. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Your MBR is still infected.

    Please Boot to the System Recovery Options
    If you have Windows 7 installation disc, just insert a DVD to the drive, restart computer and it should load automatically (option two presented in the article).
    It's possible also that your computer has a pre-installed recovery partition instead - in such a case use a method one (by pressing F8 before Windows starts loading)...

    On the System Recovery Options menu you will get the following options:

    • Startup Repair
    • System Restore
    • Windows Complete PC Restore
    • Windows Memory Diagnostic Tool
    • Command Prompt

    Choose Command Prompt
    You should see X:\SOURCES>...

    Execute the following commands in bold.
    Press Enter after every one of them.

    bootrec /fixmbr (<--- there is a "space" after "bootrec")

    exit

    Restart computer.

    Post new aswMBR log.
     
  13. drjlo1

    drjlo1 TS Rookie Topic Starter

    Hm. After I did the bootrec /fixmber and exit, the computer is now saying "Your computer was unable to start" and is offering me Startup Repair..
     
  14. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Go back to System Recovery.
    Perform bootrec /fixmbr command one more time and additionally perform this command:
    bootrec /fixboot
    Make sure you don't misspell anything.
     
  15. drjlo1

    drjlo1 TS Rookie Topic Starter

    OK did that.
    Computer still says computer is unable to start and offers Startup Repair option. One difference from before is I can for a split second see a blue screen with white letters on top,which I can't make out due to the short duration. This screen comes up, then it goes to black to give me the Startup Repair screen. Even if I press startup repair, after a while, it just gives the mesage "Windows cannot repair this computer automatically."

    This is an Acer Aspire 5741-5763 and never came with the Windows disc. In the beginning, I did make the "backup" DVD's as the computer instructed, but if the computer does not boot at all, how does one Restore the computer using the backup DVD's I had made? Do you just stick in the disc #1 and restart?
     
  16. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Did you try to boot to safe mode?
     
  17. drjlo1

    drjlo1 TS Rookie Topic Starter

    Yes, even in safe mode, windows still fails to start and gives me the same Repair Startup Menu, which does not fix things.
     
  18. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Let's see, if we can look at your computer booting from an external source.

    Please download OTLPE (filesize 120,9 MB)

    • When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
    • Reboot your system using the boot CD you just created.
      • Note : If you do not know how to set your computer to boot from CD follow the steps HERE
    • Your system should now display a REATOGO-X-PE desktop.
    • Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
    • Double-click on the OTLPE icon.
    • When asked Do you wish to load the remote registry, select Yes
    • When asked Do you wish to load remote user profile(s) for scanning, select Yes
    • Ensure the box Automatically Load All Remaining Users" is checked and press OK
    • OTL should now start.
    • Press Run Scan to start the scan.
    • When finished, the file will be saved in drive C:\OTL.txt
    • Copy this file to your USB drive if you do not have internet connection on this system
    • Please post the contents of the OTL.txt file in your reply.
     
  19. drjlo1

    drjlo1 TS Rookie Topic Starter

    I booted from the OTLPE disc, and it went to REATOGO-X-PE, then a blue screen appeared that said: "A problem has been detected and windows has been shut down to prevent damage to your computer

    If this is the first time...restart ...if again, follow these steps:
    Check for viruses..remove any newly installed hard drives...Run CHKDSK /F to check for hard drive corruption, etc

    Technical Information:
    *** Stop: 0x0000007B (OxF78DA528, OxC0000034, 0x00000000, zx00000000)"
     
  20. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    1. Click Start, click Run, type chkdsk /f /r, and then click OK.
    2. At the command prompt, type Y to let the disk scanner run when you restart the computer.
    3. Restart the computer.
    4. Chkdsk will run.
     
  21. drjlo1

    drjlo1 TS Rookie Topic Starter

    I could not even get to the "start" button since I could not boot in any mode, normal, safe, or OTLPE boot disc.

    I ended up just Restoring to factory settings and hope for the best. So far so good this time, and I wonder fixmbr command made the difference this time compared to last time I did the factory reset.

    I ran ansMBR after reset.


    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-10-24 22:46:27
    -----------------------------
    22:46:27.357 OS Version: Windows x64 6.1.7600
    22:46:27.357 Number of processors: 4 586 0x2502
    22:46:27.358 ComputerName: SERA-PC UserName: sera
    22:46:29.906 Initialize success
    22:46:30.067 AVAST engine defs: 11102402
    22:46:42.090 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    22:46:42.094 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
    22:46:42.112 Disk 0 MBR read successfully
    22:46:42.117 Disk 0 MBR scan
    22:46:42.122 Disk 0 Windows 7 default MBR code
    22:46:42.126 Service scanning
    22:46:45.882 Modules scanning
    22:46:45.889 Disk 0 trace - called modules:
    22:46:45.923 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
    22:46:45.930 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005229060]
    22:46:45.936 3 CLASSPNP.SYS[fffff88001aad43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004faf050]
    22:46:47.704 AVAST engine scan C:\Windows
    22:46:52.029 AVAST engine scan C:\Windows\system32
    22:47:41.061 AVAST engine scan C:\Windows\system32\drivers
    22:47:45.644 AVAST engine scan C:\Users\sera
    22:48:08.466 AVAST engine scan C:\ProgramData
    22:48:14.831 Scan finished successfully
    22:48:54.533 Disk 0 MBR has been saved successfully to "C:\Users\sera\Desktop\MBR.dat"
    22:48:54.538 The log file has been saved successfully to "C:\Users\sera\Desktop\aswMBR.txt"
     
  22. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    It looks good now.
    You should be good to go.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...