Jump to content

huntibilis

Members
  • Posts

    15
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Ok well thank you again, my first time using MBAM support forums worked out better then I could have hoped. Cheers!
  2. It seems I fixed the curse issue it was on there end not mine, and the only question I have is a sum up of what was wrong in the with the computer in the first place?
  3. Everything seems to be doing fine the past two days. The only thing I see that is still differant is after the unhide.exe fix my curse client shortcut seems to be broken, says it is a ClickOnce Application Reference. Other then that seems ok to me Here are the logs you wanted. Malwarebytes Anti-Malware (PRO) 1.60.1.1000 www.malwarebytes.org Database version: v2012.02.08.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Admin :: ADMIN-PC [administrator] Protection: Disabled 2/8/2012 8:41:35 AM mbam-log-2012-02-08 (08-41-35).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 345816 Time elapsed: 28 minute(s), 53 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7601.17514 Run by Admin at 9:21:07 on 2012-02-08 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7055.5573 [GMT -5:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\SysWOW64\svchost.exe -k Akamai C:\Windows\SysWOW64\AsHookDevice.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\WUDFHost.exe C:\Windows\System32\rundll32.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskeng.exe C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\LTONHIS\Touch Manager\SKDaemon.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Users\Admin\AppData\Local\Akamai\netsession_win.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe C:\Users\Admin\AppData\Local\Akamai\netsession_win.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\msiexec.exe C:\Windows\System32\svchost.exe -k swprv C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\system32\sppsvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.cfnews13.com/ uInternet Settings,ProxyOverride = 127.0.0.1:9421 BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File uRun: [Akamai NetSession Interface] "C:\Users\Admin\AppData\Local\Akamai\netsession_win.exe" uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun mRun: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe mRun: [ASUS VIBE] C:\Program Files (x86)\ASUS\ASUS VIBE\ASUS VIBE.exe /S mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB DPF: {530F7E80-690F-438E-8A4F-E6CAECB4B6F3} - hxxp://taste.dvrdns.org/CMSPlugin.cab DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab DPF: {6F80BF27-CB16-4589-8C6A-DB422AAB2ED9} - hxxp://taste.dvrdns.org/vcredist_x86.exe DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} - hxxp://www.shockwave.com/content/feedingfrenzy/sis/SproutLauncher.cab DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} - hxxp://zone.msn.com/bingame/cnma/default/cinematycoon.cab DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.shockwave.com/content/bejeweled2/sis/popcaploader_v10.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 65.32.5.111 65.32.5.112 TCP: Interfaces\{B115E509-5C33-4517-9410-62410AF08CF7} : DhcpNameServer = 65.32.5.111 65.32.5.112 BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File mRun-x64: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe mRun-x64: [ASUS VIBE] C:\Program Files (x86)\ASUS\ASUS VIBE\ASUS VIBE.exe /S mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" . ============= SERVICES / DRIVERS =============== . R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992] R2 cpuz133;cpuz133;\??\C:\Windows\system32\drivers\cpuz133_x64.sys --> C:\Windows\system32\drivers\cpuz133_x64.sys [?] R2 Device Handle Service;Device Handle Service;C:\Windows\SysWOW64\AsHookDevice.exe [2010-4-27 203392] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-2 652360] R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-4-15 2280312] R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-4-27 2314240] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2009-8-5 704864] S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?] S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 USB_RNDIS_VISTA;Westell WireSpeed Dual Connect Modem;C:\Windows\system32\DRIVERS\usb8023.sys --> C:\Windows\system32\DRIVERS\usb8023.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-02-08 10:57:24 -------- d-----w- C:\Users\Admin\AppData\Roaming\Vast Studios 2012-02-08 08:49:59 -------- d-----w- C:\Users\Admin\AppData\Roaming\Happy Artist Studio 2012-02-07 22:56:41 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5D0C169F-BC53-4EB8-A8AB-B8FCF847E896}\mpengine.dll 2012-02-07 00:55:46 -------- d-----w- C:\ProgramData\SugarGames 2012-02-07 00:55:24 -------- d-----w- C:\Program Files (x86)\Wedding Salon 2012-02-07 00:53:58 -------- d-----w- C:\ProgramData\Sandlot Games 2012-02-06 21:42:11 -------- d-----w- C:\Users\Admin\AppData\Roaming\CupcakeCafe 2012-02-06 21:40:51 -------- d-----w- C:\Program Files (x86)\Jessica's Cupcake Cafe 2012-02-06 17:19:07 -------- d-----w- C:\ProgramData\Meridian93 2012-02-06 17:18:56 -------- d-----w- C:\Users\Admin\AppData\Roaming\Meridian93 2012-02-06 15:44:24 -------- d-----w- C:\Users\Admin\AppData\Roaming\SulusGames 2012-02-06 10:35:15 -------- d-----w- C:\Users\Admin\AppData\Roaming\Big Fish Games 2012-02-06 10:23:16 -------- d-----w- C:\Program Files (x86)\bfgclient 2012-02-06 08:34:51 -------- d-----w- C:\$RECYCLE.BIN 2012-02-05 11:18:52 2059312 ----a-w- C:\tdsskiller.exe 2012-02-05 06:05:53 -------- d-----w- C:\Program Files (x86)\ESET 2012-02-03 20:53:02 98816 ----a-w- C:\Windows\sed.exe 2012-02-03 20:53:02 518144 ----a-w- C:\Windows\SWREG.exe 2012-02-03 20:53:02 256000 ----a-w- C:\Windows\PEV.exe 2012-02-03 20:53:02 208896 ----a-w- C:\Windows\MBR.exe 2012-02-03 20:46:12 -------- d-----w- C:\TDSSKiller_Quarantine 2012-02-03 05:36:32 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-02-02 20:14:16 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll 2012-02-02 20:14:16 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll 2012-02-02 20:14:15 366592 ----a-w- C:\Windows\System32\qdvd.dll 2012-02-02 20:14:15 1572864 ----a-w- C:\Windows\System32\quartz.dll 2012-02-02 20:07:04 1731920 ----a-w- C:\Windows\System32\ntdll.dll 2012-02-02 20:07:04 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll 2012-01-30 20:11:38 -------- d-----w- C:\Users\Admin\AppData\Roaming\Unity 2012-01-25 06:09:52 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\DACE.tmp 2012-01-25 06:09:52 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\DABE.tmp . ==================== Find3M ==================== . 2012-02-08 14:15:21 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-01-27 05:52:58 279656 ------w- C:\Windows\System32\MpSigStub.exe 2011-12-10 20:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys 2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys 2011-11-19 14:58:00 77312 ----a-w- C:\Windows\System32\packager.dll 2011-11-19 14:01:00 67072 ----a-w- C:\Windows\SysWow64\packager.dll 2011-11-17 06:49:14 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2011-11-17 06:49:14 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2011-11-17 06:44:43 459232 ----a-w- C:\Windows\System32\drivers\cng.sys 2011-11-17 06:35:28 395776 ----a-w- C:\Windows\System32\webio.dll 2011-11-17 06:35:26 29184 ----a-w- C:\Windows\System32\sspisrv.dll 2011-11-17 06:35:26 136192 ----a-w- C:\Windows\System32\sspicli.dll 2011-11-17 06:35:25 340992 ----a-w- C:\Windows\System32\schannel.dll 2011-11-17 06:35:25 28160 ----a-w- C:\Windows\System32\secur32.dll 2011-11-17 06:35:19 1447936 ----a-w- C:\Windows\System32\lsasrv.dll 2011-11-17 06:33:55 31232 ----a-w- C:\Windows\System32\lsass.exe 2011-11-17 05:35:02 314880 ----a-w- C:\Windows\SysWow64\webio.dll 2011-11-17 05:34:52 224768 ----a-w- C:\Windows\SysWow64\schannel.dll 2011-11-17 05:34:52 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2011-11-17 05:28:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2011-10-22 11:06:32 68272 ----a-w- C:\Program Files\fraps64.dat 2011-10-22 11:06:32 231600 ----a-w- C:\Program Files\fraps32.dll 2011-10-22 11:06:32 185520 ----a-w- C:\Program Files\fraps64.dll 2011-10-22 11:06:30 2533040 ----a-w- C:\Program Files\fraps.exe 2011-10-22 11:04:34 140288 ----a-w- C:\Program Files\frapslcd.dll 2011-03-08 08:03:37 258352 ----a-w- C:\Program Files\unicows.dll 2011-03-08 08:03:10 372736 ----a-w- C:\Program Files\ijl15.dll . ============= FINISH: 9:21:37.49 =============== . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 9/18/2010 8:10:08 PM System Uptime: 2/8/2012 9:12:59 AM (0 hours ago) . Motherboard: ASUSTeK Computer INC. | | CM5675 Processor: Intel® Core i5 CPU 650 @ 3.20GHz | LGA1156 | 3201/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 373 GiB total, 278.283 GiB free. D: is FIXED (NTFS) - 545 GiB total, 544.619 GiB free. E: is CDROM () F: is Removable G: is Removable H: is Removable I: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {36fc9e60-c465-11cf-8056-444553540000} Description: Unknown Device Device ID: USB\VID_0000&PID_0000\6&3AEBB249&0&4 Manufacturer: (Standard USB Host Controller) Name: Unknown Device PNP Device ID: USB\VID_0000&PID_0000\6&3AEBB249&0&4 Service: . Class GUID: {36fc9e60-c465-11cf-8056-444553540000} Description: Unknown Device Device ID: USB\VID_0000&PID_0000\6&3AEBB249&0&5 Manufacturer: (Standard USB Host Controller) Name: Unknown Device PNP Device ID: USB\VID_0000&PID_0000\6&3AEBB249&0&5 Service: . ==== System Restore Points =================== . RP251: 2/2/2012 11:21:20 PM - Removed Adobe Reader X (10.1.1). RP252: 2/2/2012 11:22:24 PM - Removed Adobe Reader X (10.1.1). RP253: 2/3/2012 2:26:52 AM - Windows Update RP254: 2/6/2012 2:24:39 AM - ComboFix created restore point RP255: 2/6/2012 9:37:48 AM - Installed DirectX RP256: 2/7/2012 5:56:08 PM - Windows Update RP257: 2/8/2012 8:46:28 AM - Removed Java 6 Update 22 RP258: 2/8/2012 9:14:55 AM - Installed Java 6 Update 30 . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) 2007 Microsoft Office Suite Service Pack 2 (SP2) Acrobat.com Advertising Center AI Manager Akamai NetSession Interface Akamai NetSession Interface Service ASUS Backup Wizard ASUS VIBE ASUSUpdate Bandisoft MPEG-1 Decoder Big Fish Games: Game Manager Curse Client EPU-4 Engine ESET Online Scanner v3 File Uploader Fraps (remove only) Google Talk Plugin ImagXpress Intel® Control Center Intel® Graphics Media Accelerator Driver Intel® Management Engine Components Internet TV for Windows Media Center Java Auto Updater Java 6 Update 30 Jessica's Cupcake Cafe Malwarebytes Anti-Malware version 1.60.1.1000 Microsoft .NET Framework 1.1 Microsoft Choice Guard Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Excel 2007 Help Actualización (KB963678) Microsoft Office Excel MUI (Dutch) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Excel MUI (French) 2007 Microsoft Office Excel MUI (German) 2007 Microsoft Office Excel MUI (Spanish) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office Live Add-in 1.3 Microsoft Office OneNote MUI (Dutch) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office OneNote MUI (French) 2007 Microsoft Office OneNote MUI (German) 2007 Microsoft Office OneNote MUI (Spanish) 2007 Microsoft Office Powerpoint 2007 Help Actualización (KB963669) Microsoft Office PowerPoint MUI (Dutch) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint MUI (French) 2007 Microsoft Office PowerPoint MUI (German) 2007 Microsoft Office PowerPoint MUI (Spanish) 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Proof (Arabic) 2007 Microsoft Office Proof (Basque) 2007 Microsoft Office Proof (Catalan) 2007 Microsoft Office Proof (Dutch) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Galician) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proof (Italian) 2007 Microsoft Office Proof (Portuguese (Brazil)) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (Dutch) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing (French) 2007 Microsoft Office Proofing (German) 2007 Microsoft Office Proofing (Spanish) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Shared MUI (Dutch) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared MUI (French) 2007 Microsoft Office Shared MUI (German) 2007 Microsoft Office Shared MUI (Spanish) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word 2007 Help Actualización (KB963665) Microsoft Office Word MUI (Dutch) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Office Word MUI (French) 2007 Microsoft Office Word MUI (German) 2007 Microsoft Office Word MUI (Spanish) 2007 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Visual C++ 2005 Redistributable Microsoft Works Mise à jour Microsoft Office Excel 2007 Help (KB963678) Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669) Mise à jour Microsoft Office Word 2007 Help (KB963665) MSVCRT MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP3 Parser (KB973685) Nero 9 Essentials Nero BurnRights Nero BurnRights Help Nero ControlCenter Nero CoverDesigner Nero CoverDesigner Help Nero DiscSpeed Nero DiscSpeed Help Nero DriveSpeed Nero DriveSpeed Help Nero Express Help Nero InfoTool Nero InfoTool Help Nero Installer Nero Online Upgrade Nero StartSmart Nero StartSmart Help Nero StartSmart OEM NeroExpress neroxml Netflix in Windows Media Center Nikon Transfer Pando Media Booster Picture Control Utility Realtek Ethernet Controller Driver For Windows Vista and Later Realtek High Definition Audio Driver Security Update for 2007 Microsoft Office System (KB2288621) Security Update for 2007 Microsoft Office System (KB2288931) Security Update for 2007 Microsoft Office System (KB2345043) Security Update for 2007 Microsoft Office System (KB2553089) Security Update for 2007 Microsoft Office System (KB2553090) Security Update for 2007 Microsoft Office System (KB2584063) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB979441) Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB2344993) Spelling Dictionaries Support For Adobe Reader 9 TeamViewer 6 Unity Web Player Update für Microsoft Office Excel 2007 Help (KB963678) Update für Microsoft Office Powerpoint 2007 Help (KB963669) Update für Microsoft Office Word 2007 Help (KB963665) Update for 2007 Microsoft Office System (KB2284654) Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition Update for Microsoft Office 2007 System (KB2539530) Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 (KB980729) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Update voor Microsoft Office Excel 2007 Help (KB963678) Update voor Microsoft Office Powerpoint 2007 Help (KB963669) Update voor Microsoft Office Word 2007 Help (KB963665) Ventrilo Client ViewNX Wedding Salon Windows Live Communications Platform Windows Live Essentials Windows Live Movie Maker Windows Live Photo Gallery Windows Live Sync Windows Live Writer World of Warcraft Xfire (remove only) . ==== Event Viewer Messages From Past Week ======== . 2/6/2012 2:30:17 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 2/6/2012 2:29:55 AM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. 2/6/2012 2:24:18 AM, Error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service. 2/5/2012 2:06:39 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 2/5/2012 2:04:40 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 2/5/2012 2:04:39 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 2/5/2012 2:04:39 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 2/5/2012 2:04:38 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 2/5/2012 2:04:33 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 2/5/2012 2:04:25 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AsIO AsUpIO discache spldr Wanarpv6 2/2/2012 3:01:43 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Akamai NetSession Interface service, but this action failed with the following error: An instance of the service is already running. 2/2/2012 1:26:31 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8a0007ff000, 0x0000000000000000, 0xfffff80002ece38e, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 020212-17472-01. . ==== End Of File ===========================
  4. The more i looked, im starting to think its just settings that did not get restored. Everything seems to be there now the computer was just not back to how im used to it being such as my notifactions not being hidden, and full text names on programs that i pin. If there is anything i notice that is not just a simple settings change i will let you know asap. As far as the unhide.exe, at the time i saved it, the computer was still rather empty (no desktop on my save options) i wanted to save it just to C:\unhide.exe but for some reason i was told i could not do that and the computer suggested the path C:\users\Admin\unhide.exe so i just went with it. Is that a issue?
  5. The system seems to have regained files but the computer as a whole is still not the same as before. Here is the log you asked for. ComboFix 12-02-03.02 - Admin 02/06/2012 2:25.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7055.5700 [GMT -5:00] Running from: c:\users\Admin\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Admin\unhide.exe . . ((((((((((((((((((((((((( Files Created from 2012-01-06 to 2012-02-06 ))))))))))))))))))))))))))))))) . . 2012-02-06 07:30 . 2012-02-06 07:30 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-02-05 11:18 . 2012-02-05 11:25 2059312 ----a-w- C:\tdsskiller.exe 2012-02-05 06:05 . 2012-02-05 06:05 -------- d-----w- c:\program files (x86)\ESET 2012-02-04 08:37 . 2012-02-05 09:20 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{90F04104-A7C7-4E7B-86E8-E9B8A5C58A21}\offreg.dll 2012-02-03 20:46 . 2012-02-06 07:19 -------- d-----w- C:\TDSSKiller_Quarantine 2012-02-03 18:49 . 2012-01-17 09:39 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{90F04104-A7C7-4E7B-86E8-E9B8A5C58A21}\mpengine.dll 2012-02-03 05:36 . 2012-02-03 05:36 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-02-02 20:14 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll 2012-02-02 20:14 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll 2012-02-02 20:14 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll 2012-02-02 20:14 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll 2012-02-02 20:07 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll 2012-02-02 20:07 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll 2012-01-30 20:11 . 2012-01-30 20:11 -------- d-----w- c:\users\Admin\AppData\Roaming\Unity 2012-01-28 00:00 . 2012-01-28 00:00 -------- d-----w- c:\windows\Sun 2012-01-25 06:09 . 2012-01-25 06:09 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\DACE.tmp 2012-01-25 06:09 . 2012-01-25 06:09 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\DABE.tmp . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-01-27 05:52 . 2010-09-19 00:25 279656 ------w- c:\windows\system32\MpSigStub.exe 2011-12-10 20:24 . 2010-09-19 01:01 23152 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-11-24 04:52 . 2011-12-15 18:16 3145216 ----a-w- c:\windows\system32\win32k.sys 2011-10-22 11:06 . 2011-10-22 11:06 68272 ----a-w- c:\program files\fraps64.dat 2011-10-22 11:06 . 2011-10-22 11:06 231600 ----a-w- c:\program files\fraps32.dll 2011-10-22 11:06 . 2011-10-22 11:06 185520 ----a-w- c:\program files\fraps64.dll 2011-10-22 11:06 . 2011-10-22 11:06 2533040 ----a-w- c:\program files\fraps.exe 2011-10-22 11:04 . 2011-10-22 11:04 140288 ----a-w- c:\program files\frapslcd.dll 2011-03-08 08:03 . 2011-03-08 06:19 258352 ----a-w- c:\program files\unicows.dll 2011-03-08 08:03 . 2011-03-08 06:19 372736 ----a-w- c:\program files\ijl15.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-02-03_21.00.25 ))))))))))))))))))))))))))))))))))))))))) . + 2009-08-05 18:23 . 2012-02-06 07:22 48856 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-02-06 07:22 35776 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-09-19 00:31 . 2012-02-06 07:22 16508 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3037155534-168446356-2890161075-1001_UserData.bin - 2010-09-19 02:04 . 2012-02-03 09:26 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-09-19 02:04 . 2012-02-06 07:24 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-09-19 02:04 . 2012-02-03 09:26 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-09-19 02:04 . 2012-02-06 07:24 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-02-06 07:24 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2012-02-03 09:26 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-09-19 00:30 . 2012-02-06 08:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-09-19 00:30 . 2012-02-03 20:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-09-19 00:30 . 2012-02-06 08:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-09-19 00:30 . 2012-02-03 20:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2012-02-04 02:30 . 2012-02-04 02:30 54784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\6c13d7fb161ed4d7da730a70375b07c9\System.Web.DynamicData.Design.ni.dll + 2012-02-04 02:22 . 2012-02-04 02:22 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\94787ab3efcc074396a60ff3d83edf78\System.Web.DynamicData.Design.ni.dll + 2010-10-13 01:55 . 2012-02-03 21:04 3450 c:\windows\system32\wdi\ERCQueuedResolutions.dat - 2012-02-03 20:59 . 2012-02-03 20:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-02-06 07:31 . 2012-02-06 07:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-02-03 20:59 . 2012-02-03 20:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-02-06 07:31 . 2012-02-06 07:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-07-14 02:36 . 2012-02-03 20:51 633076 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-02-06 07:35 633076 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-02-06 07:35 110710 c:\windows\system32\perfc009.dat - 2009-07-14 02:36 . 2012-02-03 20:51 110710 c:\windows\system32\perfc009.dat - 2009-07-14 05:12 . 2012-01-28 23:33 245760 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat + 2009-07-14 05:12 . 2012-02-06 07:24 245760 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat - 2009-07-14 05:01 . 2012-02-03 20:58 308040 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-02-06 07:30 308040 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2012-02-04 02:30 . 2012-02-04 02:30 187392 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Routing\f715b47c2f0440ea23a71f1076b0af2b\System.Web.Routing.ni.dll + 2012-02-04 02:30 . 2012-02-04 02:30 449024 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity\d258f45340e6e538a19a56d1165b750f\System.Web.Entity.ni.dll + 2012-02-04 02:30 . 2012-02-04 02:30 398848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity.D#\6f6d11e33e2f3f6bddd4c33809340a48\System.Web.Entity.Design.ni.dll + 2012-02-04 02:30 . 2012-02-04 02:30 753664 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\bca38e802e2b45f80f8fbde2b54ce0a2\System.Web.DynamicData.ni.dll + 2012-02-04 02:30 . 2012-02-04 02:30 204800 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Abstract#\0e411c30fc2caebb55813b8fa0689d42\System.Web.Abstractions.ni.dll + 2012-02-04 02:21 . 2012-02-04 02:21 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\ee9e8808e97e2219b4bea89279c2750d\WindowsLiveLocal.WriterPlugin.ni.dll + 2012-02-04 02:21 . 2012-02-04 02:21 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d121b6ec166e2af4c1b3f902bd380298\WindowsLive.Writer.HtmlParser.ni.dll + 2012-02-04 02:21 . 2012-02-04 02:21 594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\6208495fcebfbb463e91d7af8c160623\WindowsLive.Writer.HtmlEditor.ni.dll + 2012-02-04 02:21 . 2012-02-04 02:21 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\5ae7e69722d9d75f19bb9da14065d60d\WindowsLive.Writer.BlogClient.ni.dll + 2012-02-04 02:22 . 2012-02-04 02:22 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\8e576ae7d946a5440bddfdbe06818a8b\System.Web.Routing.ni.dll + 2012-02-04 02:22 . 2012-02-04 02:22 860160 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\5bd4f855a0b0386cb4baf093216ad2d3\System.Web.Extensions.Design.ni.dll + 2012-02-04 02:22 . 2012-02-04 02:22 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\8d56e2f2a05dbde707d87cb3bdf0dffc\System.Web.Entity.ni.dll + 2012-02-04 02:22 . 2012-02-04 02:22 301568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f560658d9ee6d2786cab976e775758d6\System.Web.Entity.Design.ni.dll + 2012-02-04 02:22 . 2012-02-04 02:22 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\e94f08faeb08a8ee9d51a3480083bd07\System.Web.DynamicData.ni.dll + 2012-02-04 02:22 . 2012-02-04 02:22 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\2dc7ec41005f6e6fe45e0cc0a20a12bc\System.Web.Abstractions.ni.dll + 2012-02-04 02:21 . 2012-02-04 02:21 763392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\e6fa2be533d9e540ccafe51980ae0103\System.Data.Entity.Design.ni.dll + 2012-02-04 02:30 . 2012-02-04 02:30 1818112 c:\windows\assembly\NativeImages_v2.0.50727_64\System.WorkflowServ#\455567dae39910d806447b77ee657a85\System.WorkflowServices.ni.dll + 2012-02-04 02:30 . 2012-02-04 02:30 3336704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Mobile\91ecefc70d74ed44e5139ea2929adbb8\System.Web.Mobile.ni.dll + 2012-02-04 02:30 . 2012-02-04 02:30 3044352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\71da5a6d09e12eb94be32935e4a8d5a2\System.Web.Extensions.ni.dll + 2012-02-04 02:30 . 2012-02-04 02:30 1155072 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\2bb91a2edcc92d2bb79007e7d2ddc2ae\System.Web.Extensions.Design.ni.dll + 2012-02-04 02:30 . 2012-02-04 02:30 2312704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel#\3a6ac85c04453976c0f3a7c6a64ec43a\System.ServiceModel.Web.ni.dll + 2012-02-04 02:22 . 2012-02-04 02:22 1444352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityModel\1f90d38a42906a776be313d9720e350d\System.IdentityModel.ni.dll + 2012-02-04 02:30 . 2012-02-04 02:30 2805760 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Services\1d2c369d8e2d6f95c99ca90aca273418\System.Data.Services.ni.dll + 2012-02-04 02:30 . 2012-02-04 02:30 1080320 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity.#\b7bd7d91dc9abd73f2506bb7a0292373\System.Data.Entity.Design.ni.dll + 2012-02-04 02:23 . 2012-02-04 02:23 7970304 c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\53fcf7f34708a9482d3e4059ce29608c\MIGUIControls.ni.dll + 2012-02-04 02:29 . 2012-02-04 02:29 2131968 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\486ff8cee09c8c63aa9c60ff4f5feafa\Microsoft.VisualBasic.ni.dll + 2012-02-04 02:29 . 2012-02-04 02:29 2176512 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\b68f19bf3f3d545547d2b680eb54a660\Microsoft.PowerShell.Commands.Utility.ni.dll + 2012-02-04 02:23 . 2012-02-04 02:23 8979456 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\7e81f50c34dec17b90bfebec5929853a\Microsoft.MediaCenter.UI.ni.dll + 2012-02-04 02:22 . 2012-02-04 02:22 1516544 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\65a892a923b49b062bd8fc97254940d3\Microsoft.MediaCenter.ni.dll + 2012-02-04 02:23 . 2012-02-04 02:23 1508864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\33fd1381f221898a53253303cb7e5380\Microsoft.MediaCenter.Bml.ni.dll + 2012-02-04 02:21 . 2012-02-04 02:21 2002432 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d0f5cda30f56427cc504834d4cb0b8b9\WindowsLive.Writer.CoreServices.ni.dll + 2012-02-04 02:21 . 2012-02-04 02:21 6394368 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c85df34f1db849bbe50ecf11d6bf4cad\WindowsLive.Writer.PostEditor.ni.dll + 2012-02-04 02:22 . 2012-02-04 02:22 1358336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\a612958eaf641f0ba83b0daae44cb7b1\System.WorkflowServices.ni.dll + 2012-02-04 02:22 . 2012-02-04 02:22 2209792 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\d957ec1fb12ff02282a7f73d6318b66b\System.Web.Mobile.ni.dll + 2012-02-04 02:22 . 2012-02-04 02:22 2404352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\a90f033a5a062ff29f7df8f9edc1a80c\System.Web.Extensions.ni.dll + 2012-02-04 02:22 . 2012-02-04 02:22 1707008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\828e31a37bfd9d432083be6307845630\System.ServiceModel.Web.ni.dll + 2012-02-04 02:21 . 2012-02-04 02:21 1083392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c0d9df88f2b37d14cf416281364c5b7f\System.IdentityModel.ni.dll + 2012-02-04 02:22 . 2012-02-04 02:22 2029568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\76e676a9b6387aad5544d61a4ac12a78\System.Data.Services.ni.dll + 2012-02-04 02:21 . 2012-02-04 02:21 6438912 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\20d18697deb8413c01119531c6b987ad\MIGUIControls.ni.dll + 2012-02-04 02:21 . 2012-02-04 02:21 1670144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\dd759df05fad8dc6d3404e8e02b40819\Microsoft.VisualBasic.ni.dll + 2012-02-04 02:21 . 2012-02-04 02:21 1681920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\695508ea67706e5f66208cabe5363099\Microsoft.PowerShell.Commands.Utility.ni.dll + 2012-02-04 02:21 . 2012-02-04 02:21 1009664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\5662462cfa995c71817791af93686db2\Microsoft.MediaCenter.ni.dll + 2012-02-04 02:21 . 2012-02-04 02:21 6499840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\4676e3f99469bd1120f8aed9cf37e4d2\Microsoft.MediaCenter.UI.ni.dll + 2012-02-04 02:22 . 2012-02-04 02:22 23913984 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel\4bf05a9a1aebde89033c40b9e51af495\System.ServiceModel.ni.dll + 2012-02-04 02:23 . 2012-02-04 02:23 25470976 c:\windows\assembly\NativeImages_v2.0.50727_64\ehshell\897b2e70eb1754bf8c557fadd93faf98\ehshell.ni.dll + 2012-02-04 02:21 . 2012-02-04 02:21 17478656 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\7bc7e33d4568a214f226cdb6a161a37a\System.ServiceModel.ni.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Akamai NetSession Interface"="c:\users\Admin\AppData\Local\Akamai\netsession_win.exe" [2011-12-23 3334432] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "RunAIShell"="c:\program files (x86)\ASUS\AI Manager\AsShellApplication.exe" [2009-12-23 232064] "ASUS VIBE"="c:\program files (x86)\ASUS\ASUS VIBE\ASUS VIBE.exe" [2010-03-02 102400] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer6"=wdmaud.drv . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 dump_wmimmc;dump_wmimmc;c:\program files\Gpotato\Flyff\GameGuard\dump_wmimmc.sys [x] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x] R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 USB_RNDIS_VISTA;Westell WireSpeed Dual Connect Modem;c:\windows\system32\DRIVERS\usb8023.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 X6va003;X6va003;c:\users\Admin\AppData\Local\Temp\003F557.tmp [x] S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136] S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x64.sys [x] S2 Device Handle Service;Device Handle Service;c:\windows\SysWOW64\AsHookDevice.exe [2009-12-23 203392] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360] S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-15 2280312] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2314240] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] Hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc Akamai REG_MULTI_SZ Akamai . Contents of the 'Scheduled Tasks' folder . 2012-02-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3037155534-168446356-2890161075-1001Core.job - c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-11 15:19] . 2012-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3037155534-168446356-2890161075-1001UA.job - c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-11 15:19] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-19 8067616] "SKDaemon.exe"="c:\program files\LTONHIS\Touch Manager\SKDaemon.exe" [2009-06-16 318464] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.cfnews13.com/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = 127.0.0.1:9421 IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 65.32.5.111 65.32.5.112 DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB DPF: {530F7E80-690F-438E-8A4F-E6CAECB4B6F3} - hxxp://taste.dvrdns.org/CMSPlugin.cab DPF: {6F80BF27-CB16-4589-8C6A-DB422AAB2ED9} - hxxp://taste.dvrdns.org/vcredist_x86.exe . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai] "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_e286960.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va003] "ImagePath"="\??\c:\users\Admin\AppData\Local\Temp\003F557.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe c:\program files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe c:\program files (x86)\ASUS\EPU-4 Engine\FourEngine.exe . ************************************************************************** . Completion time: 2012-02-06 03:36:45 - machine was rebooted ComboFix-quarantined-files.txt 2012-02-06 08:36 . Pre-Run: 299,297,652,736 bytes free Post-Run: 298,234,806,272 bytes free . - - End Of File - - 4960D29A61C677A2378C96FB515C266F
  6. Yes im running in normal mode, but every program on the computer seems to be missing besides MBAM, thank god because that is how i got IE to open using the link from that. here is what i call pull together from the empty shell i seem to be left with. Malwarebytes Anti-Malware (PRO) 1.60.1.1000 www.malwarebytes.org Database version: v2012.02.04.02 Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking) Internet Explorer 8.0.7601.17514 Admin :: ADMIN-PC [administrator] Protection: Disabled 2/5/2012 2:06:34 AM mbam-log-2012-02-05 (02-06-34).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 186482 Time elapsed: 2 minute(s), 1 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|vkAHVCUBeFA.exe (Trojan.FakeAlert) -> Data: C:\ProgramData\vkAHVCUBeFA.exe -> Quarantined and deleted successfully. Registry Data Items Detected: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully. Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\ProgramData\vkAHVCUBeFA.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Users\Admin\AppData\Local\Temp\pb8ZG2raInFj03.exe.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. (end) 2012/02/05 01:01:24 -0500 ADMIN-PC Admin MESSAGE Starting protection 2012/02/05 01:01:26 -0500 ADMIN-PC Admin MESSAGE Protection started successfully 2012/02/05 01:01:29 -0500 ADMIN-PC Admin MESSAGE Starting IP protection 2012/02/05 01:01:29 -0500 ADMIN-PC Admin MESSAGE IP Protection started successfully 2012/02/05 01:01:37 -0500 ADMIN-PC Admin IP-BLOCK 194.54.81.86 (Type: outgoing, Port: 49166, Process: teamviewer_service.exe) 2012/02/05 01:01:37 -0500 ADMIN-PC Admin IP-BLOCK 194.54.81.86 (Type: outgoing, Port: 51703, Process: teamviewer_service.exe) 2012/02/05 01:01:37 -0500 ADMIN-PC Admin IP-BLOCK 194.54.81.86 (Type: outgoing, Port: 51708, Process: teamviewer_service.exe) 2012/02/05 01:01:37 -0500 ADMIN-PC Admin IP-BLOCK 194.54.81.86 (Type: outgoing, Port: 51713, Process: teamviewer_service.exe) 2012/02/05 01:01:45 -0500 ADMIN-PC Admin IP-BLOCK 194.54.81.86 (Type: outgoing, Port: 51731, Process: teamviewer_service.exe) 2012/02/05 01:01:45 -0500 ADMIN-PC Admin IP-BLOCK 194.54.81.86 (Type: outgoing, Port: 51749, Process: teamviewer_service.exe) 2012/02/05 01:01:45 -0500 ADMIN-PC Admin IP-BLOCK 194.54.81.86 (Type: outgoing, Port: 51759, Process: teamviewer_service.exe) 2012/02/05 01:01:45 -0500 ADMIN-PC Admin IP-BLOCK 194.54.81.86 (Type: outgoing, Port: 51760, Process: teamviewer_service.exe) 2012/02/05 01:01:45 -0500 ADMIN-PC Admin IP-BLOCK 194.54.81.86 (Type: outgoing, Port: 51761, Process: teamviewer_service.exe) 2012/02/05 01:50:03 -0500 ADMIN-PC Admin DETECTION C:\Users\Admin\AppData\Local\Temp\fylhenx.exe Trojan.FakeAlert ALLOW 2012/02/05 01:53:09 -0500 ADMIN-PC Admin DETECTION C:\ProgramData\vkAHVCUBeFA.exe Trojan.FakeAlert ALLOW 2012/02/05 01:53:28 -0500 ADMIN-PC Admin IP-BLOCK 31.44.184.49 (Type: outgoing, Port: 64145, Process: fylhenx.exe) 2012/02/05 01:53:29 -0500 ADMIN-PC Admin IP-BLOCK 31.44.184.49 (Type: outgoing, Port: 64146, Process: fylhenx.exe) 2012/02/05 02:12:33 -0500 ADMIN-PC Admin MESSAGE Starting protection 2012/02/05 02:12:34 -0500 ADMIN-PC Admin MESSAGE Protection started successfully 2012/02/05 02:12:37 -0500 ADMIN-PC Admin MESSAGE Starting IP protection 2012/02/05 02:12:38 -0500 ADMIN-PC Admin MESSAGE IP Protection started successfully TDSS also seems to be gone so i went to your link and DL it again, but it wont show up in the start menu or on a search, also i wanted to save it to the desktop, but that didnt show up as a option. I had to choose to open it from the install since i could not find it or save it to the desktop, not sure if thats important. 06:25:56.0863 2892 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49 06:25:57.0160 2892 ============================================================ 06:25:57.0160 2892 Current date / time: 2012/02/05 06:25:57.0160 06:25:57.0160 2892 SystemInfo: 06:25:57.0160 2892 06:25:57.0160 2892 OS Version: 6.1.7601 ServicePack: 1.0 06:25:57.0160 2892 Product type: Workstation 06:25:57.0160 2892 ComputerName: ADMIN-PC 06:25:57.0160 2892 UserName: Admin 06:25:57.0160 2892 Windows directory: C:\Windows 06:25:57.0160 2892 System windows directory: C:\Windows 06:25:57.0160 2892 Running under WOW64 06:25:57.0160 2892 Processor architecture: Intel x64 06:25:57.0160 2892 Number of processors: 4 06:25:57.0160 2892 Page size: 0x1000 06:25:57.0160 2892 Boot type: Normal boot 06:25:57.0160 2892 ============================================================ 06:25:57.0784 2892 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 06:25:57.0784 2892 \Device\Harddisk0\DR0: 06:25:57.0784 2892 MBR used 06:25:57.0784 2892 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1C5E800, BlocksNum 0x2E935000 06:25:57.0784 2892 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x30593800, BlocksNum 0x44172800 06:25:57.0830 2892 Initialize success 06:25:57.0830 2892 ============================================================ 07:39:10.0096 1472 ============================================================ 07:39:10.0096 1472 Scan started 07:39:10.0096 1472 Mode: Manual; SigCheck; TDLFS; 07:39:10.0096 1472 ============================================================ 07:39:10.0393 1472 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 07:39:10.0486 1472 1394ohci - ok 07:39:10.0564 1472 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 07:39:10.0564 1472 ACPI - ok 07:39:10.0627 1472 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 07:39:10.0673 1472 AcpiPmi - ok 07:39:10.0736 1472 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 07:39:10.0751 1472 adp94xx - ok 07:39:10.0798 1472 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 07:39:10.0814 1472 adpahci - ok 07:39:10.0829 1472 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 07:39:10.0829 1472 adpu320 - ok 07:39:10.0876 1472 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys 07:39:10.0923 1472 AFD - ok 07:39:10.0985 1472 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 07:39:11.0001 1472 agp440 - ok 07:39:11.0063 1472 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 07:39:11.0063 1472 aliide - ok 07:39:11.0126 1472 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 07:39:11.0141 1472 amdide - ok 07:39:11.0173 1472 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 07:39:11.0204 1472 AmdK8 - ok 07:39:11.0251 1472 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 07:39:11.0282 1472 AmdPPM - ok 07:39:11.0329 1472 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 07:39:11.0329 1472 amdsata - ok 07:39:11.0360 1472 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 07:39:11.0375 1472 amdsbs - ok 07:39:11.0422 1472 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 07:39:11.0422 1472 amdxata - ok 07:39:11.0453 1472 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 07:39:11.0563 1472 AppID - ok 07:39:11.0625 1472 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 07:39:11.0641 1472 arc - ok 07:39:11.0656 1472 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 07:39:11.0656 1472 arcsas - ok 07:39:11.0672 1472 AsIO - ok 07:39:11.0687 1472 AsUpIO - ok 07:39:11.0750 1472 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 07:39:11.0843 1472 AsyncMac - ok 07:39:11.0906 1472 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 07:39:11.0906 1472 atapi - ok 07:39:11.0968 1472 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 07:39:11.0984 1472 b06bdrv - ok 07:39:12.0046 1472 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 07:39:12.0077 1472 b57nd60a - ok 07:39:12.0109 1472 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 07:39:12.0155 1472 Beep - ok 07:39:12.0218 1472 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 07:39:12.0233 1472 blbdrive - ok 07:39:12.0280 1472 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 07:39:12.0311 1472 bowser - ok 07:39:12.0374 1472 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 07:39:12.0421 1472 BrFiltLo - ok 07:39:12.0421 1472 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 07:39:12.0452 1472 BrFiltUp - ok 07:39:12.0530 1472 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys 07:39:12.0577 1472 BridgeMP - ok 07:39:12.0608 1472 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 07:39:12.0623 1472 Brserid - ok 07:39:12.0639 1472 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 07:39:12.0670 1472 BrSerWdm - ok 07:39:12.0733 1472 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 07:39:12.0748 1472 BrUsbMdm - ok 07:39:12.0764 1472 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 07:39:12.0795 1472 BrUsbSer - ok 07:39:12.0811 1472 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 07:39:12.0811 1472 BTHMODEM - ok 07:39:12.0842 1472 catchme - ok 07:39:12.0889 1472 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 07:39:12.0935 1472 cdfs - ok 07:39:12.0967 1472 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys 07:39:12.0998 1472 cdrom - ok 07:39:13.0076 1472 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 07:39:13.0091 1472 circlass - ok 07:39:13.0123 1472 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 07:39:13.0123 1472 CLFS - ok 07:39:13.0169 1472 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 07:39:13.0201 1472 CmBatt - ok 07:39:13.0263 1472 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 07:39:13.0263 1472 cmdide - ok 07:39:13.0294 1472 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys 07:39:13.0310 1472 CNG - ok 07:39:13.0325 1472 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 07:39:13.0341 1472 Compbatt - ok 07:39:13.0419 1472 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 07:39:13.0450 1472 CompositeBus - ok 07:39:13.0528 1472 cpuz133 (95c88d25e211a4d52a82c53e5d93e634) C:\Windows\system32\drivers\cpuz133_x64.sys 07:39:13.0559 1472 cpuz133 - ok 07:39:13.0591 1472 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 07:39:13.0606 1472 crcdisk - ok 07:39:13.0684 1472 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 07:39:13.0715 1472 DfsC - ok 07:39:13.0778 1472 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 07:39:13.0809 1472 discache - ok 07:39:13.0871 1472 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 07:39:13.0871 1472 Disk - ok 07:39:13.0934 1472 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 07:39:13.0949 1472 drmkaud - ok 07:39:13.0981 1472 dump_wmimmc - ok 07:39:14.0027 1472 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 07:39:14.0043 1472 DXGKrnl - ok 07:39:14.0090 1472 EagleX64 - ok 07:39:14.0152 1472 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 07:39:14.0215 1472 ebdrv - ok 07:39:14.0308 1472 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 07:39:14.0324 1472 elxstor - ok 07:39:14.0339 1472 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 07:39:14.0371 1472 ErrDev - ok 07:39:14.0449 1472 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 07:39:14.0480 1472 exfat - ok 07:39:14.0511 1472 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 07:39:14.0558 1472 fastfat - ok 07:39:14.0620 1472 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 07:39:14.0651 1472 fdc - ok 07:39:14.0683 1472 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 07:39:14.0698 1472 FileInfo - ok 07:39:14.0698 1472 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 07:39:14.0745 1472 Filetrace - ok 07:39:14.0807 1472 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 07:39:14.0807 1472 flpydisk - ok 07:39:14.0839 1472 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 07:39:14.0854 1472 FltMgr - ok 07:39:14.0870 1472 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 07:39:14.0870 1472 FsDepends - ok 07:39:14.0901 1472 fssfltr (53dab1791917a72738539ad25c4eed7f) C:\Windows\system32\DRIVERS\fssfltr.sys 07:39:14.0917 1472 fssfltr - ok 07:39:14.0979 1472 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 07:39:14.0979 1472 Fs_Rec - ok 07:39:15.0010 1472 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 07:39:15.0010 1472 fvevol - ok 07:39:15.0041 1472 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 07:39:15.0057 1472 gagp30kx - ok 07:39:15.0073 1472 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 07:39:15.0088 1472 hcw85cir - ok 07:39:15.0197 1472 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 07:39:15.0213 1472 HdAudAddService - ok 07:39:15.0244 1472 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 07:39:15.0260 1472 HDAudBus - ok 07:39:15.0338 1472 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys 07:39:15.0338 1472 HECIx64 - ok 07:39:15.0353 1472 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 07:39:15.0353 1472 HidBatt - ok 07:39:15.0369 1472 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 07:39:15.0400 1472 HidBth - ok 07:39:15.0463 1472 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 07:39:15.0478 1472 HidIr - ok 07:39:15.0509 1472 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys 07:39:15.0525 1472 HidUsb - ok 07:39:15.0572 1472 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 07:39:15.0587 1472 HpSAMD - ok 07:39:15.0665 1472 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 07:39:15.0712 1472 HTTP - ok 07:39:15.0728 1472 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 07:39:15.0743 1472 hwpolicy - ok 07:39:15.0759 1472 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 07:39:15.0775 1472 i8042prt - ok 07:39:15.0821 1472 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 07:39:15.0837 1472 iaStorV - ok 07:39:16.0024 1472 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys 07:39:16.0243 1472 igfx - ok 07:39:16.0305 1472 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 07:39:16.0321 1472 iirsp - ok 07:39:16.0367 1472 IntcAzAudAddService (f04d22d7a49a1b2210dbadf0b803e870) C:\Windows\system32\drivers\RTKVHD64.sys 07:39:16.0399 1472 IntcAzAudAddService - ok 07:39:16.0414 1472 IntcDAud (49072edbc5c2f964917d1b585c90ed0a) C:\Windows\system32\DRIVERS\IntcDAud.sys 07:39:16.0445 1472 IntcDAud - ok 07:39:16.0508 1472 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 07:39:16.0508 1472 intelide - ok 07:39:16.0539 1472 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 07:39:16.0555 1472 intelppm - ok 07:39:16.0586 1472 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 07:39:16.0633 1472 IpFilterDriver - ok 07:39:16.0695 1472 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 07:39:16.0695 1472 IPMIDRV - ok 07:39:16.0726 1472 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 07:39:16.0757 1472 IPNAT - ok 07:39:16.0773 1472 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 07:39:16.0789 1472 IRENUM - ok 07:39:16.0820 1472 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 07:39:16.0820 1472 isapnp - ok 07:39:16.0882 1472 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 07:39:16.0882 1472 iScsiPrt - ok 07:39:16.0960 1472 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys 07:39:16.0976 1472 kbdclass - ok 07:39:17.0054 1472 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys 07:39:17.0085 1472 kbdhid - ok 07:39:17.0116 1472 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys 07:39:17.0132 1472 KSecDD - ok 07:39:17.0163 1472 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys 07:39:17.0179 1472 KSecPkg - ok 07:39:17.0210 1472 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 07:39:17.0257 1472 ksthunk - ok 07:39:17.0319 1472 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 07:39:17.0366 1472 lltdio - ok 07:39:17.0428 1472 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 07:39:17.0428 1472 LSI_FC - ok 07:39:17.0475 1472 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 07:39:17.0475 1472 LSI_SAS - ok 07:39:17.0491 1472 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 07:39:17.0506 1472 LSI_SAS2 - ok 07:39:17.0506 1472 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 07:39:17.0522 1472 LSI_SCSI - ok 07:39:17.0537 1472 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 07:39:17.0584 1472 luafv - ok 07:39:17.0647 1472 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys 07:39:17.0647 1472 MBAMProtector - ok 07:39:17.0693 1472 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 07:39:17.0709 1472 megasas - ok 07:39:17.0709 1472 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 07:39:17.0725 1472 MegaSR - ok 07:39:17.0740 1472 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 07:39:17.0771 1472 Modem - ok 07:39:17.0818 1472 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 07:39:17.0849 1472 monitor - ok 07:39:17.0896 1472 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys 07:39:17.0912 1472 mouclass - ok 07:39:17.0959 1472 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 07:39:17.0974 1472 mouhid - ok 07:39:18.0037 1472 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 07:39:18.0052 1472 mountmgr - ok 07:39:18.0068 1472 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 07:39:18.0068 1472 mpio - ok 07:39:18.0115 1472 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 07:39:18.0161 1472 mpsdrv - ok 07:39:18.0208 1472 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 07:39:18.0224 1472 MRxDAV - ok 07:39:18.0255 1472 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 07:39:18.0286 1472 mrxsmb - ok 07:39:18.0333 1472 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 07:39:18.0364 1472 mrxsmb10 - ok 07:39:18.0395 1472 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 07:39:18.0411 1472 mrxsmb20 - ok 07:39:18.0442 1472 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 07:39:18.0442 1472 msahci - ok 07:39:18.0489 1472 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 07:39:18.0505 1472 msdsm - ok 07:39:18.0536 1472 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 07:39:18.0567 1472 Msfs - ok 07:39:18.0583 1472 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 07:39:18.0629 1472 mshidkmdf - ok 07:39:18.0676 1472 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 07:39:18.0692 1472 msisadrv - ok 07:39:18.0723 1472 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 07:39:18.0770 1472 MSKSSRV - ok 07:39:18.0785 1472 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 07:39:18.0832 1472 MSPCLOCK - ok 07:39:18.0832 1472 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 07:39:18.0863 1472 MSPQM - ok 07:39:18.0926 1472 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 07:39:18.0926 1472 MsRPC - ok 07:39:18.0973 1472 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 07:39:18.0973 1472 mssmbios - ok 07:39:19.0004 1472 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 07:39:19.0035 1472 MSTEE - ok 07:39:19.0082 1472 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 07:39:19.0113 1472 MTConfig - ok 07:39:19.0160 1472 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys 07:39:19.0175 1472 MTsensor - ok 07:39:19.0191 1472 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 07:39:19.0191 1472 Mup - ok 07:39:19.0253 1472 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 07:39:19.0269 1472 NativeWifiP - ok 07:39:19.0347 1472 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 07:39:19.0363 1472 NDIS - ok 07:39:19.0409 1472 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 07:39:19.0441 1472 NdisCap - ok 07:39:19.0472 1472 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 07:39:19.0519 1472 NdisTapi - ok 07:39:19.0534 1472 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 07:39:19.0581 1472 Ndisuio - ok 07:39:19.0643 1472 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 07:39:19.0675 1472 NdisWan - ok 07:39:19.0721 1472 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 07:39:19.0753 1472 NDProxy - ok 07:39:19.0846 1472 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 07:39:19.0877 1472 NetBIOS - ok 07:39:19.0940 1472 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 07:39:19.0955 1472 NetBT - ok 07:39:20.0033 1472 netr28x (b72bb9496a126fcfc7fc5945ded9b411) C:\Windows\system32\DRIVERS\netr28x.sys 07:39:20.0049 1472 netr28x - ok 07:39:20.0096 1472 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 07:39:20.0096 1472 nfrd960 - ok 07:39:20.0143 1472 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 07:39:20.0174 1472 Npfs - ok 07:39:20.0236 1472 NPPTNT2 - ok 07:39:20.0252 1472 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 07:39:20.0299 1472 nsiproxy - ok 07:39:20.0361 1472 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 07:39:20.0392 1472 Ntfs - ok 07:39:20.0408 1472 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 07:39:20.0455 1472 Null - ok 07:39:20.0501 1472 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 07:39:20.0517 1472 nvraid - ok 07:39:20.0548 1472 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 07:39:20.0548 1472 nvstor - ok 07:39:20.0579 1472 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 07:39:20.0579 1472 nv_agp - ok 07:39:20.0611 1472 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 07:39:20.0642 1472 ohci1394 - ok 07:39:20.0735 1472 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 07:39:20.0751 1472 Parport - ok 07:39:20.0782 1472 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys 07:39:20.0798 1472 partmgr - ok 07:39:20.0813 1472 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 07:39:20.0829 1472 pci - ok 07:39:20.0860 1472 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 07:39:20.0876 1472 pciide - ok 07:39:20.0891 1472 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 07:39:20.0907 1472 pcmcia - ok 07:39:20.0923 1472 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 07:39:20.0923 1472 pcw - ok 07:39:20.0938 1472 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 07:39:20.0985 1472 PEAUTH - ok 07:39:21.0094 1472 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 07:39:21.0141 1472 PptpMiniport - ok 07:39:21.0157 1472 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 07:39:21.0172 1472 Processor - ok 07:39:21.0219 1472 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 07:39:21.0266 1472 Psched - ok 07:39:21.0359 1472 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 07:39:21.0391 1472 ql2300 - ok 07:39:21.0422 1472 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 07:39:21.0422 1472 ql40xx - ok 07:39:21.0437 1472 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 07:39:21.0469 1472 QWAVEdrv - ok 07:39:21.0531 1472 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 07:39:21.0562 1472 RasAcd - ok 07:39:21.0578 1472 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 07:39:21.0625 1472 RasAgileVpn - ok 07:39:21.0656 1472 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 07:39:21.0703 1472 Rasl2tp - ok 07:39:21.0765 1472 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 07:39:21.0812 1472 RasPppoe - ok 07:39:21.0843 1472 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 07:39:21.0890 1472 RasSstp - ok 07:39:21.0905 1472 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 07:39:21.0952 1472 rdbss - ok 07:39:22.0015 1472 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 07:39:22.0046 1472 rdpbus - ok 07:39:22.0077 1472 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 07:39:22.0124 1472 RDPCDD - ok 07:39:22.0139 1472 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 07:39:22.0171 1472 RDPENCDD - ok 07:39:22.0233 1472 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 07:39:22.0264 1472 RDPREFMP - ok 07:39:22.0295 1472 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys 07:39:22.0311 1472 RDPWD - ok 07:39:22.0358 1472 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 07:39:22.0373 1472 rdyboost - ok 07:39:22.0436 1472 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 07:39:22.0467 1472 rspndr - ok 07:39:22.0498 1472 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys 07:39:22.0498 1472 RTL8167 - ok 07:39:22.0529 1472 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 07:39:22.0529 1472 sbp2port - ok 07:39:22.0561 1472 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 07:39:22.0592 1472 scfilter - ok 07:39:22.0670 1472 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 07:39:22.0701 1472 secdrv - ok 07:39:22.0732 1472 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 07:39:22.0763 1472 Serenum - ok 07:39:22.0826 1472 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 07:39:22.0857 1472 Serial - ok 07:39:22.0888 1472 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 07:39:22.0904 1472 sermouse - ok 07:39:22.0935 1472 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 07:39:22.0951 1472 sffdisk - ok 07:39:22.0997 1472 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 07:39:23.0029 1472 sffp_mmc - ok 07:39:23.0044 1472 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 07:39:23.0060 1472 sffp_sd - ok 07:39:23.0075 1472 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 07:39:23.0091 1472 sfloppy - ok 07:39:23.0169 1472 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 07:39:23.0169 1472 SiSRaid2 - ok 07:39:23.0185 1472 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 07:39:23.0185 1472 SiSRaid4 - ok 07:39:23.0231 1472 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 07:39:23.0263 1472 Smb - ok 07:39:23.0325 1472 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 07:39:23.0341 1472 spldr - ok 07:39:23.0372 1472 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 07:39:23.0403 1472 srv - ok 07:39:23.0419 1472 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 07:39:23.0434 1472 srv2 - ok 07:39:23.0481 1472 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 07:39:23.0497 1472 srvnet - ok 07:39:23.0528 1472 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 07:39:23.0528 1472 stexstor - ok 07:39:23.0559 1472 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 07:39:23.0559 1472 swenum - ok 07:39:23.0621 1472 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys 07:39:23.0653 1472 Tcpip - ok 07:39:23.0699 1472 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys 07:39:23.0731 1472 TCPIP6 - ok 07:39:23.0762 1472 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 07:39:23.0793 1472 tcpipreg - ok 07:39:23.0809 1472 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 07:39:23.0840 1472 TDPIPE - ok 07:39:23.0855 1472 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys 07:39:23.0902 1472 TDTCP - ok 07:39:23.0933 1472 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 07:39:23.0965 1472 tdx - ok 07:39:24.0058 1472 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 07:39:24.0074 1472 TermDD - ok 07:39:24.0089 1472 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 07:39:24.0136 1472 tssecsrv - ok 07:39:24.0167 1472 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 07:39:24.0183 1472 TsUsbFlt - ok 07:39:24.0261 1472 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 07:39:24.0292 1472 tunnel - ok 07:39:24.0323 1472 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 07:39:24.0323 1472 uagp35 - ok 07:39:24.0355 1472 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 07:39:24.0386 1472 udfs - ok 07:39:24.0448 1472 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 07:39:24.0464 1472 uliagpkx - ok 07:39:24.0479 1472 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys 07:39:24.0495 1472 umbus - ok 07:39:24.0526 1472 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 07:39:24.0557 1472 UmPass - ok 07:39:24.0635 1472 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys 07:39:24.0651 1472 usbaudio - ok 07:39:24.0667 1472 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 07:39:24.0682 1472 usbccgp - ok 07:39:24.0713 1472 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 07:39:24.0729 1472 usbcir - ok 07:39:24.0791 1472 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys 07:39:24.0823 1472 usbehci - ok 07:39:24.0854 1472 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 07:39:24.0869 1472 usbhub - ok 07:39:24.0947 1472 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys 07:39:24.0963 1472 usbohci - ok 07:39:24.0979 1472 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 07:39:25.0010 1472 usbprint - ok 07:39:25.0025 1472 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 07:39:25.0057 1472 USBSTOR - ok 07:39:25.0119 1472 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys 07:39:25.0150 1472 usbuhci - ok 07:39:25.0166 1472 USB_RNDIS_VISTA (d0fe8cb5f84303e73ff0754437fad3d1) C:\Windows\system32\DRIVERS\usb8023.sys 07:39:25.0213 1472 USB_RNDIS_VISTA - ok 07:39:25.0244 1472 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 07:39:25.0244 1472 vdrvroot - ok 07:39:25.0306 1472 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 07:39:25.0322 1472 vga - ok 07:39:25.0337 1472 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 07:39:25.0369 1472 VgaSave - ok 07:39:25.0462 1472 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 07:39:25.0462 1472 vhdmp - ok 07:39:25.0493 1472 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 07:39:25.0493 1472 viaide - ok 07:39:25.0525 1472 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 07:39:25.0525 1472 volmgr - ok 07:39:25.0556 1472 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 07:39:25.0571 1472 volmgrx - ok 07:39:25.0603 1472 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 07:39:25.0603 1472 volsnap - ok 07:39:25.0649 1472 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 07:39:25.0649 1472 vsmraid - ok 07:39:25.0681 1472 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 07:39:25.0712 1472 vwifibus - ok 07:39:25.0743 1472 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 07:39:25.0774 1472 vwififlt - ok 07:39:25.0805 1472 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 07:39:25.0821 1472 WacomPen - ok 07:39:25.0883 1472 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 07:39:25.0915 1472 WANARP - ok 07:39:25.0915 1472 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 07:39:25.0946 1472 Wanarpv6 - ok 07:39:25.0993 1472 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 07:39:25.0993 1472 Wd - ok 07:39:26.0024 1472 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 07:39:26.0039 1472 Wdf01000 - ok 07:39:26.0086 1472 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 07:39:26.0133 1472 WfpLwf - ok 07:39:26.0164 1472 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 07:39:26.0180 1472 WIMMount - ok 07:39:26.0227 1472 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys 07:39:26.0242 1472 WinUsb - ok 07:39:26.0289 1472 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 07:39:26.0305 1472 WmiAcpi - ok 07:39:26.0367 1472 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 07:39:26.0398 1472 ws2ifsl - ok 07:39:26.0445 1472 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 07:39:26.0476 1472 WudfPf - ok 07:39:26.0507 1472 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 07:39:26.0539 1472 WUDFRd - ok 07:39:26.0601 1472 X6va003 - ok 07:39:26.0632 1472 MBR (0x1B8) (4976d4a7a40b83fc7f06ee4bdd84eb9b) \Device\Harddisk0\DR0 07:39:26.0741 1472 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 07:39:26.0741 1472 \Device\Harddisk0\DR0 - detected TDSS File System (1) 07:39:26.0741 1472 Boot (0x1200) (981a1928fb23fc1e673f913c659cbc75) \Device\Harddisk0\DR0\Partition0 07:39:26.0741 1472 \Device\Harddisk0\DR0\Partition0 - ok 07:39:26.0773 1472 Boot (0x1200) (1b2113e8147b731e8356e034bd1547d9) \Device\Harddisk0\DR0\Partition1 07:39:26.0773 1472 \Device\Harddisk0\DR0\Partition1 - ok 07:39:26.0773 1472 ============================================================ 07:39:26.0773 1472 Scan finished 07:39:26.0773 1472 ============================================================ 07:39:26.0773 3152 Detected object count: 1 07:39:26.0773 3152 Actual detected object count: 1 07:39:48.0722 3152 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user 07:39:48.0722 3152 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
  7. I just spoke with with a MBAM admin, and was told I should not have changed/scanned/fixed anything without your say so Daniel. So I just wanted to say im sorry if I messed anything up in advance, I freaked out when that all happened and am not used to having someone to help with issues. I jumped the gun, but am now waiting for your advice.
  8. So just after I finished posting the logs you asked for the computer freaked out on me. about 20 windows poped up all the same, and then one saying there was a issue with my hard drive that needed to be fixed before I used the computer again. I didnt click any thing forced a shutdown, rebooted and it still did the same thing with everything appearing to be gone/missing from the computer. I rebooted in safemode ran MBAM quick scan and attempted to remove what it found and reboot. It seems it was all quarantined. The windows did not come up this time but everything still seems to be gone! I have a black screen for a desktop and my trashbin/MBAM with all programs in the start menu seeming to be gone. I was only able to open IE using the MBAM online link to get the window to open. So if anyone even if it is not the person who was originaly helping me can do anything please do!
  9. Here you go. C:\ProgramData\Microsoft\Windows\DRM\DABE.tmp Win64/Olmarik.AD trojan C:\ProgramData\Microsoft\Windows\DRM\DACE.tmp Win64/Olmarik.AD trojan C:\TDSSKiller_Quarantine\03.02.2012_15.45.51\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AWO trojan C:\TDSSKiller_Quarantine\03.02.2012_15.45.51\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan C:\TDSSKiller_Quarantine\03.02.2012_15.45.51\mbr0000\tdlfs0000\tsk0002.dta Win32/Olmarik.AWO trojan C:\TDSSKiller_Quarantine\03.02.2012_15.45.51\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AC trojan C:\TDSSKiller_Quarantine\03.02.2012_15.45.51\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AWO trojan C:\TDSSKiller_Quarantine\03.02.2012_15.45.51\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.X trojan C:\Users\All Users\Microsoft\Windows\DRM\DABE.tmp Win64/Olmarik.AD trojan C:\Users\All Users\Microsoft\Windows\DRM\DACE.tmp Win64/Olmarik.AD trojan . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7601.17514 Run by Admin at 1:40:49 on 2012-02-05 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7055.5275 [GMT -5:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\SysWOW64\svchost.exe -k Akamai C:\Windows\SysWOW64\AsHookDevice.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\LTONHIS\Touch Manager\SKDaemon.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Users\Admin\AppData\Local\Akamai\netsession_win.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Users\Admin\AppData\Local\Akamai\netsession_win.exe C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\taskeng.exe C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.cfnews13.com/ uInternet Settings,ProxyOverride = 127.0.0.1:9421 BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File uRun: [Akamai NetSession Interface] "C:\Users\Admin\AppData\Local\Akamai\netsession_win.exe" uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun mRun: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe mRun: [ASUS VIBE] C:\Program Files (x86)\ASUS\ASUS VIBE\ASUS VIBE.exe /S mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB DPF: {530F7E80-690F-438E-8A4F-E6CAECB4B6F3} - hxxp://taste.dvrdns.org/CMSPlugin.cab DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab DPF: {6F80BF27-CB16-4589-8C6A-DB422AAB2ED9} - hxxp://taste.dvrdns.org/vcredist_x86.exe DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} - hxxp://www.shockwave.com/content/feedingfrenzy/sis/SproutLauncher.cab DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} - hxxp://zone.msn.com/bingame/cnma/default/cinematycoon.cab DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.shockwave.com/content/bejeweled2/sis/popcaploader_v10.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 65.32.5.111 65.32.5.112 TCP: Interfaces\{B115E509-5C33-4517-9410-62410AF08CF7} : DhcpNameServer = 65.32.5.111 65.32.5.112 BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File mRun-x64: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe mRun-x64: [ASUS VIBE] C:\Program Files (x86)\ASUS\ASUS VIBE\ASUS VIBE.exe /S mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray . ============= SERVICES / DRIVERS =============== . R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992] R2 cpuz133;cpuz133;\??\C:\Windows\system32\drivers\cpuz133_x64.sys --> C:\Windows\system32\drivers\cpuz133_x64.sys [?] R2 Device Handle Service;Device Handle Service;C:\Windows\SysWOW64\AsHookDevice.exe [2010-4-27 203392] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-2 652360] R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-4-15 2280312] R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-4-27 2314240] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2009-8-5 704864] S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?] S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 USB_RNDIS_VISTA;Westell WireSpeed Dual Connect Modem;C:\Windows\system32\DRIVERS\usb8023.sys --> C:\Windows\system32\DRIVERS\usb8023.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-02-05 06:05:53 -------- d-----w- C:\Program Files (x86)\ESET 2012-02-04 08:37:45 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{90F04104-A7C7-4E7B-86E8-E9B8A5C58A21}\offreg.dll 2012-02-03 21:06:49 -------- d-sh--w- C:\$RECYCLE.BIN 2012-02-03 20:53:02 98816 ----a-w- C:\Windows\sed.exe 2012-02-03 20:53:02 518144 ----a-w- C:\Windows\SWREG.exe 2012-02-03 20:53:02 256000 ----a-w- C:\Windows\PEV.exe 2012-02-03 20:53:02 208896 ----a-w- C:\Windows\MBR.exe 2012-02-03 20:46:12 -------- d-----w- C:\TDSSKiller_Quarantine 2012-02-03 18:49:15 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{90F04104-A7C7-4E7B-86E8-E9B8A5C58A21}\mpengine.dll 2012-02-03 05:36:32 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-02-02 20:14:16 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll 2012-02-02 20:14:16 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll 2012-02-02 20:14:15 366592 ----a-w- C:\Windows\System32\qdvd.dll 2012-02-02 20:14:15 1572864 ----a-w- C:\Windows\System32\quartz.dll 2012-02-02 20:07:04 1731920 ----a-w- C:\Windows\System32\ntdll.dll 2012-02-02 20:07:04 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll 2012-01-30 20:11:38 -------- d-----w- C:\Users\Admin\AppData\Roaming\Unity 2012-01-25 06:09:52 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\DACE.tmp 2012-01-25 06:09:52 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\DABE.tmp . ==================== Find3M ==================== . 2012-01-27 05:52:58 279656 ------w- C:\Windows\System32\MpSigStub.exe 2011-12-10 20:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys 2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys 2011-11-19 14:58:00 77312 ----a-w- C:\Windows\System32\packager.dll 2011-11-19 14:01:00 67072 ----a-w- C:\Windows\SysWow64\packager.dll 2011-11-17 06:49:14 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2011-11-17 06:49:14 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2011-11-17 06:44:43 459232 ----a-w- C:\Windows\System32\drivers\cng.sys 2011-11-17 06:35:28 395776 ----a-w- C:\Windows\System32\webio.dll 2011-11-17 06:35:26 29184 ----a-w- C:\Windows\System32\sspisrv.dll 2011-11-17 06:35:26 136192 ----a-w- C:\Windows\System32\sspicli.dll 2011-11-17 06:35:25 340992 ----a-w- C:\Windows\System32\schannel.dll 2011-11-17 06:35:25 28160 ----a-w- C:\Windows\System32\secur32.dll 2011-11-17 06:35:19 1447936 ----a-w- C:\Windows\System32\lsasrv.dll 2011-11-17 06:33:55 31232 ----a-w- C:\Windows\System32\lsass.exe 2011-11-17 05:35:02 314880 ----a-w- C:\Windows\SysWow64\webio.dll 2011-11-17 05:34:52 224768 ----a-w- C:\Windows\SysWow64\schannel.dll 2011-11-17 05:34:52 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2011-11-17 05:28:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2011-10-22 11:06:32 68272 ----a-w- C:\Program Files\fraps64.dat 2011-10-22 11:06:32 231600 ----a-w- C:\Program Files\fraps32.dll 2011-10-22 11:06:32 185520 ----a-w- C:\Program Files\fraps64.dll 2011-10-22 11:06:30 2533040 ----a-w- C:\Program Files\fraps.exe 2011-10-22 11:04:34 140288 ----a-w- C:\Program Files\frapslcd.dll 2011-03-08 08:03:37 258352 ----a-w- C:\Program Files\unicows.dll 2011-03-08 08:03:10 372736 ----a-w- C:\Program Files\ijl15.dll . ============= FINISH: 1:41:04.56 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 9/18/2010 8:10:08 PM System Uptime: 2/5/2012 12:49:07 AM (1 hours ago) . Motherboard: ASUSTeK Computer INC. | | CM5675 Processor: Intel® Core i5 CPU 650 @ 3.20GHz | LGA1156 | 3201/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 373 GiB total, 279.024 GiB free. D: is FIXED (NTFS) - 545 GiB total, 544.619 GiB free. E: is CDROM () F: is Removable G: is Removable H: is Removable I: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {36fc9e60-c465-11cf-8056-444553540000} Description: Unknown Device Device ID: USB\VID_0000&PID_0000\6&3AEBB249&0&4 Manufacturer: (Standard USB Host Controller) Name: Unknown Device PNP Device ID: USB\VID_0000&PID_0000\6&3AEBB249&0&4 Service: . Class GUID: {36fc9e60-c465-11cf-8056-444553540000} Description: Unknown Device Device ID: USB\VID_0000&PID_0000\6&3AEBB249&0&5 Manufacturer: (Standard USB Host Controller) Name: Unknown Device PNP Device ID: USB\VID_0000&PID_0000\6&3AEBB249&0&5 Service: . ==== System Restore Points =================== . RP249: 2/2/2012 2:53:13 PM - Restore Operation RP250: 2/2/2012 3:06:46 PM - Windows Update RP251: 2/2/2012 11:21:20 PM - Removed Adobe Reader X (10.1.1). RP252: 2/2/2012 11:22:24 PM - Removed Adobe Reader X (10.1.1). RP253: 2/3/2012 2:26:52 AM - Windows Update . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) 2007 Microsoft Office Suite Service Pack 2 (SP2) Acrobat.com Advertising Center AI Manager Akamai NetSession Interface Akamai NetSession Interface Service ASUS Backup Wizard ASUS VIBE ASUSUpdate Bandisoft MPEG-1 Decoder Big Fish Games: Game Manager Curse Client EPU-4 Engine ESET Online Scanner v3 File Uploader Fraps (remove only) Google Talk Plugin ImagXpress Intel® Control Center Intel® Graphics Media Accelerator Driver Intel® Management Engine Components Internet TV for Windows Media Center Island Tribe 2 Java Auto Updater Java 6 Update 22 Malwarebytes Anti-Malware version 1.60.1.1000 Microsoft .NET Framework 1.1 Microsoft Choice Guard Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Excel 2007 Help Actualización (KB963678) Microsoft Office Excel MUI (Dutch) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Excel MUI (French) 2007 Microsoft Office Excel MUI (German) 2007 Microsoft Office Excel MUI (Spanish) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office Live Add-in 1.3 Microsoft Office OneNote MUI (Dutch) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office OneNote MUI (French) 2007 Microsoft Office OneNote MUI (German) 2007 Microsoft Office OneNote MUI (Spanish) 2007 Microsoft Office Powerpoint 2007 Help Actualización (KB963669) Microsoft Office PowerPoint MUI (Dutch) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint MUI (French) 2007 Microsoft Office PowerPoint MUI (German) 2007 Microsoft Office PowerPoint MUI (Spanish) 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Proof (Arabic) 2007 Microsoft Office Proof (Basque) 2007 Microsoft Office Proof (Catalan) 2007 Microsoft Office Proof (Dutch) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Galician) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proof (Italian) 2007 Microsoft Office Proof (Portuguese (Brazil)) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (Dutch) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing (French) 2007 Microsoft Office Proofing (German) 2007 Microsoft Office Proofing (Spanish) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Shared MUI (Dutch) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared MUI (French) 2007 Microsoft Office Shared MUI (German) 2007 Microsoft Office Shared MUI (Spanish) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word 2007 Help Actualización (KB963665) Microsoft Office Word MUI (Dutch) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Office Word MUI (French) 2007 Microsoft Office Word MUI (German) 2007 Microsoft Office Word MUI (Spanish) 2007 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Visual C++ 2005 Redistributable Microsoft Works Mise à jour Microsoft Office Excel 2007 Help (KB963678) Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669) Mise à jour Microsoft Office Word 2007 Help (KB963665) MSVCRT MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP3 Parser (KB973685) Nero 9 Essentials Nero BurnRights Nero BurnRights Help Nero ControlCenter Nero CoverDesigner Nero CoverDesigner Help Nero DiscSpeed Nero DiscSpeed Help Nero DriveSpeed Nero DriveSpeed Help Nero Express Help Nero InfoTool Nero InfoTool Help Nero Installer Nero Online Upgrade Nero StartSmart Nero StartSmart Help Nero StartSmart OEM NeroExpress neroxml Netflix in Windows Media Center Nikon Transfer Pando Media Booster Picture Control Utility Realtek Ethernet Controller Driver For Windows Vista and Later Realtek High Definition Audio Driver Security Update for 2007 Microsoft Office System (KB2288621) Security Update for 2007 Microsoft Office System (KB2288931) Security Update for 2007 Microsoft Office System (KB2345043) Security Update for 2007 Microsoft Office System (KB2553089) Security Update for 2007 Microsoft Office System (KB2553090) Security Update for 2007 Microsoft Office System (KB2584063) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB979441) Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB2344993) Spelling Dictionaries Support For Adobe Reader 9 TeamViewer 6 Unity Web Player Update für Microsoft Office Excel 2007 Help (KB963678) Update für Microsoft Office Powerpoint 2007 Help (KB963669) Update für Microsoft Office Word 2007 Help (KB963665) Update for 2007 Microsoft Office System (KB2284654) Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition Update for Microsoft Office 2007 System (KB2539530) Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 (KB980729) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Update voor Microsoft Office Excel 2007 Help (KB963678) Update voor Microsoft Office Powerpoint 2007 Help (KB963669) Update voor Microsoft Office Word 2007 Help (KB963665) Ventrilo Client ViewNX Windows Live Communications Platform Windows Live Essentials Windows Live Movie Maker Windows Live Photo Gallery Windows Live Sync Windows Live Writer World of Warcraft Xfire (remove only) . ==== Event Viewer Messages From Past Week ======== . 2/3/2012 3:58:48 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 2/3/2012 3:58:11 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. 2/3/2012 3:52:48 PM, Error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service. 2/2/2012 3:01:43 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Akamai NetSession Interface service, but this action failed with the following error: An instance of the service is already running. 2/2/2012 1:26:31 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8a0007ff000, 0x0000000000000000, 0xfffff80002ece38e, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 020212-17472-01. 1/30/2012 12:11:06 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8a000ffa000, 0x0000000000000000, 0xfffff80002f2638e, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 013012-15990-01. . ==== End Of File ===========================
  10. Nothing was detected. 00:26:14.0488 2800 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49 00:26:15.0002 2800 ============================================================ 00:26:15.0002 2800 Current date / time: 2012/02/04 00:26:15.0002 00:26:15.0002 2800 SystemInfo: 00:26:15.0002 2800 00:26:15.0002 2800 OS Version: 6.1.7601 ServicePack: 1.0 00:26:15.0002 2800 Product type: Workstation 00:26:15.0002 2800 ComputerName: ADMIN-PC 00:26:15.0002 2800 UserName: Admin 00:26:15.0002 2800 Windows directory: C:\Windows 00:26:15.0002 2800 System windows directory: C:\Windows 00:26:15.0002 2800 Running under WOW64 00:26:15.0002 2800 Processor architecture: Intel x64 00:26:15.0002 2800 Number of processors: 4 00:26:15.0002 2800 Page size: 0x1000 00:26:15.0002 2800 Boot type: Normal boot 00:26:15.0002 2800 ============================================================ 00:26:15.0658 2800 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 00:26:15.0658 2800 \Device\Harddisk0\DR0: 00:26:15.0658 2800 MBR used 00:26:15.0658 2800 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1C5E800, BlocksNum 0x2E935000 00:26:15.0658 2800 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x30593800, BlocksNum 0x44172800 00:26:15.0704 2800 Initialize success 00:26:15.0704 2800 ============================================================ 00:26:22.0490 3452 ============================================================ 00:26:22.0490 3452 Scan started 00:26:22.0490 3452 Mode: Manual; 00:26:22.0490 3452 ============================================================ 00:26:23.0520 3452 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 00:26:23.0536 3452 1394ohci - ok 00:26:23.0598 3452 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 00:26:23.0598 3452 ACPI - ok 00:26:23.0676 3452 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 00:26:23.0676 3452 AcpiPmi - ok 00:26:23.0707 3452 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 00:26:23.0707 3452 adp94xx - ok 00:26:23.0723 3452 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 00:26:23.0738 3452 adpahci - ok 00:26:23.0754 3452 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 00:26:23.0754 3452 adpu320 - ok 00:26:23.0832 3452 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys 00:26:23.0832 3452 AFD - ok 00:26:23.0863 3452 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 00:26:23.0863 3452 agp440 - ok 00:26:23.0957 3452 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 00:26:23.0957 3452 aliide - ok 00:26:23.0988 3452 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 00:26:23.0988 3452 amdide - ok 00:26:24.0019 3452 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 00:26:24.0019 3452 AmdK8 - ok 00:26:24.0035 3452 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 00:26:24.0035 3452 AmdPPM - ok 00:26:24.0097 3452 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 00:26:24.0097 3452 amdsata - ok 00:26:24.0113 3452 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 00:26:24.0113 3452 amdsbs - ok 00:26:24.0144 3452 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 00:26:24.0144 3452 amdxata - ok 00:26:24.0206 3452 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 00:26:24.0206 3452 AppID - ok 00:26:24.0253 3452 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 00:26:24.0253 3452 arc - ok 00:26:24.0269 3452 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 00:26:24.0284 3452 arcsas - ok 00:26:24.0284 3452 AsIO - ok 00:26:24.0316 3452 AsUpIO - ok 00:26:24.0362 3452 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 00:26:24.0362 3452 AsyncMac - ok 00:26:24.0394 3452 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 00:26:24.0394 3452 atapi - ok 00:26:24.0456 3452 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 00:26:24.0456 3452 b06bdrv - ok 00:26:24.0518 3452 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 00:26:24.0534 3452 b57nd60a - ok 00:26:24.0550 3452 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 00:26:24.0550 3452 Beep - ok 00:26:24.0581 3452 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 00:26:24.0581 3452 blbdrive - ok 00:26:24.0643 3452 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 00:26:24.0643 3452 bowser - ok 00:26:24.0674 3452 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 00:26:24.0690 3452 BrFiltLo - ok 00:26:24.0690 3452 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 00:26:24.0690 3452 BrFiltUp - ok 00:26:24.0752 3452 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys 00:26:24.0752 3452 BridgeMP - ok 00:26:24.0815 3452 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 00:26:24.0815 3452 Brserid - ok 00:26:24.0815 3452 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 00:26:24.0830 3452 BrSerWdm - ok 00:26:24.0830 3452 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 00:26:24.0830 3452 BrUsbMdm - ok 00:26:24.0877 3452 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 00:26:24.0877 3452 BrUsbSer - ok 00:26:24.0924 3452 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 00:26:24.0924 3452 BTHMODEM - ok 00:26:24.0940 3452 catchme - ok 00:26:24.0986 3452 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 00:26:24.0986 3452 cdfs - ok 00:26:25.0018 3452 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys 00:26:25.0018 3452 cdrom - ok 00:26:25.0049 3452 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 00:26:25.0064 3452 circlass - ok 00:26:25.0080 3452 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 00:26:25.0080 3452 CLFS - ok 00:26:25.0158 3452 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 00:26:25.0158 3452 CmBatt - ok 00:26:25.0174 3452 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 00:26:25.0174 3452 cmdide - ok 00:26:25.0205 3452 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys 00:26:25.0205 3452 CNG - ok 00:26:25.0236 3452 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 00:26:25.0236 3452 Compbatt - ok 00:26:25.0298 3452 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 00:26:25.0298 3452 CompositeBus - ok 00:26:25.0361 3452 cpuz133 (95c88d25e211a4d52a82c53e5d93e634) C:\Windows\system32\drivers\cpuz133_x64.sys 00:26:25.0361 3452 cpuz133 - ok 00:26:25.0392 3452 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 00:26:25.0392 3452 crcdisk - ok 00:26:25.0470 3452 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 00:26:25.0470 3452 DfsC - ok 00:26:25.0486 3452 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 00:26:25.0486 3452 discache - ok 00:26:25.0517 3452 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 00:26:25.0517 3452 Disk - ok 00:26:25.0564 3452 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 00:26:25.0564 3452 drmkaud - ok 00:26:25.0610 3452 dump_wmimmc - ok 00:26:25.0673 3452 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 00:26:25.0673 3452 DXGKrnl - ok 00:26:25.0720 3452 EagleX64 - ok 00:26:25.0782 3452 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 00:26:25.0798 3452 ebdrv - ok 00:26:25.0891 3452 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 00:26:25.0907 3452 elxstor - ok 00:26:25.0922 3452 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 00:26:25.0922 3452 ErrDev - ok 00:26:25.0954 3452 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 00:26:25.0954 3452 exfat - ok 00:26:26.0016 3452 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 00:26:26.0016 3452 fastfat - ok 00:26:26.0047 3452 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 00:26:26.0047 3452 fdc - ok 00:26:26.0063 3452 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 00:26:26.0063 3452 FileInfo - ok 00:26:26.0125 3452 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 00:26:26.0125 3452 Filetrace - ok 00:26:26.0141 3452 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 00:26:26.0141 3452 flpydisk - ok 00:26:26.0172 3452 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 00:26:26.0172 3452 FltMgr - ok 00:26:26.0188 3452 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 00:26:26.0188 3452 FsDepends - ok 00:26:26.0219 3452 fssfltr (53dab1791917a72738539ad25c4eed7f) C:\Windows\system32\DRIVERS\fssfltr.sys 00:26:26.0219 3452 fssfltr - ok 00:26:26.0297 3452 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 00:26:26.0297 3452 Fs_Rec - ok 00:26:26.0328 3452 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 00:26:26.0328 3452 fvevol - ok 00:26:26.0359 3452 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 00:26:26.0359 3452 gagp30kx - ok 00:26:26.0375 3452 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 00:26:26.0375 3452 hcw85cir - ok 00:26:26.0468 3452 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 00:26:26.0468 3452 HdAudAddService - ok 00:26:26.0484 3452 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 00:26:26.0484 3452 HDAudBus - ok 00:26:26.0515 3452 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys 00:26:26.0515 3452 HECIx64 - ok 00:26:26.0578 3452 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 00:26:26.0578 3452 HidBatt - ok 00:26:26.0593 3452 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 00:26:26.0593 3452 HidBth - ok 00:26:26.0609 3452 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 00:26:26.0609 3452 HidIr - ok 00:26:26.0640 3452 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys 00:26:26.0640 3452 HidUsb - ok 00:26:26.0718 3452 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 00:26:26.0718 3452 HpSAMD - ok 00:26:26.0749 3452 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 00:26:26.0765 3452 HTTP - ok 00:26:26.0780 3452 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 00:26:26.0780 3452 hwpolicy - ok 00:26:26.0796 3452 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 00:26:26.0796 3452 i8042prt - ok 00:26:26.0858 3452 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 00:26:26.0858 3452 iaStorV - ok 00:26:27.0046 3452 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys 00:26:27.0186 3452 igfx - ok 00:26:27.0233 3452 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 00:26:27.0233 3452 iirsp - ok 00:26:27.0280 3452 IntcAzAudAddService (f04d22d7a49a1b2210dbadf0b803e870) C:\Windows\system32\drivers\RTKVHD64.sys 00:26:27.0295 3452 IntcAzAudAddService - ok 00:26:27.0342 3452 IntcDAud (49072edbc5c2f964917d1b585c90ed0a) C:\Windows\system32\DRIVERS\IntcDAud.sys 00:26:27.0342 3452 IntcDAud - ok 00:26:27.0389 3452 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 00:26:27.0389 3452 intelide - ok 00:26:27.0420 3452 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 00:26:27.0420 3452 intelppm - ok 00:26:27.0498 3452 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 00:26:27.0498 3452 IpFilterDriver - ok 00:26:27.0529 3452 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 00:26:27.0529 3452 IPMIDRV - ok 00:26:27.0560 3452 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 00:26:27.0560 3452 IPNAT - ok 00:26:27.0607 3452 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 00:26:27.0607 3452 IRENUM - ok 00:26:27.0638 3452 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 00:26:27.0638 3452 isapnp - ok 00:26:27.0654 3452 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 00:26:27.0654 3452 iScsiPrt - ok 00:26:27.0670 3452 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys 00:26:27.0670 3452 kbdclass - ok 00:26:27.0685 3452 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys 00:26:27.0685 3452 kbdhid - ok 00:26:27.0779 3452 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys 00:26:27.0779 3452 KSecDD - ok 00:26:27.0794 3452 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys 00:26:27.0794 3452 KSecPkg - ok 00:26:27.0810 3452 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 00:26:27.0826 3452 ksthunk - ok 00:26:27.0872 3452 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 00:26:27.0872 3452 lltdio - ok 00:26:27.0935 3452 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 00:26:27.0935 3452 LSI_FC - ok 00:26:27.0950 3452 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 00:26:27.0950 3452 LSI_SAS - ok 00:26:27.0982 3452 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 00:26:27.0982 3452 LSI_SAS2 - ok 00:26:27.0997 3452 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 00:26:27.0997 3452 LSI_SCSI - ok 00:26:28.0013 3452 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 00:26:28.0013 3452 luafv - ok 00:26:28.0075 3452 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys 00:26:28.0075 3452 MBAMProtector - ok 00:26:28.0122 3452 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 00:26:28.0122 3452 megasas - ok 00:26:28.0153 3452 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 00:26:28.0153 3452 MegaSR - ok 00:26:28.0184 3452 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 00:26:28.0184 3452 Modem - ok 00:26:28.0231 3452 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 00:26:28.0231 3452 monitor - ok 00:26:28.0262 3452 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys 00:26:28.0262 3452 mouclass - ok 00:26:28.0294 3452 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 00:26:28.0294 3452 mouhid - ok 00:26:28.0340 3452 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 00:26:28.0340 3452 mountmgr - ok 00:26:28.0387 3452 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 00:26:28.0387 3452 mpio - ok 00:26:28.0403 3452 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 00:26:28.0403 3452 mpsdrv - ok 00:26:28.0450 3452 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 00:26:28.0450 3452 MRxDAV - ok 00:26:28.0481 3452 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 00:26:28.0481 3452 mrxsmb - ok 00:26:28.0590 3452 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 00:26:28.0590 3452 mrxsmb10 - ok 00:26:28.0606 3452 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 00:26:28.0606 3452 mrxsmb20 - ok 00:26:28.0653 3452 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 00:26:28.0653 3452 msahci - ok 00:26:28.0668 3452 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 00:26:28.0684 3452 msdsm - ok 00:26:28.0715 3452 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 00:26:28.0715 3452 Msfs - ok 00:26:28.0731 3452 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 00:26:28.0746 3452 mshidkmdf - ok 00:26:28.0777 3452 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 00:26:28.0777 3452 msisadrv - ok 00:26:28.0809 3452 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 00:26:28.0809 3452 MSKSSRV - ok 00:26:28.0840 3452 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 00:26:28.0840 3452 MSPCLOCK - ok 00:26:28.0855 3452 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 00:26:28.0855 3452 MSPQM - ok 00:26:28.0887 3452 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 00:26:28.0887 3452 MsRPC - ok 00:26:28.0933 3452 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 00:26:28.0933 3452 mssmbios - ok 00:26:28.0965 3452 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 00:26:28.0965 3452 MSTEE - ok 00:26:28.0996 3452 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 00:26:28.0996 3452 MTConfig - ok 00:26:29.0027 3452 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys 00:26:29.0027 3452 MTsensor - ok 00:26:29.0043 3452 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 00:26:29.0043 3452 Mup - ok 00:26:29.0089 3452 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 00:26:29.0105 3452 NativeWifiP - ok 00:26:29.0167 3452 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 00:26:29.0167 3452 NDIS - ok 00:26:29.0183 3452 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 00:26:29.0183 3452 NdisCap - ok 00:26:29.0214 3452 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 00:26:29.0230 3452 NdisTapi - ok 00:26:29.0245 3452 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 00:26:29.0245 3452 Ndisuio - ok 00:26:29.0277 3452 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 00:26:29.0277 3452 NdisWan - ok 00:26:29.0308 3452 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 00:26:29.0308 3452 NDProxy - ok 00:26:29.0370 3452 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 00:26:29.0370 3452 NetBIOS - ok 00:26:29.0417 3452 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 00:26:29.0433 3452 NetBT - ok 00:26:29.0511 3452 netr28x (b72bb9496a126fcfc7fc5945ded9b411) C:\Windows\system32\DRIVERS\netr28x.sys 00:26:29.0511 3452 netr28x - ok 00:26:29.0557 3452 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 00:26:29.0557 3452 nfrd960 - ok 00:26:29.0573 3452 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 00:26:29.0573 3452 Npfs - ok 00:26:29.0620 3452 NPPTNT2 - ok 00:26:29.0667 3452 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 00:26:29.0667 3452 nsiproxy - ok 00:26:29.0729 3452 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 00:26:29.0729 3452 Ntfs - ok 00:26:29.0760 3452 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 00:26:29.0760 3452 Null - ok 00:26:29.0807 3452 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 00:26:29.0807 3452 nvraid - ok 00:26:29.0823 3452 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 00:26:29.0823 3452 nvstor - ok 00:26:29.0854 3452 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 00:26:29.0854 3452 nv_agp - ok 00:26:29.0916 3452 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 00:26:29.0916 3452 ohci1394 - ok 00:26:29.0963 3452 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 00:26:29.0963 3452 Parport - ok 00:26:29.0979 3452 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys 00:26:29.0979 3452 partmgr - ok 00:26:30.0010 3452 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 00:26:30.0010 3452 pci - ok 00:26:30.0057 3452 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 00:26:30.0057 3452 pciide - ok 00:26:30.0088 3452 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 00:26:30.0088 3452 pcmcia - ok 00:26:30.0119 3452 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 00:26:30.0119 3452 pcw - ok 00:26:30.0150 3452 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 00:26:30.0166 3452 PEAUTH - ok 00:26:30.0259 3452 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 00:26:30.0259 3452 PptpMiniport - ok 00:26:30.0291 3452 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 00:26:30.0291 3452 Processor - ok 00:26:30.0322 3452 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 00:26:30.0337 3452 Psched - ok 00:26:30.0369 3452 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 00:26:30.0384 3452 ql2300 - ok 00:26:30.0447 3452 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 00:26:30.0447 3452 ql40xx - ok 00:26:30.0462 3452 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 00:26:30.0462 3452 QWAVEdrv - ok 00:26:30.0478 3452 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 00:26:30.0478 3452 RasAcd - ok 00:26:30.0493 3452 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 00:26:30.0493 3452 RasAgileVpn - ok 00:26:30.0525 3452 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 00:26:30.0525 3452 Rasl2tp - ok 00:26:30.0603 3452 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 00:26:30.0603 3452 RasPppoe - ok 00:26:30.0618 3452 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 00:26:30.0618 3452 RasSstp - ok 00:26:30.0634 3452 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 00:26:30.0634 3452 rdbss - ok 00:26:30.0649 3452 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 00:26:30.0649 3452 rdpbus - ok 00:26:30.0681 3452 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 00:26:30.0681 3452 RDPCDD - ok 00:26:30.0727 3452 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 00:26:30.0727 3452 RDPENCDD - ok 00:26:30.0743 3452 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 00:26:30.0743 3452 RDPREFMP - ok 00:26:30.0774 3452 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys 00:26:30.0774 3452 RDPWD - ok 00:26:30.0821 3452 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 00:26:30.0821 3452 rdyboost - ok 00:26:30.0883 3452 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 00:26:30.0883 3452 rspndr - ok 00:26:30.0930 3452 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys 00:26:30.0946 3452 RTL8167 - ok 00:26:30.0961 3452 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 00:26:30.0961 3452 sbp2port - ok 00:26:30.0977 3452 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 00:26:30.0977 3452 scfilter - ok 00:26:31.0039 3452 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 00:26:31.0039 3452 secdrv - ok 00:26:31.0071 3452 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 00:26:31.0071 3452 Serenum - ok 00:26:31.0102 3452 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 00:26:31.0102 3452 Serial - ok 00:26:31.0117 3452 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 00:26:31.0117 3452 sermouse - ok 00:26:31.0164 3452 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 00:26:31.0164 3452 sffdisk - ok 00:26:31.0195 3452 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 00:26:31.0195 3452 sffp_mmc - ok 00:26:31.0195 3452 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 00:26:31.0195 3452 sffp_sd - ok 00:26:31.0227 3452 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 00:26:31.0227 3452 sfloppy - ok 00:26:31.0273 3452 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 00:26:31.0289 3452 SiSRaid2 - ok 00:26:31.0305 3452 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 00:26:31.0305 3452 SiSRaid4 - ok 00:26:31.0320 3452 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 00:26:31.0320 3452 Smb - ok 00:26:31.0367 3452 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 00:26:31.0367 3452 spldr - ok 00:26:31.0414 3452 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 00:26:31.0414 3452 srv - ok 00:26:31.0461 3452 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 00:26:31.0461 3452 srv2 - ok 00:26:31.0476 3452 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 00:26:31.0476 3452 srvnet - ok 00:26:31.0539 3452 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 00:26:31.0539 3452 stexstor - ok 00:26:31.0570 3452 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 00:26:31.0585 3452 swenum - ok 00:26:31.0632 3452 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys 00:26:31.0648 3452 Tcpip - ok 00:26:31.0695 3452 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys 00:26:31.0710 3452 TCPIP6 - ok 00:26:31.0741 3452 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 00:26:31.0741 3452 tcpipreg - ok 00:26:31.0773 3452 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 00:26:31.0773 3452 TDPIPE - ok 00:26:31.0788 3452 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys 00:26:31.0788 3452 TDTCP - ok 00:26:31.0804 3452 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 00:26:31.0804 3452 tdx - ok 00:26:31.0897 3452 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 00:26:31.0897 3452 TermDD - ok 00:26:31.0929 3452 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 00:26:31.0944 3452 tssecsrv - ok 00:26:31.0960 3452 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 00:26:31.0960 3452 TsUsbFlt - ok 00:26:32.0053 3452 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 00:26:32.0069 3452 tunnel - ok 00:26:32.0085 3452 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 00:26:32.0085 3452 uagp35 - ok 00:26:32.0116 3452 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 00:26:32.0116 3452 udfs - ok 00:26:32.0163 3452 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 00:26:32.0163 3452 uliagpkx - ok 00:26:32.0209 3452 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys 00:26:32.0209 3452 umbus - ok 00:26:32.0241 3452 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 00:26:32.0241 3452 UmPass - ok 00:26:32.0287 3452 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys 00:26:32.0287 3452 usbaudio - ok 00:26:32.0334 3452 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 00:26:32.0334 3452 usbccgp - ok 00:26:32.0350 3452 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 00:26:32.0350 3452 usbcir - ok 00:26:32.0365 3452 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys 00:26:32.0365 3452 usbehci - ok 00:26:32.0412 3452 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 00:26:32.0412 3452 usbhub - ok 00:26:32.0443 3452 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys 00:26:32.0443 3452 usbohci - ok 00:26:32.0490 3452 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 00:26:32.0490 3452 usbprint - ok 00:26:32.0506 3452 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 00:26:32.0506 3452 USBSTOR - ok 00:26:32.0521 3452 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys 00:26:32.0521 3452 usbuhci - ok 00:26:32.0568 3452 USB_RNDIS_VISTA (d0fe8cb5f84303e73ff0754437fad3d1) C:\Windows\system32\DRIVERS\usb8023.sys 00:26:32.0568 3452 USB_RNDIS_VISTA - ok 00:26:32.0615 3452 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 00:26:32.0615 3452 vdrvroot - ok 00:26:32.0631 3452 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 00:26:32.0631 3452 vga - ok 00:26:32.0631 3452 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 00:26:32.0646 3452 VgaSave - ok 00:26:32.0662 3452 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 00:26:32.0662 3452 vhdmp - ok 00:26:32.0693 3452 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 00:26:32.0693 3452 viaide - ok 00:26:32.0709 3452 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 00:26:32.0709 3452 volmgr - ok 00:26:32.0755 3452 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 00:26:32.0755 3452 volmgrx - ok 00:26:32.0771 3452 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 00:26:32.0787 3452 volsnap - ok 00:26:32.0818 3452 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 00:26:32.0818 3452 vsmraid - ok 00:26:32.0849 3452 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 00:26:32.0849 3452 vwifibus - ok 00:26:32.0896 3452 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 00:26:32.0896 3452 vwififlt - ok 00:26:32.0911 3452 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 00:26:32.0911 3452 WacomPen - ok 00:26:32.0958 3452 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 00:26:32.0958 3452 WANARP - ok 00:26:32.0958 3452 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 00:26:32.0958 3452 Wanarpv6 - ok 00:26:33.0036 3452 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 00:26:33.0036 3452 Wd - ok 00:26:33.0067 3452 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 00:26:33.0067 3452 Wdf01000 - ok 00:26:33.0099 3452 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 00:26:33.0099 3452 WfpLwf - ok 00:26:33.0130 3452 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 00:26:33.0130 3452 WIMMount - ok 00:26:33.0192 3452 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys 00:26:33.0192 3452 WinUsb - ok 00:26:33.0208 3452 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 00:26:33.0208 3452 WmiAcpi - ok 00:26:33.0270 3452 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 00:26:33.0270 3452 ws2ifsl - ok 00:26:33.0301 3452 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 00:26:33.0301 3452 WudfPf - ok 00:26:33.0333 3452 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 00:26:33.0333 3452 WUDFRd - ok 00:26:33.0395 3452 X6va003 - ok 00:26:33.0426 3452 MBR (0x1B8) (4976d4a7a40b83fc7f06ee4bdd84eb9b) \Device\Harddisk0\DR0 00:26:33.0489 3452 \Device\Harddisk0\DR0 - ok 00:26:33.0489 3452 Boot (0x1200) (981a1928fb23fc1e673f913c659cbc75) \Device\Harddisk0\DR0\Partition0 00:26:33.0489 3452 \Device\Harddisk0\DR0\Partition0 - ok 00:26:33.0504 3452 Boot (0x1200) (1b2113e8147b731e8356e034bd1547d9) \Device\Harddisk0\DR0\Partition1 00:26:33.0504 3452 \Device\Harddisk0\DR0\Partition1 - ok 00:26:33.0504 3452 ============================================================ 00:26:33.0504 3452 Scan finished 00:26:33.0504 3452 ============================================================ 00:26:33.0520 3464 Detected object count: 0 00:26:33.0520 3464 Actual detected object count: 0 00:26:46.0764 2120 Deinitialize success
  11. No I didnt change anything in TDSS, should I have? As far as I can tell the outgoing has stoped.
  12. I had two TDSS logs this time, not sure if you need both but I will post them. 15:45:40.0578 0292 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49 15:45:40.0890 0292 ============================================================ 15:45:40.0890 0292 Current date / time: 2012/02/03 15:45:40.0890 15:45:40.0890 0292 SystemInfo: 15:45:40.0890 0292 15:45:40.0890 0292 OS Version: 6.1.7601 ServicePack: 1.0 15:45:40.0890 0292 Product type: Workstation 15:45:40.0890 0292 ComputerName: ADMIN-PC 15:45:40.0890 0292 UserName: Admin 15:45:40.0890 0292 Windows directory: C:\Windows 15:45:40.0890 0292 System windows directory: C:\Windows 15:45:40.0890 0292 Running under WOW64 15:45:40.0890 0292 Processor architecture: Intel x64 15:45:40.0890 0292 Number of processors: 4 15:45:40.0890 0292 Page size: 0x1000 15:45:40.0890 0292 Boot type: Normal boot 15:45:40.0890 0292 ============================================================ 15:45:41.0530 0292 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 15:45:41.0546 0292 \Device\Harddisk0\DR0: 15:45:41.0546 0292 MBR used 15:45:41.0546 0292 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1C5E800, BlocksNum 0x2E935000 15:45:41.0546 0292 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x30593800, BlocksNum 0x44172800 15:45:41.0592 0292 Initialize success 15:45:41.0592 0292 ============================================================ 15:45:43.0792 4328 Deinitialize success 15:45:50.0737 4016 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49 15:45:51.0111 4016 ============================================================ 15:45:51.0111 4016 Current date / time: 2012/02/03 15:45:51.0111 15:45:51.0111 4016 SystemInfo: 15:45:51.0111 4016 15:45:51.0111 4016 OS Version: 6.1.7601 ServicePack: 1.0 15:45:51.0111 4016 Product type: Workstation 15:45:51.0111 4016 ComputerName: ADMIN-PC 15:45:51.0111 4016 UserName: Admin 15:45:51.0111 4016 Windows directory: C:\Windows 15:45:51.0111 4016 System windows directory: C:\Windows 15:45:51.0111 4016 Running under WOW64 15:45:51.0111 4016 Processor architecture: Intel x64 15:45:51.0111 4016 Number of processors: 4 15:45:51.0111 4016 Page size: 0x1000 15:45:51.0111 4016 Boot type: Normal boot 15:45:51.0111 4016 ============================================================ 15:45:51.0735 4016 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 15:45:51.0751 4016 \Device\Harddisk0\DR0: 15:45:51.0751 4016 MBR used 15:45:51.0751 4016 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1C5E800, BlocksNum 0x2E935000 15:45:51.0751 4016 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x30593800, BlocksNum 0x44172800 15:45:51.0798 4016 Initialize success 15:45:51.0798 4016 ============================================================ 15:45:53.0935 4132 ============================================================ 15:45:53.0935 4132 Scan started 15:45:53.0935 4132 Mode: Manual; 15:45:53.0935 4132 ============================================================ 15:45:54.0777 4132 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 15:45:54.0777 4132 1394ohci - ok 15:45:54.0855 4132 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 15:45:54.0855 4132 ACPI - ok 15:45:54.0964 4132 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 15:45:54.0964 4132 AcpiPmi - ok 15:45:55.0074 4132 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 15:45:55.0074 4132 adp94xx - ok 15:45:55.0089 4132 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 15:45:55.0089 4132 adpahci - ok 15:45:55.0105 4132 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 15:45:55.0105 4132 adpu320 - ok 15:45:55.0136 4132 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys 15:45:55.0136 4132 AFD - ok 15:45:55.0214 4132 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 15:45:55.0214 4132 agp440 - ok 15:45:55.0276 4132 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 15:45:55.0276 4132 aliide - ok 15:45:55.0339 4132 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 15:45:55.0339 4132 amdide - ok 15:45:55.0370 4132 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 15:45:55.0370 4132 AmdK8 - ok 15:45:55.0386 4132 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 15:45:55.0386 4132 AmdPPM - ok 15:45:55.0432 4132 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 15:45:55.0432 4132 amdsata - ok 15:45:55.0479 4132 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 15:45:55.0479 4132 amdsbs - ok 15:45:55.0495 4132 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 15:45:55.0495 4132 amdxata - ok 15:45:55.0542 4132 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 15:45:55.0542 4132 AppID - ok 15:45:55.0573 4132 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 15:45:55.0573 4132 arc - ok 15:45:55.0620 4132 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 15:45:55.0620 4132 arcsas - ok 15:45:55.0620 4132 AsIO - ok 15:45:55.0651 4132 AsUpIO - ok 15:45:55.0698 4132 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 15:45:55.0698 4132 AsyncMac - ok 15:45:55.0729 4132 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 15:45:55.0729 4132 atapi - ok 15:45:55.0776 4132 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 15:45:55.0776 4132 b06bdrv - ok 15:45:55.0822 4132 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 15:45:55.0822 4132 b57nd60a - ok 15:45:55.0854 4132 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 15:45:55.0854 4132 Beep - ok 15:45:55.0900 4132 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 15:45:55.0900 4132 blbdrive - ok 15:45:55.0916 4132 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 15:45:55.0916 4132 bowser - ok 15:45:55.0963 4132 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 15:45:55.0963 4132 BrFiltLo - ok 15:45:55.0994 4132 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 15:45:55.0994 4132 BrFiltUp - ok 15:45:56.0010 4132 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 15:45:56.0010 4132 Brserid - ok 15:45:56.0041 4132 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 15:45:56.0041 4132 BrSerWdm - ok 15:45:56.0056 4132 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 15:45:56.0056 4132 BrUsbMdm - ok 15:45:56.0119 4132 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 15:45:56.0119 4132 BrUsbSer - ok 15:45:56.0134 4132 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 15:45:56.0134 4132 BTHMODEM - ok 15:45:56.0166 4132 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 15:45:56.0166 4132 cdfs - ok 15:45:56.0259 4132 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys 15:45:56.0259 4132 cdrom - ok 15:45:56.0290 4132 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 15:45:56.0290 4132 circlass - ok 15:45:56.0322 4132 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 15:45:56.0322 4132 CLFS - ok 15:45:56.0400 4132 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 15:45:56.0400 4132 CmBatt - ok 15:45:56.0415 4132 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 15:45:56.0415 4132 cmdide - ok 15:45:56.0446 4132 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys 15:45:56.0446 4132 CNG - ok 15:45:56.0478 4132 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 15:45:56.0478 4132 Compbatt - ok 15:45:56.0556 4132 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 15:45:56.0556 4132 CompositeBus - ok 15:45:56.0618 4132 cpuz133 (95c88d25e211a4d52a82c53e5d93e634) C:\Windows\system32\drivers\cpuz133_x64.sys 15:45:56.0618 4132 cpuz133 - ok 15:45:56.0649 4132 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 15:45:56.0649 4132 crcdisk - ok 15:45:56.0743 4132 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 15:45:56.0743 4132 DfsC - ok 15:45:56.0774 4132 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 15:45:56.0774 4132 discache - ok 15:45:56.0821 4132 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 15:45:56.0821 4132 Disk - ok 15:45:56.0883 4132 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 15:45:56.0883 4132 drmkaud - ok 15:45:56.0930 4132 dump_wmimmc - ok 15:45:56.0977 4132 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 15:45:56.0992 4132 DXGKrnl - ok 15:45:57.0008 4132 EagleX64 - ok 15:45:57.0070 4132 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 15:45:57.0086 4132 ebdrv - ok 15:45:57.0164 4132 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 15:45:57.0180 4132 elxstor - ok 15:45:57.0211 4132 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 15:45:57.0211 4132 ErrDev - ok 15:45:57.0258 4132 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 15:45:57.0258 4132 exfat - ok 15:45:57.0320 4132 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 15:45:57.0320 4132 fastfat - ok 15:45:57.0336 4132 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 15:45:57.0351 4132 fdc - ok 15:45:57.0367 4132 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 15:45:57.0367 4132 FileInfo - ok 15:45:57.0382 4132 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 15:45:57.0382 4132 Filetrace - ok 15:45:57.0445 4132 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 15:45:57.0445 4132 flpydisk - ok 15:45:57.0476 4132 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 15:45:57.0476 4132 FltMgr - ok 15:45:57.0492 4132 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 15:45:57.0492 4132 FsDepends - ok 15:45:57.0538 4132 fssfltr (53dab1791917a72738539ad25c4eed7f) C:\Windows\system32\DRIVERS\fssfltr.sys 15:45:57.0538 4132 fssfltr - ok 15:45:57.0601 4132 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 15:45:57.0601 4132 Fs_Rec - ok 15:45:57.0648 4132 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 15:45:57.0648 4132 fvevol - ok 15:45:57.0663 4132 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 15:45:57.0663 4132 gagp30kx - ok 15:45:57.0694 4132 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 15:45:57.0694 4132 hcw85cir - ok 15:45:57.0772 4132 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 15:45:57.0772 4132 HdAudAddService - ok 15:45:57.0788 4132 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 15:45:57.0788 4132 HDAudBus - ok 15:45:57.0835 4132 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys 15:45:57.0835 4132 HECIx64 - ok 15:45:57.0882 4132 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 15:45:57.0882 4132 HidBatt - ok 15:45:57.0897 4132 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 15:45:57.0897 4132 HidBth - ok 15:45:57.0928 4132 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 15:45:57.0928 4132 HidIr - ok 15:45:57.0960 4132 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys 15:45:57.0960 4132 HidUsb - ok 15:45:57.0991 4132 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 15:45:57.0991 4132 HpSAMD - ok 15:45:58.0100 4132 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 15:45:58.0100 4132 HTTP - ok 15:45:58.0131 4132 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 15:45:58.0131 4132 hwpolicy - ok 15:45:58.0147 4132 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 15:45:58.0147 4132 i8042prt - ok 15:45:58.0178 4132 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 15:45:58.0178 4132 iaStorV - ok 15:45:58.0396 4132 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys 15:45:58.0443 4132 igfx - ok 15:45:58.0506 4132 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 15:45:58.0506 4132 iirsp - ok 15:45:58.0552 4132 IntcAzAudAddService (f04d22d7a49a1b2210dbadf0b803e870) C:\Windows\system32\drivers\RTKVHD64.sys 15:45:58.0568 4132 IntcAzAudAddService - ok 15:45:58.0615 4132 IntcDAud (49072edbc5c2f964917d1b585c90ed0a) C:\Windows\system32\DRIVERS\IntcDAud.sys 15:45:58.0615 4132 IntcDAud - ok 15:45:58.0662 4132 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 15:45:58.0662 4132 intelide - ok 15:45:58.0693 4132 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 15:45:58.0693 4132 intelppm - ok 15:45:58.0724 4132 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 15:45:58.0724 4132 IpFilterDriver - ok 15:45:58.0802 4132 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 15:45:58.0802 4132 IPMIDRV - ok 15:45:58.0833 4132 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 15:45:58.0833 4132 IPNAT - ok 15:45:58.0864 4132 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 15:45:58.0864 4132 IRENUM - ok 15:45:58.0896 4132 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 15:45:58.0896 4132 isapnp - ok 15:45:58.0958 4132 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 15:45:58.0958 4132 iScsiPrt - ok 15:45:58.0974 4132 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys 15:45:58.0974 4132 kbdclass - ok 15:45:59.0020 4132 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys 15:45:59.0020 4132 kbdhid - ok 15:45:59.0052 4132 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys 15:45:59.0052 4132 KSecDD - ok 15:45:59.0098 4132 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys 15:45:59.0098 4132 KSecPkg - ok 15:45:59.0130 4132 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 15:45:59.0130 4132 ksthunk - ok 15:45:59.0161 4132 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 15:45:59.0161 4132 lltdio - ok 15:45:59.0223 4132 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 15:45:59.0223 4132 LSI_FC - ok 15:45:59.0270 4132 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 15:45:59.0270 4132 LSI_SAS - ok 15:45:59.0286 4132 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 15:45:59.0286 4132 LSI_SAS2 - ok 15:45:59.0317 4132 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 15:45:59.0317 4132 LSI_SCSI - ok 15:45:59.0364 4132 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 15:45:59.0364 4132 luafv - ok 15:45:59.0410 4132 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys 15:45:59.0410 4132 MBAMProtector - ok 15:45:59.0457 4132 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 15:45:59.0457 4132 megasas - ok 15:45:59.0504 4132 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 15:45:59.0504 4132 MegaSR - ok 15:45:59.0520 4132 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 15:45:59.0520 4132 Modem - ok 15:45:59.0551 4132 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 15:45:59.0551 4132 monitor - ok 15:45:59.0598 4132 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys 15:45:59.0598 4132 mouclass - ok 15:45:59.0644 4132 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 15:45:59.0644 4132 mouhid - ok 15:45:59.0676 4132 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 15:45:59.0676 4132 mountmgr - ok 15:45:59.0738 4132 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 15:45:59.0738 4132 mpio - ok 15:45:59.0769 4132 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 15:45:59.0769 4132 mpsdrv - ok 15:45:59.0800 4132 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 15:45:59.0816 4132 MRxDAV - ok 15:45:59.0847 4132 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 15:45:59.0847 4132 mrxsmb - ok 15:45:59.0878 4132 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 15:45:59.0878 4132 mrxsmb10 - ok 15:45:59.0925 4132 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 15:45:59.0925 4132 mrxsmb20 - ok 15:45:59.0972 4132 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 15:45:59.0972 4132 msahci - ok 15:46:00.0019 4132 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 15:46:00.0019 4132 msdsm - ok 15:46:00.0144 4132 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 15:46:00.0144 4132 Msfs - ok 15:46:00.0175 4132 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 15:46:00.0175 4132 mshidkmdf - ok 15:46:00.0191 4132 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 15:46:00.0191 4132 msisadrv - ok 15:46:00.0284 4132 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 15:46:00.0284 4132 MSKSSRV - ok 15:46:00.0300 4132 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 15:46:00.0300 4132 MSPCLOCK - ok 15:46:00.0315 4132 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 15:46:00.0315 4132 MSPQM - ok 15:46:00.0347 4132 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 15:46:00.0347 4132 MsRPC - ok 15:46:00.0409 4132 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 15:46:00.0409 4132 mssmbios - ok 15:46:00.0425 4132 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 15:46:00.0440 4132 MSTEE - ok 15:46:00.0456 4132 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 15:46:00.0456 4132 MTConfig - ok 15:46:00.0487 4132 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys 15:46:00.0487 4132 MTsensor - ok 15:46:00.0518 4132 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 15:46:00.0518 4132 Mup - ok 15:46:00.0549 4132 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 15:46:00.0549 4132 NativeWifiP - ok 15:46:00.0612 4132 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 15:46:00.0612 4132 NDIS - ok 15:46:00.0659 4132 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 15:46:00.0659 4132 NdisCap - ok 15:46:00.0690 4132 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 15:46:00.0690 4132 NdisTapi - ok 15:46:00.0721 4132 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 15:46:00.0721 4132 Ndisuio - ok 15:46:00.0768 4132 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 15:46:00.0768 4132 NdisWan - ok 15:46:00.0799 4132 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 15:46:00.0799 4132 NDProxy - ok 15:46:00.0877 4132 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 15:46:00.0877 4132 NetBIOS - ok 15:46:00.0924 4132 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 15:46:00.0924 4132 NetBT - ok 15:46:00.0971 4132 netr28x (b72bb9496a126fcfc7fc5945ded9b411) C:\Windows\system32\DRIVERS\netr28x.sys 15:46:00.0971 4132 netr28x - ok 15:46:01.0017 4132 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 15:46:01.0017 4132 nfrd960 - ok 15:46:01.0049 4132 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 15:46:01.0049 4132 Npfs - ok 15:46:01.0111 4132 NPPTNT2 - ok 15:46:01.0142 4132 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 15:46:01.0142 4132 nsiproxy - ok 15:46:01.0189 4132 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 15:46:01.0189 4132 Ntfs - ok 15:46:01.0220 4132 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 15:46:01.0220 4132 Null - ok 15:46:01.0283 4132 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 15:46:01.0283 4132 nvraid - ok 15:46:01.0314 4132 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 15:46:01.0314 4132 nvstor - ok 15:46:01.0345 4132 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 15:46:01.0345 4132 nv_agp - ok 15:46:01.0376 4132 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 15:46:01.0376 4132 ohci1394 - ok 15:46:01.0454 4132 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 15:46:01.0454 4132 Parport - ok 15:46:01.0485 4132 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys 15:46:01.0485 4132 partmgr - ok 15:46:01.0517 4132 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 15:46:01.0517 4132 pci - ok 15:46:01.0548 4132 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 15:46:01.0548 4132 pciide - ok 15:46:01.0595 4132 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 15:46:01.0595 4132 pcmcia - ok 15:46:01.0626 4132 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 15:46:01.0626 4132 pcw - ok 15:46:01.0641 4132 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 15:46:01.0657 4132 PEAUTH - ok 15:46:01.0735 4132 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 15:46:01.0735 4132 PptpMiniport - ok 15:46:01.0766 4132 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 15:46:01.0766 4132 Processor - ok 15:46:01.0813 4132 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 15:46:01.0829 4132 Psched - ok 15:46:01.0875 4132 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 15:46:01.0891 4132 ql2300 - ok 15:46:01.0922 4132 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 15:46:01.0922 4132 ql40xx - ok 15:46:01.0953 4132 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 15:46:01.0953 4132 QWAVEdrv - ok 15:46:01.0985 4132 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 15:46:01.0985 4132 RasAcd - ok 15:46:02.0016 4132 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 15:46:02.0016 4132 RasAgileVpn - ok 15:46:02.0063 4132 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 15:46:02.0063 4132 Rasl2tp - ok 15:46:02.0094 4132 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 15:46:02.0094 4132 RasPppoe - ok 15:46:02.0109 4132 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 15:46:02.0109 4132 RasSstp - ok 15:46:02.0141 4132 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 15:46:02.0141 4132 rdbss - ok 15:46:02.0156 4132 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 15:46:02.0156 4132 rdpbus - ok 15:46:02.0219 4132 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 15:46:02.0219 4132 RDPCDD - ok 15:46:02.0281 4132 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 15:46:02.0281 4132 RDPENCDD - ok 15:46:02.0312 4132 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 15:46:02.0312 4132 RDPREFMP - ok 15:46:02.0343 4132 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys 15:46:02.0343 4132 RDPWD - ok 15:46:02.0406 4132 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 15:46:02.0406 4132 rdyboost - ok 15:46:02.0453 4132 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 15:46:02.0453 4132 rspndr - ok 15:46:02.0484 4132 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys 15:46:02.0484 4132 RTL8167 - ok 15:46:02.0515 4132 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 15:46:02.0515 4132 sbp2port - ok 15:46:02.0546 4132 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 15:46:02.0546 4132 scfilter - ok 15:46:02.0609 4132 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 15:46:02.0609 4132 secdrv - ok 15:46:02.0640 4132 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 15:46:02.0640 4132 Serenum - ok 15:46:02.0671 4132 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 15:46:02.0671 4132 Serial - ok 15:46:02.0702 4132 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 15:46:02.0702 4132 sermouse - ok 15:46:02.0749 4132 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 15:46:02.0749 4132 sffdisk - ok 15:46:02.0765 4132 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 15:46:02.0780 4132 sffp_mmc - ok 15:46:02.0796 4132 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 15:46:02.0796 4132 sffp_sd - ok 15:46:02.0827 4132 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 15:46:02.0827 4132 sfloppy - ok 15:46:02.0874 4132 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 15:46:02.0874 4132 SiSRaid2 - ok 15:46:02.0905 4132 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 15:46:02.0905 4132 SiSRaid4 - ok 15:46:02.0936 4132 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 15:46:02.0936 4132 Smb - ok 15:46:02.0983 4132 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 15:46:02.0983 4132 spldr - ok 15:46:03.0014 4132 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 15:46:03.0030 4132 srv - ok 15:46:03.0077 4132 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 15:46:03.0077 4132 srv2 - ok 15:46:03.0092 4132 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 15:46:03.0092 4132 srvnet - ok 15:46:03.0139 4132 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 15:46:03.0139 4132 stexstor - ok 15:46:03.0186 4132 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 15:46:03.0186 4132 swenum - ok 15:46:03.0248 4132 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys 15:46:03.0248 4132 Tcpip - ok 15:46:03.0311 4132 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys 15:46:03.0311 4132 TCPIP6 - ok 15:46:03.0357 4132 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 15:46:03.0357 4132 tcpipreg - ok 15:46:03.0389 4132 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 15:46:03.0389 4132 TDPIPE - ok 15:46:03.0420 4132 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys 15:46:03.0420 4132 TDTCP - ok 15:46:03.0482 4132 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 15:46:03.0482 4132 tdx - ok 15:46:03.0529 4132 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 15:46:03.0529 4132 TermDD - ok 15:46:03.0623 4132 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 15:46:03.0623 4132 tssecsrv - ok 15:46:03.0654 4132 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 15:46:03.0654 4132 TsUsbFlt - ok 15:46:03.0732 4132 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 15:46:03.0732 4132 tunnel - ok 15:46:03.0779 4132 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 15:46:03.0779 4132 uagp35 - ok 15:46:03.0810 4132 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 15:46:03.0810 4132 udfs - ok 15:46:03.0857 4132 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 15:46:03.0857 4132 uliagpkx - ok 15:46:03.0903 4132 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys 15:46:03.0903 4132 umbus - ok 15:46:03.0935 4132 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 15:46:03.0935 4132 UmPass - ok 15:46:03.0997 4132 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys 15:46:03.0997 4132 usbaudio - ok 15:46:04.0044 4132 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 15:46:04.0044 4132 usbccgp - ok 15:46:04.0075 4132 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 15:46:04.0075 4132 usbcir - ok 15:46:04.0106 4132 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys 15:46:04.0106 4132 usbehci - ok 15:46:04.0153 4132 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 15:46:04.0153 4132 usbhub - ok 15:46:04.0184 4132 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys 15:46:04.0184 4132 usbohci - ok 15:46:04.0200 4132 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 15:46:04.0215 4132 usbprint - ok 15:46:04.0247 4132 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 15:46:04.0247 4132 USBSTOR - ok 15:46:04.0293 4132 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys 15:46:04.0293 4132 usbuhci - ok 15:46:04.0356 4132 USB_RNDIS_VISTA (d0fe8cb5f84303e73ff0754437fad3d1) C:\Windows\system32\DRIVERS\usb8023.sys 15:46:04.0356 4132 USB_RNDIS_VISTA - ok 15:46:04.0387 4132 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 15:46:04.0403 4132 vdrvroot - ok 15:46:04.0434 4132 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 15:46:04.0434 4132 vga - ok 15:46:04.0465 4132 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 15:46:04.0465 4132 VgaSave - ok 15:46:04.0496 4132 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 15:46:04.0496 4132 vhdmp - ok 15:46:04.0512 4132 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 15:46:04.0512 4132 viaide - ok 15:46:04.0543 4132 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 15:46:04.0543 4132 volmgr - ok 15:46:04.0590 4132 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 15:46:04.0590 4132 volmgrx - ok 15:46:04.0621 4132 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 15:46:04.0637 4132 volsnap - ok 15:46:04.0668 4132 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 15:46:04.0668 4132 vsmraid - ok 15:46:04.0683 4132 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 15:46:04.0683 4132 vwifibus - ok 15:46:04.0730 4132 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 15:46:04.0730 4132 vwififlt - ok 15:46:04.0777 4132 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 15:46:04.0777 4132 WacomPen - ok 15:46:04.0824 4132 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 15:46:04.0824 4132 WANARP - ok 15:46:04.0824 4132 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 15:46:04.0824 4132 Wanarpv6 - ok 15:46:04.0871 4132 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 15:46:04.0886 4132 Wd - ok 15:46:04.0917 4132 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 15:46:04.0917 4132 Wdf01000 - ok 15:46:04.0964 4132 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 15:46:04.0964 4132 WfpLwf - ok 15:46:04.0980 4132 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 15:46:04.0980 4132 WIMMount - ok 15:46:05.0042 4132 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys 15:46:05.0042 4132 WinUsb - ok 15:46:05.0073 4132 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 15:46:05.0073 4132 WmiAcpi - ok 15:46:05.0120 4132 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 15:46:05.0120 4132 ws2ifsl - ok 15:46:05.0214 4132 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 15:46:05.0229 4132 WudfPf - ok 15:46:05.0307 4132 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 15:46:05.0307 4132 WUDFRd - ok 15:46:05.0385 4132 X6va003 - ok 15:46:05.0401 4132 MBR (0x1B8) (4bf077b4df3f4f5483a79d4ce511c7f3) \Device\Harddisk0\DR0 15:46:05.0432 4132 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected 15:46:05.0432 4132 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0) 15:46:05.0463 4132 Boot (0x1200) (981a1928fb23fc1e673f913c659cbc75) \Device\Harddisk0\DR0\Partition0 15:46:05.0463 4132 \Device\Harddisk0\DR0\Partition0 - ok 15:46:05.0479 4132 Boot (0x1200) (1b2113e8147b731e8356e034bd1547d9) \Device\Harddisk0\DR0\Partition1 15:46:05.0479 4132 \Device\Harddisk0\DR0\Partition1 - ok 15:46:05.0479 4132 ============================================================ 15:46:05.0479 4132 Scan finished 15:46:05.0479 4132 ============================================================ 15:46:05.0495 5676 Detected object count: 1 15:46:05.0495 5676 Actual detected object count: 1 15:46:12.0452 5676 \Device\Harddisk0\DR0\# - copied to quarantine 15:46:12.0452 5676 \Device\Harddisk0\DR0 - copied to quarantine 15:46:12.0468 5676 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine 15:46:12.0468 5676 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine 15:46:12.0468 5676 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine 15:46:12.0483 5676 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine 15:46:12.0499 5676 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine 15:46:12.0515 5676 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine 15:46:12.0515 5676 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine 15:46:12.0515 5676 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine 15:46:12.0515 5676 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine 15:46:12.0515 5676 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine 15:46:12.0577 5676 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot 15:46:12.0577 5676 \Device\Harddisk0\DR0 - ok 15:46:12.0577 5676 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure 15:46:21.0500 3020 Deinitialize success ComboFix 12-02-03.02 - Admin 02/03/2012 15:54:39.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7055.5765 [GMT -5:00] Running from: c:\users\Admin\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\autorun.inf c:\program files\Uninstall.exe c:\users\Admin\AppData\Roaming\Local c:\users\Admin\Favorites\Games.url c:\windows\Downloaded Program Files\popcaploader.dll c:\windows\Downloaded Program Files\popcaploader.inf c:\windows\svchost.exe . . ((((((((((((((((((((((((( Files Created from 2012-01-03 to 2012-02-03 ))))))))))))))))))))))))))))))) . . 2012-02-03 20:58 . 2012-02-03 20:58 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-02-03 20:46 . 2012-02-03 20:46 -------- d-----w- C:\TDSSKiller_Quarantine 2012-02-03 18:49 . 2012-01-17 09:39 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{90F04104-A7C7-4E7B-86E8-E9B8A5C58A21}\mpengine.dll 2012-02-03 05:36 . 2012-02-03 05:36 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-02-02 20:14 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll 2012-02-02 20:14 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll 2012-02-02 20:14 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll 2012-02-02 20:14 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll 2012-02-02 20:07 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll 2012-02-02 20:07 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll 2012-01-30 20:11 . 2012-01-30 20:11 -------- d-----w- c:\users\Admin\AppData\Roaming\Unity 2012-01-28 00:00 . 2012-01-28 00:00 -------- d-----w- c:\windows\Sun 2012-01-25 06:09 . 2012-01-25 06:09 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\DACE.tmp 2012-01-25 06:09 . 2012-01-25 06:09 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\DABE.tmp . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-01-27 05:52 . 2010-09-19 00:25 279656 ------w- c:\windows\system32\MpSigStub.exe 2011-12-10 20:24 . 2010-09-19 01:01 23152 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-11-24 04:52 . 2011-12-15 18:16 3145216 ----a-w- c:\windows\system32\win32k.sys 2011-10-22 11:06 . 2011-10-22 11:06 68272 ----a-w- c:\program files\fraps64.dat 2011-10-22 11:06 . 2011-10-22 11:06 231600 ----a-w- c:\program files\fraps32.dll 2011-10-22 11:06 . 2011-10-22 11:06 185520 ----a-w- c:\program files\fraps64.dll 2011-10-22 11:06 . 2011-10-22 11:06 2533040 ----a-w- c:\program files\fraps.exe 2011-10-22 11:04 . 2011-10-22 11:04 140288 ----a-w- c:\program files\frapslcd.dll 2011-03-08 08:03 . 2011-03-08 06:19 258352 ----a-w- c:\program files\unicows.dll 2011-03-08 08:03 . 2011-03-08 06:19 372736 ----a-w- c:\program files\ijl15.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Akamai NetSession Interface"="c:\users\Admin\AppData\Local\Akamai\netsession_win.exe" [2011-12-23 3334432] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "RunAIShell"="c:\program files (x86)\ASUS\AI Manager\AsShellApplication.exe" [2009-12-23 232064] "ASUS VIBE"="c:\program files (x86)\ASUS\ASUS VIBE\ASUS VIBE.exe" [2010-03-02 102400] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer6"=wdmaud.drv . R3 dump_wmimmc;dump_wmimmc;c:\program files\Gpotato\Flyff\GameGuard\dump_wmimmc.sys [x] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x] R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 USB_RNDIS_VISTA;Westell WireSpeed Dual Connect Modem;c:\windows\system32\DRIVERS\usb8023.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 X6va003;X6va003;c:\users\Admin\AppData\Local\Temp\003F557.tmp [x] S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x64.sys [x] S2 Device Handle Service;Device Handle Service;c:\windows\SysWOW64\AsHookDevice.exe [2009-12-23 203392] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360] S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-15 2280312] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2314240] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] Hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc Akamai REG_MULTI_SZ Akamai . Contents of the 'Scheduled Tasks' folder . 2012-02-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3037155534-168446356-2890161075-1001Core.job - c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-11 15:19] . 2012-02-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3037155534-168446356-2890161075-1001UA.job - c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-11 15:19] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-19 8067616] "SKDaemon.exe"="c:\program files\LTONHIS\Touch Manager\SKDaemon.exe" [2009-06-16 318464] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.cfnews13.com/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = 127.0.0.1:9421 IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 65.32.5.111 65.32.5.112 DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB DPF: {530F7E80-690F-438E-8A4F-E6CAECB4B6F3} - hxxp://taste.dvrdns.org/CMSPlugin.cab DPF: {6F80BF27-CB16-4589-8C6A-DB422AAB2ED9} - hxxp://taste.dvrdns.org/vcredist_x86.exe . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Toolbar-Locked - (no file) AddRemove-Fraps - c:\program files\uninstall.exe AddRemove-{FBBC4667-2521-4E78-B1BD-8706F774549B} - c:\programdata\{249B9E04-F0FC-434D-B0D8-12D3EDFF3B77}\Best Buy Software Installer Setup.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai] "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_e286960.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va003] "ImagePath"="\??\c:\users\Admin\AppData\Local\Temp\003F557.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe c:\program files (x86)\ASUS\EPU-4 Engine\FourEngine.exe . ************************************************************************** . Completion time: 2012-02-03 16:03:57 - machine was rebooted ComboFix-quarantined-files.txt 2012-02-03 21:03 . Pre-Run: 300,275,650,560 bytes free Post-Run: 300,033,708,032 bytes free . - - End Of File - - BECA44AC22CFD8B88FF1EFD1BB3FFA31
  13. 13:56:22.0108 3180 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49 13:56:22.0389 3180 ============================================================ 13:56:22.0389 3180 Current date / time: 2012/02/03 13:56:22.0389 13:56:22.0389 3180 SystemInfo: 13:56:22.0389 3180 13:56:22.0389 3180 OS Version: 6.1.7601 ServicePack: 1.0 13:56:22.0389 3180 Product type: Workstation 13:56:22.0389 3180 ComputerName: ADMIN-PC 13:56:22.0389 3180 UserName: Admin 13:56:22.0389 3180 Windows directory: C:\Windows 13:56:22.0389 3180 System windows directory: C:\Windows 13:56:22.0389 3180 Running under WOW64 13:56:22.0389 3180 Processor architecture: Intel x64 13:56:22.0389 3180 Number of processors: 4 13:56:22.0389 3180 Page size: 0x1000 13:56:22.0389 3180 Boot type: Normal boot 13:56:22.0389 3180 ============================================================ 13:56:23.0060 3180 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 13:56:23.0076 3180 \Device\Harddisk0\DR0: 13:56:23.0076 3180 MBR used 13:56:23.0076 3180 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1C5E800, BlocksNum 0x2E935000 13:56:23.0076 3180 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x30593800, BlocksNum 0x44172800 13:56:23.0107 3180 Initialize success 13:56:23.0107 3180 ============================================================ 13:56:25.0759 3116 ============================================================ 13:56:25.0759 3116 Scan started 13:56:25.0759 3116 Mode: Manual; 13:56:25.0759 3116 ============================================================ 13:56:27.0132 3116 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 13:56:27.0147 3116 1394ohci - ok 13:56:27.0288 3116 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 13:56:27.0288 3116 ACPI - ok 13:56:27.0366 3116 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 13:56:27.0366 3116 AcpiPmi - ok 13:56:27.0412 3116 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 13:56:27.0412 3116 adp94xx - ok 13:56:27.0428 3116 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 13:56:27.0444 3116 adpahci - ok 13:56:27.0459 3116 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 13:56:27.0459 3116 adpu320 - ok 13:56:27.0568 3116 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys 13:56:27.0568 3116 AFD - ok 13:56:27.0600 3116 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 13:56:27.0600 3116 agp440 - ok 13:56:27.0709 3116 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 13:56:27.0709 3116 aliide - ok 13:56:27.0740 3116 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 13:56:27.0740 3116 amdide - ok 13:56:27.0756 3116 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 13:56:27.0771 3116 AmdK8 - ok 13:56:27.0771 3116 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 13:56:27.0787 3116 AmdPPM - ok 13:56:27.0849 3116 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 13:56:27.0849 3116 amdsata - ok 13:56:27.0896 3116 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 13:56:27.0896 3116 amdsbs - ok 13:56:27.0927 3116 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 13:56:27.0927 3116 amdxata - ok 13:56:28.0021 3116 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 13:56:28.0021 3116 AppID - ok 13:56:28.0036 3116 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 13:56:28.0036 3116 arc - ok 13:56:28.0068 3116 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 13:56:28.0068 3116 arcsas - ok 13:56:28.0083 3116 AsIO - ok 13:56:28.0099 3116 AsUpIO - ok 13:56:28.0192 3116 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 13:56:28.0192 3116 AsyncMac - ok 13:56:28.0208 3116 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 13:56:28.0208 3116 atapi - ok 13:56:28.0270 3116 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 13:56:28.0270 3116 b06bdrv - ok 13:56:28.0364 3116 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 13:56:28.0364 3116 b57nd60a - ok 13:56:28.0395 3116 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 13:56:28.0395 3116 Beep - ok 13:56:28.0426 3116 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 13:56:28.0426 3116 blbdrive - ok 13:56:28.0473 3116 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 13:56:28.0473 3116 bowser - ok 13:56:28.0567 3116 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 13:56:28.0567 3116 BrFiltLo - ok 13:56:28.0598 3116 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 13:56:28.0598 3116 BrFiltUp - ok 13:56:28.0629 3116 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 13:56:28.0629 3116 Brserid - ok 13:56:28.0645 3116 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 13:56:28.0645 3116 BrSerWdm - ok 13:56:28.0723 3116 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 13:56:28.0723 3116 BrUsbMdm - ok 13:56:28.0754 3116 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 13:56:28.0754 3116 BrUsbSer - ok 13:56:28.0754 3116 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 13:56:28.0754 3116 BTHMODEM - ok 13:56:28.0785 3116 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 13:56:28.0785 3116 cdfs - ok 13:56:28.0832 3116 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys 13:56:28.0848 3116 cdrom - ok 13:56:28.0894 3116 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 13:56:28.0894 3116 circlass - ok 13:56:28.0910 3116 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 13:56:28.0910 3116 CLFS - ok 13:56:28.0988 3116 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 13:56:28.0988 3116 CmBatt - ok 13:56:29.0019 3116 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 13:56:29.0019 3116 cmdide - ok 13:56:29.0066 3116 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys 13:56:29.0066 3116 CNG - ok 13:56:29.0097 3116 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 13:56:29.0113 3116 Compbatt - ok 13:56:29.0128 3116 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 13:56:29.0128 3116 CompositeBus - ok 13:56:29.0222 3116 cpuz133 (95c88d25e211a4d52a82c53e5d93e634) C:\Windows\system32\drivers\cpuz133_x64.sys 13:56:29.0222 3116 cpuz133 - ok 13:56:29.0238 3116 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 13:56:29.0238 3116 crcdisk - ok 13:56:29.0347 3116 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 13:56:29.0347 3116 DfsC - ok 13:56:29.0378 3116 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 13:56:29.0378 3116 discache - ok 13:56:29.0425 3116 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 13:56:29.0425 3116 Disk - ok 13:56:29.0487 3116 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 13:56:29.0487 3116 drmkaud - ok 13:56:29.0534 3116 dump_wmimmc - ok 13:56:29.0596 3116 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 13:56:29.0596 3116 DXGKrnl - ok 13:56:29.0674 3116 EagleX64 - ok 13:56:29.0737 3116 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 13:56:29.0768 3116 ebdrv - ok 13:56:29.0862 3116 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 13:56:29.0862 3116 elxstor - ok 13:56:29.0908 3116 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 13:56:29.0908 3116 ErrDev - ok 13:56:29.0940 3116 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 13:56:29.0940 3116 exfat - ok 13:56:29.0971 3116 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 13:56:29.0971 3116 fastfat - ok 13:56:30.0064 3116 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 13:56:30.0064 3116 fdc - ok 13:56:30.0096 3116 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 13:56:30.0096 3116 FileInfo - ok 13:56:30.0127 3116 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 13:56:30.0127 3116 Filetrace - ok 13:56:30.0127 3116 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 13:56:30.0127 3116 flpydisk - ok 13:56:30.0158 3116 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 13:56:30.0174 3116 FltMgr - ok 13:56:30.0236 3116 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 13:56:30.0236 3116 FsDepends - ok 13:56:30.0267 3116 fssfltr (53dab1791917a72738539ad25c4eed7f) C:\Windows\system32\DRIVERS\fssfltr.sys 13:56:30.0267 3116 fssfltr - ok 13:56:30.0298 3116 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 13:56:30.0298 3116 Fs_Rec - ok 13:56:30.0330 3116 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 13:56:30.0345 3116 fvevol - ok 13:56:30.0408 3116 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 13:56:30.0423 3116 gagp30kx - ok 13:56:30.0439 3116 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 13:56:30.0439 3116 hcw85cir - ok 13:56:30.0486 3116 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 13:56:30.0486 3116 HdAudAddService - ok 13:56:30.0564 3116 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 13:56:30.0564 3116 HDAudBus - ok 13:56:30.0595 3116 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys 13:56:30.0595 3116 HECIx64 - ok 13:56:30.0626 3116 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 13:56:30.0626 3116 HidBatt - ok 13:56:30.0657 3116 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 13:56:30.0657 3116 HidBth - ok 13:56:30.0704 3116 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 13:56:30.0704 3116 HidIr - ok 13:56:30.0735 3116 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys 13:56:30.0735 3116 HidUsb - ok 13:56:30.0782 3116 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 13:56:30.0782 3116 HpSAMD - ok 13:56:30.0829 3116 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 13:56:30.0829 3116 HTTP - ok 13:56:30.0938 3116 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 13:56:30.0938 3116 hwpolicy - ok 13:56:30.0954 3116 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 13:56:30.0954 3116 i8042prt - ok 13:56:31.0032 3116 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 13:56:31.0032 3116 iaStorV - ok 13:56:31.0281 3116 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys 13:56:31.0437 3116 igfx - ok 13:56:31.0515 3116 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 13:56:31.0515 3116 iirsp - ok 13:56:31.0578 3116 IntcAzAudAddService (f04d22d7a49a1b2210dbadf0b803e870) C:\Windows\system32\drivers\RTKVHD64.sys 13:56:31.0578 3116 IntcAzAudAddService - ok 13:56:31.0687 3116 IntcDAud (49072edbc5c2f964917d1b585c90ed0a) C:\Windows\system32\DRIVERS\IntcDAud.sys 13:56:31.0687 3116 IntcDAud - ok 13:56:31.0718 3116 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 13:56:31.0718 3116 intelide - ok 13:56:31.0749 3116 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 13:56:31.0749 3116 intelppm - ok 13:56:31.0843 3116 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 13:56:31.0843 3116 IpFilterDriver - ok 13:56:31.0874 3116 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 13:56:31.0874 3116 IPMIDRV - ok 13:56:31.0921 3116 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 13:56:31.0921 3116 IPNAT - ok 13:56:31.0952 3116 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 13:56:31.0952 3116 IRENUM - ok 13:56:32.0014 3116 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 13:56:32.0014 3116 isapnp - ok 13:56:32.0061 3116 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 13:56:32.0061 3116 iScsiPrt - ok 13:56:32.0077 3116 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys 13:56:32.0077 3116 kbdclass - ok 13:56:32.0108 3116 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys 13:56:32.0108 3116 kbdhid - ok 13:56:32.0186 3116 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys 13:56:32.0186 3116 KSecDD - ok 13:56:32.0217 3116 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys 13:56:32.0217 3116 KSecPkg - ok 13:56:32.0248 3116 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 13:56:32.0248 3116 ksthunk - ok 13:56:32.0529 3116 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 13:56:32.0545 3116 lltdio - ok 13:56:32.0576 3116 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 13:56:32.0576 3116 LSI_FC - ok 13:56:32.0592 3116 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 13:56:32.0592 3116 LSI_SAS - ok 13:56:32.0607 3116 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 13:56:32.0607 3116 LSI_SAS2 - ok 13:56:32.0623 3116 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 13:56:32.0623 3116 LSI_SCSI - ok 13:56:32.0685 3116 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 13:56:32.0701 3116 luafv - ok 13:56:32.0716 3116 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys 13:56:32.0716 3116 MBAMProtector - ok 13:56:32.0748 3116 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 13:56:32.0748 3116 megasas - ok 13:56:32.0779 3116 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 13:56:32.0779 3116 MegaSR - ok 13:56:32.0841 3116 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 13:56:32.0841 3116 Modem - ok 13:56:32.0857 3116 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 13:56:32.0857 3116 monitor - ok 13:56:32.0872 3116 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys 13:56:32.0872 3116 mouclass - ok 13:56:32.0904 3116 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 13:56:32.0904 3116 mouhid - ok 13:56:32.0982 3116 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 13:56:32.0982 3116 mountmgr - ok 13:56:33.0013 3116 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 13:56:33.0013 3116 mpio - ok 13:56:33.0028 3116 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 13:56:33.0028 3116 mpsdrv - ok 13:56:33.0044 3116 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 13:56:33.0044 3116 MRxDAV - ok 13:56:33.0122 3116 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 13:56:33.0122 3116 mrxsmb - ok 13:56:33.0138 3116 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 13:56:33.0138 3116 mrxsmb10 - ok 13:56:33.0153 3116 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 13:56:33.0153 3116 mrxsmb20 - ok 13:56:33.0184 3116 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 13:56:33.0184 3116 msahci - ok 13:56:33.0247 3116 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 13:56:33.0247 3116 msdsm - ok 13:56:33.0278 3116 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 13:56:33.0278 3116 Msfs - ok 13:56:33.0294 3116 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 13:56:33.0294 3116 mshidkmdf - ok 13:56:33.0325 3116 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 13:56:33.0325 3116 msisadrv - ok 13:56:33.0387 3116 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 13:56:33.0387 3116 MSKSSRV - ok 13:56:33.0403 3116 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 13:56:33.0403 3116 MSPCLOCK - ok 13:56:33.0418 3116 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 13:56:33.0418 3116 MSPQM - ok 13:56:33.0450 3116 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 13:56:33.0450 3116 MsRPC - ok 13:56:33.0481 3116 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 13:56:33.0481 3116 mssmbios - ok 13:56:33.0543 3116 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 13:56:33.0543 3116 MSTEE - ok 13:56:33.0574 3116 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 13:56:33.0574 3116 MTConfig - ok 13:56:33.0606 3116 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys 13:56:33.0606 3116 MTsensor - ok 13:56:33.0621 3116 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 13:56:33.0621 3116 Mup - ok 13:56:33.0684 3116 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 13:56:33.0684 3116 NativeWifiP - ok 13:56:33.0730 3116 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 13:56:33.0730 3116 NDIS - ok 13:56:33.0762 3116 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 13:56:33.0762 3116 NdisCap - ok 13:56:33.0777 3116 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 13:56:33.0777 3116 NdisTapi - ok 13:56:33.0793 3116 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 13:56:33.0793 3116 Ndisuio - ok 13:56:33.0840 3116 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 13:56:33.0840 3116 NdisWan - ok 13:56:33.0871 3116 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 13:56:33.0871 3116 NDProxy - ok 13:56:33.0933 3116 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 13:56:33.0933 3116 NetBIOS - ok 13:56:33.0980 3116 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 13:56:33.0980 3116 NetBT - ok 13:56:34.0027 3116 netr28x (b72bb9496a126fcfc7fc5945ded9b411) C:\Windows\system32\DRIVERS\netr28x.sys 13:56:34.0027 3116 netr28x - ok 13:56:34.0074 3116 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 13:56:34.0074 3116 nfrd960 - ok 13:56:34.0120 3116 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 13:56:34.0120 3116 Npfs - ok 13:56:34.0167 3116 NPPTNT2 - ok 13:56:34.0198 3116 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 13:56:34.0198 3116 nsiproxy - ok 13:56:34.0245 3116 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 13:56:34.0261 3116 Ntfs - ok 13:56:34.0323 3116 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 13:56:34.0323 3116 Null - ok 13:56:34.0370 3116 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 13:56:34.0370 3116 nvraid - ok 13:56:34.0386 3116 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 13:56:34.0401 3116 nvstor - ok 13:56:34.0464 3116 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 13:56:34.0464 3116 nv_agp - ok 13:56:34.0495 3116 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 13:56:34.0495 3116 ohci1394 - ok 13:56:34.0588 3116 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 13:56:34.0588 3116 Parport - ok 13:56:34.0620 3116 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys 13:56:34.0620 3116 partmgr - ok 13:56:34.0651 3116 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 13:56:34.0651 3116 pci - ok 13:56:34.0682 3116 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 13:56:34.0682 3116 pciide - ok 13:56:34.0744 3116 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 13:56:34.0744 3116 pcmcia - ok 13:56:34.0760 3116 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 13:56:34.0760 3116 pcw - ok 13:56:34.0791 3116 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 13:56:34.0807 3116 PEAUTH - ok 13:56:34.0900 3116 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 13:56:34.0900 3116 PptpMiniport - ok 13:56:34.0932 3116 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 13:56:34.0932 3116 Processor - ok 13:56:34.0978 3116 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 13:56:34.0978 3116 Psched - ok 13:56:35.0010 3116 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 13:56:35.0025 3116 ql2300 - ok 13:56:35.0072 3116 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 13:56:35.0072 3116 ql40xx - ok 13:56:35.0103 3116 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 13:56:35.0119 3116 QWAVEdrv - ok 13:56:35.0134 3116 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 13:56:35.0134 3116 RasAcd - ok 13:56:35.0150 3116 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 13:56:35.0150 3116 RasAgileVpn - ok 13:56:35.0181 3116 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 13:56:35.0181 3116 Rasl2tp - ok 13:56:35.0244 3116 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 13:56:35.0244 3116 RasPppoe - ok 13:56:35.0259 3116 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 13:56:35.0259 3116 RasSstp - ok 13:56:35.0306 3116 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 13:56:35.0306 3116 rdbss - ok 13:56:35.0322 3116 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 13:56:35.0322 3116 rdpbus - ok 13:56:35.0368 3116 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 13:56:35.0368 3116 RDPCDD - ok 13:56:35.0400 3116 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 13:56:35.0400 3116 RDPENCDD - ok 13:56:35.0446 3116 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 13:56:35.0446 3116 RDPREFMP - ok 13:56:35.0462 3116 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys 13:56:35.0478 3116 RDPWD - ok 13:56:35.0493 3116 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 13:56:35.0493 3116 rdyboost - ok 13:56:35.0556 3116 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 13:56:35.0556 3116 rspndr - ok 13:56:35.0618 3116 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys 13:56:35.0618 3116 RTL8167 - ok 13:56:35.0649 3116 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 13:56:35.0649 3116 sbp2port - ok 13:56:35.0712 3116 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 13:56:35.0712 3116 scfilter - ok 13:56:35.0758 3116 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 13:56:35.0758 3116 secdrv - ok 13:56:35.0790 3116 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 13:56:35.0790 3116 Serenum - ok 13:56:35.0836 3116 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 13:56:35.0836 3116 Serial - ok 13:56:35.0868 3116 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 13:56:35.0868 3116 sermouse - ok 13:56:35.0899 3116 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 13:56:35.0899 3116 sffdisk - ok 13:56:35.0899 3116 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 13:56:35.0899 3116 sffp_mmc - ok 13:56:35.0914 3116 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 13:56:35.0914 3116 sffp_sd - ok 13:56:35.0961 3116 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 13:56:35.0961 3116 sfloppy - ok 13:56:35.0992 3116 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 13:56:35.0992 3116 SiSRaid2 - ok 13:56:36.0008 3116 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 13:56:36.0008 3116 SiSRaid4 - ok 13:56:36.0024 3116 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 13:56:36.0039 3116 Smb - ok 13:56:36.0086 3116 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 13:56:36.0086 3116 spldr - ok 13:56:36.0133 3116 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 13:56:36.0133 3116 srv - ok 13:56:36.0180 3116 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 13:56:36.0180 3116 srv2 - ok 13:56:36.0211 3116 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 13:56:36.0211 3116 srvnet - ok 13:56:36.0273 3116 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 13:56:36.0273 3116 stexstor - ok 13:56:36.0304 3116 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 13:56:36.0304 3116 swenum - ok 13:56:36.0382 3116 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys 13:56:36.0398 3116 Tcpip - ok 13:56:36.0460 3116 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys 13:56:36.0460 3116 TCPIP6 - ok 13:56:36.0476 3116 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 13:56:36.0476 3116 tcpipreg - ok 13:56:36.0523 3116 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 13:56:36.0523 3116 TDPIPE - ok 13:56:36.0523 3116 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys 13:56:36.0538 3116 TDTCP - ok 13:56:36.0554 3116 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 13:56:36.0554 3116 tdx - ok 13:56:36.0632 3116 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 13:56:36.0632 3116 TermDD - ok 13:56:36.0679 3116 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 13:56:36.0679 3116 tssecsrv - ok 13:56:36.0726 3116 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 13:56:36.0726 3116 TsUsbFlt - ok 13:56:36.0804 3116 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 13:56:36.0804 3116 tunnel - ok 13:56:36.0835 3116 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 13:56:36.0835 3116 uagp35 - ok 13:56:36.0866 3116 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 13:56:36.0866 3116 udfs - ok 13:56:36.0944 3116 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 13:56:36.0944 3116 uliagpkx - ok 13:56:36.0960 3116 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys 13:56:36.0960 3116 umbus - ok 13:56:36.0991 3116 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 13:56:36.0991 3116 UmPass - ok 13:56:37.0038 3116 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys 13:56:37.0038 3116 usbaudio - ok 13:56:37.0084 3116 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 13:56:37.0084 3116 usbccgp - ok 13:56:37.0131 3116 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 13:56:37.0131 3116 usbcir - ok 13:56:37.0162 3116 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys 13:56:37.0162 3116 usbehci - ok 13:56:37.0194 3116 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 13:56:37.0194 3116 usbhub - ok 13:56:37.0256 3116 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys 13:56:37.0256 3116 usbohci - ok 13:56:37.0287 3116 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 13:56:37.0287 3116 usbprint - ok 13:56:37.0303 3116 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 13:56:37.0303 3116 USBSTOR - ok 13:56:37.0318 3116 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys 13:56:37.0318 3116 usbuhci - ok 13:56:37.0334 3116 USB_RNDIS_VISTA (d0fe8cb5f84303e73ff0754437fad3d1) C:\Windows\system32\DRIVERS\usb8023.sys 13:56:37.0334 3116 USB_RNDIS_VISTA - ok 13:56:37.0396 3116 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 13:56:37.0396 3116 vdrvroot - ok 13:56:37.0443 3116 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 13:56:37.0443 3116 vga - ok 13:56:37.0443 3116 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 13:56:37.0443 3116 VgaSave - ok 13:56:37.0459 3116 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 13:56:37.0474 3116 vhdmp - ok 13:56:37.0490 3116 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 13:56:37.0490 3116 viaide - ok 13:56:37.0552 3116 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 13:56:37.0552 3116 volmgr - ok 13:56:37.0693 3116 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 13:56:37.0724 3116 volmgrx - ok 13:56:37.0740 3116 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 13:56:37.0740 3116 volsnap - ok 13:56:37.0802 3116 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 13:56:37.0802 3116 vsmraid - ok 13:56:37.0849 3116 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 13:56:37.0849 3116 vwifibus - ok 13:56:37.0864 3116 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 13:56:37.0864 3116 vwififlt - ok 13:56:37.0896 3116 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 13:56:37.0896 3116 WacomPen - ok 13:56:37.0942 3116 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 13:56:37.0942 3116 WANARP - ok 13:56:37.0958 3116 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 13:56:37.0958 3116 Wanarpv6 - ok 13:56:37.0989 3116 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 13:56:37.0989 3116 Wd - ok 13:56:38.0020 3116 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 13:56:38.0020 3116 Wdf01000 - ok 13:56:38.0083 3116 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 13:56:38.0083 3116 WfpLwf - ok 13:56:38.0114 3116 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 13:56:38.0114 3116 WIMMount - ok 13:56:38.0208 3116 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys 13:56:38.0208 3116 WinUsb - ok 13:56:38.0270 3116 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 13:56:38.0270 3116 WmiAcpi - ok 13:56:38.0301 3116 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 13:56:38.0301 3116 ws2ifsl - ok 13:56:38.0348 3116 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 13:56:38.0348 3116 WudfPf - ok 13:56:38.0410 3116 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 13:56:38.0410 3116 WUDFRd - ok 13:56:38.0457 3116 X6va003 - ok 13:56:38.0488 3116 MBR (0x1B8) (4bf077b4df3f4f5483a79d4ce511c7f3) \Device\Harddisk0\DR0 13:56:38.0504 3116 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected 13:56:38.0504 3116 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0) 13:56:38.0535 3116 Boot (0x1200) (981a1928fb23fc1e673f913c659cbc75) \Device\Harddisk0\DR0\Partition0 13:56:38.0535 3116 \Device\Harddisk0\DR0\Partition0 - ok 13:56:38.0551 3116 Boot (0x1200) (1b2113e8147b731e8356e034bd1547d9) \Device\Harddisk0\DR0\Partition1 13:56:38.0551 3116 \Device\Harddisk0\DR0\Partition1 - ok 13:56:38.0551 3116 ============================================================ 13:56:38.0551 3116 Scan finished 13:56:38.0551 3116 ============================================================ 13:56:38.0566 5076 Detected object count: 1 13:56:38.0566 5076 Actual detected object count: 1 13:56:57.0474 5076 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - skipped by user 13:56:57.0474 5076 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Skip 13:58:08.0797 1076 Deinitialize success
  14. Today is my day off, I'm on ready and willing to get this fixed, you got me all day, please let me know if more info is needed so I can get started with a fix.
  15. I keep getting outgoing blocks from MBAM and if I scan svchost.exe is infected yet it wont fix/removed the problem no matter how many times I scan/remove/restart. Requested DDS file DDS.txt Was just reading that you need to post it rather then link it sorry about that. . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7601.17514 Run by Admin at 15:38:26 on 2012-02-02 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7055.5248 [GMT -5:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\SysWOW64\svchost.exe -k Akamai C:\Windows\SysWOW64\AsHookDevice.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\LTONHIS\Touch Manager\SKDaemon.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Users\Admin\AppData\Local\Akamai\netsession_win.exe C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Users\Admin\AppData\Local\Akamai\netsession_win.exe C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe -netsvcs C:\Windows\system32\conhost.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.cfnews13.com/ uInternet Settings,ProxyOverride = 127.0.0.1:9421 mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File uRun: [Akamai NetSession Interface] "C:\Users\Admin\AppData\Local\Akamai\netsession_win.exe" uRun: [Google Update] "C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun mRun: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe mRun: [ASUS VIBE] C:\Program Files (x86)\ASUS\ASUS VIBE\ASUS VIBE.exe /S mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB DPF: {530F7E80-690F-438E-8A4F-E6CAECB4B6F3} - hxxp://taste.dvrdns.org/CMSPlugin.cab DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab DPF: {6F80BF27-CB16-4589-8C6A-DB422AAB2ED9} - hxxp://taste.dvrdns.org/vcredist_x86.exe DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} - hxxp://www.shockwave.com/content/feedingfrenzy/sis/SproutLauncher.cab DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} - hxxp://zone.msn.com/bingame/cnma/default/cinematycoon.cab DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.shockwave.com/content/bejeweled2/sis/popcaploader_v10.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 65.32.5.111 65.32.5.112 TCP: Interfaces\{B115E509-5C33-4517-9410-62410AF08CF7} : DhcpNameServer = 65.32.5.111 65.32.5.112 BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File mRun-x64: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe mRun-x64: [ASUS VIBE] C:\Program Files (x86)\ASUS\ASUS VIBE\ASUS VIBE.exe /S mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript . ============= SERVICES / DRIVERS =============== . R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952] R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992] R2 cpuz133;cpuz133;\??\C:\Windows\system32\drivers\cpuz133_x64.sys --> C:\Windows\system32\drivers\cpuz133_x64.sys [?] R2 Device Handle Service;Device Handle Service;C:\Windows\SysWOW64\AsHookDevice.exe [2010-4-27 203392] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-2 652360] R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-4-15 2280312] R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-4-27 2314240] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2009-8-5 704864] S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?] S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 USB_RNDIS_VISTA;Westell WireSpeed Dual Connect Modem;C:\Windows\system32\DRIVERS\usb8023.sys --> C:\Windows\system32\DRIVERS\usb8023.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-02-02 20:07:41 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{ED6B67CF-16DB-4D88-8996-A0D395D9719F}\mpengine.dll 2012-02-02 20:01:53 20480 ------w- C:\Windows\svchost.exe 2012-01-30 20:11:38 -------- d-----w- C:\Users\Admin\AppData\Roaming\Unity 2012-01-25 06:09:52 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\DACE.tmp 2012-01-25 06:09:52 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\DABE.tmp . ==================== Find3M ==================== . 2011-12-10 20:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys 2011-12-07 15:39:10 279096 ------w- C:\Windows\System32\MpSigStub.exe 2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys 2011-11-09 21:11:57 40445 ----a-w- C:\Program Files\uninstall.exe 2011-11-05 05:41:43 1188864 ----a-w- C:\Windows\System32\wininet.dll 2011-11-05 05:32:50 2048 ----a-w- C:\Windows\System32\tzres.dll 2011-11-05 04:35:00 981504 ----a-w- C:\Windows\SysWow64\wininet.dll 2011-11-05 04:26:03 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2011-11-05 03:32:47 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2011-11-05 02:48:51 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2011-10-22 11:06:32 68272 ----a-w- C:\Program Files\fraps64.dat 2011-10-22 11:06:32 231600 ----a-w- C:\Program Files\fraps32.dll 2011-10-22 11:06:32 185520 ----a-w- C:\Program Files\fraps64.dll 2011-10-22 11:06:30 2533040 ----a-w- C:\Program Files\fraps.exe 2011-10-22 11:04:34 140288 ----a-w- C:\Program Files\frapslcd.dll 2011-03-08 08:03:37 258352 ----a-w- C:\Program Files\unicows.dll 2011-03-08 08:03:10 372736 ----a-w- C:\Program Files\ijl15.dll . ============= FINISH: 15:39:05.57 ===============
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.