8 replies to this topic

[defiance2011]

Hi

Out of nowhere I seem to have a nasty injection. Always run AVG and Malwarebytes, it found a number of trojans today, and despite deleting and rebooting, they are straight back everytime i try to boot into windows, crashing my PC within minutes.

My PC does not allow me to operate it correctly in normal mode, so I ran the tests asked for in safe mode, I hope that is ok... Here are the results...

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 02/11/2009 21:39:46
System Uptime: 01/03/2012 19:56:27 (2 hours ago)
.
Motherboard: Dell Inc. | | 0N826N
Processor: Intel® Core™2 Quad CPU Q9400 @ 2.66GHz | Socket 775 | 2660/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 457 GiB total, 105.374 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 932 GiB total, 794.129 GiB free.
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is Removable
M: is CDROM (CDFS)
N: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
==== System Restore Points ===================
.
RP207: 27/02/2012 11:20:35 - Removed WinZip 16.0
RP208: 27/02/2012 18:14:00 - Removed Steam
RP209: 27/02/2012 18:44:32 - Windows Update
RP210: 29/02/2012 13:08:41 - Removed Apple Software Update
RP211: 29/02/2012 13:26:00 - Removed Adobe Community Help
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
7-Zip 4.65
A-PDF Merger 4.6
ACID Pro 7.0
Adobe AIR
Adobe Community Help
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader 9.5.0
Any Video Converter 3.0.5
ASIO4ALL
µTorrent
Avidemux 2.5 (32-bit)
Bing Bar
Canon MP Navigator EX 1.0
Canon MP610 series User Registration
Carbonite
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
CyberLink PowerDirector
DC++ 0.782
Dell Support Center (Support Software)
Doro 1.66
EOSInfo
exPressit SE
FL Studio 9
FlashFXP v3
Google Chrome
Google Chrome Frame
Google Update Helper
GoToMeeting 4.8.0.723
GTK+ Runtime 2.14.7 rev a (remove only)
HexEdit
IL Download Manager
Java Auto Updater
Java™ 6 Update 23
Junk Mail filter update
K-Lite Mega Codec Pack 5.3.0
Kayako Desktop
Live Support Chat for Web Site 5.4.4
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox (3.6.17)
Mp3tag v2.47b
MSVCRT
Native Instruments Traktor DJ Studio 3
Network Stumbler 0.4.0 (remove only)
NVIDIA PhysX
PDF Settings CS5
Pidgin
PoiZone
PowerDVD DX
PowerISO
PremiumSoft Navicat Lite 9.1
QuickTime
Realtek High Definition Audio Driver
rFactor (remove only)
Roxio Burn
Roxio Update Manager
Sawer
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
SmartSound Quicktracks Plugin
Spelling Dictionaries Support For Adobe Reader 9
Steam
TweetDeck
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VanDyke Software SecureCRT 5.5
Video Capture Master 7.1.0.300
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Visual Studio 2008 x64 Redistributables
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
.
==== Event Viewer Messages From Past Week ========
.
29/02/2012 18:17:26, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff800032b2ab5). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022912-36363-01.
29/02/2012 16:44:57, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {0B5A2C52-3EB9-470A-96E2-6C6D4570E40F}
29/02/2012 16:17:09, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
29/02/2012 16:07:07, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
29/02/2012 16:06:52, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
29/02/2012 16:03:55, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
29/02/2012 16:03:14, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800035d4a9a, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022912-31995-01.
29/02/2012 16:03:10, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx64 Avgmfx64 DfsC discache NetBIOS NetBT nsiproxy Psched rdbss SCDEmu spldr tdx vwififlt Wanarpv6 WfpLwf
29/02/2012 16:03:09, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
29/02/2012 16:03:09, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
29/02/2012 16:03:09, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
29/02/2012 16:03:09, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
29/02/2012 16:03:08, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
29/02/2012 16:03:07, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
29/02/2012 16:03:07, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
29/02/2012 16:03:07, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
29/02/2012 16:03:07, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
29/02/2012 14:30:24, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
29/02/2012 12:52:39, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff8000325ef6b, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022912-44975-01.
29/02/2012 11:21:00, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x000000003c346351, 0x0000000000000002, 0x0000000000000001, 0xfffff800032c8ab5). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022912-40404-01.
29/02/2012 11:19:28, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
29/02/2012 11:18:58, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
29/02/2012 11:18:57, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
29/02/2012 11:18:57, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
29/02/2012 11:17:45, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80003272f6b, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022912-41995-01.
29/02/2012 11:09:09, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff800032caab5). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022912-31418-01.
27/02/2012 17:55:04, Error: Service Control Manager [7031] - The CarboniteService service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
27/02/2012 17:54:03, Error: Service Control Manager [7034] - The Viewpoint Service service terminated unexpectedly. It has done this 1 time(s).
27/02/2012 17:54:03, Error: Service Control Manager [7034] - The SupportSoft Sprocket Service (DellSupportCenter) service terminated unexpectedly. It has done this 1 time(s).
27/02/2012 17:54:03, Error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
27/02/2012 17:54:03, Error: Service Control Manager [7034] - The Dyn Updater service terminated unexpectedly. It has done this 1 time(s).
27/02/2012 17:54:03, Error: Service Control Manager [7034] - The Dock Login Service service terminated unexpectedly. It has done this 1 time(s).
27/02/2012 17:54:03, Error: Service Control Manager [7034] - The Dell Wireless WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s).
27/02/2012 17:54:03, Error: Service Control Manager [7034] - The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly. It has done this 1 time(s).
27/02/2012 17:54:03, Error: Service Control Manager [7034] - The BBUpdate service terminated unexpectedly. It has done this 1 time(s).
27/02/2012 17:54:03, Error: Service Control Manager [7034] - The AVG WatchDog service terminated unexpectedly. It has done this 2 time(s).
27/02/2012 17:54:03, Error: Service Control Manager [7034] - The Andrea RT Filters Service service terminated unexpectedly. It has done this 1 time(s).
27/02/2012 17:54:03, Error: Service Control Manager [7031] - The CarboniteService service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
27/02/2012 17:54:03, Error: Service Control Manager [7031] - The AVG WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
01/03/2012 21:46:39, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
01/03/2012 21:46:39, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
01/03/2012 21:46:34, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk7\DR7.
01/03/2012 21:44:20, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
01/03/2012 21:44:19, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
01/03/2012 21:44:12, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
01/03/2012 21:44:10, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service CarboniteService with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}
01/03/2012 21:44:05, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
01/03/2012 19:57:02, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx64 Avgmfx64 discache SCDEmu spldr Wanarpv6
01/03/2012 10:06:19, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
.
==== End Of File ===========================





.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421
Run by matt at 21:46:47 on 2012-03-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8190.7421 [GMT 0:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
-netsvcs
C:\Windows\system32\conhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uStart Page = hxxp://admin:admin@secure.xssl.net/status/
uSearch Bar =
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FlashFXP Helper for Internet Explorer: {e5a1691b-d188-4419-ad02-90002030b8ee} - C:\PROGRA~2\FlashFXP\IEFlash.dll
BHO: ChromeFrame BHO: {ecb3c477-1a0a-44bd-bb57-78f9efe34fa7} - C:\Program Files (x86)\Google\Chrome Frame\Application\17.0.963.56\npchrome_frame.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {5000A11A-D70A-4B1A-B68C-7222F071A313} - No File
uRun: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe" -scheduler
uRun: [Google Update] "C:\Users\matt\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Pidgin] C:\Program Files (x86)\Pidgin\pidgin.exe
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [AdobeBridge]
uRun: [lpc] rundll32.exe " non stop to restore the server. We are happy to help your programmers with the code which caused the initial duplicate insertion problem which crashed InnoDB, but obviously cannot do that until such time as the server is working again.cHi MattCurrently your srundll32.exe " non stop to restore the server. We are happy to help your programmers with the", RegisterDll
uRun: [ProvideSupportOperatorConsole] C:\PROGRA~2\PROVID~1\LIVESU~1\PROVID~1.EXE
mRun: [DoroServer] C:\Program Files (x86)\DoroPDFWriter\DoroServer.exe
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [dellsupportcenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
dRun: [lpc] rundll32.exe "C:\Users\matt\AppData\Roaming\Remote\dmc01.dll",RegisterDll
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TWEETD~1.LNK - C:\Program Files (x86)\TweetDeck\TweetDeck.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
Trusted Zone: facebook.com\www
DPF: {0A43D7AC-D6C1-4622-B309-BF975F427C0E} - hxxps://internetbankingplus1.firstdirect.com/ibplus/frontdoorFD.cab
DPF: {26522409-8BBF-4C5B-A4D3-CF4B1D6F255B} - hxxp://www.umediaserver.net/bin/UMediaControl5.cab
DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} - hxxps://moneymanager.egg.com/Pinsafe/accounttracking.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {9B479D7B-916A-45B0-B042-D42865A60E21} - hxxp://dsl2.unitedhosting.co.uk/DvrOcx.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F184A6DA-2B5A-4507-8555-C05C5C5C9A9B} - hxxps://72.249.26.251/itcclient.cab
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{5A62F666-7EC5-454A-B022-71178A0C4742} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{5A62F666-7EC5-454A-B022-71178A0C4742}\C416474796D6F627568614E6 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{5A62F666-7EC5-454A-B022-71178A0C4742}\C616474796D6F627568614E6 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{D937D130-9432-4771-89CA-283D835B89F8} : DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{D937D130-9432-4771-89CA-283D835B89F8}\7516C6370275966496 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D937D130-9432-4771-89CA-283D835B89F8}\C616474796D6F627568614E6 : NameServer = 192.168.0.1
TCP: Interfaces\{D937D130-9432-4771-89CA-283D835B89F8}\C616474796D6F627568614E6 : DhcpNameServer = 194.168.4.100 194.168.8.100
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\17.0.963.56\npchrome_frame.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: FlashFXP Helper for Internet Explorer: {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~2\FlashFXP\IEFlash.dll
BHO-X64: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\17.0.963.56\npchrome_frame.dll
BHO-X64: ChromeFrame BHO - No File
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {5000A11A-D70A-4B1A-B68C-7222F071A313} - No File
mRun-x64: [DoroServer] C:\Program Files (x86)\DoroPDFWriter\DoroServer.exe
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [dellsupportcenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
IE-X64: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
IE-X64: {03588886-5C50-4645-BD5D-F105F84417DE} - http://www.intercasino.co.uk
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\matt\AppData\Roaming\Mozilla\Firefox\Profiles\af2r319y.default\
FF - prefs.js: browser.startup.homepage - hxxp://admin:admin@www.unitedsupport.co.uk/homepage/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\matt\AppData\Local\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
S2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-10-29 92160]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
S2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 Dyn Updater;Dyn Updater;C:\Program Files (x86)\DynDNS Updater\DynUpSvc.exe [2011-9-6 95608]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-11-17 135664]
S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2012-2-27 2214504]
S2 Viewpoint Service;Viewpoint Service;C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe [2010-1-25 30152]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-11-17 135664]
S3 netr28ux;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\Dnetr28ux.sys --> C:\Windows\system32\DRIVERS\Dnetr28ux.sys [?]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S3 StkTMini;Syntek AVStream USB2.0 ATV;C:\Windows\system32\Drivers\StkTMini.sys --> C:\Windows\system32\Drivers\StkTMini.sys [?]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBMULCD;USB Multi-Channel Audio Device Interface;C:\Windows\system32\drivers\CM10664.sys --> C:\Windows\system32\drivers\CM10664.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-02-29 12:53:35 20480 ----a-w- C:\Windows\svchost.exe
2012-02-29 08:07:56 -------- d-----w- C:\Users\matt\AppData\Roaming\Remote
2012-02-27 18:46:22 739432 ----a-w- C:\Windows\System32\easyupdatusapiu64.dll
2012-02-27 18:18:14 -------- d-----w- C:\Program Files (x86)\Steam
2012-02-27 18:15:14 -------- d-----w- C:\Windows\048298C9A4D3490B9FF9AB023A9238F3.TMP
2012-02-25 04:58:39 -------- d-----w- C:\Users\matt\AppData\Roaming\Kayako
2012-02-25 04:58:22 -------- d-----w- C:\Program Files (x86)\Kayako
2012-02-17 23:55:00 -------- d-----w- C:\Users\matt\AppData\Roaming\Malwarebytes
2012-02-17 23:54:54 -------- d-----w- C:\ProgramData\Malwarebytes
2012-02-17 23:54:53 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-02-17 23:54:53 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-15 12:34:34 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-02-15 12:34:34 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-02-15 12:34:33 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-02-15 12:34:33 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-02-15 12:34:31 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-02-15 12:34:30 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-02-15 12:34:28 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-02-15 12:34:28 634880 ----a-w- C:\Windows\System32\msvcrt.dll
.
==================== Find3M ====================
.
2012-02-21 11:51:29 72080 ----a-w- C:\Users\matt\g2mdlhlpx.exe
2011-12-14 07:11:03 2308096 ----a-w- C:\Windows\System32\jscript9.dll
2011-12-14 07:04:30 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-12-14 07:03:38 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-12-14 06:57:28 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-12-14 03:04:54 1798656 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 21:51:30.59 ===============

[Larusso]

Hy
my name is Daniel and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

• First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  
• Perform everything in the correct order. Sometimes one step requires the previous one.
  
• If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  
• Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  
• Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  
• If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  
• Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  
• My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.exe and save it to your desktop

• Execute TDSSKiller.exe by doubleclicking on it.
• Press Start Scan
  
  
• If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
  
  
• Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

Please post the contents of that log in your next reply.

[defiance2011]

Hi

thanks for the help, here is the TDS log:


10:11:55.0583 1804 TDSS rootkit removing tool 2.7.17.0 Feb 29 2012 14:02:24
10:11:55.0599 1804 ============================================================
10:11:55.0599 1804 Current date / time: 2012/03/02 10:11:55.0599
10:11:55.0599 1804 SystemInfo:
10:11:55.0599 1804
10:11:55.0599 1804 OS Version: 6.1.7601 ServicePack: 1.0
10:11:55.0599 1804 Product type: Workstation
10:11:55.0599 1804 ComputerName: MATT-W7
10:11:55.0599 1804 UserName: matt
10:11:55.0599 1804 Windows directory: C:\Windows
10:11:55.0599 1804 System windows directory: C:\Windows
10:11:55.0599 1804 Running under WOW64
10:11:55.0599 1804 Processor architecture: Intel x64
10:11:55.0599 1804 Number of processors: 4
10:11:55.0599 1804 Page size: 0x1000
10:11:55.0599 1804 Boot type: Safe boot with network
10:11:55.0599 1804 ============================================================
10:11:56.0597 1804 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:11:56.0597 1804 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
10:11:56.0597 1804 Drive \Device\Harddisk2\DR2 - Size: 0x3B5980000 (14.84 Gb), SectorSize: 0x200, Cylinders: 0x790, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:11:56.0660 1804 Drive \Device\Harddisk7\DR8 - Size: 0x3BB63FE00 (14.93 Gb), SectorSize: 0x200, Cylinders: 0x79C, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:11:56.0660 1804 \Device\Harddisk0\DR0:
10:11:56.0660 1804 MBR used
10:11:56.0660 1804 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x27800, BlocksNum 0x123F000
10:11:56.0660 1804 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1266800, BlocksNum 0x3911F000
10:11:56.0660 1804 \Device\Harddisk1\DR1:
10:11:56.0660 1804 MBR used
10:11:56.0660 1804 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
10:11:56.0660 1804 \Device\Harddisk2\DR2:
10:11:56.0660 1804 MBR used
10:11:56.0660 1804 \Device\Harddisk2\DR2\Partition0: MBR, Type 0xC, StartLBA 0x2000, BlocksNum 0x1DAAC00
10:11:56.0660 1804 \Device\Harddisk7\DR8:
10:11:56.0660 1804 MBR used
10:11:56.0660 1804 \Device\Harddisk7\DR8\Partition0: MBR, Type 0xC, StartLBA 0x34, BlocksNum 0x1DD5A92
10:11:56.0691 1804 Initialize success
10:11:56.0691 1804 ============================================================
10:11:58.0188 1508 ============================================================
10:11:58.0188 1508 Scan started
10:11:58.0188 1508 Mode: Manual;
10:11:58.0188 1508 ============================================================
10:11:58.0953 1508 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
10:11:58.0953 1508 1394ohci - ok
10:11:59.0093 1508 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
10:11:59.0093 1508 ACPI - ok
10:11:59.0140 1508 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
10:11:59.0140 1508 AcpiPmi - ok
10:11:59.0202 1508 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
10:11:59.0218 1508 adp94xx - ok
10:11:59.0249 1508 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
10:11:59.0249 1508 adpahci - ok
10:11:59.0280 1508 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
10:11:59.0280 1508 adpu320 - ok
10:11:59.0358 1508 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
10:11:59.0358 1508 AFD - ok
10:11:59.0405 1508 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
10:11:59.0405 1508 agp440 - ok
10:11:59.0436 1508 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
10:11:59.0436 1508 aliide - ok
10:11:59.0452 1508 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
10:11:59.0452 1508 amdide - ok
10:11:59.0499 1508 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
10:11:59.0499 1508 AmdK8 - ok
10:11:59.0514 1508 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
10:11:59.0514 1508 AmdPPM - ok
10:11:59.0577 1508 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
10:11:59.0577 1508 amdsata - ok
10:11:59.0639 1508 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
10:11:59.0639 1508 amdsbs - ok
10:11:59.0686 1508 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
10:11:59.0686 1508 amdxata - ok
10:11:59.0733 1508 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
10:11:59.0733 1508 AppID - ok
10:11:59.0764 1508 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
10:11:59.0764 1508 arc - ok
10:11:59.0780 1508 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
10:11:59.0780 1508 arcsas - ok
10:11:59.0826 1508 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
10:11:59.0826 1508 AsyncMac - ok
10:11:59.0842 1508 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
10:11:59.0842 1508 atapi - ok
10:11:59.0920 1508 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
10:11:59.0920 1508 AVGIDSEH - ok
10:11:59.0982 1508 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
10:11:59.0982 1508 Avgldx64 - ok
10:12:00.0045 1508 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
10:12:00.0045 1508 Avgmfx64 - ok
10:12:00.0123 1508 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
10:12:00.0123 1508 Avgrkx64 - ok
10:12:00.0185 1508 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
10:12:00.0185 1508 b06bdrv - ok
10:12:00.0248 1508 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
10:12:00.0248 1508 b57nd60a - ok
10:12:00.0326 1508 BCM42RLY (e001dd475a7c27ebe5a0db45c11bad71) C:\Windows\system32\drivers\BCM42RLY.sys
10:12:00.0326 1508 BCM42RLY - ok
10:12:00.0388 1508 BCM43XX (f4cd5f52850bf2c978de178f256ba372) C:\Windows\system32\DRIVERS\bcmwl664.sys
10:12:00.0435 1508 BCM43XX - ok
10:12:00.0528 1508 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
10:12:00.0528 1508 Beep - ok
10:12:00.0591 1508 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
10:12:00.0591 1508 blbdrive - ok
10:12:00.0638 1508 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
10:12:00.0638 1508 bowser - ok
10:12:00.0669 1508 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:12:00.0669 1508 BrFiltLo - ok
10:12:00.0669 1508 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:12:00.0669 1508 BrFiltUp - ok
10:12:00.0700 1508 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
10:12:00.0700 1508 Brserid - ok
10:12:00.0716 1508 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
10:12:00.0716 1508 BrSerWdm - ok
10:12:00.0731 1508 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:12:00.0731 1508 BrUsbMdm - ok
10:12:00.0731 1508 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
10:12:00.0731 1508 BrUsbSer - ok
10:12:00.0747 1508 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
10:12:00.0747 1508 BTHMODEM - ok
10:12:00.0825 1508 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
10:12:00.0840 1508 cdfs - ok
10:12:00.0903 1508 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
10:12:00.0903 1508 cdrom - ok
10:12:00.0918 1508 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
10:12:00.0918 1508 circlass - ok
10:12:00.0950 1508 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
10:12:00.0950 1508 CLFS - ok
10:12:00.0981 1508 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
10:12:00.0981 1508 CmBatt - ok
10:12:00.0996 1508 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
10:12:00.0996 1508 cmdide - ok
10:12:01.0043 1508 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
10:12:01.0043 1508 CNG - ok
10:12:01.0074 1508 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
10:12:01.0074 1508 Compbatt - ok
10:12:01.0121 1508 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
10:12:01.0121 1508 CompositeBus - ok
10:12:01.0168 1508 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
10:12:01.0168 1508 crcdisk - ok
10:12:01.0293 1508 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
10:12:01.0293 1508 DfsC - ok
10:12:01.0308 1508 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
10:12:01.0308 1508 discache - ok
10:12:01.0355 1508 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
10:12:01.0371 1508 Disk - ok
10:12:01.0449 1508 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
10:12:01.0449 1508 drmkaud - ok
10:12:01.0527 1508 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
10:12:01.0558 1508 DXGKrnl - ok
10:12:01.0652 1508 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
10:12:01.0714 1508 ebdrv - ok
10:12:01.0745 1508 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
10:12:01.0745 1508 elxstor - ok
10:12:01.0808 1508 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
10:12:01.0808 1508 ErrDev - ok
10:12:01.0854 1508 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
10:12:01.0854 1508 exfat - ok
10:12:01.0886 1508 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
10:12:01.0886 1508 fastfat - ok
10:12:01.0932 1508 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
10:12:01.0932 1508 fdc - ok
10:12:01.0948 1508 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
10:12:01.0964 1508 FileInfo - ok
10:12:01.0979 1508 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
10:12:01.0979 1508 Filetrace - ok
10:12:01.0995 1508 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
10:12:01.0995 1508 flpydisk - ok
10:12:02.0073 1508 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
10:12:02.0088 1508 FltMgr - ok
10:12:02.0135 1508 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
10:12:02.0135 1508 FsDepends - ok
10:12:02.0151 1508 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
10:12:02.0151 1508 Fs_Rec - ok
10:12:02.0213 1508 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
10:12:02.0213 1508 fvevol - ok
10:12:02.0229 1508 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
10:12:02.0229 1508 gagp30kx - ok
10:12:02.0307 1508 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
10:12:02.0307 1508 hcw85cir - ok
10:12:02.0385 1508 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
10:12:02.0385 1508 HDAudBus - ok
10:12:02.0400 1508 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
10:12:02.0400 1508 HidBatt - ok
10:12:02.0416 1508 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
10:12:02.0416 1508 HidBth - ok
10:12:02.0432 1508 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
10:12:02.0447 1508 HidIr - ok
10:12:02.0494 1508 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
10:12:02.0494 1508 HidUsb - ok
10:12:02.0525 1508 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
10:12:02.0525 1508 HpSAMD - ok
10:12:02.0619 1508 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
10:12:02.0634 1508 HTTP - ok
10:12:02.0697 1508 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
10:12:02.0697 1508 hwpolicy - ok
10:12:02.0744 1508 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
10:12:02.0744 1508 i8042prt - ok
10:12:02.0790 1508 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
10:12:02.0806 1508 iaStorV - ok
10:12:02.0822 1508 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
10:12:02.0822 1508 iirsp - ok
10:12:02.0868 1508 IntcAzAudAddService (f2b52c7b1c8e6a4fc4c4564f4a421f23) C:\Windows\system32\drivers\RTKVHD64.sys
10:12:02.0900 1508 IntcAzAudAddService - ok
10:12:02.0962 1508 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
10:12:02.0962 1508 intelide - ok
10:12:03.0009 1508 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
10:12:03.0009 1508 intelppm - ok
10:12:03.0056 1508 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:12:03.0056 1508 IpFilterDriver - ok
10:12:03.0087 1508 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
10:12:03.0087 1508 IPMIDRV - ok
10:12:03.0118 1508 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
10:12:03.0118 1508 IPNAT - ok
10:12:03.0149 1508 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
10:12:03.0149 1508 IRENUM - ok
10:12:03.0180 1508 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
10:12:03.0180 1508 isapnp - ok
10:12:03.0212 1508 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
10:12:03.0212 1508 iScsiPrt - ok
10:12:03.0258 1508 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
10:12:03.0258 1508 kbdclass - ok
10:12:03.0305 1508 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
10:12:03.0305 1508 kbdhid - ok
10:12:03.0352 1508 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
10:12:03.0368 1508 KSecDD - ok
10:12:03.0414 1508 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
10:12:03.0430 1508 KSecPkg - ok
10:12:03.0446 1508 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
10:12:03.0446 1508 ksthunk - ok
10:12:03.0508 1508 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
10:12:03.0508 1508 lltdio - ok
10:12:03.0586 1508 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
10:12:03.0586 1508 LSI_FC - ok
10:12:03.0586 1508 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
10:12:03.0602 1508 LSI_SAS - ok
10:12:03.0617 1508 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:12:03.0617 1508 LSI_SAS2 - ok
10:12:03.0633 1508 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:12:03.0633 1508 LSI_SCSI - ok
10:12:03.0680 1508 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
10:12:03.0680 1508 luafv - ok
10:12:03.0695 1508 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
10:12:03.0695 1508 megasas - ok
10:12:03.0726 1508 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
10:12:03.0726 1508 MegaSR - ok
10:12:03.0742 1508 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
10:12:03.0742 1508 Modem - ok
10:12:03.0804 1508 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
10:12:03.0804 1508 monitor - ok
10:12:03.0851 1508 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
10:12:03.0851 1508 mouclass - ok
10:12:03.0898 1508 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
10:12:03.0898 1508 mouhid - ok
10:12:03.0945 1508 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
10:12:03.0945 1508 mountmgr - ok
10:12:04.0007 1508 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
10:12:04.0007 1508 mpio - ok
10:12:04.0023 1508 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
10:12:04.0054 1508 mpsdrv - ok
10:12:04.0226 1508 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
10:12:04.0241 1508 MRxDAV - ok
10:12:04.0288 1508 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:12:04.0288 1508 mrxsmb - ok
10:12:04.0350 1508 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:12:04.0350 1508 mrxsmb10 - ok
10:12:04.0366 1508 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:12:04.0366 1508 mrxsmb20 - ok
10:12:04.0382 1508 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
10:12:04.0382 1508 msahci - ok
10:12:04.0397 1508 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
10:12:04.0413 1508 msdsm - ok
10:12:04.0428 1508 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
10:12:04.0428 1508 Msfs - ok
10:12:04.0444 1508 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
10:12:04.0444 1508 mshidkmdf - ok
10:12:04.0491 1508 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
10:12:04.0491 1508 msisadrv - ok
10:12:04.0538 1508 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
10:12:04.0553 1508 MSKSSRV - ok
10:12:04.0569 1508 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
10:12:04.0569 1508 MSPCLOCK - ok
10:12:04.0584 1508 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
10:12:04.0584 1508 MSPQM - ok
10:12:04.0647 1508 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
10:12:04.0647 1508 MsRPC - ok
10:12:04.0662 1508 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
10:12:04.0662 1508 mssmbios - ok
10:12:04.0678 1508 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
10:12:04.0678 1508 MSTEE - ok
10:12:04.0694 1508 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
10:12:04.0694 1508 MTConfig - ok
10:12:04.0740 1508 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
10:12:04.0740 1508 Mup - ok
10:12:04.0803 1508 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
10:12:04.0803 1508 NativeWifiP - ok
10:12:04.0896 1508 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
10:12:04.0912 1508 NDIS - ok
10:12:04.0974 1508 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
10:12:04.0974 1508 NdisCap - ok
10:12:05.0006 1508 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
10:12:05.0006 1508 NdisTapi - ok
10:12:05.0068 1508 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
10:12:05.0084 1508 Ndisuio - ok
10:12:05.0130 1508 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
10:12:05.0130 1508 NdisWan - ok
10:12:05.0177 1508 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
10:12:05.0177 1508 NDProxy - ok
10:12:05.0224 1508 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
10:12:05.0224 1508 NetBIOS - ok
10:12:05.0286 1508 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
10:12:05.0286 1508 NetBT - ok
10:12:05.0380 1508 netr28ux (26672f93749ac9fd28da1b0f94efa78d) C:\Windows\system32\DRIVERS\Dnetr28ux.sys
10:12:05.0396 1508 netr28ux - ok
10:12:05.0474 1508 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
10:12:05.0474 1508 nfrd960 - ok
10:12:05.0520 1508 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
10:12:05.0520 1508 Npfs - ok
10:12:05.0536 1508 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
10:12:05.0536 1508 nsiproxy - ok
10:12:05.0614 1508 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
10:12:05.0661 1508 Ntfs - ok
10:12:05.0661 1508 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
10:12:05.0661 1508 Null - ok
10:12:05.0723 1508 NVHDA (e20abd5b229760158f753ca90b97e090) C:\Windows\system32\drivers\nvhda64v.sys
10:12:05.0739 1508 NVHDA - ok
10:12:06.0004 1508 nvlddmkm (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:12:06.0207 1508 nvlddmkm - ok
10:12:06.0269 1508 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
10:12:06.0269 1508 nvraid - ok
10:12:06.0332 1508 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
10:12:06.0332 1508 nvstor - ok
10:12:06.0394 1508 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
10:12:06.0394 1508 nv_agp - ok
10:12:06.0456 1508 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
10:12:06.0456 1508 ohci1394 - ok
10:12:06.0519 1508 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
10:12:06.0519 1508 Parport - ok
10:12:06.0581 1508 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
10:12:06.0581 1508 partmgr - ok
10:12:06.0644 1508 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
10:12:06.0644 1508 pci - ok
10:12:06.0659 1508 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
10:12:06.0659 1508 pciide - ok
10:12:06.0675 1508 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
10:12:06.0690 1508 pcmcia - ok
10:12:06.0706 1508 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
10:12:06.0706 1508 pcw - ok
10:12:06.0722 1508 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
10:12:06.0737 1508 PEAUTH - ok
10:12:06.0831 1508 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
10:12:06.0831 1508 PptpMiniport - ok
10:12:06.0846 1508 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
10:12:06.0846 1508 Processor - ok
10:12:06.0924 1508 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
10:12:06.0924 1508 Psched - ok
10:12:06.0987 1508 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
10:12:06.0987 1508 PxHlpa64 - ok
10:12:07.0034 1508 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
10:12:07.0065 1508 ql2300 - ok
10:12:07.0080 1508 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
10:12:07.0080 1508 ql40xx - ok
10:12:07.0112 1508 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
10:12:07.0112 1508 QWAVEdrv - ok
10:12:07.0112 1508 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
10:12:07.0127 1508 RasAcd - ok
10:12:07.0190 1508 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:12:07.0190 1508 RasAgileVpn - ok
10:12:07.0236 1508 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:12:07.0236 1508 Rasl2tp - ok
10:12:07.0252 1508 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
10:12:07.0252 1508 RasPppoe - ok
10:12:07.0314 1508 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
10:12:07.0314 1508 RasSstp - ok
10:12:07.0361 1508 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
10:12:07.0361 1508 rdbss - ok
10:12:07.0377 1508 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
10:12:07.0392 1508 rdpbus - ok
10:12:07.0408 1508 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:12:07.0408 1508 RDPCDD - ok
10:12:07.0455 1508 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
10:12:07.0455 1508 RDPENCDD - ok
10:12:07.0470 1508 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
10:12:07.0470 1508 RDPREFMP - ok
10:12:07.0533 1508 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
10:12:07.0533 1508 RDPWD - ok
10:12:07.0580 1508 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
10:12:07.0580 1508 rdyboost - ok
10:12:07.0673 1508 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
10:12:07.0673 1508 rspndr - ok
10:12:07.0736 1508 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
10:12:07.0736 1508 RTL8167 - ok
10:12:07.0782 1508 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
10:12:07.0782 1508 sbp2port - ok
10:12:07.0860 1508 SCDEmu (6ce6f98ea3d07a9c2ce3cd0a5a86352d) C:\Windows\system32\drivers\SCDEmu.sys
10:12:07.0876 1508 SCDEmu - ok
10:12:07.0923 1508 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
10:12:07.0923 1508 scfilter - ok
10:12:07.0970 1508 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:12:07.0970 1508 secdrv - ok
10:12:08.0001 1508 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
10:12:08.0001 1508 Serenum - ok
10:12:08.0016 1508 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
10:12:08.0016 1508 Serial - ok
10:12:08.0063 1508 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
10:12:08.0063 1508 sermouse - ok
10:12:08.0126 1508 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
10:12:08.0126 1508 sffdisk - ok
10:12:08.0141 1508 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
10:12:08.0141 1508 sffp_mmc - ok
10:12:08.0157 1508 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
10:12:08.0157 1508 sffp_sd - ok
10:12:08.0157 1508 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
10:12:08.0157 1508 sfloppy - ok
10:12:08.0219 1508 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:12:08.0219 1508 SiSRaid2 - ok
10:12:08.0235 1508 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
10:12:08.0235 1508 SiSRaid4 - ok
10:12:08.0282 1508 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
10:12:08.0282 1508 Smb - ok
10:12:08.0344 1508 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
10:12:08.0344 1508 spldr - ok
10:12:08.0422 1508 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
10:12:08.0422 1508 srv - ok
10:12:08.0438 1508 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
10:12:08.0453 1508 srv2 - ok
10:12:08.0469 1508 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
10:12:08.0469 1508 srvnet - ok
10:12:08.0516 1508 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
10:12:08.0516 1508 stexstor - ok
10:12:08.0594 1508 StkTMini (b6baf8151060f07386c72bc5641290b3) C:\Windows\system32\Drivers\StkTMini.sys
10:12:08.0609 1508 StkTMini - ok
10:12:08.0656 1508 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
10:12:08.0656 1508 swenum - ok
10:12:08.0796 1508 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
10:12:08.0843 1508 Tcpip - ok
10:12:08.0874 1508 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
10:12:08.0890 1508 TCPIP6 - ok
10:12:08.0937 1508 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
10:12:08.0937 1508 tcpipreg - ok
10:12:08.0952 1508 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
10:12:08.0952 1508 TDPIPE - ok
10:12:08.0968 1508 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
10:12:08.0968 1508 TDTCP - ok
10:12:09.0030 1508 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
10:12:09.0030 1508 tdx - ok
10:12:09.0046 1508 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
10:12:09.0046 1508 TermDD - ok
10:12:09.0124 1508 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:12:09.0124 1508 tssecsrv - ok
10:12:09.0218 1508 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
10:12:09.0218 1508 TsUsbFlt - ok
10:12:09.0280 1508 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
10:12:09.0280 1508 tunnel - ok
10:12:09.0311 1508 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
10:12:09.0311 1508 uagp35 - ok
10:12:09.0374 1508 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
10:12:09.0374 1508 udfs - ok
10:12:09.0405 1508 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
10:12:09.0405 1508 uliagpkx - ok
10:12:09.0452 1508 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
10:12:09.0467 1508 umbus - ok
10:12:09.0483 1508 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
10:12:09.0483 1508 UmPass - ok
10:12:09.0545 1508 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
10:12:09.0545 1508 usbaudio - ok
10:12:09.0592 1508 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
10:12:09.0592 1508 usbccgp - ok
10:12:09.0670 1508 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
10:12:09.0670 1508 usbcir - ok
10:12:09.0732 1508 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
10:12:09.0732 1508 usbehci - ok
10:12:09.0779 1508 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
10:12:09.0795 1508 usbhub - ok
10:12:09.0857 1508 USBMULCD (957ec5620fb055e9df2250d6fa4188e1) C:\Windows\system32\drivers\CM10664.sys
10:12:09.0888 1508 USBMULCD - ok
10:12:09.0904 1508 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
10:12:09.0904 1508 usbohci - ok
10:12:09.0966 1508 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
10:12:09.0966 1508 usbprint - ok
10:12:10.0013 1508 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
10:12:10.0013 1508 usbscan - ok
10:12:10.0060 1508 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:12:10.0060 1508 USBSTOR - ok
10:12:10.0107 1508 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
10:12:10.0107 1508 usbuhci - ok
10:12:10.0169 1508 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
10:12:10.0185 1508 vdrvroot - ok
10:12:10.0200 1508 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
10:12:10.0200 1508 vga - ok
10:12:10.0216 1508 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
10:12:10.0216 1508 VgaSave - ok
10:12:10.0263 1508 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
10:12:10.0263 1508 vhdmp - ok
10:12:10.0294 1508 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
10:12:10.0294 1508 viaide - ok
10:12:10.0356 1508 vncmirror (93f279a2c172562050700a18fa84be2e) C:\Windows\system32\DRIVERS\vncmirror.sys
10:12:10.0372 1508 vncmirror - ok
10:12:10.0388 1508 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
10:12:10.0388 1508 volmgr - ok
10:12:10.0450 1508 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
10:12:10.0450 1508 volmgrx - ok
10:12:10.0466 1508 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
10:12:10.0481 1508 volsnap - ok
10:12:10.0528 1508 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
10:12:10.0528 1508 vsmraid - ok
10:12:10.0544 1508 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
10:12:10.0544 1508 vwifibus - ok
10:12:10.0606 1508 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
10:12:10.0606 1508 vwififlt - ok
10:12:10.0622 1508 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
10:12:10.0622 1508 WacomPen - ok
10:12:10.0684 1508 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:12:10.0684 1508 WANARP - ok
10:12:10.0700 1508 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:12:10.0700 1508 Wanarpv6 - ok
10:12:10.0746 1508 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
10:12:10.0762 1508 Wd - ok
10:12:10.0778 1508 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
10:12:10.0793 1508 Wdf01000 - ok
10:12:10.0871 1508 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
10:12:10.0871 1508 WfpLwf - ok
10:12:10.0934 1508 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
10:12:10.0934 1508 WimFltr - ok
10:12:10.0949 1508 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
10:12:10.0949 1508 WIMMount - ok
10:12:11.0012 1508 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
10:12:11.0012 1508 WinUsb - ok
10:12:11.0074 1508 WmBEnum (e7f4937b613b1e4294100c9d4efc36a9) C:\Windows\system32\drivers\WmBEnum.sys
10:12:11.0074 1508 WmBEnum - ok
10:12:11.0090 1508 WmFilter (6f6f2b263002b243d3501c7e6c8fc11d) C:\Windows\system32\drivers\WmFilter.sys
10:12:11.0105 1508 WmFilter - ok
10:12:11.0105 1508 WmHidLo (1584f8d5fdfe44c03dba85a2106b937f) C:\Windows\system32\drivers\WmHidLo.sys
10:12:11.0121 1508 WmHidLo - ok
10:12:11.0168 1508 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
10:12:11.0168 1508 WmiAcpi - ok
10:12:11.0199 1508 WmVirHid (52b4fcc6afaec0ffd80bda63f9b140cd) C:\Windows\system32\drivers\WmVirHid.sys
10:12:11.0199 1508 WmVirHid - ok
10:12:11.0246 1508 WmXlCore (395b3e7fba81bdc4501641b3b2cf2e20) C:\Windows\system32\drivers\WmXlCore.sys
10:12:11.0246 1508 WmXlCore - ok
10:12:11.0277 1508 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
10:12:11.0277 1508 ws2ifsl - ok
10:12:11.0339 1508 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
10:12:11.0339 1508 WudfPf - ok
10:12:11.0355 1508 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:12:11.0355 1508 WUDFRd - ok
10:12:11.0417 1508 MBR (0x1B8) (0f84f2562620c40d8a3e1908c8075675) \Device\Harddisk0\DR0
10:12:11.0448 1508 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
10:12:11.0448 1508 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
10:12:11.0448 1508 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
10:12:11.0464 1508 \Device\Harddisk1\DR1 - ok
10:12:11.0464 1508 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR2
10:12:11.0464 1508 \Device\Harddisk2\DR2 - ok
10:12:11.0464 1508 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk7\DR8
10:12:11.0495 1508 \Device\Harddisk7\DR8 - ok
10:12:11.0526 1508 Boot (0x1200) (a07a5198af6a781af7afcc560ed198ce) \Device\Harddisk0\DR0\Partition0
10:12:11.0526 1508 \Device\Harddisk0\DR0\Partition0 - ok
10:12:11.0542 1508 Boot (0x1200) (1bcd20a54d80090c8e717c26e22f2986) \Device\Harddisk0\DR0\Partition1
10:12:11.0542 1508 \Device\Harddisk0\DR0\Partition1 - ok
10:12:11.0542 1508 Boot (0x1200) (aaf4b08e77719844e87c77a8d921416a) \Device\Harddisk1\DR1\Partition0
10:12:11.0542 1508 \Device\Harddisk1\DR1\Partition0 - ok
10:12:11.0542 1508 Boot (0x1200) (88b500a9b664a2449271a923fa5ae13b) \Device\Harddisk2\DR2\Partition0
10:12:11.0542 1508 \Device\Harddisk2\DR2\Partition0 - ok
10:12:11.0558 1508 Boot (0x1200) (53f48a0287676db45915364c5a8a6c65) \Device\Harddisk7\DR8\Partition0
10:12:11.0558 1508 \Device\Harddisk7\DR8\Partition0 - ok
10:12:11.0558 1508 ============================================================
10:12:11.0558 1508 Scan finished
10:12:11.0558 1508 ============================================================
10:12:11.0558 1272 Detected object count: 1
10:12:11.0558 1272 Actual detected object count: 1
10:12:33.0944 1272 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - skipped by user
10:12:33.0944 1272 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Skip
10:12:38.0265 0504 Deinitialize success

[Larusso]

You are welcome.


Execute TDSSKiller.exe and press Start Scan.

• Ensure Cure is selected ( it should be by default )
  Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed
  
• Click Continue then click Reboot now.

Once complete, a log will be produced at the root drive which is typically C:\
For example, C:\TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txt.

Please post the contents of that log in your next reply.



Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to this topic How to disable your security applications


====================================================


Double click on combofix.exe & follow the prompts.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

*Note - if after running ComboFix you see a message similar to 'registry key marked for deletion..' rebooting the machine will resolve that.



Please post in your next reply
TDSSKiller LOg
Combofix.txt
Let me know how your system behaves now

[defiance2011]

TDS LOG:


16:25:50.0575 1168 TDSS rootkit removing tool 2.7.17.0 Feb 29 2012 14:02:24
16:25:50.0591 1168 ============================================================
16:25:50.0591 1168 Current date / time: 2012/03/02 16:25:50.0591
16:25:50.0591 1168 SystemInfo:
16:25:50.0591 1168
16:25:50.0591 1168 OS Version: 6.1.7601 ServicePack: 1.0
16:25:50.0591 1168 Product type: Workstation
16:25:50.0591 1168 ComputerName: MATT-W7
16:25:50.0591 1168 UserName: matt
16:25:50.0591 1168 Windows directory: C:\Windows
16:25:50.0591 1168 System windows directory: C:\Windows
16:25:50.0591 1168 Running under WOW64
16:25:50.0591 1168 Processor architecture: Intel x64
16:25:50.0591 1168 Number of processors: 4
16:25:50.0591 1168 Page size: 0x1000
16:25:50.0591 1168 Boot type: Safe boot with network
16:25:50.0591 1168 ============================================================
16:25:51.0558 1168 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:25:51.0558 1168 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
16:25:51.0558 1168 Drive \Device\Harddisk2\DR2 - Size: 0x3B5980000 (14.84 Gb), SectorSize: 0x200, Cylinders: 0x790, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:25:51.0605 1168 \Device\Harddisk0\DR0:
16:25:51.0605 1168 MBR used
16:25:51.0605 1168 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x27800, BlocksNum 0x123F000
16:25:51.0605 1168 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1266800, BlocksNum 0x3911F000
16:25:51.0605 1168 \Device\Harddisk1\DR1:
16:25:51.0605 1168 MBR used
16:25:51.0605 1168 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
16:25:51.0605 1168 \Device\Harddisk2\DR2:
16:25:51.0605 1168 MBR used
16:25:51.0605 1168 \Device\Harddisk2\DR2\Partition0: MBR, Type 0xC, StartLBA 0x2000, BlocksNum 0x1DAAC00
16:25:51.0636 1168 Initialize success
16:25:51.0636 1168 ============================================================
16:25:53.0009 1000 ============================================================
16:25:53.0009 1000 Scan started
16:25:53.0009 1000 Mode: Manual;
16:25:53.0009 1000 ============================================================
16:25:53.0758 1000 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:25:53.0758 1000 1394ohci - ok
16:25:53.0851 1000 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:25:53.0851 1000 ACPI - ok
16:25:53.0898 1000 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:25:53.0898 1000 AcpiPmi - ok
16:25:53.0976 1000 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:25:53.0976 1000 adp94xx - ok
16:25:54.0007 1000 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:25:54.0007 1000 adpahci - ok
16:25:54.0039 1000 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:25:54.0039 1000 adpu320 - ok
16:25:54.0117 1000 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
16:25:54.0117 1000 AFD - ok
16:25:54.0163 1000 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:25:54.0163 1000 agp440 - ok
16:25:54.0179 1000 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:25:54.0179 1000 aliide - ok
16:25:54.0195 1000 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:25:54.0195 1000 amdide - ok
16:25:54.0257 1000 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:25:54.0257 1000 AmdK8 - ok
16:25:54.0273 1000 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:25:54.0273 1000 AmdPPM - ok
16:25:54.0319 1000 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
16:25:54.0319 1000 amdsata - ok
16:25:54.0382 1000 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:25:54.0382 1000 amdsbs - ok
16:25:54.0429 1000 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
16:25:54.0429 1000 amdxata - ok
16:25:54.0491 1000 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:25:54.0491 1000 AppID - ok
16:25:54.0507 1000 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:25:54.0507 1000 arc - ok
16:25:54.0522 1000 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:25:54.0522 1000 arcsas - ok
16:25:54.0585 1000 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:25:54.0585 1000 AsyncMac - ok
16:25:54.0600 1000 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:25:54.0600 1000 atapi - ok
16:25:54.0678 1000 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
16:25:54.0678 1000 AVGIDSEH - ok
16:25:54.0741 1000 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
16:25:54.0741 1000 Avgldx64 - ok
16:25:54.0834 1000 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
16:25:54.0834 1000 Avgmfx64 - ok
16:25:54.0912 1000 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
16:25:54.0912 1000 Avgrkx64 - ok
16:25:54.0975 1000 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:25:54.0975 1000 b06bdrv - ok
16:25:55.0037 1000 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:25:55.0037 1000 b57nd60a - ok
16:25:55.0115 1000 BCM42RLY (e001dd475a7c27ebe5a0db45c11bad71) C:\Windows\system32\drivers\BCM42RLY.sys
16:25:55.0115 1000 BCM42RLY - ok
16:25:55.0177 1000 BCM43XX (f4cd5f52850bf2c978de178f256ba372) C:\Windows\system32\DRIVERS\bcmwl664.sys
16:25:55.0193 1000 BCM43XX - ok
16:25:55.0255 1000 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:25:55.0255 1000 Beep - ok
16:25:55.0318 1000 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:25:55.0318 1000 blbdrive - ok
16:25:55.0365 1000 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:25:55.0365 1000 bowser - ok
16:25:55.0380 1000 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:25:55.0380 1000 BrFiltLo - ok
16:25:55.0396 1000 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:25:55.0396 1000 BrFiltUp - ok
16:25:55.0411 1000 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:25:55.0411 1000 Brserid - ok
16:25:55.0427 1000 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:25:55.0427 1000 BrSerWdm - ok
16:25:55.0458 1000 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:25:55.0458 1000 BrUsbMdm - ok
16:25:55.0458 1000 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:25:55.0458 1000 BrUsbSer - ok
16:25:55.0489 1000 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:25:55.0489 1000 BTHMODEM - ok
16:25:55.0567 1000 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:25:55.0567 1000 cdfs - ok
16:25:55.0661 1000 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
16:25:55.0661 1000 cdrom - ok
16:25:55.0708 1000 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:25:55.0708 1000 circlass - ok
16:25:55.0739 1000 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:25:55.0739 1000 CLFS - ok
16:25:55.0770 1000 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:25:55.0770 1000 CmBatt - ok
16:25:55.0817 1000 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:25:55.0817 1000 cmdide - ok
16:25:55.0879 1000 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
16:25:55.0879 1000 CNG - ok
16:25:55.0895 1000 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:25:55.0895 1000 Compbatt - ok
16:25:55.0957 1000 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
16:25:55.0957 1000 CompositeBus - ok
16:25:55.0973 1000 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:25:55.0973 1000 crcdisk - ok
16:25:56.0051 1000 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:25:56.0051 1000 DfsC - ok
16:25:56.0067 1000 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:25:56.0067 1000 discache - ok
16:25:56.0113 1000 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:25:56.0113 1000 Disk - ok
16:25:56.0176 1000 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:25:56.0176 1000 drmkaud - ok
16:25:56.0254 1000 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:25:56.0254 1000 DXGKrnl - ok
16:25:56.0379 1000 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:25:56.0394 1000 ebdrv - ok
16:25:56.0425 1000 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:25:56.0425 1000 elxstor - ok
16:25:56.0472 1000 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:25:56.0472 1000 ErrDev - ok
16:25:56.0503 1000 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:25:56.0503 1000 exfat - ok
16:25:56.0519 1000 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:25:56.0519 1000 fastfat - ok
16:25:56.0550 1000 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:25:56.0550 1000 fdc - ok
16:25:56.0597 1000 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:25:56.0597 1000 FileInfo - ok
16:25:56.0613 1000 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:25:56.0613 1000 Filetrace - ok
16:25:56.0628 1000 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:25:56.0628 1000 flpydisk - ok
16:25:56.0691 1000 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:25:56.0691 1000 FltMgr - ok
16:25:56.0706 1000 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:25:56.0706 1000 FsDepends - ok
16:25:56.0722 1000 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
16:25:56.0722 1000 Fs_Rec - ok
16:25:56.0784 1000 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:25:56.0784 1000 fvevol - ok
16:25:56.0800 1000 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:25:56.0800 1000 gagp30kx - ok
16:25:56.0878 1000 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:25:56.0878 1000 hcw85cir - ok
16:25:56.0940 1000 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
16:25:56.0940 1000 HDAudBus - ok
16:25:56.0956 1000 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:25:56.0956 1000 HidBatt - ok
16:25:56.0971 1000 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:25:56.0971 1000 HidBth - ok
16:25:56.0987 1000 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:25:56.0987 1000 HidIr - ok
16:25:57.0049 1000 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
16:25:57.0049 1000 HidUsb - ok
16:25:57.0081 1000 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:25:57.0081 1000 HpSAMD - ok
16:25:57.0159 1000 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:25:57.0159 1000 HTTP - ok
16:25:57.0221 1000 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:25:57.0221 1000 hwpolicy - ok
16:25:57.0268 1000 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
16:25:57.0268 1000 i8042prt - ok
16:25:57.0315 1000 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:25:57.0315 1000 iaStorV - ok
16:25:57.0346 1000 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:25:57.0346 1000 iirsp - ok
16:25:57.0393 1000 IntcAzAudAddService (f2b52c7b1c8e6a4fc4c4564f4a421f23) C:\Windows\system32\drivers\RTKVHD64.sys
16:25:57.0393 1000 IntcAzAudAddService - ok
16:25:57.0424 1000 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:25:57.0424 1000 intelide - ok
16:25:57.0455 1000 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:25:57.0471 1000 intelppm - ok
16:25:57.0517 1000 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:25:57.0517 1000 IpFilterDriver - ok
16:25:57.0564 1000 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:25:57.0564 1000 IPMIDRV - ok
16:25:57.0580 1000 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:25:57.0580 1000 IPNAT - ok
16:25:57.0658 1000 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:25:57.0658 1000 IRENUM - ok
16:25:57.0673 1000 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:25:57.0673 1000 isapnp - ok
16:25:57.0705 1000 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:25:57.0705 1000 iScsiPrt - ok
16:25:57.0736 1000 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
16:25:57.0736 1000 kbdclass - ok
16:25:57.0767 1000 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
16:25:57.0783 1000 kbdhid - ok
16:25:57.0829 1000 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
16:25:57.0829 1000 KSecDD - ok
16:25:57.0892 1000 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
16:25:57.0892 1000 KSecPkg - ok
16:25:57.0923 1000 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:25:57.0923 1000 ksthunk - ok
16:25:57.0985 1000 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:25:57.0985 1000 lltdio - ok
16:25:58.0048 1000 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:25:58.0048 1000 LSI_FC - ok
16:25:58.0063 1000 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:25:58.0063 1000 LSI_SAS - ok
16:25:58.0079 1000 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:25:58.0079 1000 LSI_SAS2 - ok
16:25:58.0095 1000 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:25:58.0095 1000 LSI_SCSI - ok
16:25:58.0110 1000 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:25:58.0110 1000 luafv - ok
16:25:58.0126 1000 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:25:58.0126 1000 megasas - ok
16:25:58.0157 1000 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:25:58.0157 1000 MegaSR - ok
16:25:58.0173 1000 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:25:58.0173 1000 Modem - ok
16:25:58.0235 1000 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:25:58.0235 1000 monitor - ok
16:25:58.0235 1000 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
16:25:58.0235 1000 mouclass - ok
16:25:58.0282 1000 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:25:58.0282 1000 mouhid - ok
16:25:58.0344 1000 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:25:58.0344 1000 mountmgr - ok
16:25:58.0407 1000 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:25:58.0407 1000 mpio - ok
16:25:58.0422 1000 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:25:58.0422 1000 mpsdrv - ok
16:25:58.0469 1000 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:25:58.0469 1000 MRxDAV - ok
16:25:58.0531 1000 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:25:58.0531 1000 mrxsmb - ok
16:25:58.0594 1000 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:25:58.0594 1000 mrxsmb10 - ok
16:25:58.0609 1000 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:25:58.0609 1000 mrxsmb20 - ok
16:25:58.0625 1000 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:25:58.0625 1000 msahci - ok
16:25:58.0656 1000 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:25:58.0656 1000 msdsm - ok
16:25:58.0672 1000 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:25:58.0672 1000 Msfs - ok
16:25:58.0734 1000 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:25:58.0734 1000 mshidkmdf - ok
16:25:58.0750 1000 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:25:58.0750 1000 msisadrv - ok
16:25:58.0797 1000 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:25:58.0797 1000 MSKSSRV - ok
16:25:58.0859 1000 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:25:58.0859 1000 MSPCLOCK - ok
16:25:58.0859 1000 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:25:58.0859 1000 MSPQM - ok
16:25:58.0921 1000 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:25:58.0921 1000 MsRPC - ok
16:25:58.0937 1000 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
16:25:58.0937 1000 mssmbios - ok
16:25:58.0953 1000 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:25:58.0953 1000 MSTEE - ok
16:25:58.0968 1000 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:25:58.0968 1000 MTConfig - ok
16:25:59.0031 1000 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:25:59.0031 1000 Mup - ok
16:25:59.0093 1000 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:25:59.0093 1000 NativeWifiP - ok
16:25:59.0171 1000 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
16:25:59.0171 1000 NDIS - ok
16:25:59.0233 1000 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:25:59.0233 1000 NdisCap - ok
16:25:59.0280 1000 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:25:59.0280 1000 NdisTapi - ok
16:25:59.0374 1000 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:25:59.0374 1000 Ndisuio - ok
16:25:59.0421 1000 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:25:59.0421 1000 NdisWan - ok
16:25:59.0467 1000 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:25:59.0467 1000 NDProxy - ok
16:25:59.0514 1000 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:25:59.0514 1000 NetBIOS - ok
16:25:59.0577 1000 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:25:59.0577 1000 NetBT - ok
16:25:59.0670 1000 netr28ux (26672f93749ac9fd28da1b0f94efa78d) C:\Windows\system32\DRIVERS\Dnetr28ux.sys
16:25:59.0670 1000 netr28ux - ok
16:25:59.0717 1000 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:25:59.0717 1000 nfrd960 - ok
16:25:59.0748 1000 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:25:59.0748 1000 Npfs - ok
16:25:59.0764 1000 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:25:59.0764 1000 nsiproxy - ok
16:25:59.0842 1000 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
16:25:59.0857 1000 Ntfs - ok
16:25:59.0857 1000 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:25:59.0857 1000 Null - ok
16:25:59.0920 1000 NVHDA (e20abd5b229760158f753ca90b97e090) C:\Windows\system32\drivers\nvhda64v.sys
16:25:59.0920 1000 NVHDA - ok
16:26:00.0201 1000 nvlddmkm (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:26:00.0263 1000 nvlddmkm - ok
16:26:00.0310 1000 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
16:26:00.0310 1000 nvraid - ok
16:26:00.0357 1000 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
16:26:00.0372 1000 nvstor - ok
16:26:00.0419 1000 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:26:00.0419 1000 nv_agp - ok
16:26:00.0466 1000 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:26:00.0481 1000 ohci1394 - ok
16:26:00.0528 1000 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:26:00.0528 1000 Parport - ok
16:26:00.0591 1000 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
16:26:00.0591 1000 partmgr - ok
16:26:00.0653 1000 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:26:00.0653 1000 pci - ok
16:26:00.0669 1000 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:26:00.0669 1000 pciide - ok
16:26:00.0700 1000 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:26:00.0700 1000 pcmcia - ok
16:26:00.0715 1000 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:26:00.0715 1000 pcw - ok
16:26:00.0731 1000 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:26:00.0747 1000 PEAUTH - ok
16:26:00.0825 1000 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:26:00.0825 1000 PptpMiniport - ok
16:26:00.0840 1000 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:26:00.0840 1000 Processor - ok
16:26:00.0934 1000 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:26:00.0934 1000 Psched - ok
16:26:00.0981 1000 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
16:26:00.0981 1000 PxHlpa64 - ok
16:26:01.0027 1000 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:26:01.0043 1000 ql2300 - ok
16:26:01.0059 1000 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:26:01.0059 1000 ql40xx - ok
16:26:01.0074 1000 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:26:01.0074 1000 QWAVEdrv - ok
16:26:01.0090 1000 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:26:01.0090 1000 RasAcd - ok
16:26:01.0152 1000 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:26:01.0152 1000 RasAgileVpn - ok
16:26:01.0199 1000 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:26:01.0215 1000 Rasl2tp - ok
16:26:01.0215 1000 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:26:01.0215 1000 RasPppoe - ok
16:26:01.0277 1000 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:26:01.0277 1000 RasSstp - ok
16:26:01.0324 1000 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:26:01.0324 1000 rdbss - ok
16:26:01.0355 1000 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:26:01.0355 1000 rdpbus - ok
16:26:01.0371 1000 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:26:01.0371 1000 RDPCDD - ok
16:26:01.0433 1000 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:26:01.0433 1000 RDPENCDD - ok
16:26:01.0449 1000 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:26:01.0449 1000 RDPREFMP - ok
16:26:01.0495 1000 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
16:26:01.0495 1000 RDPWD - ok
16:26:01.0542 1000 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:26:01.0542 1000 rdyboost - ok
16:26:01.0636 1000 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:26:01.0636 1000 rspndr - ok
16:26:01.0729 1000 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
16:26:01.0729 1000 RTL8167 - ok
16:26:01.0776 1000 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:26:01.0776 1000 sbp2port - ok
16:26:01.0854 1000 SCDEmu (6ce6f98ea3d07a9c2ce3cd0a5a86352d) C:\Windows\system32\drivers\SCDEmu.sys
16:26:01.0854 1000 SCDEmu - ok
16:26:01.0901 1000 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:26:01.0901 1000 scfilter - ok
16:26:01.0932 1000 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:26:01.0932 1000 secdrv - ok
16:26:01.0963 1000 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:26:01.0963 1000 Serenum - ok
16:26:01.0979 1000 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:26:01.0979 1000 Serial - ok
16:26:02.0026 1000 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:26:02.0026 1000 sermouse - ok
16:26:02.0073 1000 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:26:02.0073 1000 sffdisk - ok
16:26:02.0088 1000 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:26:02.0088 1000 sffp_mmc - ok
16:26:02.0104 1000 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:26:02.0104 1000 sffp_sd - ok
16:26:02.0119 1000 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:26:02.0119 1000 sfloppy - ok
16:26:02.0166 1000 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:26:02.0166 1000 SiSRaid2 - ok
16:26:02.0197 1000 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:26:02.0197 1000 SiSRaid4 - ok
16:26:02.0229 1000 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:26:02.0229 1000 Smb - ok
16:26:02.0260 1000 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:26:02.0260 1000 spldr - ok
16:26:02.0338 1000 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:26:02.0338 1000 srv - ok
16:26:02.0353 1000 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:26:02.0353 1000 srv2 - ok
16:26:02.0385 1000 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:26:02.0385 1000 srvnet - ok
16:26:02.0400 1000 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
16:26:02.0400 1000 stexstor - ok
16:26:02.0478 1000 StkTMini (b6baf8151060f07386c72bc5641290b3) C:\Windows\system32\Drivers\StkTMini.sys
16:26:02.0478 1000 StkTMini - ok
16:26:02.0525 1000 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
16:26:02.0525 1000 swenum - ok
16:26:02.0650 1000 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
16:26:02.0665 1000 Tcpip - ok
16:26:02.0712 1000 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
16:26:02.0728 1000 TCPIP6 - ok
16:26:02.0775 1000 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:26:02.0775 1000 tcpipreg - ok
16:26:02.0790 1000 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:26:02.0790 1000 TDPIPE - ok
16:26:02.0806 1000 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
16:26:02.0806 1000 TDTCP - ok
16:26:02.0868 1000 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:26:02.0868 1000 tdx - ok
16:26:02.0884 1000 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
16:26:02.0884 1000 TermDD - ok
16:26:02.0931 1000 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:26:02.0931 1000 tssecsrv - ok
16:26:03.0009 1000 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:26:03.0009 1000 TsUsbFlt - ok
16:26:03.0055 1000 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:26:03.0055 1000 tunnel - ok
16:26:03.0071 1000 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
16:26:03.0071 1000 uagp35 - ok
16:26:03.0149 1000 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:26:03.0149 1000 udfs - ok
16:26:03.0165 1000 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:26:03.0180 1000 uliagpkx - ok
16:26:03.0227 1000 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
16:26:03.0227 1000 umbus - ok
16:26:03.0243 1000 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:26:03.0243 1000 UmPass - ok
16:26:03.0321 1000 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
16:26:03.0321 1000 usbaudio - ok
16:26:03.0367 1000 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
16:26:03.0367 1000 usbccgp - ok
16:26:03.0445 1000 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:26:03.0445 1000 usbcir - ok
16:26:03.0477 1000 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
16:26:03.0477 1000 usbehci - ok
16:26:03.0539 1000 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
16:26:03.0539 1000 usbhub - ok
16:26:03.0617 1000 USBMULCD (957ec5620fb055e9df2250d6fa4188e1) C:\Windows\system32\drivers\CM10664.sys
16:26:03.0617 1000 USBMULCD - ok
16:26:03.0633 1000 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
16:26:03.0633 1000 usbohci - ok
16:26:03.0695 1000 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:26:03.0695 1000 usbprint - ok
16:26:03.0757 1000 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
16:26:03.0757 1000 usbscan - ok
16:26:03.0804 1000 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:26:03.0804 1000 USBSTOR - ok
16:26:03.0851 1000 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
16:26:03.0851 1000 usbuhci - ok
16:26:03.0867 1000 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:26:03.0867 1000 vdrvroot - ok
16:26:03.0882 1000 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:26:03.0882 1000 vga - ok
16:26:03.0913 1000 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:26:03.0913 1000 VgaSave - ok
16:26:03.0929 1000 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
16:26:03.0929 1000 vhdmp - ok
16:26:03.0945 1000 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:26:03.0945 1000 viaide - ok
16:26:04.0023 1000 vncmirror (93f279a2c172562050700a18fa84be2e) C:\Windows\system32\DRIVERS\vncmirror.sys
16:26:04.0023 1000 vncmirror - ok
16:26:04.0069 1000 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:26:04.0069 1000 volmgr - ok
16:26:04.0132 1000 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:26:04.0132 1000 volmgrx - ok
16:26:04.0179 1000 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
16:26:04.0194 1000 volsnap - ok
16:26:04.0241 1000 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
16:26:04.0241 1000 vsmraid - ok
16:26:04.0257 1000 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
16:26:04.0257 1000 vwifibus - ok
16:26:04.0303 1000 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
16:26:04.0303 1000 vwififlt - ok
16:26:04.0335 1000 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
16:26:04.0335 1000 WacomPen - ok
16:26:04.0381 1000 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:26:04.0381 1000 WANARP - ok
16:26:04.0413 1000 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:26:04.0413 1000 Wanarpv6 - ok
16:26:04.0444 1000 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
16:26:04.0444 1000 Wd - ok
16:26:04.0475 1000 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:26:04.0491 1000 Wdf01000 - ok
16:26:04.0553 1000 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:26:04.0553 1000 WfpLwf - ok
16:26:04.0615 1000 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
16:26:04.0615 1000 WimFltr - ok
16:26:04.0631 1000 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:26:04.0631 1000 WIMMount - ok
16:26:04.0693 1000 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
16:26:04.0693 1000 WinUsb - ok
16:26:04.0771 1000 WmBEnum (e7f4937b613b1e4294100c9d4efc36a9) C:\Windows\system32\drivers\WmBEnum.sys
16:26:04.0771 1000 WmBEnum - ok
16:26:04.0818 1000 WmFilter (6f6f2b263002b243d3501c7e6c8fc11d) C:\Windows\system32\drivers\WmFilter.sys
16:26:04.0818 1000 WmFilter - ok
16:26:04.0834 1000 WmHidLo (1584f8d5fdfe44c03dba85a2106b937f) C:\Windows\system32\drivers\WmHidLo.sys
16:26:04.0834 1000 WmHidLo - ok
16:26:04.0881 1000 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
16:26:04.0881 1000 WmiAcpi - ok
16:26:04.0943 1000 WmVirHid (52b4fcc6afaec0ffd80bda63f9b140cd) C:\Windows\system32\drivers\WmVirHid.sys
16:26:04.0943 1000 WmVirHid - ok
16:26:04.0990 1000 WmXlCore (395b3e7fba81bdc4501641b3b2cf2e20) C:\Windows\system32\drivers\WmXlCore.sys
16:26:04.0990 1000 WmXlCore - ok
16:26:05.0021 1000 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:26:05.0021 1000 ws2ifsl - ok
16:26:05.0068 1000 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:26:05.0083 1000 WudfPf - ok
16:26:05.0099 1000 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:26:05.0099 1000 WUDFRd - ok
16:26:05.0130 1000 MBR (0x1B8) (0f84f2562620c40d8a3e1908c8075675) \Device\Harddisk0\DR0
16:26:05.0146 1000 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
16:26:05.0146 1000 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
16:26:05.0146 1000 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
16:26:05.0161 1000 \Device\Harddisk1\DR1 - ok
16:26:05.0161 1000 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR2
16:26:05.0161 1000 \Device\Harddisk2\DR2 - ok
16:26:05.0208 1000 Boot (0x1200) (a07a5198af6a781af7afcc560ed198ce) \Device\Harddisk0\DR0\Partition0
16:26:05.0208 1000 \Device\Harddisk0\DR0\Partition0 - ok
16:26:05.0224 1000 Boot (0x1200) (1bcd20a54d80090c8e717c26e22f2986) \Device\Harddisk0\DR0\Partition1
16:26:05.0224 1000 \Device\Harddisk0\DR0\Partition1 - ok
16:26:05.0224 1000 Boot (0x1200) (aaf4b08e77719844e87c77a8d921416a) \Device\Harddisk1\DR1\Partition0
16:26:05.0224 1000 \Device\Harddisk1\DR1\Partition0 - ok
16:26:05.0239 1000 Boot (0x1200) (88b500a9b664a2449271a923fa5ae13b) \Device\Harddisk2\DR2\Partition0
16:26:05.0239 1000 \Device\Harddisk2\DR2\Partition0 - ok
16:26:05.0239 1000 ============================================================
16:26:05.0239 1000 Scan finished
16:26:05.0239 1000 ============================================================
16:26:05.0239 1072 Detected object count: 1
16:26:05.0239 1072 Actual detected object count: 1
16:26:35.0613 1072 \Device\Harddisk0\DR0\# - copied to quarantine
16:26:35.0613 1072 \Device\Harddisk0\DR0 - copied to quarantine
16:26:35.0644 1072 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
16:26:35.0644 1072 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
16:26:35.0644 1072 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
16:26:35.0660 1072 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
16:26:35.0660 1072 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
16:26:35.0660 1072 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
16:26:35.0660 1072 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
16:26:35.0660 1072 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
16:26:35.0660 1072 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
16:26:35.0660 1072 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
16:26:35.0660 1072 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
16:26:35.0660 1072 \Device\Harddisk0\DR0 - ok
16:26:46.0533 1072 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
16:26:52.0164 1124 Deinitialize success







COMBOFIX LOG:

ComboFix 12-03-02.01 - matt 02/03/2012 16:34:54.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8190.6544 [GMT 0:00]
Running from: c:\users\matt\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\desktop.ini
C:\sooi832.bin
c:\sooi832.bin\9125C0DBD1337B9
c:\users\matt\AppData\Roaming\Remote
c:\users\matt\AppData\Roaming\Remote\dki
c:\users\matt\AppData\Roaming\Remote\dmc01.dll
c:\users\matt\AppData\Roaming\Remote\dmc01_shrd
c:\users\matt\AppData\Roaming\Remote\mxd1.txt
c:\users\matt\AppData\Roaming\Remote\n.dat
c:\users\matt\AppData\Roaming\Remote\r.dat
c:\users\matt\AppData\Roaming\Remote\xe.dat
c:\users\matt\g2mdlhlpx.exe
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-02 to 2012-03-02 )))))))))))))))))))))))))))))))
.
.
2012-03-02 16:52 . 2012-03-02 16:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-02 16:26 . 2012-03-02 16:26 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-01 09:20 . 2012-03-01 09:20 -------- d-----w- c:\users\SYSTEM
2012-02-27 18:47 . 2012-03-01 19:45 -------- d-----w- c:\users\UpdatusUser
2012-02-27 18:46 . 2011-05-21 06:01 739432 ----a-w- c:\windows\system32\easyupdatusapiu64.dll
2012-02-27 18:18 . 2012-02-27 18:18 -------- d-----w- c:\program files (x86)\Steam
2012-02-27 18:15 . 2012-02-27 18:15 -------- d-----w- c:\windows\048298C9A4D3490B9FF9AB023A9238F3.TMP
2012-02-25 04:58 . 2012-02-25 04:58 -------- d-----w- c:\users\matt\AppData\Roaming\Kayako
2012-02-25 04:58 . 2012-02-27 18:36 -------- d-----w- c:\program files (x86)\Kayako
2012-02-17 23:55 . 2012-02-17 23:55 -------- d-----w- c:\users\matt\AppData\Roaming\Malwarebytes
2012-02-17 23:54 . 2012-02-17 23:54 -------- d-----w- c:\programdata\Malwarebytes
2012-02-17 23:54 . 2012-02-17 23:54 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-17 23:54 . 2011-12-10 15:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-15 12:34 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 12:34 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 12:34 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 12:34 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-15 12:34 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 12:34 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-04 08:58 . 2012-02-15 12:34 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2011-12-30 05:27 . 2012-02-15 12:34 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2011-12-14 02:57 . 2012-02-20 03:00 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2011-03-03 20:52 762000 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2011-03-03 20:52 762000 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2011-03-03 20:52 762000 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lpc"="non stop to restore the server. We are happy to help your programmers with the code which caused the initial duplicate insertion problem which crashed InnoDB" [X]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\11\ISUSPM.exe" [2008-09-26 210208]
"Pidgin"="c:\program files (x86)\Pidgin\pidgin.exe" [2011-06-08 48618]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"DoroServer"="c:\program files (x86)\DoroPDFWriter\DoroServer.exe" [2011-11-26 167936]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"dellsupportcenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2011-03-03 948880]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TweetDeck.lnk - c:\program files (x86)\TweetDeck\TweetDeck.exe [2011-8-5 142848]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer8"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-17 135664]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-17 135664]
R3 netr28ux;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\Dnetr28ux.sys [x]
R3 StkTMini;Syntek AVStream USB2.0 ATV;c:\windows\system32\Drivers\StkTMini.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM10664.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-03-31 92160]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 Dyn Updater;Dyn Updater;c:\program files (x86)\DynDNS Updater\DynUpSvc.exe [2011-09-06 95608]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
S2 Viewpoint Service;Viewpoint Service;c:\program files (x86)\Viewpoint\Common\ViewpointService.exe [2008-04-04 30152]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-17 18:12]
.
2012-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-17 18:12]
.
2012-02-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1415599657-2627169133-3804600032-1001Core.job
- c:\users\matt\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-07 12:42]
.
2012-02-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1415599657-2627169133-3804600032-1001UA.job
- c:\users\matt\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-07 12:42]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2011-03-03 20:36 1174672 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2011-03-03 20:36 1174672 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2011-03-03 20:36 1174672 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-06-03 7834656]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1840720]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-09-17 190472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://admin:admin@secure.xssl.net/status/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: facebook.com\www
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{D937D130-9432-4771-89CA-283D835B89F8}\C616474796D6F627568614E6: NameServer = 192.168.0.1
DPF: {0A43D7AC-D6C1-4622-B309-BF975F427C0E} - hxxps://internetbankingplus1.firstdirect.com/ibplus/frontdoorFD.cab
DPF: {9B479D7B-916A-45B0-B042-D42865A60E21} - hxxp://dsl2.unitedhosting.co.uk/DvrOcx.cab
DPF: {F184A6DA-2B5A-4507-8555-C05C5C5C9A9B} - hxxps://72.249.26.251/itcclient.cab
FF - ProfilePath - c:\users\matt\AppData\Roaming\Mozilla\Firefox\Profiles\af2r319y.default\
FF - prefs.js: browser.startup.homepage - hxxp://admin:admin@www.unitedsupport.co.uk/homepage/
FF - prefs.js: network.proxy.type - 0
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{5000a11a-d70a-4b1a-b68c-7222f071a313} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKU-Default-Run-lpc - c:\users\matt\AppData\Roaming\Remote\dmc01.dll
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
WebBrowser-{5000A11A-D70A-4B1A-B68C-7222F071A313} - (no file)
HKLM-Run-Skytel - c:\program files\Realtek\Audio\HDA\Skytel.exe
AddRemove-LiveResponse - c:\program files (x86)\Kayako\Desktop\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\CyberLink\Shared Files\RichVideo.exe
c:\program files (x86)\Provide Support\Live Support Chat for Web Site\ProvideSupportConsole.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2012-03-02 17:05:57 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-02 17:05
.
Pre-Run: 112,795,021,312 bytes free
Post-Run: 115,663,749,120 bytes free
.
- - End Of File - - DCB2AA89BBA9D8B816CB7F377EA8467F

[Larusso]

Hy there,

How is your system behaving now ?

[defiance2011]

Hi

It seems better.

Do you know what the rootkit does? Did it steal any information from my computer?

Thank you very much for your help!

[Larusso]

Normally, the Rootkit only implements your OS in a Botnet. I never heard it steals informations but this does not mean it cant do this. Anyway, it has been killed

I notice you have Malwarebytes' Anti-Malware installed on your machine. Please launch the program and select the update tab, then click on the check for updates button.

• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select Perform Quick scan, then click Scan.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Be sure that everything is checked, and click Remove Selected.
  
• When completed, a log will open in Notepad. Save it to your desktop.

Note: Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply.



Go here to run an online scanner from ESET.

• Note: You will need to use Internet explorer for this scan
• Turn off the real time scanner of any existing antivirus program while performing the online scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
• Click Start
• Wait for the scan to finish
• When the scan completes, push
  
• Push , and save the file to your desktop using a unique name.
  
• Push the Back button.
  
• Push Finish

Please post this logfile in your next reply



Please post in your next reply
MBAM Log
Eset Log

[Maurice Naggar]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!