Jump to content

Recommended Posts

Hi,

My computer has what appears to be the infamousGgoogle re-direct malware

with the added problem of recurrent iexplore.com process that keeps

respawning. I use Firefox

I hope you can help!

Here is the DDS file

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26

Run by Phil at 10:22:17 on 2011-12-02

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3839.2352 [GMT -5:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\SysWOW64\lkads.exe

C:\Windows\SysWOW64\lktsrv.exe

C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

C:\Program Files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe

C:\Program Files (x86)\National Instruments\MAX\nimxs.exe

C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe

C:\Windows\SysWOW64\nisvcloc.exe

C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe

C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Dell\DellDock\DellDock.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe

C:\Windows\system32\msiexec.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111114040621.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File

uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

dRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

StartupFolder: C:\Users\Phil\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe

uPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{577D13FC-1F46-401A-9804-C67AA0146240} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{FE81FD0F-DF7B-4286-8777-9B56C8D9A519} : DhcpNameServer = 192.168.1.1 192.168.1.1

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO-X64: McAfee Phishing Filter - No File

BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111114040621.dll

BHO-X64: scriptproxy - No File

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB-X64: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File

mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\2o7ozftf.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.whatifsports.com/locker/

FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPLV82Win32.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nplv90win32.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]

R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-11-3 2152152]

R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-5-7 197976]

R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-8-29 249936]

R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-8-29 249936]

R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-8-29 249936]

R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-8-27 199272]

R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2010-8-27 208536]

R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-8-27 161168]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-3-16 656624]

R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]

R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2011-11-15 17152]

R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]

R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]

R3 LVUVC64;Logitech HD Webcam C310(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]

R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-3-27 136176]

S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-11-15 1153368]

S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\Windows\system32\drivers\BVRPMPR5a64.SYS --> C:\Windows\system32\drivers\BVRPMPR5a64.SYS [?]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-3-27 136176]

S3 MEMSWEEP2;MEMSWEEP2;\??\C:\Windows\system32\342A.tmp --> C:\Windows\system32\342A.tmp [?]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]

S3 netr28ux;Belkin USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr28ux.sys --> C:\Windows\system32\DRIVERS\netr28ux.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-5-15 366152]

.

=============== Created Last 30 ================

.

2011-11-20 05:00:36 6144 ------w- C:\Windows\System32\342A.tmp

2011-11-20 04:59:58 6144 ------w- C:\Windows\System32\9D18.tmp

2011-11-20 04:59:46 -------- d-----w- C:\Program Files (x86)\Sophos

2011-11-17 02:17:12 -------- d-----w- C:\ProgramData\STOPzilla!

2011-11-16 03:21:26 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2011-11-16 03:21:26 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2011-11-16 03:07:35 16432 ----a-w- C:\Windows\System32\lsdelete.exe

2011-11-16 01:14:28 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys

2011-11-16 01:11:27 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys

2011-11-16 01:11:13 -------- d-----w- C:\Program Files (x86)\Lavasoft

2011-11-13 12:32:18 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll

2011-11-13 12:32:17 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll

2011-11-13 12:31:34 1897328 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-11-13 12:31:25 3141120 ----a-w- C:\Windows\System32\win32k.sys

2011-11-03 00:10:29 -------- d-----w- C:\Users\Phil\AppData\Local\LogMeIn Hamachi

2011-11-03 00:09:47 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi

.

==================== Find3M ====================

.

2011-10-15 18:16:16 75808 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys

2011-10-15 18:16:16 65264 ----a-w- C:\Windows\System32\drivers\cfwids.sys

2011-10-15 18:16:16 647080 ----a-w- C:\Windows\System32\drivers\mfehidk.sys

2011-10-15 18:16:16 481768 ----a-w- C:\Windows\System32\drivers\mfefirek.sys

2011-10-15 18:16:16 284648 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys

2011-10-15 18:16:16 229528 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys

2011-10-15 18:16:16 160280 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys

2011-10-15 18:16:16 10248 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys

2011-10-15 18:16:16 100912 ----a-w- C:\Windows\System32\drivers\mferkdet.sys

2011-10-01 03:21:20 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-10-01 02:59:14 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2010-05-21 15:59:50 3095040 ----a-w- C:\Program Files\openofficeorg32.msi

2010-05-21 15:58:20 460088 ----a-w- C:\Program Files\setup.exe

.

============= FINISH: 10:32:16.46 ===============

Link to post
Share on other sites

Hello PhilNH and welcome to Malwarebytes! :welcome:

I apologize for the delay.

I am D-FRED-BROWN and I will be helping you. :)

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

-------------

First,

Please temporarily disable Ad-Aware's Ad-Watch, as it may hinder the removal of some entries. You can re-enable it after you're clean.

Right click on the Adaware icon in the system tray and select Exit.

-------------

I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:

1) Run Spybot-S&D

2) Go to the Mode menu, and make sure Advanced Mode is selected

3) On the left hand side, choose Tools -> Resident

4) Uncheck Resident TeaTimer and OK any prompts

You can re-enable TeaTimer once your system is clean.

-------------

Next,

Please download to your Desktop:

  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue tdsskiller2.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue tdsskiller3.png
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):

  • TDSSKiller_log.txt
how the PC is running now?
-------------
Please print out these instructions or copy them to a Notepad file for an easier reading and download MBRCheck by a_d_13 to your Desktop from one of these locations:
http://ad13.geekstogo.com/MBRCheck.exe
http://download.bleepingcomputer.com/rootrepeal/MBRCheck.exe
http://www.kernelmode.info/MBRCheck.exe
Close all opened programs/ windows and double-click on MBRCheck.exe.
It will produce a log file saved automatically on your Desktop as "MBRCheck_[Date]_[Time].txt".
Press the "Enter" key to close the MBRCheck window and post the contents of the log file.
-------------
Please do the following:
  • Please download aswMBR.exe from here and save it to your Desktop.
  • Double click aswMBR.exe to start the tool. (Vista - Win 7 Rt click to run as Administrator)
  • Click Scan
  • Upon completion of the scan, click Save log and save it to your Desktop, and post that log in your next reply. Do NOT attempt any Fix at this time!
  • This will also create a file on your Desktop named MBR.dat. Right click that file and select Send To->Compressed (zipped) folder. Attach that zipped folder in your next reply as well.

NOTE: The Avast! scan is not necessary ;).

-------------

Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.

Also, please let me know if any problems still remain.

-------------

Please download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-------------

In your next reply, please include:

  • TDSSKiller report
  • MBRCheck report
  • aswMBR log & MBR.dat zip file
  • C:\ComboFix.txt
  • checkup.txt

How is your computer running now?

Link to post
Share on other sites

Thanks for your reply and the instructions. The Combo fix took a long time but it finished

although it had re0current pop ups about being unable to find a file.

The re-direct issue seems to still be there. but I'll wait fr a reply!

Thanks...Following are the reports and attachments

Many Thanks!!

*************************

TDSSKiller

22:14:37.0647 7836 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44

22:14:38.0348 7836 ============================================================

22:14:38.0348 7836 Current date / time: 2011/12/03 22:14:38.0348

22:14:38.0348 7836 SystemInfo:

22:14:38.0348 7836

22:14:38.0348 7836 OS Version: 6.1.7600 ServicePack: 0.0

22:14:38.0348 7836 Product type: Workstation

22:14:38.0348 7836 ComputerName: PHIL-PC

22:14:38.0349 7836 UserName: Phil

22:14:38.0349 7836 Windows directory: C:\Windows

22:14:38.0349 7836 System windows directory: C:\Windows

22:14:38.0349 7836 Running under WOW64

22:14:38.0349 7836 Processor architecture: Intel x64

22:14:38.0349 7836 Number of processors: 4

22:14:38.0349 7836 Page size: 0x1000

22:14:38.0349 7836 Boot type: Normal boot

22:14:38.0349 7836 ============================================================

22:14:46.0327 7836 Initialize success

22:15:02.0336 10004 ============================================================

22:15:02.0336 10004 Scan started

22:15:02.0336 10004 Mode: Manual;

22:15:02.0336 10004 ============================================================

22:15:03.0409 10004 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys

22:15:03.0421 10004 1394ohci - ok

22:15:03.0453 10004 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys

22:15:03.0455 10004 ACPI - ok

22:15:03.0472 10004 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys

22:15:03.0480 10004 AcpiPmi - ok

22:15:03.0503 10004 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

22:15:03.0516 10004 adp94xx - ok

22:15:03.0542 10004 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

22:15:03.0584 10004 adpahci - ok

22:15:03.0594 10004 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

22:15:03.0602 10004 adpu320 - ok

22:15:03.0645 10004 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys

22:15:03.0731 10004 AFD - ok

22:15:03.0746 10004 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys

22:15:03.0751 10004 agp440 - ok

22:15:03.0766 10004 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys

22:15:03.0771 10004 aliide - ok

22:15:03.0789 10004 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys

22:15:03.0793 10004 amdide - ok

22:15:03.0816 10004 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

22:15:03.0828 10004 AmdK8 - ok

22:15:03.0850 10004 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

22:15:03.0862 10004 AmdPPM - ok

22:15:03.0875 10004 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys

22:15:03.0878 10004 amdsata - ok

22:15:03.0887 10004 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

22:15:03.0896 10004 amdsbs - ok

22:15:03.0913 10004 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys

22:15:03.0914 10004 amdxata - ok

22:15:03.0928 10004 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys

22:15:03.0930 10004 AppID - ok

22:15:03.0947 10004 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

22:15:03.0951 10004 arc - ok

22:15:03.0963 10004 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

22:15:03.0970 10004 arcsas - ok

22:15:03.0994 10004 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

22:15:03.0995 10004 AsyncMac - ok

22:15:04.0012 10004 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys

22:15:04.0014 10004 atapi - ok

22:15:04.0044 10004 AtiHdmiService (38467ff83c2b4265d51f418812a91e3c) C:\Windows\system32\drivers\AtiHdmi.sys

22:15:04.0096 10004 AtiHdmiService - ok

22:15:04.0220 10004 atikmdag (80793852021864a9ed344843eeba5fdb) C:\Windows\system32\DRIVERS\atikmdag.sys

22:15:04.0344 10004 atikmdag - ok

22:15:04.0383 10004 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

22:15:04.0406 10004 b06bdrv - ok

22:15:04.0435 10004 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

22:15:04.0453 10004 b57nd60a - ok

22:15:04.0479 10004 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

22:15:04.0484 10004 Beep - ok

22:15:04.0509 10004 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

22:15:04.0511 10004 blbdrive - ok

22:15:04.0555 10004 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys

22:15:04.0559 10004 bowser - ok

22:15:04.0570 10004 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

22:15:04.0576 10004 BrFiltLo - ok

22:15:04.0595 10004 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

22:15:04.0601 10004 BrFiltUp - ok

22:15:04.0613 10004 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

22:15:04.0622 10004 Brserid - ok

22:15:04.0631 10004 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

22:15:04.0637 10004 BrSerWdm - ok

22:15:04.0645 10004 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

22:15:04.0649 10004 BrUsbMdm - ok

22:15:04.0658 10004 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

22:15:04.0662 10004 BrUsbSer - ok

22:15:04.0672 10004 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

22:15:04.0676 10004 BTHMODEM - ok

22:15:04.0707 10004 BVRPMPR5a64 (9887ca12f407d7fbc7f48f3678f5f0b6) C:\Windows\system32\drivers\BVRPMPR5a64.SYS

22:15:04.0756 10004 BVRPMPR5a64 - ok

22:15:04.0764 10004 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

22:15:04.0766 10004 cdfs - ok

22:15:04.0789 10004 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys

22:15:04.0794 10004 cdrom - ok

22:15:04.0825 10004 cfwids (ed0263b2eb24f0f4e3898036fa1d28a1) C:\Windows\system32\drivers\cfwids.sys

22:15:04.0829 10004 cfwids - ok

22:15:04.0845 10004 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

22:15:04.0853 10004 circlass - ok

22:15:04.0887 10004 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

22:15:04.0892 10004 CLFS - ok

22:15:04.0917 10004 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

22:15:04.0922 10004 CmBatt - ok

22:15:04.0930 10004 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys

22:15:04.0934 10004 cmdide - ok

22:15:05.0000 10004 cmuda3 (a8515dbad8a38992574cc04fa6907e12) C:\Windows\system32\drivers\cmudax3.sys

22:15:05.0070 10004 cmuda3 - ok

22:15:05.0110 10004 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys

22:15:05.0118 10004 CNG - ok

22:15:05.0139 10004 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

22:15:05.0145 10004 Compbatt - ok

22:15:05.0174 10004 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys

22:15:05.0176 10004 CompositeBus - ok

22:15:05.0238 10004 cpuz132 - ok

22:15:05.0257 10004 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

22:15:05.0265 10004 crcdisk - ok

22:15:05.0333 10004 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys

22:15:05.0335 10004 DfsC - ok

22:15:05.0357 10004 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

22:15:05.0361 10004 discache - ok

22:15:05.0392 10004 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

22:15:05.0395 10004 Disk - ok

22:15:05.0447 10004 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

22:15:05.0448 10004 drmkaud - ok

22:15:05.0486 10004 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys

22:15:05.0498 10004 DXGKrnl - ok

22:15:05.0590 10004 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

22:15:05.0646 10004 ebdrv - ok

22:15:05.0683 10004 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

22:15:05.0694 10004 elxstor - ok

22:15:05.0711 10004 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys

22:15:05.0723 10004 ErrDev - ok

22:15:05.0767 10004 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

22:15:05.0770 10004 exfat - ok

22:15:05.0791 10004 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

22:15:05.0793 10004 fastfat - ok

22:15:05.0812 10004 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

22:15:05.0817 10004 fdc - ok

22:15:05.0839 10004 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

22:15:05.0843 10004 FileInfo - ok

22:15:05.0868 10004 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

22:15:05.0870 10004 Filetrace - ok

22:15:05.0882 10004 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

22:15:05.0886 10004 flpydisk - ok

22:15:05.0925 10004 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys

22:15:05.0943 10004 FltMgr - ok

22:15:05.0963 10004 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

22:15:05.0965 10004 FsDepends - ok

22:15:05.0981 10004 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

22:15:05.0984 10004 Fs_Rec - ok

22:15:06.0005 10004 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys

22:15:06.0011 10004 fvevol - ok

22:15:06.0035 10004 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

22:15:06.0042 10004 gagp30kx - ok

22:15:06.0068 10004 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

22:15:06.0132 10004 GEARAspiWDM - ok

22:15:06.0176 10004 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

22:15:06.0180 10004 hcw85cir - ok

22:15:06.0198 10004 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys

22:15:06.0205 10004 HDAudBus - ok

22:15:06.0220 10004 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

22:15:06.0224 10004 HidBatt - ok

22:15:06.0250 10004 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

22:15:06.0255 10004 HidBth - ok

22:15:06.0267 10004 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

22:15:06.0271 10004 HidIr - ok

22:15:06.0290 10004 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys

22:15:06.0291 10004 HidUsb - ok

22:15:06.0324 10004 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys

22:15:06.0329 10004 HpSAMD - ok

22:15:06.0363 10004 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys

22:15:06.0372 10004 HTTP - ok

22:15:06.0383 10004 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys

22:15:06.0385 10004 hwpolicy - ok

22:15:06.0403 10004 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

22:15:06.0411 10004 i8042prt - ok

22:15:06.0443 10004 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys

22:15:06.0458 10004 iaStorV - ok

22:15:06.0476 10004 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

22:15:06.0483 10004 iirsp - ok

22:15:06.0513 10004 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys

22:15:06.0516 10004 intelide - ok

22:15:06.0535 10004 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

22:15:06.0542 10004 intelppm - ok

22:15:06.0560 10004 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys

22:15:06.0562 10004 IpFilterDriver - ok

22:15:06.0578 10004 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys

22:15:06.0585 10004 IPMIDRV - ok

22:15:06.0601 10004 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

22:15:06.0608 10004 IPNAT - ok

22:15:06.0619 10004 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

22:15:06.0620 10004 IRENUM - ok

22:15:06.0639 10004 is3srv - ok

22:15:06.0669 10004 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys

22:15:06.0685 10004 isapnp - ok

22:15:06.0714 10004 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys

22:15:06.0721 10004 iScsiPrt - ok

22:15:06.0744 10004 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

22:15:06.0757 10004 kbdclass - ok

22:15:06.0805 10004 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys

22:15:06.0811 10004 kbdhid - ok

22:15:06.0853 10004 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys

22:15:06.0857 10004 KSecDD - ok

22:15:06.0882 10004 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys

22:15:06.0932 10004 KSecPkg - ok

22:15:06.0940 10004 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

22:15:06.0942 10004 ksthunk - ok

22:15:07.0018 10004 Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys

22:15:07.0022 10004 Lbd - ok

22:15:07.0073 10004 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

22:15:07.0079 10004 lltdio - ok

22:15:07.0116 10004 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

22:15:07.0129 10004 LSI_FC - ok

22:15:07.0149 10004 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

22:15:07.0154 10004 LSI_SAS - ok

22:15:07.0171 10004 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

22:15:07.0175 10004 LSI_SAS2 - ok

22:15:07.0201 10004 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

22:15:07.0209 10004 LSI_SCSI - ok

22:15:07.0240 10004 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

22:15:07.0242 10004 luafv - ok

22:15:07.0280 10004 LVPr2M64 (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys

22:15:07.0342 10004 LVPr2M64 - ok

22:15:07.0365 10004 LVPr2Mon (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys

22:15:07.0415 10004 LVPr2Mon - ok

22:15:07.0465 10004 LVRS64 (803085f59ec92b3827cc4d90fcbfd335) C:\Windows\system32\DRIVERS\lvrs64.sys

22:15:07.0560 10004 LVRS64 - ok

22:15:07.0687 10004 LVUVC64 (a8d7c97016e6b76ef472a4c7ab357ee3) C:\Windows\system32\DRIVERS\lvuvc64.sys

22:15:07.0799 10004 LVUVC64 - ok

22:15:07.0818 10004 MBAMProtector - ok

22:15:07.0877 10004 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

22:15:07.0883 10004 megasas - ok

22:15:07.0909 10004 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

22:15:07.0927 10004 MegaSR - ok

22:15:07.0953 10004 MEMSWEEP2 (f9ce67e9e0226079b59107b649851f96) C:\Windows\system32\342A.tmp

22:15:07.0954 10004 MEMSWEEP2 - ok

22:15:07.0979 10004 mfeapfk (ef3acfb7e3f82d5f7cde9ef5f0a4e2e2) C:\Windows\system32\drivers\mfeapfk.sys

22:15:08.0052 10004 mfeapfk - ok

22:15:08.0073 10004 mfeavfk (e7a60bdb4365b561d896019b82fb7dd0) C:\Windows\system32\drivers\mfeavfk.sys

22:15:08.0077 10004 mfeavfk - ok

22:15:08.0086 10004 mfeavfk01 - ok

22:15:08.0114 10004 mfefirek (670dffe55e2f9ab99d9169c428bcece9) C:\Windows\system32\drivers\mfefirek.sys

22:15:08.0119 10004 mfefirek - ok

22:15:08.0148 10004 mfehidk (1892616b7f9291fd77c3fa0a5811fe9f) C:\Windows\system32\drivers\mfehidk.sys

22:15:08.0155 10004 mfehidk - ok

22:15:08.0175 10004 mfenlfk (1721261c77f6e7a9e0cb51b7d9f31b60) C:\Windows\system32\DRIVERS\mfenlfk.sys

22:15:08.0236 10004 mfenlfk - ok

22:15:08.0259 10004 mferkdet (65776bd8029e409935b90de30bf99526) C:\Windows\system32\drivers\mferkdet.sys

22:15:08.0262 10004 mferkdet - ok

22:15:08.0285 10004 mfewfpk (4f17d8b85b903d96ef7033bb6ef50516) C:\Windows\system32\drivers\mfewfpk.sys

22:15:08.0371 10004 mfewfpk - ok

22:15:08.0402 10004 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

22:15:08.0410 10004 Modem - ok

22:15:08.0448 10004 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

22:15:08.0462 10004 monitor - ok

22:15:08.0490 10004 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

22:15:08.0499 10004 mouclass - ok

22:15:08.0537 10004 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

22:15:08.0551 10004 mouhid - ok

22:15:08.0566 10004 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys

22:15:08.0570 10004 mountmgr - ok

22:15:08.0587 10004 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys

22:15:08.0593 10004 mpio - ok

22:15:08.0610 10004 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

22:15:08.0613 10004 mpsdrv - ok

22:15:08.0635 10004 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys

22:15:08.0641 10004 MRxDAV - ok

22:15:08.0670 10004 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys

22:15:08.0739 10004 mrxsmb - ok

22:15:08.0774 10004 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys

22:15:08.0780 10004 mrxsmb10 - ok

22:15:08.0802 10004 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys

22:15:08.0865 10004 mrxsmb20 - ok

22:15:08.0901 10004 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys

22:15:08.0906 10004 msahci - ok

22:15:08.0916 10004 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys

22:15:08.0924 10004 msdsm - ok

22:15:08.0949 10004 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

22:15:08.0950 10004 Msfs - ok

22:15:08.0974 10004 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

22:15:08.0990 10004 mshidkmdf - ok

22:15:09.0004 10004 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys

22:15:09.0008 10004 msisadrv - ok

22:15:09.0029 10004 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

22:15:09.0035 10004 MSKSSRV - ok

22:15:09.0044 10004 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

22:15:09.0045 10004 MSPCLOCK - ok

22:15:09.0063 10004 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

22:15:09.0067 10004 MSPQM - ok

22:15:09.0090 10004 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys

22:15:09.0094 10004 MsRPC - ok

22:15:09.0105 10004 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

22:15:09.0111 10004 mssmbios - ok

22:15:09.0125 10004 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

22:15:09.0130 10004 MSTEE - ok

22:15:09.0144 10004 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

22:15:09.0149 10004 MTConfig - ok

22:15:09.0167 10004 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

22:15:09.0173 10004 Mup - ok

22:15:09.0201 10004 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

22:15:09.0205 10004 NativeWifiP - ok

22:15:09.0240 10004 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys

22:15:09.0250 10004 NDIS - ok

22:15:09.0268 10004 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

22:15:09.0274 10004 NdisCap - ok

22:15:09.0283 10004 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

22:15:09.0285 10004 NdisTapi - ok

22:15:09.0315 10004 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys

22:15:09.0320 10004 Ndisuio - ok

22:15:09.0338 10004 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys

22:15:09.0356 10004 NdisWan - ok

22:15:09.0377 10004 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys

22:15:09.0379 10004 NDProxy - ok

22:15:09.0395 10004 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

22:15:09.0400 10004 NetBIOS - ok

22:15:09.0421 10004 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys

22:15:09.0424 10004 NetBT - ok

22:15:09.0472 10004 netr28ux (26672f93749ac9fd28da1b0f94efa78d) C:\Windows\system32\DRIVERS\netr28ux.sys

22:15:09.0532 10004 netr28ux - ok

22:15:09.0549 10004 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

22:15:09.0554 10004 nfrd960 - ok

22:15:09.0586 10004 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

22:15:09.0588 10004 Npfs - ok

22:15:09.0599 10004 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

22:15:09.0600 10004 nsiproxy - ok

22:15:09.0639 10004 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys

22:15:09.0657 10004 Ntfs - ok

22:15:09.0674 10004 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

22:15:09.0676 10004 Null - ok

22:15:09.0921 10004 nvlddmkm (6f9cbe52517660b68694accee35ec4d5) C:\Windows\system32\DRIVERS\nvlddmkm.sys

22:15:10.0198 10004 nvlddmkm - ok

22:15:10.0218 10004 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys

22:15:10.0226 10004 nvraid - ok

22:15:10.0236 10004 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys

22:15:10.0245 10004 nvstor - ok

22:15:10.0260 10004 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys

22:15:10.0267 10004 nv_agp - ok

22:15:10.0287 10004 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys

22:15:10.0294 10004 ohci1394 - ok

22:15:10.0349 10004 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

22:15:10.0354 10004 Parport - ok

22:15:10.0378 10004 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys

22:15:10.0381 10004 partmgr - ok

22:15:10.0405 10004 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys

22:15:10.0407 10004 pci - ok

22:15:10.0422 10004 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys

22:15:10.0423 10004 pciide - ok

22:15:10.0471 10004 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

22:15:10.0473 10004 pcmcia - ok

22:15:10.0495 10004 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

22:15:10.0499 10004 pcw - ok

22:15:10.0528 10004 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

22:15:10.0536 10004 PEAUTH - ok

22:15:10.0616 10004 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys

22:15:10.0619 10004 PptpMiniport - ok

22:15:10.0641 10004 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

22:15:10.0649 10004 Processor - ok

22:15:10.0688 10004 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys

22:15:10.0694 10004 Psched - ok

22:15:10.0719 10004 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys

22:15:10.0721 10004 PxHlpa64 - ok

22:15:10.0772 10004 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

22:15:10.0808 10004 ql2300 - ok

22:15:10.0818 10004 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

22:15:10.0823 10004 ql40xx - ok

22:15:10.0839 10004 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

22:15:10.0844 10004 QWAVEdrv - ok

22:15:10.0861 10004 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

22:15:10.0863 10004 RasAcd - ok

22:15:10.0889 10004 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

22:15:10.0893 10004 RasAgileVpn - ok

22:15:10.0911 10004 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys

22:15:10.0917 10004 Rasl2tp - ok

22:15:10.0937 10004 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

22:15:10.0945 10004 RasPppoe - ok

22:15:10.0961 10004 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

22:15:10.0969 10004 RasSstp - ok

22:15:11.0001 10004 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys

22:15:11.0014 10004 rdbss - ok

22:15:11.0030 10004 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

22:15:11.0036 10004 rdpbus - ok

22:15:11.0051 10004 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

22:15:11.0054 10004 RDPCDD - ok

22:15:11.0066 10004 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

22:15:11.0067 10004 RDPENCDD - ok

22:15:11.0081 10004 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

22:15:11.0082 10004 RDPREFMP - ok

22:15:11.0103 10004 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys

22:15:11.0112 10004 RDPWD - ok

22:15:11.0131 10004 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys

22:15:11.0139 10004 rdyboost - ok

22:15:11.0176 10004 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

22:15:11.0178 10004 rspndr - ok

22:15:11.0202 10004 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys

22:15:11.0209 10004 RTL8167 - ok

22:15:11.0241 10004 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys

22:15:11.0247 10004 sbp2port - ok

22:15:11.0266 10004 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys

22:15:11.0272 10004 scfilter - ok

22:15:11.0297 10004 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

22:15:11.0299 10004 secdrv - ok

22:15:11.0321 10004 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

22:15:11.0326 10004 Serenum - ok

22:15:11.0349 10004 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

22:15:11.0353 10004 Serial - ok

22:15:11.0386 10004 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

22:15:11.0396 10004 sermouse - ok

22:15:11.0425 10004 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys

22:15:11.0430 10004 sffdisk - ok

22:15:11.0448 10004 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys

22:15:11.0453 10004 sffp_mmc - ok

22:15:11.0469 10004 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys

22:15:11.0476 10004 sffp_sd - ok

22:15:11.0493 10004 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

22:15:11.0495 10004 sfloppy - ok

22:15:11.0536 10004 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

22:15:11.0543 10004 SiSRaid2 - ok

22:15:11.0552 10004 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

22:15:11.0558 10004 SiSRaid4 - ok

22:15:11.0577 10004 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

22:15:11.0579 10004 Smb - ok

22:15:11.0593 10004 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

22:15:11.0597 10004 spldr - ok

22:15:11.0657 10004 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys

22:15:11.0708 10004 srv - ok

22:15:11.0731 10004 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys

22:15:11.0736 10004 srv2 - ok

22:15:11.0769 10004 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys

22:15:11.0818 10004 srvnet - ok

22:15:11.0862 10004 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

22:15:11.0871 10004 stexstor - ok

22:15:11.0898 10004 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

22:15:11.0900 10004 swenum - ok

22:15:11.0909 10004 szkg5 - ok

22:15:11.0977 10004 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys

22:15:12.0095 10004 Tcpip - ok

22:15:12.0151 10004 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys

22:15:12.0206 10004 TCPIP6 - ok

22:15:12.0233 10004 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys

22:15:12.0237 10004 tcpipreg - ok

22:15:12.0260 10004 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

22:15:12.0276 10004 TDPIPE - ok

22:15:12.0284 10004 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

22:15:12.0288 10004 TDTCP - ok

22:15:12.0305 10004 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys

22:15:12.0309 10004 tdx - ok

22:15:12.0340 10004 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys

22:15:12.0362 10004 TermDD - ok

22:15:12.0388 10004 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys

22:15:12.0391 10004 tssecsrv - ok

22:15:12.0412 10004 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys

22:15:12.0415 10004 tunnel - ok

22:15:12.0436 10004 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

22:15:12.0442 10004 uagp35 - ok

22:15:12.0454 10004 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys

22:15:12.0478 10004 udfs - ok

22:15:12.0505 10004 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys

22:15:12.0511 10004 uliagpkx - ok

22:15:12.0529 10004 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys

22:15:12.0535 10004 umbus - ok

22:15:12.0551 10004 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

22:15:12.0558 10004 UmPass - ok

22:15:12.0597 10004 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys

22:15:12.0599 10004 USBAAPL64 - ok

22:15:12.0625 10004 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys

22:15:12.0631 10004 usbaudio - ok

22:15:12.0651 10004 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys

22:15:12.0654 10004 usbccgp - ok

22:15:12.0677 10004 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys

22:15:12.0683 10004 usbcir - ok

22:15:12.0703 10004 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys

22:15:12.0715 10004 usbehci - ok

22:15:12.0741 10004 usbhub (7cc1c95896d60e868aa6dd2dd2f97ead) C:\Windows\system32\DRIVERS\usbhub.sys

22:15:12.0801 10004 usbhub - ok

22:15:12.0826 10004 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys

22:15:12.0831 10004 usbohci - ok

22:15:12.0845 10004 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

22:15:12.0846 10004 usbprint - ok

22:15:12.0878 10004 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS

22:15:12.0889 10004 USBSTOR - ok

22:15:12.0913 10004 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys

22:15:12.0920 10004 usbuhci - ok

22:15:12.0955 10004 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys

22:15:12.0962 10004 usbvideo - ok

22:15:12.0989 10004 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys

22:15:12.0990 10004 vdrvroot - ok

22:15:13.0012 10004 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

22:15:13.0016 10004 vga - ok

22:15:13.0033 10004 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

22:15:13.0039 10004 VgaSave - ok

22:15:13.0050 10004 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys

22:15:13.0058 10004 vhdmp - ok

22:15:13.0106 10004 VIAHdAudAddService (a6cf4aaaa85ec6f655c9922593e407ab) C:\Windows\system32\drivers\viahduaa.sys

22:15:13.0145 10004 VIAHdAudAddService - ok

22:15:13.0170 10004 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys

22:15:13.0175 10004 viaide - ok

22:15:13.0190 10004 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys

22:15:13.0194 10004 volmgr - ok

22:15:13.0210 10004 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys

22:15:13.0213 10004 volmgrx - ok

22:15:13.0261 10004 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys

22:15:13.0268 10004 volsnap - ok

22:15:13.0288 10004 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

22:15:13.0299 10004 vsmraid - ok

22:15:13.0318 10004 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

22:15:13.0323 10004 vwifibus - ok

22:15:13.0346 10004 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

22:15:13.0352 10004 vwififlt - ok

22:15:13.0376 10004 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

22:15:13.0390 10004 WacomPen - ok

22:15:13.0411 10004 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

22:15:13.0415 10004 WANARP - ok

22:15:13.0419 10004 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

22:15:13.0423 10004 Wanarpv6 - ok

22:15:13.0458 10004 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

22:15:13.0464 10004 Wd - ok

22:15:13.0494 10004 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

22:15:13.0505 10004 Wdf01000 - ok

22:15:13.0540 10004 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

22:15:13.0543 10004 WfpLwf - ok

22:15:13.0572 10004 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys

22:15:13.0631 10004 WimFltr - ok

22:15:13.0640 10004 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

22:15:13.0644 10004 WIMMount - ok

22:15:13.0699 10004 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys

22:15:13.0706 10004 WinUsb - ok

22:15:13.0730 10004 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

22:15:13.0735 10004 WmiAcpi - ok

22:15:13.0758 10004 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

22:15:13.0759 10004 ws2ifsl - ok

22:15:13.0787 10004 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys

22:15:13.0789 10004 WudfPf - ok

22:15:13.0800 10004 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys

22:15:13.0807 10004 WUDFRd - ok

22:15:13.0859 10004 xnacc (4a5ce13408945e525503b5f73d29b9c5) C:\Windows\system32\DRIVERS\xnacc.sys

22:15:13.0885 10004 xnacc - ok

22:15:13.0928 10004 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0

22:15:13.0946 10004 \Device\Harddisk0\DR0 - ok

22:15:13.0965 10004 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk5\DR5

22:15:13.0971 10004 \Device\Harddisk5\DR5 - ok

22:15:13.0979 10004 Boot (0x1200) (bd6a05eb50d6ebaf0c2bfc9af18816bd) \Device\Harddisk0\DR0\Partition0

22:15:13.0980 10004 \Device\Harddisk0\DR0\Partition0 - ok

22:15:13.0992 10004 Boot (0x1200) (57a2221155fd36c4ec3022f881db07a7) \Device\Harddisk0\DR0\Partition1

22:15:13.0993 10004 \Device\Harddisk0\DR0\Partition1 - ok

22:15:13.0997 10004 Boot (0x1200) (97d92b8c503f6ee797c79350e9515e8d) \Device\Harddisk5\DR5\Partition0

22:15:13.0999 10004 \Device\Harddisk5\DR5\Partition0 - ok

22:15:13.0999 10004 ============================================================

22:15:14.0000 10004 Scan finished

22:15:14.0000 10004 ============================================================

22:15:14.0011 4480 Detected object count: 0

22:15:14.0011 4480 Actual detected object count: 0

MBRCheck

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows 7 Home Premium Edition

Windows Information: (build 7600), 64-bit

Base Board Manufacturer: Dell Inc.

BIOS Manufacturer: Dell Inc.

System Manufacturer: Dell Inc.

System Product Name: Inspiron 546

Logical Drives Mask: 0x000001fc

Kernel Drivers (total 161):

0x0300A000 \SystemRoot\system32\ntoskrnl.exe

0x035E6000 \SystemRoot\system32\hal.dll

0x00BB4000 \SystemRoot\system32\kdcom.dll

0x00C6C000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll

0x00C79000 \SystemRoot\system32\PSHED.dll

0x00C8D000 \SystemRoot\system32\CLFS.SYS

0x00CEB000 \SystemRoot\system32\CI.dll

0x00DAB000 \SystemRoot\SySWOW64\DRIVERS\szkg64.sys

0x00E4C000 \SystemRoot\system32\drivers\Wdf01000.sys

0x00EF0000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x00EFF000 \SystemRoot\system32\DRIVERS\ACPI.sys

0x00F56000 \SystemRoot\system32\DRIVERS\WMILIB.SYS

0x00F5F000 \SystemRoot\system32\DRIVERS\msisadrv.sys

0x00F69000 \SystemRoot\system32\DRIVERS\pci.sys

0x00F9C000 \SystemRoot\system32\DRIVERS\vdrvroot.sys

0x00FA9000 \SystemRoot\System32\drivers\partmgr.sys

0x00FBE000 \SystemRoot\system32\DRIVERS\volmgr.sys

0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys

0x00FD3000 \SystemRoot\system32\DRIVERS\pciide.sys

0x00FDA000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS

0x00E00000 \SystemRoot\system32\DRIVERS\pcmcia.sys

0x00DD7000 \SystemRoot\System32\drivers\mountmgr.sys

0x00E39000 \SystemRoot\system32\DRIVERS\atapi.sys

0x01073000 \SystemRoot\system32\DRIVERS\ataport.SYS

0x0109D000 \SystemRoot\system32\DRIVERS\amdxata.sys

0x010A8000 \SystemRoot\system32\drivers\fltmgr.sys

0x010F4000 \SystemRoot\system32\drivers\fileinfo.sys

0x01108000 \SystemRoot\system32\drivers\mfehidk.sys

0x011A4000 \SystemRoot\system32\DRIVERS\Lbd.sys

0x011B9000 \SystemRoot\System32\Drivers\PxHlpa64.sys

0x01206000 \SystemRoot\System32\Drivers\Ntfs.sys

0x01000000 \SystemRoot\System32\Drivers\msrpc.sys

0x013A9000 \SystemRoot\System32\Drivers\ksecdd.sys

0x01418000 \SystemRoot\System32\Drivers\cng.sys

0x0148B000 \SystemRoot\System32\drivers\pcw.sys

0x0149C000 \SystemRoot\System32\Drivers\Fs_Rec.sys

0x014A6000 \SystemRoot\system32\drivers\ndis.sys

0x01598000 \SystemRoot\system32\drivers\NETIO.SYS

0x013C3000 \SystemRoot\System32\Drivers\ksecpkg.sys

0x01665000 \SystemRoot\system32\DRIVERS\volsnap.sys

0x016B1000 \SystemRoot\System32\Drivers\spldr.sys

0x016B9000 \SystemRoot\System32\drivers\rdyboost.sys

0x016F3000 \SystemRoot\System32\Drivers\mup.sys

0x01705000 \SystemRoot\System32\drivers\hwpolicy.sys

0x0170E000 \SystemRoot\System32\DRIVERS\fvevol.sys

0x01748000 \SystemRoot\system32\DRIVERS\disk.sys

0x0175E000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS

0x017C4000 \SystemRoot\system32\DRIVERS\cdrom.sys

0x017EE000 \SystemRoot\System32\Drivers\Null.SYS

0x017F7000 \SystemRoot\System32\Drivers\Beep.SYS

0x01600000 \SystemRoot\System32\drivers\vga.sys

0x0160E000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x01633000 \SystemRoot\System32\drivers\watchdog.sys

0x01643000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x0164C000 \SystemRoot\system32\drivers\rdpencdd.sys

0x01655000 \SystemRoot\system32\drivers\rdprefmp.sys

0x01400000 \SystemRoot\System32\Drivers\Msfs.SYS

0x013EE000 \SystemRoot\System32\Drivers\Npfs.SYS

0x03C00000 \SystemRoot\System32\drivers\tcpip.sys

0x03E69000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x03EB3000 \SystemRoot\system32\drivers\mfewfpk.sys

0x03EF7000 \SystemRoot\system32\DRIVERS\tdx.sys

0x03F15000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x03F22000 \SystemRoot\System32\DRIVERS\netbt.sys

0x03F67000 \SystemRoot\system32\drivers\afd.sys

0x03FF0000 \SystemRoot\system32\DRIVERS\wfplwf.sys

0x03E00000 \SystemRoot\system32\DRIVERS\pacer.sys

0x03E26000 \SystemRoot\system32\DRIVERS\vwififlt.sys

0x03E3C000 \SystemRoot\system32\DRIVERS\mfenlfk.sys

0x03E4D000 \SystemRoot\system32\DRIVERS\netbios.sys

0x011C5000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x011E0000 \SystemRoot\system32\DRIVERS\termdd.sys

0x040FD000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x0414E000 \SystemRoot\system32\drivers\nsiproxy.sys

0x0415A000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0x04165000 \SystemRoot\System32\drivers\discache.sys

0x04174000 \SystemRoot\System32\Drivers\dfsc.sys

0x04192000 \SystemRoot\system32\DRIVERS\blbdrive.sys

0x041A3000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x041C9000 \SystemRoot\system32\DRIVERS\amdppm.sys

0x046ED000 \SystemRoot\system32\DRIVERS\atikmdag.sys

0x04D03000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x04600000 \SystemRoot\System32\drivers\dxgmms1.sys

0x04646000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0x0466A000 \SystemRoot\system32\DRIVERS\Rt64win7.sys

0x046A3000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

0x046B0000 \SystemRoot\system32\DRIVERS\usbohci.sys

0x04000000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0x046BB000 \SystemRoot\system32\DRIVERS\usbehci.sys

0x04276000 \SystemRoot\system32\drivers\cmudax3.sys

0x04200000 \SystemRoot\system32\drivers\portcls.sys

0x0423D000 \SystemRoot\system32\drivers\drmk.sys

0x04056000 \SystemRoot\system32\drivers\ks.sys

0x0425F000 \SystemRoot\system32\drivers\ksthunk.sys

0x04265000 \SystemRoot\system32\DRIVERS\CompositeBus.sys

0x043DE000 \SystemRoot\system32\DRIVERS\AgileVpn.sys

0x04099000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x043F4000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x040BD000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x046CC000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x041DE000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x04EFC000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x04F16000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0x04F25000 \SystemRoot\system32\DRIVERS\mouclass.sys

0x04F34000 \SystemRoot\system32\DRIVERS\swenum.sys

0x04F36000 \SystemRoot\system32\DRIVERS\umbus.sys

0x04F48000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x04FA2000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x04FB7000 \SystemRoot\system32\drivers\AtiHdmi.sys

0x0622A000 \SystemRoot\system32\drivers\viahduaa.sys

0x063C0000 \SystemRoot\system32\drivers\mfeavfk.sys

0x04E00000 \SystemRoot\system32\drivers\mfefirek.sys

0x06200000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS

0x0621B000 \SystemRoot\system32\DRIVERS\USBD.SYS

0x00050000 \SystemRoot\System32\win32k.sys

0x0621D000 \SystemRoot\System32\drivers\Dxapi.sys

0x04E74000 \SystemRoot\system32\DRIVERS\hidusb.sys

0x04E82000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0x063F6000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0x04E9B000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0x04EB8000 \SystemRoot\system32\DRIVERS\mouhid.sys

0x04EC5000 \SystemRoot\system32\DRIVERS\kbdhid.sys

0x02407000 \SystemRoot\system32\DRIVERS\lvuvc64.sys

0x04ED3000 \SystemRoot\system32\drivers\usbaudio.sys

0x03654000 \SystemRoot\system32\DRIVERS\lvrs64.sys

0x036A6000 \SystemRoot\system32\DRIVERS\monitor.sys

0x036B4000 \SystemRoot\System32\Drivers\crashdmp.sys

0x00460000 \SystemRoot\System32\TSDDD.dll

0x036C2000 \SystemRoot\System32\Drivers\dump_dumpata.sys

0x036CE000 \SystemRoot\System32\Drivers\dump_atapi.sys

0x036D7000 \SystemRoot\System32\Drivers\dump_dumpfve.sys

0x00790000 \SystemRoot\System32\cdd.dll

0x036EA000 \SystemRoot\system32\drivers\luafv.sys

0x0370D000 \SystemRoot\system32\drivers\WudfPf.sys

0x0372E000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x03743000 \SystemRoot\system32\DRIVERS\nwifi.sys

0x03796000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0x037A9000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x037C1000 \SystemRoot\System32\DRIVERS\srvnet.sys

0x07260000 \SystemRoot\System32\DRIVERS\srv2.sys

0x072C7000 \SystemRoot\System32\DRIVERS\srv.sys

0x0735C000 \SystemRoot\system32\DRIVERS\bowser.sys

0x0737A000 \SystemRoot\System32\drivers\mpsdrv.sys

0x07392000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0x07200000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0x073BF000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0x076F4000 \SystemRoot\system32\drivers\HTTP.sys

0x07600000 \SystemRoot\system32\drivers\peauth.sys

0x076A6000 \SystemRoot\System32\Drivers\secdrv.SYS

0x076B1000 \SystemRoot\System32\drivers\tcpipreg.sys

0x076C3000 \SystemRoot\system32\drivers\cfwids.sys

0x077E2000 \SystemRoot\system32\DRIVERS\LVPr2M64.sys

0x03600000 \SystemRoot\system32\DRIVERS\WUDFRd.sys

0x0178E000 \SystemRoot\System32\Drivers\fastfat.SYS

0x077F3000 \SystemRoot\system32\DRIVERS\asyncmac.sys

0x00820000 \SystemRoot\System32\ATMFD.DLL

0x04FD7000 \SystemRoot\system32\drivers\mfeapfk.sys

0x077BC000 \SystemRoot\system32\drivers\99845186.sys

0x76D10000 \Windows\System32\ntdll.dll

0x483F0000 \Windows\System32\smss.exe

0xFF030000 \Windows\System32\apisetschema.dll

Processes (total 74):

0 System Idle Process

4 System

312 C:\Windows\System32\smss.exe

484 csrss.exe

560 C:\Windows\System32\wininit.exe

592 csrss.exe

616 C:\Windows\System32\services.exe

636 C:\Windows\System32\lsass.exe

644 C:\Windows\System32\lsm.exe

716 C:\Windows\System32\winlogon.exe

800 C:\Windows\System32\svchost.exe

880 C:\Windows\System32\svchost.exe

948 C:\Windows\System32\atiesrxx.exe

1008 C:\Windows\System32\svchost.exe

744 C:\Windows\System32\svchost.exe

740 C:\Windows\System32\svchost.exe

1072 C:\Windows\System32\svchost.exe

1128 C:\Program Files\Dell\DellDock\DockLogin.exe

1184 C:\Windows\System32\atieclxx.exe

1236 C:\Windows\System32\svchost.exe

1592 C:\Windows\System32\svchost.exe

1760 C:\Windows\SysWOW64\lkads.exe

1808 C:\Windows\SysWOW64\lktsrv.exe

1832 C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe

1868 C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

1944 LVPrS64H.exe

1960 C:\Program Files (x86)\National Instruments\MAX\nimxs.exe

2024 C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe

1224 C:\Windows\SysWOW64\nisvcloc.exe

1584 C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe

2076 C:\Windows\SysWOW64\PnkBstrA.exe

2132 C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe

2324 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

2372 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

2456 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

3364 C:\Windows\System32\svchost.exe

3416 WUDFHost.exe

2824 C:\Windows\System32\svchost.exe

3936 C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe

3548 C:\Windows\System32\SearchIndexer.exe

3620 C:\Program Files\Windows Media Player\wmpnetwk.exe

1456 C:\Windows\System32\svchost.exe

4244 C:\Windows\System32\taskhost.exe

4848 C:\Windows\System32\dwm.exe

4872 C:\Windows\explorer.exe

3332 C:\Windows\SysWOW64\rundll32.exe

1316 C:\Program Files (x86)\Steam\Steam.exe

3296 C:\Program Files\Dell\DellDock\DellDock.exe

2560 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

4584 C:\Windows\System32\wuauclt.exe

4644 C:\Windows\System32\svchost.exe

5020 C:\Program Files (x86)\Common Files\Steam\SteamService.exe

6008 C:\Windows\SysWOW64\notepad.exe

5344 C:\Windows\System32\prevhost.exe

4404 C:\PROGRA~1\McAfee\VIRUSS~1\McVsShld.exe

5220 C:\Program Files (x86)\Mozilla Firefox\firefox.exe

4052 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

2412 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

2952 C:\Program Files\McAfee.com\Agent\mcagent.exe

3204 C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe

3756 C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe

5280 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

4708 C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe

8800 C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe

10228 C:\Windows\System32\notepad.exe

6140 C:\Program Files (x86)\WinRAR\WinRAR.exe

6236 C:\Windows\System32\audiodg.exe

6584 C:\Users\Phil\AppData\Local\Temp\Rar$EX62.312\TDSSKiller.exe

9848 C:\Windows\System32\notepad.exe

9336 C:\Windows\System32\SearchProtocolHost.exe

8596 C:\Windows\System32\SearchFilterHost.exe

10072 C:\Users\Phil\Downloads\MBRCheck.exe

6648 C:\Windows\System32\conhost.exe

692 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`ac000000 (NTFS)

\\.\I: --> \\.\PhysicalDrive5 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: ST3750528AS, Rev: CC45

PhysicalDrive5 Model Number: SeagateFreeAgentDesktop, Rev: 100D

Size Device Name MBR Status

--------------------------------------------

698 GB \\.\PhysicalDrive0 MBR Code Faked!

SHA1: AE3E0A945D44C8EA304A19A8F50F69065C34344B

298 GB \\.\PhysicalDrive5 RE: Unknown MBR code

SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Options:

[1] Dump the MBR of a physical disk to file.

[2] Restore the MBR of a physical disk with a standard boot code.

[3] Exit.

Enter your choice:

MBR.zip

aswMBR.txt

ComboFix.txt

checkup.txt

Link to post
Share on other sites

Please try the following. You will need a USB drive.

Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer

  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK
  • It will install a little bootable OS on your USB
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Press Tool at the top
  • Choose Open Terminal
  • Type in: dd if=/dev/sda of=MBRbackup.zip bs=512 count=1 and hit Enter.

MBRbackup.zip should be created on your flash drive, please attach it to your next reply.

Link to post
Share on other sites

  • 2 weeks later...

Yes, Im still trying this

I followed the instructions to download and run from the USB Boot. I did this on an older XP machine. The resulting boot file on the USB is only 143 KB in size and the attempt to boot

my sick machine says only says"Could not find Kernal Image"

Did I have a settin wrong in the install-to-USB-Drive wrong?

Are you still with us? This topic will be closed in a few days if we do not hear back from you.

Link to post
Share on other sites

Let's try this. It will give us some more information about your system which we need to make the correct fix ;):

  • Next, download dumpit and save it to the same flash drive where you installed xPUD.
  • Remove the USB and insert it in the ailing computer
  • Power on the computer and press F12 then choose to boot from the USB
  • After selecting a language and readying the system, a Welcome to xPUD screen will appear
  • Click the File tab
  • Expand mnt by clicking the plus sign to it's left
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Double click dumpit.
  • It will create some MBR copies on the USB drive.
  • When it completes press Enter to exit the Terminal window.
  • Remove the USB drive, then locate on it an mbr.zip file, and upload that here as an attachment please.

mbr.zip should be created on your flash drive, please attach it to your next reply.

Link to post
Share on other sites

I can't download Dimpit as you list it. The noahdfear.net\downloads is not

opening to me. I DID download a zip file of DumpIt but

it will not unzip when in the xPud tool (when I doubleclick on it)

Any ideas? I don't have a winzip tool available to me except

on my old XP machine (maybe)

Link to post
Share on other sites

There's no zip files needed, just click the link, download the file, and save that to the same flash drive as xPUD. ;)

What browser are you using? I've heard of some issues occurring with Chrome, but I'm able to download it just fine with Firefox.

EDIT: If you're still having trouble downloading it, I can upload it elsewhere. Just let me know.

Link to post
Share on other sites

Try the link I sent you, you should be able to download it successfully from SendSpace.

I am using a work laptop to download these files and it has many protections against some types of downloadable

exe files so I wan to be careful

I understand, however, all of the files I am having you use are 100% safe ;).

You may want to try Firefox if you still have issues downloading the file.

Link to post
Share on other sites

I REALLY REALLY appreciate your help!

No problem! :)

Now comes the tough part:

Please do the following:

  • Download tdl_fix.sh and save it to the xPUD flash drive. If you have trouble downloading it, here's a SendSpace link: http://www.sendspace.com/file/9e5jp3 ;)
  • Boot into xPUD then click the File tab.
  • Press File
  • Expand mnt
  • Click on the folder under mnt that represents your USB drive (sdb1 ?)
  • You should see the tdl_fix.sh file in the main window.
  • Select Tool from the Menu
  • Choose Open Terminal
  • Type bash tdl_fix.sh then press Enter.
  • Read the warning then type y and press Enter to continue.
  • Type sda then press Enter when prompted.
  • You will be shown a list of partitions to choose marking active.
  • Type 2 then press Enter.
  • If you are presented with a warning about no bootloader files, type n then press Enter to choose another. If this happens, type 4 to select partition 4 then press Enter.
  • When you receive no warning about bootloader files but are presented with another view of the partition structure and asked if it looks correct, type y then press Enter.
  • The script will complete and prompt you to reboot the computer.
  • Close the Terminal window and restart back into Windows.
  • Post the contents of the tdl_fix.txt file that was created on your flash drive and let me know how the computer is behaving.

**NOTE: - in the event there is a problem booting the computer normally after running the script, run the tdl_fix.sh script again using the following command.

bash tdl_fix.sh -restore

Make sure to leave a space to either side of tdl_fix.sh in the command.

This will prompt you to use the file tdl_mbr_sda.bin on drive sda.

Click OK, and then reboot the computer.

This is a backup of the original mbr and will restore it to it's current state.

Link to post
Share on other sites

That is great news!

We've still got some more work to do to ensure the infection is fully removed. ;)

First,

Please download to your Desktop:

  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure. Instead, choose SKIP, then click on Continue tdsskiller2.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue tdsskiller3.png
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):

  • TDSSKiller_log.txt
how the PC is running now?
------------
Please print out these instructions or copy them to a Notepad file for an easier reading and download MBRCheck by a_d_13 to your Desktop from one of these locations:
http://ad13.geekstogo.com/MBRCheck.exe
http://download.bleepingcomputer.com/rootrepeal/MBRCheck.exe
http://www.kernelmode.info/MBRCheck.exe
Close all opened programs/ windows and double-click on MBRCheck.exe.
It will produce a log file saved automatically on your Desktop as "MBRCheck_[Date]_[Time].txt".
Press the "Enter" key to close the MBRCheck window and post the contents of the log file.
------------
Please download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

------------

Please post the TDSSKiller, MBRCheck, and Security Check reports in your next reply ;)

Link to post
Share on other sites

00:46:49.0389 1548 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16

00:46:50.0086 1548 ============================================================

00:46:50.0086 1548 Current date / time: 2011/12/31 00:46:50.0086

00:46:50.0086 1548 SystemInfo:

00:46:50.0086 1548

00:46:50.0086 1548 OS Version: 6.1.7600 ServicePack: 0.0

00:46:50.0086 1548 Product type: Workstation

00:46:50.0086 1548 ComputerName: PHIL-PC

00:46:50.0087 1548 UserName: Phil

00:46:50.0087 1548 Windows directory: C:\Windows

00:46:50.0087 1548 System windows directory: C:\Windows

00:46:50.0087 1548 Running under WOW64

00:46:50.0087 1548 Processor architecture: Intel x64

00:46:50.0087 1548 Number of processors: 4

00:46:50.0087 1548 Page size: 0x1000

00:46:50.0087 1548 Boot type: Normal boot

00:46:50.0087 1548 ============================================================

00:46:51.0164 1548 Initialize success

00:46:52.0781 5896 ============================================================

00:46:52.0781 5896 Scan started

00:46:52.0781 5896 Mode: Manual;

00:46:52.0781 5896 ============================================================

00:46:53.0526 5896 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys

00:46:53.0538 5896 1394ohci - ok

00:46:53.0567 5896 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys

00:46:53.0571 5896 ACPI - ok

00:46:53.0585 5896 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys

00:46:53.0592 5896 AcpiPmi - ok

00:46:53.0635 5896 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

00:46:53.0662 5896 adp94xx - ok

00:46:53.0689 5896 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

00:46:53.0699 5896 adpahci - ok

00:46:53.0711 5896 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

00:46:53.0730 5896 adpu320 - ok

00:46:53.0801 5896 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys

00:46:53.0812 5896 AFD - ok

00:46:53.0834 5896 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys

00:46:53.0839 5896 agp440 - ok

00:46:53.0849 5896 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys

00:46:53.0853 5896 aliide - ok

00:46:53.0870 5896 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys

00:46:53.0873 5896 amdide - ok

00:46:53.0887 5896 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

00:46:53.0891 5896 AmdK8 - ok

00:46:53.0906 5896 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

00:46:53.0907 5896 AmdPPM - ok

00:46:53.0932 5896 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys

00:46:53.0938 5896 amdsata - ok

00:46:53.0956 5896 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

00:46:53.0975 5896 amdsbs - ok

00:46:54.0002 5896 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys

00:46:54.0004 5896 amdxata - ok

00:46:54.0067 5896 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys

00:46:54.0071 5896 AppID - ok

00:46:54.0123 5896 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

00:46:54.0131 5896 arc - ok

00:46:54.0145 5896 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

00:46:54.0163 5896 arcsas - ok

00:46:54.0188 5896 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

00:46:54.0202 5896 AsyncMac - ok

00:46:54.0218 5896 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys

00:46:54.0218 5896 atapi - ok

00:46:54.0251 5896 AtiHdmiService (38467ff83c2b4265d51f418812a91e3c) C:\Windows\system32\drivers\AtiHdmi.sys

00:46:54.0317 5896 AtiHdmiService - ok

00:46:54.0440 5896 atikmdag (80793852021864a9ed344843eeba5fdb) C:\Windows\system32\DRIVERS\atikmdag.sys

00:46:54.0620 5896 atikmdag - ok

00:46:54.0660 5896 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

00:46:54.0681 5896 b06bdrv - ok

00:46:54.0697 5896 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

00:46:54.0705 5896 b57nd60a - ok

00:46:54.0768 5896 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

00:46:54.0771 5896 Beep - ok

00:46:54.0806 5896 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

00:46:54.0813 5896 blbdrive - ok

00:46:54.0844 5896 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys

00:46:54.0847 5896 bowser - ok

00:46:54.0877 5896 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

00:46:54.0892 5896 BrFiltLo - ok

00:46:54.0915 5896 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

00:46:54.0921 5896 BrFiltUp - ok

00:46:54.0937 5896 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

00:46:54.0947 5896 Brserid - ok

00:46:54.0967 5896 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

00:46:54.0982 5896 BrSerWdm - ok

00:46:55.0003 5896 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

00:46:55.0008 5896 BrUsbMdm - ok

00:46:55.0020 5896 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

00:46:55.0023 5896 BrUsbSer - ok

00:46:55.0039 5896 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

00:46:55.0043 5896 BTHMODEM - ok

00:46:55.0084 5896 BVRPMPR5a64 (9887ca12f407d7fbc7f48f3678f5f0b6) C:\Windows\system32\drivers\BVRPMPR5a64.SYS

00:46:55.0132 5896 BVRPMPR5a64 - ok

00:46:55.0167 5896 catchme - ok

00:46:55.0189 5896 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

00:46:55.0193 5896 cdfs - ok

00:46:55.0229 5896 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys

00:46:55.0239 5896 cdrom - ok

00:46:55.0281 5896 cfwids (ed0263b2eb24f0f4e3898036fa1d28a1) C:\Windows\system32\drivers\cfwids.sys

00:46:55.0359 5896 cfwids - ok

00:46:55.0379 5896 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

00:46:55.0383 5896 circlass - ok

00:46:55.0413 5896 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

00:46:55.0421 5896 CLFS - ok

00:46:55.0452 5896 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

00:46:55.0457 5896 CmBatt - ok

00:46:55.0464 5896 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys

00:46:55.0468 5896 cmdide - ok

00:46:55.0522 5896 cmuda3 (a8515dbad8a38992574cc04fa6907e12) C:\Windows\system32\drivers\cmudax3.sys

00:46:55.0588 5896 cmuda3 - ok

00:46:55.0744 5896 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys

00:46:55.0754 5896 CNG - ok

00:46:55.0778 5896 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

00:46:55.0784 5896 Compbatt - ok

00:46:55.0804 5896 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys

00:46:55.0808 5896 CompositeBus - ok

00:46:55.0872 5896 cpuz132 - ok

00:46:55.0897 5896 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

00:46:55.0900 5896 crcdisk - ok

00:46:55.0956 5896 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys

00:46:55.0960 5896 DfsC - ok

00:46:55.0987 5896 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

00:46:55.0988 5896 discache - ok

00:46:56.0022 5896 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

00:46:56.0026 5896 Disk - ok

00:46:56.0072 5896 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

00:46:56.0079 5896 drmkaud - ok

00:46:56.0116 5896 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys

00:46:56.0122 5896 DXGKrnl - ok

00:46:56.0200 5896 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

00:46:56.0272 5896 ebdrv - ok

00:46:56.0305 5896 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

00:46:56.0314 5896 elxstor - ok

00:46:56.0333 5896 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys

00:46:56.0344 5896 ErrDev - ok

00:46:56.0402 5896 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

00:46:56.0405 5896 exfat - ok

00:46:56.0432 5896 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

00:46:56.0437 5896 fastfat - ok

00:46:56.0460 5896 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

00:46:56.0470 5896 fdc - ok

00:46:56.0503 5896 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

00:46:56.0505 5896 FileInfo - ok

00:46:56.0520 5896 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

00:46:56.0522 5896 Filetrace - ok

00:46:56.0530 5896 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

00:46:56.0534 5896 flpydisk - ok

00:46:56.0561 5896 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys

00:46:56.0565 5896 FltMgr - ok

00:46:56.0585 5896 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

00:46:56.0587 5896 FsDepends - ok

00:46:56.0603 5896 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

00:46:56.0604 5896 Fs_Rec - ok

00:46:56.0627 5896 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys

00:46:56.0629 5896 fvevol - ok

00:46:56.0648 5896 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

00:46:56.0664 5896 gagp30kx - ok

00:46:56.0698 5896 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

00:46:56.0746 5896 GEARAspiWDM - ok

00:46:56.0791 5896 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

00:46:56.0794 5896 hcw85cir - ok

00:46:56.0830 5896 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys

00:46:56.0833 5896 HDAudBus - ok

00:46:56.0858 5896 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

00:46:56.0865 5896 HidBatt - ok

00:46:56.0880 5896 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

00:46:56.0887 5896 HidBth - ok

00:46:56.0906 5896 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

00:46:56.0910 5896 HidIr - ok

00:46:56.0953 5896 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys

00:46:56.0959 5896 HidUsb - ok

00:46:56.0991 5896 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys

00:46:56.0998 5896 HpSAMD - ok

00:46:57.0044 5896 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys

00:46:57.0060 5896 HTTP - ok

00:46:57.0081 5896 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys

00:46:57.0082 5896 hwpolicy - ok

00:46:57.0090 5896 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

00:46:57.0097 5896 i8042prt - ok

00:46:57.0147 5896 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys

00:46:57.0166 5896 iaStorV - ok

00:46:57.0224 5896 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

00:46:57.0239 5896 iirsp - ok

00:46:57.0270 5896 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys

00:46:57.0276 5896 intelide - ok

00:46:57.0300 5896 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

00:46:57.0317 5896 intelppm - ok

00:46:57.0344 5896 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys

00:46:57.0355 5896 IpFilterDriver - ok

00:46:57.0371 5896 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys

00:46:57.0377 5896 IPMIDRV - ok

00:46:57.0395 5896 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

00:46:57.0398 5896 IPNAT - ok

00:46:57.0416 5896 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

00:46:57.0418 5896 IRENUM - ok

00:46:57.0433 5896 is3srv - ok

00:46:57.0450 5896 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys

00:46:57.0458 5896 isapnp - ok

00:46:57.0511 5896 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys

00:46:57.0523 5896 iScsiPrt - ok

00:46:57.0541 5896 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

00:46:57.0556 5896 kbdclass - ok

00:46:57.0602 5896 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys

00:46:57.0607 5896 kbdhid - ok

00:46:57.0651 5896 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys

00:46:57.0654 5896 KSecDD - ok

00:46:57.0680 5896 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys

00:46:57.0685 5896 KSecPkg - ok

00:46:57.0704 5896 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

00:46:57.0712 5896 ksthunk - ok

00:46:57.0802 5896 Lavasoft Kernexplorer (9a7fa6371f68335fd3c3d6488bc5a9f8) C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys

00:46:57.0860 5896 Lavasoft Kernexplorer - ok

00:46:57.0890 5896 Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys

00:46:57.0891 5896 Lbd - ok

00:46:57.0936 5896 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

00:46:57.0941 5896 lltdio - ok

00:46:57.0972 5896 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

00:46:57.0984 5896 LSI_FC - ok

00:46:58.0032 5896 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

00:46:58.0041 5896 LSI_SAS - ok

00:46:58.0056 5896 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

00:46:58.0063 5896 LSI_SAS2 - ok

00:46:58.0079 5896 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

00:46:58.0087 5896 LSI_SCSI - ok

00:46:58.0104 5896 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

00:46:58.0106 5896 luafv - ok

00:46:58.0135 5896 LVPr2M64 (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys

00:46:58.0192 5896 LVPr2M64 - ok

00:46:58.0204 5896 LVPr2Mon (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys

00:46:58.0205 5896 LVPr2Mon - ok

00:46:58.0245 5896 LVRS64 (803085f59ec92b3827cc4d90fcbfd335) C:\Windows\system32\DRIVERS\lvrs64.sys

00:46:58.0312 5896 LVRS64 - ok

00:46:58.0395 5896 LVUVC64 (a8d7c97016e6b76ef472a4c7ab357ee3) C:\Windows\system32\DRIVERS\lvuvc64.sys

00:46:58.0504 5896 LVUVC64 - ok

00:46:58.0532 5896 MBAMProtector - ok

00:46:58.0627 5896 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

00:46:58.0633 5896 megasas - ok

00:46:58.0652 5896 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

00:46:58.0660 5896 MegaSR - ok

00:46:58.0690 5896 MEMSWEEP2 (f9ce67e9e0226079b59107b649851f96) C:\Windows\system32\342A.tmp

00:46:58.0693 5896 MEMSWEEP2 - ok

00:46:58.0728 5896 mfeapfk (ef3acfb7e3f82d5f7cde9ef5f0a4e2e2) C:\Windows\system32\drivers\mfeapfk.sys

00:46:58.0731 5896 mfeapfk - ok

00:46:58.0764 5896 mfeavfk (e7a60bdb4365b561d896019b82fb7dd0) C:\Windows\system32\drivers\mfeavfk.sys

00:46:58.0843 5896 mfeavfk - ok

00:46:58.0860 5896 mfeavfk01 - ok

00:46:58.0894 5896 mfefirek (670dffe55e2f9ab99d9169c428bcece9) C:\Windows\system32\drivers\mfefirek.sys

00:46:58.0968 5896 mfefirek - ok

00:46:59.0003 5896 mfehidk (1892616b7f9291fd77c3fa0a5811fe9f) C:\Windows\system32\drivers\mfehidk.sys

00:46:59.0010 5896 mfehidk - ok

00:46:59.0037 5896 mfenlfk (1721261c77f6e7a9e0cb51b7d9f31b60) C:\Windows\system32\DRIVERS\mfenlfk.sys

00:46:59.0085 5896 mfenlfk - ok

00:46:59.0111 5896 mferkdet (65776bd8029e409935b90de30bf99526) C:\Windows\system32\drivers\mferkdet.sys

00:46:59.0160 5896 mferkdet - ok

00:46:59.0190 5896 mfewfpk (4f17d8b85b903d96ef7033bb6ef50516) C:\Windows\system32\drivers\mfewfpk.sys

00:46:59.0263 5896 mfewfpk - ok

00:46:59.0299 5896 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

00:46:59.0302 5896 Modem - ok

00:46:59.0329 5896 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

00:46:59.0330 5896 monitor - ok

00:46:59.0362 5896 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

00:46:59.0376 5896 mouclass - ok

00:46:59.0418 5896 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

00:46:59.0431 5896 mouhid - ok

00:46:59.0446 5896 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys

00:46:59.0449 5896 mountmgr - ok

00:46:59.0468 5896 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys

00:46:59.0473 5896 mpio - ok

00:46:59.0490 5896 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

00:46:59.0501 5896 mpsdrv - ok

00:46:59.0532 5896 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys

00:46:59.0538 5896 MRxDAV - ok

00:46:59.0568 5896 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys

00:46:59.0573 5896 mrxsmb - ok

00:46:59.0613 5896 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys

00:46:59.0620 5896 mrxsmb10 - ok

00:46:59.0641 5896 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys

00:46:59.0645 5896 mrxsmb20 - ok

00:46:59.0673 5896 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys

00:46:59.0684 5896 msahci - ok

00:46:59.0701 5896 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys

00:46:59.0709 5896 msdsm - ok

00:46:59.0729 5896 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

00:46:59.0731 5896 Msfs - ok

00:46:59.0745 5896 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

00:46:59.0751 5896 mshidkmdf - ok

00:46:59.0759 5896 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys

00:46:59.0760 5896 msisadrv - ok

00:46:59.0785 5896 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

00:46:59.0787 5896 MSKSSRV - ok

00:46:59.0824 5896 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

00:46:59.0827 5896 MSPCLOCK - ok

00:46:59.0844 5896 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

00:46:59.0846 5896 MSPQM - ok

00:46:59.0870 5896 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys

00:46:59.0874 5896 MsRPC - ok

00:46:59.0885 5896 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

00:46:59.0886 5896 mssmbios - ok

00:46:59.0913 5896 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

00:46:59.0915 5896 MSTEE - ok

00:46:59.0932 5896 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

00:46:59.0944 5896 MTConfig - ok

00:46:59.0967 5896 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

00:46:59.0969 5896 Mup - ok

00:47:00.0006 5896 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

00:47:00.0015 5896 NativeWifiP - ok

00:47:00.0054 5896 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys

00:47:00.0068 5896 NDIS - ok

00:47:00.0077 5896 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

00:47:00.0083 5896 NdisCap - ok

00:47:00.0091 5896 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

00:47:00.0095 5896 NdisTapi - ok

00:47:00.0113 5896 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys

00:47:00.0118 5896 Ndisuio - ok

00:47:00.0151 5896 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys

00:47:00.0169 5896 NdisWan - ok

00:47:00.0191 5896 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys

00:47:00.0202 5896 NDProxy - ok

00:47:00.0234 5896 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

00:47:00.0237 5896 NetBIOS - ok

00:47:00.0262 5896 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys

00:47:00.0268 5896 NetBT - ok

00:47:00.0327 5896 netr28ux (26672f93749ac9fd28da1b0f94efa78d) C:\Windows\system32\DRIVERS\netr28ux.sys

00:47:00.0409 5896 netr28ux - ok

00:47:00.0429 5896 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

00:47:00.0434 5896 nfrd960 - ok

00:47:00.0466 5896 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

00:47:00.0467 5896 Npfs - ok

00:47:00.0478 5896 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

00:47:00.0479 5896 nsiproxy - ok

00:47:00.0529 5896 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys

00:47:00.0562 5896 Ntfs - ok

00:47:00.0579 5896 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

00:47:00.0588 5896 Null - ok

00:47:00.0887 5896 nvlddmkm (6f9cbe52517660b68694accee35ec4d5) C:\Windows\system32\DRIVERS\nvlddmkm.sys

00:47:01.0229 5896 nvlddmkm - ok

00:47:01.0266 5896 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys

00:47:01.0285 5896 nvraid - ok

00:47:01.0299 5896 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys

00:47:01.0306 5896 nvstor - ok

00:47:01.0316 5896 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys

00:47:01.0323 5896 nv_agp - ok

00:47:01.0342 5896 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys

00:47:01.0349 5896 ohci1394 - ok

00:47:01.0404 5896 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

00:47:01.0409 5896 Parport - ok

00:47:01.0433 5896 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys

00:47:01.0436 5896 partmgr - ok

00:47:01.0462 5896 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys

00:47:01.0467 5896 pci - ok

00:47:01.0485 5896 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys

00:47:01.0486 5896 pciide - ok

00:47:01.0553 5896 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

00:47:01.0559 5896 pcmcia - ok

00:47:01.0584 5896 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

00:47:01.0586 5896 pcw - ok

00:47:01.0622 5896 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

00:47:01.0653 5896 PEAUTH - ok

00:47:01.0705 5896 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys

00:47:01.0709 5896 PptpMiniport - ok

00:47:01.0729 5896 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

00:47:01.0737 5896 Processor - ok

00:47:01.0784 5896 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys

00:47:01.0786 5896 Psched - ok

00:47:01.0807 5896 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys

00:47:01.0810 5896 PxHlpa64 - ok

00:47:01.0881 5896 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

00:47:01.0913 5896 ql2300 - ok

00:47:01.0923 5896 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

00:47:01.0927 5896 ql40xx - ok

00:47:01.0947 5896 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

00:47:01.0948 5896 QWAVEdrv - ok

00:47:01.0963 5896 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

00:47:01.0967 5896 RasAcd - ok

00:47:01.0994 5896 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

00:47:02.0002 5896 RasAgileVpn - ok

00:47:02.0033 5896 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys

00:47:02.0047 5896 Rasl2tp - ok

00:47:02.0067 5896 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

00:47:02.0075 5896 RasPppoe - ok

00:47:02.0090 5896 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

00:47:02.0094 5896 RasSstp - ok

00:47:02.0112 5896 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys

00:47:02.0116 5896 rdbss - ok

00:47:02.0135 5896 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

00:47:02.0150 5896 rdpbus - ok

00:47:02.0173 5896 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

00:47:02.0173 5896 RDPCDD - ok

00:47:02.0185 5896 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

00:47:02.0185 5896 RDPENCDD - ok

00:47:02.0197 5896 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

00:47:02.0198 5896 RDPREFMP - ok

00:47:02.0217 5896 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys

00:47:02.0225 5896 RDPWD - ok

00:47:02.0245 5896 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys

00:47:02.0248 5896 rdyboost - ok

00:47:02.0299 5896 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

00:47:02.0308 5896 rspndr - ok

00:47:02.0339 5896 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys

00:47:02.0409 5896 RTL8167 - ok

00:47:02.0429 5896 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys

00:47:02.0436 5896 sbp2port - ok

00:47:02.0470 5896 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys

00:47:02.0475 5896 scfilter - ok

00:47:02.0494 5896 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

00:47:02.0497 5896 secdrv - ok

00:47:02.0526 5896 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

00:47:02.0530 5896 Serenum - ok

00:47:02.0563 5896 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

00:47:02.0571 5896 Serial - ok

00:47:02.0591 5896 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

00:47:02.0600 5896 sermouse - ok

00:47:02.0646 5896 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys

00:47:02.0651 5896 sffdisk - ok

00:47:02.0670 5896 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys

00:47:02.0674 5896 sffp_mmc - ok

00:47:02.0691 5896 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys

00:47:02.0697 5896 sffp_sd - ok

00:47:02.0714 5896 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

00:47:02.0719 5896 sfloppy - ok

00:47:02.0750 5896 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

00:47:02.0755 5896 SiSRaid2 - ok

00:47:02.0764 5896 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

00:47:02.0769 5896 SiSRaid4 - ok

00:47:02.0782 5896 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

00:47:02.0788 5896 Smb - ok

00:47:02.0802 5896 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

00:47:02.0802 5896 spldr - ok

00:47:02.0866 5896 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys

00:47:02.0877 5896 srv - ok

00:47:02.0903 5896 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys

00:47:02.0907 5896 srv2 - ok

00:47:02.0941 5896 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys

00:47:02.0943 5896 srvnet - ok

00:47:02.0985 5896 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

00:47:02.0989 5896 stexstor - ok

00:47:03.0019 5896 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

00:47:03.0023 5896 swenum - ok

00:47:03.0031 5896 szkg5 - ok

00:47:03.0089 5896 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys

00:47:03.0141 5896 Tcpip - ok

00:47:03.0201 5896 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys

00:47:03.0220 5896 TCPIP6 - ok

00:47:03.0238 5896 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys

00:47:03.0240 5896 tcpipreg - ok

00:47:03.0257 5896 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

00:47:03.0262 5896 TDPIPE - ok

00:47:03.0271 5896 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

00:47:03.0274 5896 TDTCP - ok

00:47:03.0294 5896 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys

00:47:03.0298 5896 tdx - ok

00:47:03.0311 5896 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys

00:47:03.0327 5896 TermDD - ok

00:47:03.0354 5896 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys

00:47:03.0357 5896 tssecsrv - ok

00:47:03.0376 5896 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys

00:47:03.0383 5896 tunnel - ok

00:47:03.0400 5896 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

00:47:03.0413 5896 uagp35 - ok

00:47:03.0446 5896 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys

00:47:03.0460 5896 udfs - ok

00:47:03.0485 5896 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys

00:47:03.0489 5896 uliagpkx - ok

00:47:03.0518 5896 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys

00:47:03.0531 5896 umbus - ok

00:47:03.0556 5896 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

00:47:03.0562 5896 UmPass - ok

00:47:03.0611 5896 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys

00:47:03.0675 5896 USBAAPL64 - ok

00:47:03.0705 5896 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys

00:47:03.0711 5896 usbaudio - ok

00:47:03.0723 5896 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys

00:47:03.0728 5896 usbccgp - ok

00:47:03.0749 5896 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys

00:47:03.0754 5896 usbcir - ok

00:47:03.0774 5896 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys

00:47:03.0779 5896 usbehci - ok

00:47:03.0805 5896 usbhub (7cc1c95896d60e868aa6dd2dd2f97ead) C:\Windows\system32\DRIVERS\usbhub.sys

00:47:03.0881 5896 usbhub - ok

00:47:03.0906 5896 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys

00:47:03.0909 5896 usbohci - ok

00:47:03.0933 5896 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

00:47:03.0941 5896 usbprint - ok

00:47:03.0980 5896 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS

00:47:03.0982 5896 USBSTOR - ok

00:47:04.0009 5896 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys

00:47:04.0016 5896 usbuhci - ok

00:47:04.0050 5896 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys

00:47:04.0065 5896 usbvideo - ok

00:47:04.0102 5896 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys

00:47:04.0103 5896 vdrvroot - ok

00:47:04.0126 5896 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

00:47:04.0135 5896 vga - ok

00:47:04.0163 5896 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

00:47:04.0176 5896 VgaSave - ok

00:47:04.0195 5896 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys

00:47:04.0208 5896 vhdmp - ok

00:47:04.0279 5896 VIAHdAudAddService (a6cf4aaaa85ec6f655c9922593e407ab) C:\Windows\system32\drivers\viahduaa.sys

00:47:04.0365 5896 VIAHdAudAddService - ok

00:47:04.0383 5896 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys

00:47:04.0388 5896 viaide - ok

00:47:04.0403 5896 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys

00:47:04.0404 5896 volmgr - ok

00:47:04.0424 5896 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys

00:47:04.0428 5896 volmgrx - ok

00:47:04.0466 5896 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys

00:47:04.0473 5896 volsnap - ok

00:47:04.0491 5896 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

00:47:04.0509 5896 vsmraid - ok

00:47:04.0536 5896 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

00:47:04.0540 5896 vwifibus - ok

00:47:04.0568 5896 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

00:47:04.0583 5896 vwififlt - ok

00:47:04.0615 5896 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

00:47:04.0620 5896 WacomPen - ok

00:47:04.0641 5896 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

00:47:04.0644 5896 WANARP - ok

00:47:04.0649 5896 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

00:47:04.0650 5896 Wanarpv6 - ok

00:47:04.0680 5896 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

00:47:04.0685 5896 Wd - ok

00:47:04.0718 5896 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

00:47:04.0732 5896 Wdf01000 - ok

00:47:04.0778 5896 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

00:47:04.0781 5896 WfpLwf - ok

00:47:04.0814 5896 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys

00:47:04.0879 5896 WimFltr - ok

00:47:04.0888 5896 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

00:47:04.0891 5896 WIMMount - ok

00:47:04.0936 5896 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys

00:47:04.0940 5896 WinUsb - ok

00:47:04.0960 5896 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

00:47:04.0965 5896 WmiAcpi - ok

00:47:04.0998 5896 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

00:47:05.0002 5896 ws2ifsl - ok

00:47:05.0050 5896 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys

00:47:05.0053 5896 WudfPf - ok

00:47:05.0067 5896 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys

00:47:05.0070 5896 WUDFRd - ok

00:47:05.0119 5896 xnacc (4a5ce13408945e525503b5f73d29b9c5) C:\Windows\system32\DRIVERS\xnacc.sys

00:47:05.0140 5896 xnacc - ok

00:47:05.0166 5896 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0

00:47:05.0235 5896 \Device\Harddisk0\DR0 - ok

00:47:05.0256 5896 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk5\DR5

00:47:05.0273 5896 \Device\Harddisk5\DR5 - ok

00:47:05.0280 5896 Boot (0x1200) (bd6a05eb50d6ebaf0c2bfc9af18816bd) \Device\Harddisk0\DR0\Partition0

00:47:05.0282 5896 \Device\Harddisk0\DR0\Partition0 - ok

00:47:05.0297 5896 Boot (0x1200) (57a2221155fd36c4ec3022f881db07a7) \Device\Harddisk0\DR0\Partition1

00:47:05.0299 5896 \Device\Harddisk0\DR0\Partition1 - ok

00:47:05.0310 5896 Boot (0x1200) (97d92b8c503f6ee797c79350e9515e8d) \Device\Harddisk5\DR5\Partition0

00:47:05.0315 5896 \Device\Harddisk5\DR5\Partition0 - ok

00:47:05.0315 5896 ============================================================

00:47:05.0315 5896 Scan finished

00:47:05.0315 5896 ============================================================

00:47:05.0327 5304 Detected object count: 0

00:47:05.0327 5304 Actual detected object count: 0

Link to post
Share on other sites

My apologies for the delay.

I will do the other two checks but UI have a question.

The MBR check discovered the MBR code for the hard drive AND

an MBR code for my external seagate drive. This drive

has no programs or OS, just files

Should I disconnect it to run the MBRCheck?

It shouldn't be an issue, we're only after the OS drive's MBR report, and leaving the other ones plugged in won't have any affect on that. ;)

Link to post
Share on other sites

Hi

Here are the contents of MBRCheck (1st)

and

Security Check (2nd after the **** line)

MBRCheck...

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows 7 Home Premium Edition

Windows Information: (build 7600), 64-bit

Base Board Manufacturer: Dell Inc.

BIOS Manufacturer: Dell Inc.

System Manufacturer: Dell Inc.

System Product Name: Inspiron 546

Logical Drives Mask: 0x000000fc

Kernel Drivers (total 155):

0x0300D000 \SystemRoot\system32\ntoskrnl.exe

0x035E9000 \SystemRoot\system32\hal.dll

0x00B96000 \SystemRoot\system32\kdcom.dll

0x00C6A000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll

0x00C77000 \SystemRoot\system32\PSHED.dll

0x00C8B000 \SystemRoot\system32\CLFS.SYS

0x00CE9000 \SystemRoot\system32\CI.dll

0x00EE2000 \SystemRoot\system32\drivers\Wdf01000.sys

0x00F86000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x00F95000 \SystemRoot\system32\DRIVERS\ACPI.sys

0x00FEC000 \SystemRoot\system32\DRIVERS\WMILIB.SYS

0x00FF5000 \SystemRoot\system32\DRIVERS\msisadrv.sys

0x00E00000 \SystemRoot\system32\DRIVERS\pci.sys

0x00E33000 \SystemRoot\system32\DRIVERS\vdrvroot.sys

0x00E40000 \SystemRoot\System32\drivers\partmgr.sys

0x00E55000 \SystemRoot\system32\DRIVERS\volmgr.sys

0x00E6A000 \SystemRoot\System32\drivers\volmgrx.sys

0x00EC6000 \SystemRoot\system32\DRIVERS\pciide.sys

0x00ECD000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS

0x00DA9000 \SystemRoot\system32\DRIVERS\pcmcia.sys

0x00DE2000 \SystemRoot\System32\drivers\mountmgr.sys

0x00C00000 \SystemRoot\system32\DRIVERS\atapi.sys

0x00C09000 \SystemRoot\system32\DRIVERS\ataport.SYS

0x00C33000 \SystemRoot\system32\DRIVERS\amdxata.sys

0x010BB000 \SystemRoot\system32\drivers\fltmgr.sys

0x01107000 \SystemRoot\system32\drivers\fileinfo.sys

0x0111B000 \SystemRoot\system32\drivers\mfehidk.sys

0x011B7000 \SystemRoot\system32\DRIVERS\Lbd.sys

0x011CC000 \SystemRoot\System32\Drivers\PxHlpa64.sys

0x0125B000 \SystemRoot\System32\Drivers\Ntfs.sys

0x01000000 \SystemRoot\System32\Drivers\msrpc.sys

0x01200000 \SystemRoot\System32\Drivers\ksecdd.sys

0x014A7000 \SystemRoot\System32\Drivers\cng.sys

0x0151A000 \SystemRoot\System32\drivers\pcw.sys

0x0152B000 \SystemRoot\System32\Drivers\Fs_Rec.sys

0x01642000 \SystemRoot\system32\drivers\ndis.sys

0x01734000 \SystemRoot\system32\drivers\NETIO.SYS

0x01794000 \SystemRoot\System32\Drivers\ksecpkg.sys

0x01535000 \SystemRoot\system32\DRIVERS\volsnap.sys

0x017BF000 \SystemRoot\System32\Drivers\spldr.sys

0x01600000 \SystemRoot\System32\drivers\rdyboost.sys

0x017C7000 \SystemRoot\System32\Drivers\mup.sys

0x017D9000 \SystemRoot\System32\drivers\hwpolicy.sys

0x01581000 \SystemRoot\System32\DRIVERS\fvevol.sys

0x017E2000 \SystemRoot\system32\DRIVERS\disk.sys

0x015BB000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS

0x01428000 \SystemRoot\system32\DRIVERS\cdrom.sys

0x01452000 \SystemRoot\System32\Drivers\Null.SYS

0x017F8000 \SystemRoot\System32\Drivers\Beep.SYS

0x0145B000 \SystemRoot\System32\drivers\vga.sys

0x01469000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x0148E000 \SystemRoot\System32\drivers\watchdog.sys

0x0149E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x0121A000 \SystemRoot\system32\drivers\rdpencdd.sys

0x01223000 \SystemRoot\system32\drivers\rdprefmp.sys

0x0122C000 \SystemRoot\System32\Drivers\Msfs.SYS

0x01237000 \SystemRoot\System32\Drivers\Npfs.SYS

0x02A02000 \SystemRoot\System32\drivers\tcpip.sys

0x0105E000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x03C8D000 \SystemRoot\system32\drivers\mfewfpk.sys

0x03CD1000 \SystemRoot\system32\DRIVERS\tdx.sys

0x03CEF000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x03CFC000 \SystemRoot\System32\DRIVERS\netbt.sys

0x03D41000 \SystemRoot\system32\drivers\afd.sys

0x03DCA000 \SystemRoot\system32\DRIVERS\wfplwf.sys

0x03DD3000 \SystemRoot\system32\DRIVERS\pacer.sys

0x03C00000 \SystemRoot\system32\DRIVERS\vwififlt.sys

0x03C16000 \SystemRoot\system32\DRIVERS\mfenlfk.sys

0x03C27000 \SystemRoot\system32\DRIVERS\netbios.sys

0x03C36000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x03C51000 \SystemRoot\system32\DRIVERS\termdd.sys

0x03EDD000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x03F2E000 \SystemRoot\system32\drivers\nsiproxy.sys

0x03F3A000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0x03F45000 \SystemRoot\System32\drivers\discache.sys

0x03F54000 \SystemRoot\System32\Drivers\dfsc.sys

0x03F72000 \SystemRoot\system32\DRIVERS\blbdrive.sys

0x03F83000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x03FA9000 \SystemRoot\system32\DRIVERS\amdppm.sys

0x04655000 \SystemRoot\system32\DRIVERS\atikmdag.sys

0x04C6B000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x04D5F000 \SystemRoot\System32\drivers\dxgmms1.sys

0x04DA5000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0x04600000 \SystemRoot\system32\DRIVERS\Rt64win7.sys

0x04639000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

0x04646000 \SystemRoot\system32\DRIVERS\usbohci.sys

0x03E00000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0x04DC9000 \SystemRoot\system32\DRIVERS\usbehci.sys

0x04052000 \SystemRoot\system32\drivers\cmudax3.sys

0x041BA000 \SystemRoot\system32\drivers\portcls.sys

0x04000000 \SystemRoot\system32\drivers\drmk.sys

0x03E56000 \SystemRoot\system32\drivers\ks.sys

0x04022000 \SystemRoot\system32\drivers\ksthunk.sys

0x04028000 \SystemRoot\system32\DRIVERS\CompositeBus.sys

0x04038000 \SystemRoot\system32\DRIVERS\AgileVpn.sys

0x04DDA000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x03E99000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x03EA5000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x03FBE000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x03FD9000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x03C65000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x01248000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0x010A8000 \SystemRoot\system32\DRIVERS\mouclass.sys

0x0404E000 \SystemRoot\system32\DRIVERS\swenum.sys

0x011D8000 \SystemRoot\system32\DRIVERS\umbus.sys

0x05060000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x050BA000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x050CF000 \SystemRoot\system32\drivers\AtiHdmi.sys

0x06225000 \SystemRoot\system32\drivers\viahduaa.sys

0x063BB000 \SystemRoot\system32\drivers\mfeavfk.sys

0x050EF000 \SystemRoot\system32\drivers\mfefirek.sys

0x06200000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS

0x0621B000 \SystemRoot\system32\DRIVERS\USBD.SYS

0x00060000 \SystemRoot\System32\win32k.sys

0x063F1000 \SystemRoot\System32\drivers\Dxapi.sys

0x05163000 \SystemRoot\system32\DRIVERS\hidusb.sys

0x05171000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0x0518A000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0x05193000 \SystemRoot\system32\DRIVERS\kbdhid.sys

0x051A1000 \SystemRoot\system32\DRIVERS\mouhid.sys

0x051AE000 \SystemRoot\system32\DRIVERS\monitor.sys

0x051BC000 \SystemRoot\System32\Drivers\crashdmp.sys

0x051CA000 \SystemRoot\System32\Drivers\dump_dumpata.sys

0x051D6000 \SystemRoot\System32\Drivers\dump_atapi.sys

0x051DF000 \SystemRoot\System32\Drivers\dump_dumpfve.sys

0x005E0000 \SystemRoot\System32\TSDDD.dll

0x007B0000 \SystemRoot\System32\cdd.dll

0x05000000 \SystemRoot\system32\drivers\luafv.sys

0x05023000 \SystemRoot\system32\drivers\WudfPf.sys

0x05044000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x038D3000 \SystemRoot\system32\DRIVERS\nwifi.sys

0x03926000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0x03939000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x03800000 \SystemRoot\system32\drivers\HTTP.sys

0x03951000 \SystemRoot\system32\DRIVERS\bowser.sys

0x0396F000 \SystemRoot\System32\drivers\mpsdrv.sys

0x03987000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0x0646F000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0x064BD000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0x064E0000 \SystemRoot\system32\drivers\peauth.sys

0x06586000 \SystemRoot\System32\Drivers\secdrv.SYS

0x06591000 \SystemRoot\System32\DRIVERS\srvnet.sys

0x065BE000 \SystemRoot\System32\drivers\tcpipreg.sys

0x070CB000 \SystemRoot\System32\DRIVERS\srv2.sys

0x07132000 \SystemRoot\System32\DRIVERS\srv.sys

0x071ED000 \SystemRoot\system32\DRIVERS\LVPr2M64.sys

0x07000000 \SystemRoot\system32\DRIVERS\WUDFRd.sys

0x07031000 \SystemRoot\system32\drivers\cfwids.sys

0x07040000 \SystemRoot\System32\Drivers\fastfat.SYS

0x07076000 \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys

0x0707D000 \SystemRoot\system32\DRIVERS\asyncmac.sys

0x0709B000 \SystemRoot\system32\drivers\mfeapfk.sys

0x77680000 \Windows\System32\ntdll.dll

0x480C0000 \Windows\System32\smss.exe

0xFF9A0000 \Windows\System32\apisetschema.dll

Processes (total 65):

0 System Idle Process

4 System

300 C:\Windows\System32\smss.exe

468 csrss.exe

532 C:\Windows\System32\wininit.exe

564 csrss.exe

588 C:\Windows\System32\services.exe

616 C:\Windows\System32\lsass.exe

624 C:\Windows\System32\lsm.exe

676 C:\Windows\System32\winlogon.exe

772 C:\Windows\System32\svchost.exe

852 C:\Windows\System32\svchost.exe

916 C:\Windows\System32\atiesrxx.exe

980 C:\Windows\System32\svchost.exe

116 C:\Windows\System32\svchost.exe

412 C:\Windows\System32\svchost.exe

324 C:\Windows\System32\svchost.exe

1052 C:\Program Files\Dell\DellDock\DockLogin.exe

1148 C:\Windows\System32\atieclxx.exe

1184 C:\Windows\System32\svchost.exe

1400 C:\Windows\System32\spoolsv.exe

1440 C:\Windows\System32\svchost.exe

1556 C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

1608 C:\Windows\System32\spool\drivers\x64\3\OPHALDCS.EXE

1648 C:\Windows\SysWOW64\lkads.exe

1696 C:\Windows\SysWOW64\lktsrv.exe

1752 C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe

1828 C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

1880 LVPrS64H.exe

1904 C:\Program Files (x86)\National Instruments\MAX\nimxs.exe

1960 C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe

2004 C:\Windows\SysWOW64\nisvcloc.exe

2036 C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe

2092 C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe

2272 C:\Windows\System32\svchost.exe

2340 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

2460 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

2556 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

2592 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

2916 WmiPrvSE.exe

3248 C:\Windows\System32\taskhost.exe

3324 C:\Windows\System32\dwm.exe

3344 C:\Windows\explorer.exe

4000 C:\Windows\SysWOW64\rundll32.exe

4032 C:\Windows\System32\svchost.exe

4088 WUDFHost.exe

3340 C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

3788 C:\Program Files\Dell\DellDock\DellDock.exe

4340 C:\Windows\System32\svchost.exe

4672 C:\Windows\System32\SearchIndexer.exe

4836 C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe

3564 unsecapp.exe

464 C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe

2784 C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe

224 C:\Program Files\Windows Media Player\wmpnetwk.exe

4948 C:\Windows\System32\wuauclt.exe

1456 C:\Windows\System32\svchost.exe

2900 C:\Program Files (x86)\Mozilla Firefox\firefox.exe

2624 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

5488 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

3808 C:\Program Files\McAfee.com\Agent\mcagent.exe

5152 C:\Windows\System32\audiodg.exe

5776 C:\Users\Phil\Desktop\MBRCheck(1).exe

4868 C:\Windows\System32\conhost.exe

5620 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`ac000000 (NTFS)

PhysicalDrive0 Model Number: ST3750528AS, Rev: CC45

Size Device Name MBR Status

--------------------------------------------

698 GB \\.\PhysicalDrive0 Dell Inspiron MBR code detected

SHA1: AE3E0A945D44C8EA304A19A8F50F69065C34344B

Done!

**********************

Results of screen317's Security Check version 0.99.30

Windows 7 x64 (UAC is enabled)

Internet Explorer 8 Out of date!

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

McAfee SecurityCenter

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Ad-Aware

Malwarebytes' Anti-Malware

Java 6 Update 26

Java version out of date!

Adobe Flash Player 10.3.183.7 Flash Player out of Date!

Adobe Reader 9 Adobe Reader out of date!

Mozilla Firefox 8.0. Firefox out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Ad-Aware AAWService.exe

Ad-Aware AAWTray.exe

``````````End of Log````````````

Link to post
Share on other sites

Great! Let's move on to removing the remnants of the rootkit we just cleaned ;):

  • Boot into xPUD then click the File tab.
  • Press File
  • Expand mnt
  • Click on the folder under mnt that represents your USB drive (sdb1 ?)
  • You should see the tdl_fix.sh file in the main window.
  • Select Tool from the Menu
  • Choose Open Terminal
  • Type bash tdl_fix.sh -delete then press Enter.
  • ** Make sure to leave a space to either side of tdl_fix.sh in the command.
  • You should be notified of a hidden partition found and prompted to delete it.
  • Type y then press Enter.
  • The script will complete and prompt you to reboot the computer.
  • Close the Terminal window and restart back into Windows.
  • Post the contents of the tdl_delete.txt file that was created on your flash drive.

**NOTE - in the event there is a problem booting the computer normally after running the script, run the tdl_fix.sh script again using the following command.

bash tdl_fix.sh -restore

Make sure to leave a space to either side of tdl_fix.sh in the command.

This will prompt you to use the file tdl_mbr_sda.bin on drive sda.

Ok the procedure then restart when complete.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.