Iexplore.exe processes pop up, apparent rootkit infection

Inactive
By DoktrMik
Jul 24, 2010
Topic Status:
Not open for further replies.
  1. DoktrMik

    DoktrMik Newcomer, in training Topic Starter Posts: 68

    Yes, it's present. I'm not using the machine until I have time to deal with this problem.
  2. Broni

    Broni Malware Annihilator Posts: 46,182   +251

    Post back, please, when you're more free and we'll go from there.
  3. Broni

    Broni Malware Annihilator Posts: 46,182   +251

    Thread has been reopened.
  4. DoktrMik

    DoktrMik Newcomer, in training Topic Starter Posts: 68

    So should I run Combofix again, as you last requested, or do you have some other idea?

    I've literally done nothing to the machine since we last discussed this, except for print a couple of documents. It's been turned off for all but a few minutes in the last couple weeks ;(
  5. Broni

    Broni Malware Annihilator Posts: 46,182   +251

    Yes, download fresh copy of Combofix and run it.
  6. DoktrMik

    DoktrMik Newcomer, in training Topic Starter Posts: 68

    Alright, let's get this done!

    I connected to the internet, closed all my programs other than task manager, disabled my antivirus (NOD32), then started to run ComboFix from the desktop. Almost immediately, between six and eight iexplore.exe processes appeared, then immediately disappeared (presumably because ComboFix disconnected me?). Task manager closed pretty quickly too, so I have no idea if the processes were there afterwards.

    ComboFix then ran through to step 52, and rebooted the machine. After rebooting, i could hear a commercial playing while ComboFix was creating its logs. CF finished, created the log file.

    I rebooted and after being connected for 30-40 seconds, a pair of iexplore.exe processes popped up. So we're right back where we were, but I have a fresh log and hopefully running ComboFix while connected did something differently.

    Attached Files:

  7. Broni

    Broni Malware Annihilator Posts: 46,182   +251

    Clear your Java Cache

    • Go Start>Control Panel (Classic View)>Java
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - leave BOTH checked
      • Applications and Applets
      • Trace and Log Files
    • Click OK on Delete Temporary Files Window.
      • Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.

    ======================================================================

    Go Start>Run (Start search in Vista), type in:
    cmd
    Click OK (in Vista, while holding CTRL, and SHIFT, press Enter).

    In Command Prompt window, type in following commands, and hit Enter after each one:
    ipconfig /flushdns
    ipconfig /registerdns
    ipconfig /release
    ipconfig /renew
    net stop "dns client"
    net start "dns client"


    Your router may be infected.
    We need to hard reset it.
    Turn the computer off.

    On your router, you'll find a pinhole marked "Reset".
    Keep pushing the hole, using a pencil, or a paperclip until all lights briefly come off and on.
    Restart computer and check for redirections
  8. DoktrMik

    DoktrMik Newcomer, in training Topic Starter Posts: 68

    I don't have Java installed. Due to these issues I uninstalled Java completely. Should I clean up some directory instead?

    How sure are you about the router? I have a complex router setup that took me some time to configure correctly, and I don't want to have to repeat that. Basically I have a FIOS router but in order to get wireless N capability I have connected a D-Link wireless router directly to the FIOS router, which has wireless turned off. Should be straightforward but I had no end of trouble getting it to work.

    Another data point is that I have multiple machines in the house: another Windows XP machine (which I'm typing on now) and a Macbook.

    Do I need to be connected in order to run the ipconfig commands?
  9. Broni

    Broni Malware Annihilator Posts: 46,182   +251

    Good question, but I don't think, you have to be connected. It resets your computer, nothing else.

    Regarding router, I can see it as one our last chances to solve this issue.
    Your computer should be 99.9% clean at this point and I've seen number of cases (especially lately), where resetting router solved the problem.
    Just make sure, you write all necessary info down before proceeding.
  10. DoktrMik

    DoktrMik Newcomer, in training Topic Starter Posts: 68

    Fair enough. I'll consider resetting the router. Interestingly, I ran the ipconfig and net commands while connected, then rebooted. After connecting it took almost 10 minutes for any iexplore.exe processes to be created - much longer than usual. I wonder if I somehow resolved the issue but the router re-infected me.

    One interesting thing I just thought of is that the other machines connect wirelessly, whereas the desktop in question is the only thing connecting directly via ethernet cable. Gonna try a couple more things before I reboot the router...
  11. Broni

    Broni Malware Annihilator Posts: 46,182   +251

    Very possible.

    I don't think wired/wireless matters.
    Remember, that your computer was infected with Whistler bootkit.
     
  12. DoktrMik

    DoktrMik Newcomer, in training Topic Starter Posts: 68

    Hmmm...interesting. Connected wirelessly from desktop instead of directly to router using ethernet cable. So far 30 minutes connected with no iexplore.exe processes. Your idea is starting to sound convincing!
  13. Broni

    Broni Malware Annihilator Posts: 46,182   +251

    I better.....hehehe
  14. DoktrMik

    DoktrMik Newcomer, in training Topic Starter Posts: 68

    The reason I was thinking wired vs. wireless might matter is that I have a Win XP laptop that connects wirelessly to the same router, and has had no issues in the 3 weeks that I've had this problem. So if it was the router, why didn't the laptop get issues?

    I just tried to connect via ethernet to the router again, and again within 2 minutes I had popups.
  15. Broni

    Broni Malware Annihilator Posts: 46,182   +251

    Because your desktop was infected with Whistler bootkit and your laptop wasn't.
  16. DoktrMik

    DoktrMik Newcomer, in training Topic Starter Posts: 68

    Sorry for the delay, this took me a while... I did a hard reset of the router and unfortunately it didn't help.

    Agh.
  17. Broni

    Broni Malware Annihilator Posts: 46,182   +251

    Please, post fresh Combofix log.
  18. DoktrMik

    DoktrMik Newcomer, in training Topic Starter Posts: 68

    Here you go... (thx!! :D)

    Attached Files:

  19. Broni

    Broni Malware Annihilator Posts: 46,182   +251

    Damn...I don't see anything malicious....

    Can you bypass the router and connect your computer straight to the modem?
    Check for the issues.
    Shut the computer down first...
  20. DoktrMik

    DoktrMik Newcomer, in training Topic Starter Posts: 68

    I already tried that. I have a Verizon FIOS router/modem which I'm connecting to a D-Link wireless router. I've reset both and tried connecting directly to the Verizon router as well as directly to D-Link both wired and wirelessly. No matter what I do eventually the processes turn up. Sometimes it take 1 minute, sometimes 30 but they always come back.
  21. Broni

    Broni Malware Annihilator Posts: 46,182   +251

    Please download The Avenger by Swandog46 to your Desktop.
    - Right click on the Avenger.zip folder and select Extract All...
    - Follow the prompts and extract the avenger folder to your desktop

    Double click on avenger.exe.
    Click OK in pop-up window.

    Avenger window will open.

    Click on Execute button.
    Click OK in two consecutive pop-up windows.

    Your computer will re-boot now.

    Upon re-boot, Notepad window will open.
    Select all text, copy it, and paste it into next reply.

    NOTE. If the log doesn't open on reboot, open Avenger again, and go File>Open Log File.

    =======================================================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

    =====================================================================

    Download RootRepeal.zip (Mirror1, Mirror2) and unzip it to your Desktop.
    • Double click RootRepeal.exe to start the program
    • Click on the Report tab at the bottom of the program window
    • Click the Scan button
    • In the Select Scan dialog, check:

      • [*]Drivers
        [*]Files
        [*]Processes
        [*]SSDT
        [*]Stealth Objects
        [*]Hidden Services
    • Click the OK button
    • In the next dialog, select all drives showing
    • Click OK to start the scan
      Note: The scan can take some time. DO NOT run any other programs while the scan is running
    • When the scan is complete, the Save Report button will become available
    • Click this and save the report to your Desktop as RootRepeal.txt
    • Go to File, then Exit to close the program
    Open RootRepeal.txt file with Notepad, copy, and paste all content into your next reply.

    If the report is not too long, post the contents of RootRepeal.txt in your next reply. If the report is very long, it will not be complete if you post it, so please attach it to your reply instead.

    =====================================================================

    Fresh "Quick scan" from OTL.
  22. DoktrMik

    DoktrMik Newcomer, in training Topic Starter Posts: 68

    OK, I'll do them one at a time...

    L o g f i l e o f T h e A v e n g e r V e r s i o n 2 . 0 , ( c ) b y S w a n d o g 4 6

    h t t p : / / s w a n d o g 4 6 . g e e k s t o g o . c o m

    P l a t f o r m : W i n d o w s X P


    * * * * * * * * * * * * * * * * * * *

    S c r i p t f i l e o p e n e d s u c c e s s f u l l y .

    S c r i p t f i l e r e a d s u c c e s s f u l l y .

    B a c k u p s d i r e c t o r y o p e n e d s u c c e s s f u l l y a t C : \ A v e n g e r


    * * * * * * * * * * * * * * * * * * *


    B e g i n n i n g t o p r o c e s s s c r i p t f i l e :


    R o o t k i t s c a n a c t i v e .

    N o r o o t k i t s f o u n d !



    C o m p l e t e d s c r i p t p r o c e s s i n g .


    * * * * * * * * * * * * * * * * * * *


    F i n i s h e d ! T e r m i n a t e .
  23. Broni

    Broni Malware Annihilator Posts: 46,182   +251

    OK..........
  24. DoktrMik

    DoktrMik Newcomer, in training Topic Starter Posts: 68

    2010/08/19 22:47:55.0968 TDSS rootkit removing tool 2.4.1.2 Aug 16 2010 09:46:23
    2010/08/19 22:47:55.0968 ================================================================================
    2010/08/19 22:47:55.0968 SystemInfo:
    2010/08/19 22:47:55.0968
    2010/08/19 22:47:55.0968 OS Version: 5.1.2600 ServicePack: 3.0
    2010/08/19 22:47:55.0968 Product type: Workstation
    2010/08/19 22:47:55.0968 ComputerName: CASTLEROCK
    2010/08/19 22:47:55.0968 UserName: [name removed]
    2010/08/19 22:47:55.0968 Windows directory: C:\WINDOWS
    2010/08/19 22:47:55.0968 System windows directory: C:\WINDOWS
    2010/08/19 22:47:55.0968 Processor architecture: Intel x86
    2010/08/19 22:47:55.0968 Number of processors: 4
    2010/08/19 22:47:55.0968 Page size: 0x1000
    2010/08/19 22:47:55.0968 Boot type: Normal boot
    2010/08/19 22:47:55.0968 ================================================================================
    2010/08/19 22:47:56.0390 Initialize success
    2010/08/19 22:48:14.0328 ================================================================================
    2010/08/19 22:48:14.0328 Scan started
    2010/08/19 22:48:14.0328 Mode: Manual;
    2010/08/19 22:48:14.0328 ================================================================================
    2010/08/19 22:48:15.0093 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2010/08/19 22:48:15.0125 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    2010/08/19 22:48:15.0187 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2010/08/19 22:48:15.0218 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
    2010/08/19 22:48:15.0250 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
    2010/08/19 22:48:15.0421 ANIO (2953a157a783bfc06f42f99fefa5eb07) C:\WINDOWS\system32\ANIO.SYS
    2010/08/19 22:48:15.0453 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    2010/08/19 22:48:15.0531 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2010/08/19 22:48:15.0562 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2010/08/19 22:48:15.0593 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2010/08/19 22:48:15.0640 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2010/08/19 22:48:15.0687 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2010/08/19 22:48:15.0843 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2010/08/19 22:48:15.0890 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2010/08/19 22:48:15.0921 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2010/08/19 22:48:15.0968 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2010/08/19 22:48:16.0062 CVirtA (5c706c06c1279952d2cc1a609ca948bf) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
    2010/08/19 22:48:16.0109 CVPNDRVA (5ba042bcab6246c6bba51606afd7b488) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
    2010/08/19 22:48:16.0187 DgiVecp (770471de2550820feeb7e5d24bf2e273) C:\WINDOWS\system32\Drivers\DgiVecp.sys
    2010/08/19 22:48:16.0218 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2010/08/19 22:48:16.0265 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    2010/08/19 22:48:16.0312 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    2010/08/19 22:48:16.0343 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2010/08/19 22:48:16.0375 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2010/08/19 22:48:16.0421 DNE (2eddbb3ef1dd5a28cb07c149d36e7286) C:\WINDOWS\system32\DRIVERS\dne2000.sys
    2010/08/19 22:48:16.0453 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2010/08/19 22:48:16.0484 DS1410D (1a51e03b66635280684e9edf34a2e8c0) C:\WINDOWS\system32\drivers\ds1410d.sys
    2010/08/19 22:48:16.0515 eamon (1b5ca1caffc594bd37dcc8d7ef849e0b) C:\WINDOWS\system32\DRIVERS\eamon.sys
    2010/08/19 22:48:16.0531 ehdrv (a4241545ecff3ee97041847d83936e1f) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
    2010/08/19 22:48:16.0562 ENTECH (fd9fc82f134b1c91004ffc76a5ae494b) C:\WINDOWS\system32\DRIVERS\ENTECH.sys
    2010/08/19 22:48:16.0593 epfwtdir (367a97a632ec5e8521f68ffa2c700610) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
    2010/08/19 22:48:16.0640 FANTOM (e3b0cd18146f9d51a34969e9bc2458d2) C:\WINDOWS\system32\DRIVERS\fantom.sys
    2010/08/19 22:48:16.0687 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2010/08/19 22:48:16.0703 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    2010/08/19 22:48:16.0718 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    2010/08/19 22:48:16.0734 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    2010/08/19 22:48:16.0781 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    2010/08/19 22:48:16.0796 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2010/08/19 22:48:16.0828 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2010/08/19 22:48:16.0859 FVNETusb (199062d35b8789238a11e9980479336b) C:\WINDOWS\system32\DRIVERS\vnet58lx.sys
    2010/08/19 22:48:16.0890 gdrv (5c230948dd6652228f88ca7ae6cb276c) C:\WINDOWS\gdrv.sys
    2010/08/19 22:48:17.0828 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
    2010/08/19 22:48:17.0875 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2010/08/19 22:48:17.0921 Hardlock (d95554949082fd29a04d351b58396718) C:\WINDOWS\system32\drivers\hardlock.sys
    2010/08/19 22:48:17.0984 Haspnt (2dd25f060dc9f79b5cdf33d90ed93669) C:\WINDOWS\system32\drivers\Haspnt.sys
    2010/08/19 22:48:18.0015 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    2010/08/19 22:48:18.0046 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2010/08/19 22:48:18.0125 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2010/08/19 22:48:18.0171 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2010/08/19 22:48:18.0218 ICDUSB2 (60b044a221cf76cc6077b0c3e9136cff) C:\WINDOWS\system32\Drivers\ICDUSB2.sys
    2010/08/19 22:48:18.0250 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2010/08/19 22:48:18.0281 imvad_multi (0dc9c7be59f8dba591b9f145457ed77c) C:\WINDOWS\system32\drivers\imvad.sys
    2010/08/19 22:48:18.0484 IntcAzAudAddService (08baf30f6de95814f58af9ce7bbc5614) C:\WINDOWS\system32\drivers\RtkHDAud.sys
    2010/08/19 22:48:18.0531 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2010/08/19 22:48:18.0562 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    2010/08/19 22:48:18.0593 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2010/08/19 22:48:18.0625 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2010/08/19 22:48:18.0640 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2010/08/19 22:48:18.0671 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2010/08/19 22:48:18.0703 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2010/08/19 22:48:18.0718 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2010/08/19 22:48:18.0750 JRAID (ab95b2ddb49f6b6cf52625e56c1f1f71) C:\WINDOWS\system32\DRIVERS\jraid.sys
    2010/08/19 22:48:18.0781 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2010/08/19 22:48:18.0796 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    2010/08/19 22:48:18.0828 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2010/08/19 22:48:18.0859 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2010/08/19 22:48:18.0921 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
    2010/08/19 22:48:18.0953 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
    2010/08/19 22:48:19.0015 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2010/08/19 22:48:19.0046 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    2010/08/19 22:48:19.0062 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2010/08/19 22:48:19.0093 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2010/08/19 22:48:19.0125 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2010/08/19 22:48:19.0156 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2010/08/19 22:48:19.0203 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2010/08/19 22:48:19.0250 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2010/08/19 22:48:19.0265 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2010/08/19 22:48:19.0281 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2010/08/19 22:48:19.0296 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2010/08/19 22:48:19.0343 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2010/08/19 22:48:19.0390 msvad_simple (00c7b2306f1ca5389a1ac6d1df9c2e25) C:\WINDOWS\system32\drivers\povrtdev.sys
    2010/08/19 22:48:19.0406 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    2010/08/19 22:48:19.0437 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2010/08/19 22:48:19.0453 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2010/08/19 22:48:19.0484 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2010/08/19 22:48:19.0500 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2010/08/19 22:48:19.0515 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
    2010/08/19 22:48:19.0546 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2010/08/19 22:48:19.0578 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2010/08/19 22:48:19.0609 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    2010/08/19 22:48:19.0625 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2010/08/19 22:48:19.0671 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2010/08/19 22:48:19.0750 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2010/08/19 22:48:19.0984 nv (23b95a09677e62ec8d1641ecf39b9bfb) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    2010/08/19 22:48:20.0593 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2010/08/19 22:48:20.0609 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2010/08/19 22:48:20.0640 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    2010/08/19 22:48:20.0671 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    2010/08/19 22:48:20.0718 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2010/08/19 22:48:20.0765 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2010/08/19 22:48:20.0796 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    2010/08/19 22:48:20.0828 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2010/08/19 22:48:20.0859 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    2010/08/19 22:48:21.0000 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2010/08/19 22:48:21.0031 PQNTDrv (4228630829c0e521c43d882a00533374) C:\WINDOWS\system32\drivers\PQNTDrv.sys
    2010/08/19 22:48:21.0046 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
    2010/08/19 22:48:21.0062 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2010/08/19 22:48:21.0093 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2010/08/19 22:48:21.0109 pwdrvio (297e2746df41528a0950f3af80cedb2d) C:\WINDOWS\system32\pwdrvio.sys
    2010/08/19 22:48:21.0187 pwdspio (bc7d54cdbe3bbfe52f09cb7b20c3d365) C:\WINDOWS\system32\pwdspio.sys
    2010/08/19 22:48:21.0250 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    2010/08/19 22:48:21.0359 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
  25. DoktrMik

    DoktrMik Newcomer, in training Topic Starter Posts: 68

    2010/08/19 22:48:21.0406 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2010/08/19 22:48:21.0437 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2010/08/19 22:48:21.0453 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2010/08/19 22:48:21.0484 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2010/08/19 22:48:21.0500 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2010/08/19 22:48:21.0531 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    2010/08/19 22:48:21.0578 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2010/08/19 22:48:21.0593 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2010/08/19 22:48:21.0640 RsFx0102 (fedd2710b75be3ecf078adace790c423) C:\WINDOWS\system32\DRIVERS\RsFx0102.sys
    2010/08/19 22:48:21.0703 rt2870 (a6886caf9d03dade7144171e471eca6f) C:\WINDOWS\system32\DRIVERS\rt2870.sys
    2010/08/19 22:48:21.0750 RT73 (7436bfd3a542cf6ff55097200031b293) C:\WINDOWS\system32\DRIVERS\rt73.sys
    2010/08/19 22:48:21.0796 RTLE8023xp (6ebfbbf24fed8285928b825a46618f8a) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
    2010/08/19 22:48:21.0937 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    2010/08/19 22:48:21.0953 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
    2010/08/19 22:48:21.0984 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2010/08/19 22:48:22.0031 Sentinel (8627c992b8a80504fc477b2e8ff8ec4f) C:\WINDOWS\System32\Drivers\SENTINEL.SYS
    2010/08/19 22:48:22.0046 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2010/08/19 22:48:22.0093 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    2010/08/19 22:48:22.0125 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2010/08/19 22:48:22.0187 Sntnlusb (87f799c486302aceff098e067d481d9c) C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS
    2010/08/19 22:48:22.0234 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2010/08/19 22:48:22.0281 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\System32\Drivers\sptd.sys
    2010/08/19 22:48:22.0328 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    2010/08/19 22:48:22.0375 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
    2010/08/19 22:48:22.0437 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2010/08/19 22:48:22.0453 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2010/08/19 22:48:22.0562 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2010/08/19 22:48:22.0593 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2010/08/19 22:48:22.0625 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2010/08/19 22:48:22.0656 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2010/08/19 22:48:22.0671 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2010/08/19 22:48:22.0734 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2010/08/19 22:48:22.0781 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2010/08/19 22:48:22.0812 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
    2010/08/19 22:48:22.0828 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2010/08/19 22:48:22.0859 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2010/08/19 22:48:22.0875 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2010/08/19 22:48:22.0906 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    2010/08/19 22:48:22.0937 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2010/08/19 22:48:22.0968 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2010/08/19 22:48:23.0000 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2010/08/19 22:48:23.0031 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2010/08/19 22:48:23.0078 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    2010/08/19 22:48:23.0125 vsdatant (27b3dd12a19eec50220df15b64913dda) C:\WINDOWS\system32\vsdatant.sys
    2010/08/19 22:48:23.0187 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2010/08/19 22:48:23.0234 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
    2010/08/19 22:48:23.0281 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2010/08/19 22:48:23.0359 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    2010/08/19 22:48:23.0375 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    2010/08/19 22:48:23.0593 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} (5867ce254625645345c833510d24f124) C:\Program Files\CyberLink\PowerDVD8\000.fcl
    2010/08/19 22:48:23.0640 ================================================================================
    2010/08/19 22:48:23.0640 Scan finished
    2010/08/19 22:48:23.0640 ================================================================================
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.