Jump to content


Photo
- - - - -

svchost.exe is not being removed/fixed


  • This topic is locked This topic is locked
26 replies to this topic

#1 huntibilis

huntibilis

    New Member

  • Members
  • Pip
  • 16 posts

Posted 02 February 2012 - 03:55 PM

I keep getting outgoing blocks from MBAM and if I scan svchost.exe is infected yet it wont fix/removed the problem no matter how many times I scan/remove/restart.

Requested DDS file
Attached File  DDS.txt   11.95KB   16 downloads

Was just reading that you need to post it rather then link it sorry about that.


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Admin at 15:38:26 on 2012-02-02
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7055.5248 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Windows\SysWOW64\AsHookDevice.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\LTONHIS\Touch Manager\SKDaemon.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Users\Admin\AppData\Local\Akamai\netsession_win.exe
C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Admin\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.cfnews13.com/
uInternet Settings,ProxyOverride = 127.0.0.1:9421
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Akamai NetSession Interface] "C:\Users\Admin\AppData\Local\Akamai\netsession_win.exe"
uRun: [Google Update] "C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
mRun: [ASUS VIBE] C:\Program Files (x86)\ASUS\ASUS VIBE\ASUS VIBE.exe /S
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {530F7E80-690F-438E-8A4F-E6CAECB4B6F3} - hxxp://taste.dvrdns.org/CMSPlugin.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6F80BF27-CB16-4589-8C6A-DB422AAB2ED9} - hxxp://taste.dvrdns.org/vcredist_x86.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} - hxxp://www.shockwave.com/content/feedingfrenzy/sis/SproutLauncher.cab
DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} - hxxp://zone.msn.com/bingame/cnma/default/cinematycoon.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.shockwave.com/content/bejeweled2/sis/popcaploader_v10.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{B115E509-5C33-4517-9410-62410AF08CF7} : DhcpNameServer = 65.32.5.111 65.32.5.112
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
mRun-x64: [ASUS VIBE] C:\Program Files (x86)\ASUS\ASUS VIBE\ASUS VIBE.exe /S
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 cpuz133;cpuz133;\??\C:\Windows\system32\drivers\cpuz133_x64.sys --> C:\Windows\system32\drivers\cpuz133_x64.sys [?]
R2 Device Handle Service;Device Handle Service;C:\Windows\SysWOW64\AsHookDevice.exe [2010-4-27 203392]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-2 652360]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-4-15 2280312]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-4-27 2314240]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2009-8-5 704864]
S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USB_RNDIS_VISTA;Westell WireSpeed Dual Connect Modem;C:\Windows\system32\DRIVERS\usb8023.sys --> C:\Windows\system32\DRIVERS\usb8023.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-02-02 20:07:41 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{ED6B67CF-16DB-4D88-8996-A0D395D9719F}\mpengine.dll
2012-02-02 20:01:53 20480 ------w- C:\Windows\svchost.exe
2012-01-30 20:11:38 -------- d-----w- C:\Users\Admin\AppData\Roaming\Unity
2012-01-25 06:09:52 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\DACE.tmp
2012-01-25 06:09:52 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\DABE.tmp
.
==================== Find3M ====================
.
2011-12-10 20:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-12-07 15:39:10 279096 ------w- C:\Windows\System32\MpSigStub.exe
2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-11-09 21:11:57 40445 ----a-w- C:\Program Files\uninstall.exe
2011-11-05 05:41:43 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-11-05 05:32:50 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-11-05 04:35:00 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-05 04:26:03 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-11-05 03:32:47 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-05 02:48:51 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-10-22 11:06:32 68272 ----a-w- C:\Program Files\fraps64.dat
2011-10-22 11:06:32 231600 ----a-w- C:\Program Files\fraps32.dll
2011-10-22 11:06:32 185520 ----a-w- C:\Program Files\fraps64.dll
2011-10-22 11:06:30 2533040 ----a-w- C:\Program Files\fraps.exe
2011-10-22 11:04:34 140288 ----a-w- C:\Program Files\frapslcd.dll
2011-03-08 08:03:37 258352 ----a-w- C:\Program Files\unicows.dll
2011-03-08 08:03:10 372736 ----a-w- C:\Program Files\ijl15.dll
.
============= FINISH: 15:39:05.57 ===============

#2 huntibilis

huntibilis

    New Member

  • Members
  • Pip
  • 16 posts

Posted 02 February 2012 - 04:55 PM

Today is my day off, I'm on ready and willing to get this fixed, you got me all day, please let me know if more info is needed so I can get started with a fix.

#3 Larusso

Larusso

    Selecta Jahrusso

  • Experts
  • PipPipPipPipPip
  • 907 posts
  • Gender:Male
  • Location:Austria
  • Interests:Dancehall DJing, Fighting against Babilon, Bodybuilding

Posted 03 February 2012 - 02:48 AM

:welcome:
Hy
my name is Daniel and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.
  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.



Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.exe and save it to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt
Please post the contents of that log in your next reply.



Please post in your next reply
TDSSKiller Log

regards, Daniel

There will never be peace in a war so I don't understand what they are fighting for

I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif
 


#4 huntibilis

huntibilis

    New Member

  • Members
  • Pip
  • 16 posts

Posted 03 February 2012 - 02:00 PM

13:56:22.0108 3180 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
13:56:22.0389 3180 ============================================================
13:56:22.0389 3180 Current date / time: 2012/02/03 13:56:22.0389
13:56:22.0389 3180 SystemInfo:
13:56:22.0389 3180
13:56:22.0389 3180 OS Version: 6.1.7601 ServicePack: 1.0
13:56:22.0389 3180 Product type: Workstation
13:56:22.0389 3180 ComputerName: ADMIN-PC
13:56:22.0389 3180 UserName: Admin
13:56:22.0389 3180 Windows directory: C:\Windows
13:56:22.0389 3180 System windows directory: C:\Windows
13:56:22.0389 3180 Running under WOW64
13:56:22.0389 3180 Processor architecture: Intel x64
13:56:22.0389 3180 Number of processors: 4
13:56:22.0389 3180 Page size: 0x1000
13:56:22.0389 3180 Boot type: Normal boot
13:56:22.0389 3180 ============================================================
13:56:23.0060 3180 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:56:23.0076 3180 \Device\Harddisk0\DR0:
13:56:23.0076 3180 MBR used
13:56:23.0076 3180 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1C5E800, BlocksNum 0x2E935000
13:56:23.0076 3180 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x30593800, BlocksNum 0x44172800
13:56:23.0107 3180 Initialize success
13:56:23.0107 3180 ============================================================
13:56:25.0759 3116 ============================================================
13:56:25.0759 3116 Scan started
13:56:25.0759 3116 Mode: Manual;
13:56:25.0759 3116 ============================================================
13:56:27.0132 3116 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
13:56:27.0147 3116 1394ohci - ok
13:56:27.0288 3116 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
13:56:27.0288 3116 ACPI - ok
13:56:27.0366 3116 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
13:56:27.0366 3116 AcpiPmi - ok
13:56:27.0412 3116 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
13:56:27.0412 3116 adp94xx - ok
13:56:27.0428 3116 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
13:56:27.0444 3116 adpahci - ok
13:56:27.0459 3116 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
13:56:27.0459 3116 adpu320 - ok
13:56:27.0568 3116 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
13:56:27.0568 3116 AFD - ok
13:56:27.0600 3116 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
13:56:27.0600 3116 agp440 - ok
13:56:27.0709 3116 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
13:56:27.0709 3116 aliide - ok
13:56:27.0740 3116 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
13:56:27.0740 3116 amdide - ok
13:56:27.0756 3116 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
13:56:27.0771 3116 AmdK8 - ok
13:56:27.0771 3116 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
13:56:27.0787 3116 AmdPPM - ok
13:56:27.0849 3116 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
13:56:27.0849 3116 amdsata - ok
13:56:27.0896 3116 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
13:56:27.0896 3116 amdsbs - ok
13:56:27.0927 3116 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
13:56:27.0927 3116 amdxata - ok
13:56:28.0021 3116 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
13:56:28.0021 3116 AppID - ok
13:56:28.0036 3116 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
13:56:28.0036 3116 arc - ok
13:56:28.0068 3116 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
13:56:28.0068 3116 arcsas - ok
13:56:28.0083 3116 AsIO - ok
13:56:28.0099 3116 AsUpIO - ok
13:56:28.0192 3116 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:56:28.0192 3116 AsyncMac - ok
13:56:28.0208 3116 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
13:56:28.0208 3116 atapi - ok
13:56:28.0270 3116 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
13:56:28.0270 3116 b06bdrv - ok
13:56:28.0364 3116 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:56:28.0364 3116 b57nd60a - ok
13:56:28.0395 3116 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:56:28.0395 3116 Beep - ok
13:56:28.0426 3116 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:56:28.0426 3116 blbdrive - ok
13:56:28.0473 3116 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
13:56:28.0473 3116 bowser - ok
13:56:28.0567 3116 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:56:28.0567 3116 BrFiltLo - ok
13:56:28.0598 3116 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:56:28.0598 3116 BrFiltUp - ok
13:56:28.0629 3116 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:56:28.0629 3116 Brserid - ok
13:56:28.0645 3116 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:56:28.0645 3116 BrSerWdm - ok
13:56:28.0723 3116 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:56:28.0723 3116 BrUsbMdm - ok
13:56:28.0754 3116 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:56:28.0754 3116 BrUsbSer - ok
13:56:28.0754 3116 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
13:56:28.0754 3116 BTHMODEM - ok
13:56:28.0785 3116 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:56:28.0785 3116 cdfs - ok
13:56:28.0832 3116 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
13:56:28.0848 3116 cdrom - ok
13:56:28.0894 3116 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
13:56:28.0894 3116 circlass - ok
13:56:28.0910 3116 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:56:28.0910 3116 CLFS - ok
13:56:28.0988 3116 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
13:56:28.0988 3116 CmBatt - ok
13:56:29.0019 3116 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
13:56:29.0019 3116 cmdide - ok
13:56:29.0066 3116 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
13:56:29.0066 3116 CNG - ok
13:56:29.0097 3116 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
13:56:29.0113 3116 Compbatt - ok
13:56:29.0128 3116 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
13:56:29.0128 3116 CompositeBus - ok
13:56:29.0222 3116 cpuz133 (95c88d25e211a4d52a82c53e5d93e634) C:\Windows\system32\drivers\cpuz133_x64.sys
13:56:29.0222 3116 cpuz133 - ok
13:56:29.0238 3116 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
13:56:29.0238 3116 crcdisk - ok
13:56:29.0347 3116 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
13:56:29.0347 3116 DfsC - ok
13:56:29.0378 3116 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:56:29.0378 3116 discache - ok
13:56:29.0425 3116 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
13:56:29.0425 3116 Disk - ok
13:56:29.0487 3116 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:56:29.0487 3116 drmkaud - ok
13:56:29.0534 3116 dump_wmimmc - ok
13:56:29.0596 3116 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
13:56:29.0596 3116 DXGKrnl - ok
13:56:29.0674 3116 EagleX64 - ok
13:56:29.0737 3116 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
13:56:29.0768 3116 ebdrv - ok
13:56:29.0862 3116 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
13:56:29.0862 3116 elxstor - ok
13:56:29.0908 3116 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
13:56:29.0908 3116 ErrDev - ok
13:56:29.0940 3116 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:56:29.0940 3116 exfat - ok
13:56:29.0971 3116 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:56:29.0971 3116 fastfat - ok
13:56:30.0064 3116 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
13:56:30.0064 3116 fdc - ok
13:56:30.0096 3116 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:56:30.0096 3116 FileInfo - ok
13:56:30.0127 3116 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:56:30.0127 3116 Filetrace - ok
13:56:30.0127 3116 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
13:56:30.0127 3116 flpydisk - ok
13:56:30.0158 3116 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
13:56:30.0174 3116 FltMgr - ok
13:56:30.0236 3116 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:56:30.0236 3116 FsDepends - ok
13:56:30.0267 3116 fssfltr (53dab1791917a72738539ad25c4eed7f) C:\Windows\system32\DRIVERS\fssfltr.sys
13:56:30.0267 3116 fssfltr - ok
13:56:30.0298 3116 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
13:56:30.0298 3116 Fs_Rec - ok
13:56:30.0330 3116 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:56:30.0345 3116 fvevol - ok
13:56:30.0408 3116 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:56:30.0423 3116 gagp30kx - ok
13:56:30.0439 3116 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:56:30.0439 3116 hcw85cir - ok
13:56:30.0486 3116 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
13:56:30.0486 3116 HdAudAddService - ok
13:56:30.0564 3116 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
13:56:30.0564 3116 HDAudBus - ok
13:56:30.0595 3116 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
13:56:30.0595 3116 HECIx64 - ok
13:56:30.0626 3116 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
13:56:30.0626 3116 HidBatt - ok
13:56:30.0657 3116 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
13:56:30.0657 3116 HidBth - ok
13:56:30.0704 3116 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
13:56:30.0704 3116 HidIr - ok
13:56:30.0735 3116 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
13:56:30.0735 3116 HidUsb - ok
13:56:30.0782 3116 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
13:56:30.0782 3116 HpSAMD - ok
13:56:30.0829 3116 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
13:56:30.0829 3116 HTTP - ok
13:56:30.0938 3116 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
13:56:30.0938 3116 hwpolicy - ok
13:56:30.0954 3116 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
13:56:30.0954 3116 i8042prt - ok
13:56:31.0032 3116 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
13:56:31.0032 3116 iaStorV - ok
13:56:31.0281 3116 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
13:56:31.0437 3116 igfx - ok
13:56:31.0515 3116 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
13:56:31.0515 3116 iirsp - ok
13:56:31.0578 3116 IntcAzAudAddService (f04d22d7a49a1b2210dbadf0b803e870) C:\Windows\system32\drivers\RTKVHD64.sys
13:56:31.0578 3116 IntcAzAudAddService - ok
13:56:31.0687 3116 IntcDAud (49072edbc5c2f964917d1b585c90ed0a) C:\Windows\system32\DRIVERS\IntcDAud.sys
13:56:31.0687 3116 IntcDAud - ok
13:56:31.0718 3116 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
13:56:31.0718 3116 intelide - ok
13:56:31.0749 3116 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:56:31.0749 3116 intelppm - ok
13:56:31.0843 3116 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:56:31.0843 3116 IpFilterDriver - ok
13:56:31.0874 3116 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
13:56:31.0874 3116 IPMIDRV - ok
13:56:31.0921 3116 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:56:31.0921 3116 IPNAT - ok
13:56:31.0952 3116 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:56:31.0952 3116 IRENUM - ok
13:56:32.0014 3116 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
13:56:32.0014 3116 isapnp - ok
13:56:32.0061 3116 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
13:56:32.0061 3116 iScsiPrt - ok
13:56:32.0077 3116 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
13:56:32.0077 3116 kbdclass - ok
13:56:32.0108 3116 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
13:56:32.0108 3116 kbdhid - ok
13:56:32.0186 3116 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
13:56:32.0186 3116 KSecDD - ok
13:56:32.0217 3116 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
13:56:32.0217 3116 KSecPkg - ok
13:56:32.0248 3116 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:56:32.0248 3116 ksthunk - ok
13:56:32.0529 3116 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:56:32.0545 3116 lltdio - ok
13:56:32.0576 3116 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:56:32.0576 3116 LSI_FC - ok
13:56:32.0592 3116 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:56:32.0592 3116 LSI_SAS - ok
13:56:32.0607 3116 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:56:32.0607 3116 LSI_SAS2 - ok
13:56:32.0623 3116 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:56:32.0623 3116 LSI_SCSI - ok
13:56:32.0685 3116 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:56:32.0701 3116 luafv - ok
13:56:32.0716 3116 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
13:56:32.0716 3116 MBAMProtector - ok
13:56:32.0748 3116 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
13:56:32.0748 3116 megasas - ok
13:56:32.0779 3116 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
13:56:32.0779 3116 MegaSR - ok
13:56:32.0841 3116 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:56:32.0841 3116 Modem - ok
13:56:32.0857 3116 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:56:32.0857 3116 monitor - ok
13:56:32.0872 3116 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
13:56:32.0872 3116 mouclass - ok
13:56:32.0904 3116 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:56:32.0904 3116 mouhid - ok
13:56:32.0982 3116 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
13:56:32.0982 3116 mountmgr - ok
13:56:33.0013 3116 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
13:56:33.0013 3116 mpio - ok
13:56:33.0028 3116 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:56:33.0028 3116 mpsdrv - ok
13:56:33.0044 3116 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
13:56:33.0044 3116 MRxDAV - ok
13:56:33.0122 3116 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:56:33.0122 3116 mrxsmb - ok
13:56:33.0138 3116 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:56:33.0138 3116 mrxsmb10 - ok
13:56:33.0153 3116 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:56:33.0153 3116 mrxsmb20 - ok
13:56:33.0184 3116 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
13:56:33.0184 3116 msahci - ok
13:56:33.0247 3116 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
13:56:33.0247 3116 msdsm - ok
13:56:33.0278 3116 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:56:33.0278 3116 Msfs - ok
13:56:33.0294 3116 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:56:33.0294 3116 mshidkmdf - ok
13:56:33.0325 3116 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
13:56:33.0325 3116 msisadrv - ok
13:56:33.0387 3116 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:56:33.0387 3116 MSKSSRV - ok
13:56:33.0403 3116 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:56:33.0403 3116 MSPCLOCK - ok
13:56:33.0418 3116 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:56:33.0418 3116 MSPQM - ok
13:56:33.0450 3116 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
13:56:33.0450 3116 MsRPC - ok
13:56:33.0481 3116 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
13:56:33.0481 3116 mssmbios - ok
13:56:33.0543 3116 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:56:33.0543 3116 MSTEE - ok
13:56:33.0574 3116 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
13:56:33.0574 3116 MTConfig - ok
13:56:33.0606 3116 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys
13:56:33.0606 3116 MTsensor - ok
13:56:33.0621 3116 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:56:33.0621 3116 Mup - ok
13:56:33.0684 3116 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:56:33.0684 3116 NativeWifiP - ok
13:56:33.0730 3116 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
13:56:33.0730 3116 NDIS - ok
13:56:33.0762 3116 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:56:33.0762 3116 NdisCap - ok
13:56:33.0777 3116 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:56:33.0777 3116 NdisTapi - ok
13:56:33.0793 3116 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
13:56:33.0793 3116 Ndisuio - ok
13:56:33.0840 3116 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
13:56:33.0840 3116 NdisWan - ok
13:56:33.0871 3116 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
13:56:33.0871 3116 NDProxy - ok
13:56:33.0933 3116 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:56:33.0933 3116 NetBIOS - ok
13:56:33.0980 3116 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
13:56:33.0980 3116 NetBT - ok
13:56:34.0027 3116 netr28x (b72bb9496a126fcfc7fc5945ded9b411) C:\Windows\system32\DRIVERS\netr28x.sys
13:56:34.0027 3116 netr28x - ok
13:56:34.0074 3116 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
13:56:34.0074 3116 nfrd960 - ok
13:56:34.0120 3116 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:56:34.0120 3116 Npfs - ok
13:56:34.0167 3116 NPPTNT2 - ok
13:56:34.0198 3116 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:56:34.0198 3116 nsiproxy - ok
13:56:34.0245 3116 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
13:56:34.0261 3116 Ntfs - ok
13:56:34.0323 3116 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:56:34.0323 3116 Null - ok
13:56:34.0370 3116 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
13:56:34.0370 3116 nvraid - ok
13:56:34.0386 3116 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
13:56:34.0401 3116 nvstor - ok
13:56:34.0464 3116 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
13:56:34.0464 3116 nv_agp - ok
13:56:34.0495 3116 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
13:56:34.0495 3116 ohci1394 - ok
13:56:34.0588 3116 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
13:56:34.0588 3116 Parport - ok
13:56:34.0620 3116 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
13:56:34.0620 3116 partmgr - ok
13:56:34.0651 3116 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
13:56:34.0651 3116 pci - ok
13:56:34.0682 3116 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
13:56:34.0682 3116 pciide - ok
13:56:34.0744 3116 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
13:56:34.0744 3116 pcmcia - ok
13:56:34.0760 3116 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:56:34.0760 3116 pcw - ok
13:56:34.0791 3116 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:56:34.0807 3116 PEAUTH - ok
13:56:34.0900 3116 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
13:56:34.0900 3116 PptpMiniport - ok
13:56:34.0932 3116 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
13:56:34.0932 3116 Processor - ok
13:56:34.0978 3116 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
13:56:34.0978 3116 Psched - ok
13:56:35.0010 3116 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
13:56:35.0025 3116 ql2300 - ok
13:56:35.0072 3116 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
13:56:35.0072 3116 ql40xx - ok
13:56:35.0103 3116 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:56:35.0119 3116 QWAVEdrv - ok
13:56:35.0134 3116 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:56:35.0134 3116 RasAcd - ok
13:56:35.0150 3116 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:56:35.0150 3116 RasAgileVpn - ok
13:56:35.0181 3116 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:56:35.0181 3116 Rasl2tp - ok
13:56:35.0244 3116 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:56:35.0244 3116 RasPppoe - ok
13:56:35.0259 3116 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:56:35.0259 3116 RasSstp - ok
13:56:35.0306 3116 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
13:56:35.0306 3116 rdbss - ok
13:56:35.0322 3116 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
13:56:35.0322 3116 rdpbus - ok
13:56:35.0368 3116 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:56:35.0368 3116 RDPCDD - ok
13:56:35.0400 3116 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:56:35.0400 3116 RDPENCDD - ok
13:56:35.0446 3116 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:56:35.0446 3116 RDPREFMP - ok
13:56:35.0462 3116 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
13:56:35.0478 3116 RDPWD - ok
13:56:35.0493 3116 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
13:56:35.0493 3116 rdyboost - ok
13:56:35.0556 3116 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:56:35.0556 3116 rspndr - ok
13:56:35.0618 3116 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys
13:56:35.0618 3116 RTL8167 - ok
13:56:35.0649 3116 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
13:56:35.0649 3116 sbp2port - ok
13:56:35.0712 3116 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
13:56:35.0712 3116 scfilter - ok
13:56:35.0758 3116 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:56:35.0758 3116 secdrv - ok
13:56:35.0790 3116 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
13:56:35.0790 3116 Serenum - ok
13:56:35.0836 3116 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
13:56:35.0836 3116 Serial - ok
13:56:35.0868 3116 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
13:56:35.0868 3116 sermouse - ok
13:56:35.0899 3116 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
13:56:35.0899 3116 sffdisk - ok
13:56:35.0899 3116 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
13:56:35.0899 3116 sffp_mmc - ok
13:56:35.0914 3116 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
13:56:35.0914 3116 sffp_sd - ok
13:56:35.0961 3116 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
13:56:35.0961 3116 sfloppy - ok
13:56:35.0992 3116 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:56:35.0992 3116 SiSRaid2 - ok
13:56:36.0008 3116 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
13:56:36.0008 3116 SiSRaid4 - ok
13:56:36.0024 3116 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:56:36.0039 3116 Smb - ok
13:56:36.0086 3116 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:56:36.0086 3116 spldr - ok
13:56:36.0133 3116 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
13:56:36.0133 3116 srv - ok
13:56:36.0180 3116 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
13:56:36.0180 3116 srv2 - ok
13:56:36.0211 3116 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
13:56:36.0211 3116 srvnet - ok
13:56:36.0273 3116 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
13:56:36.0273 3116 stexstor - ok
13:56:36.0304 3116 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
13:56:36.0304 3116 swenum - ok
13:56:36.0382 3116 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
13:56:36.0398 3116 Tcpip - ok
13:56:36.0460 3116 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
13:56:36.0460 3116 TCPIP6 - ok
13:56:36.0476 3116 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
13:56:36.0476 3116 tcpipreg - ok
13:56:36.0523 3116 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:56:36.0523 3116 TDPIPE - ok
13:56:36.0523 3116 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
13:56:36.0538 3116 TDTCP - ok
13:56:36.0554 3116 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
13:56:36.0554 3116 tdx - ok
13:56:36.0632 3116 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
13:56:36.0632 3116 TermDD - ok
13:56:36.0679 3116 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:56:36.0679 3116 tssecsrv - ok
13:56:36.0726 3116 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
13:56:36.0726 3116 TsUsbFlt - ok
13:56:36.0804 3116 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
13:56:36.0804 3116 tunnel - ok
13:56:36.0835 3116 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
13:56:36.0835 3116 uagp35 - ok
13:56:36.0866 3116 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
13:56:36.0866 3116 udfs - ok
13:56:36.0944 3116 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
13:56:36.0944 3116 uliagpkx - ok
13:56:36.0960 3116 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
13:56:36.0960 3116 umbus - ok
13:56:36.0991 3116 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
13:56:36.0991 3116 UmPass - ok
13:56:37.0038 3116 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
13:56:37.0038 3116 usbaudio - ok
13:56:37.0084 3116 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
13:56:37.0084 3116 usbccgp - ok
13:56:37.0131 3116 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
13:56:37.0131 3116 usbcir - ok
13:56:37.0162 3116 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
13:56:37.0162 3116 usbehci - ok
13:56:37.0194 3116 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
13:56:37.0194 3116 usbhub - ok
13:56:37.0256 3116 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
13:56:37.0256 3116 usbohci - ok
13:56:37.0287 3116 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
13:56:37.0287 3116 usbprint - ok
13:56:37.0303 3116 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:56:37.0303 3116 USBSTOR - ok
13:56:37.0318 3116 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
13:56:37.0318 3116 usbuhci - ok
13:56:37.0334 3116 USB_RNDIS_VISTA (d0fe8cb5f84303e73ff0754437fad3d1) C:\Windows\system32\DRIVERS\usb8023.sys
13:56:37.0334 3116 USB_RNDIS_VISTA - ok
13:56:37.0396 3116 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
13:56:37.0396 3116 vdrvroot - ok
13:56:37.0443 3116 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:56:37.0443 3116 vga - ok
13:56:37.0443 3116 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:56:37.0443 3116 VgaSave - ok
13:56:37.0459 3116 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
13:56:37.0474 3116 vhdmp - ok
13:56:37.0490 3116 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
13:56:37.0490 3116 viaide - ok
13:56:37.0552 3116 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
13:56:37.0552 3116 volmgr - ok
13:56:37.0693 3116 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
13:56:37.0724 3116 volmgrx - ok
13:56:37.0740 3116 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
13:56:37.0740 3116 volsnap - ok
13:56:37.0802 3116 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
13:56:37.0802 3116 vsmraid - ok
13:56:37.0849 3116 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
13:56:37.0849 3116 vwifibus - ok
13:56:37.0864 3116 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
13:56:37.0864 3116 vwififlt - ok
13:56:37.0896 3116 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
13:56:37.0896 3116 WacomPen - ok
13:56:37.0942 3116 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:56:37.0942 3116 WANARP - ok
13:56:37.0958 3116 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:56:37.0958 3116 Wanarpv6 - ok
13:56:37.0989 3116 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
13:56:37.0989 3116 Wd - ok
13:56:38.0020 3116 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:56:38.0020 3116 Wdf01000 - ok
13:56:38.0083 3116 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:56:38.0083 3116 WfpLwf - ok
13:56:38.0114 3116 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:56:38.0114 3116 WIMMount - ok
13:56:38.0208 3116 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
13:56:38.0208 3116 WinUsb - ok
13:56:38.0270 3116 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
13:56:38.0270 3116 WmiAcpi - ok
13:56:38.0301 3116 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:56:38.0301 3116 ws2ifsl - ok
13:56:38.0348 3116 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
13:56:38.0348 3116 WudfPf - ok
13:56:38.0410 3116 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:56:38.0410 3116 WUDFRd - ok
13:56:38.0457 3116 X6va003 - ok
13:56:38.0488 3116 MBR (0x1B8) (4bf077b4df3f4f5483a79d4ce511c7f3) \Device\Harddisk0\DR0
13:56:38.0504 3116 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
13:56:38.0504 3116 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
13:56:38.0535 3116 Boot (0x1200) (981a1928fb23fc1e673f913c659cbc75) \Device\Harddisk0\DR0\Partition0
13:56:38.0535 3116 \Device\Harddisk0\DR0\Partition0 - ok
13:56:38.0551 3116 Boot (0x1200) (1b2113e8147b731e8356e034bd1547d9) \Device\Harddisk0\DR0\Partition1
13:56:38.0551 3116 \Device\Harddisk0\DR0\Partition1 - ok
13:56:38.0551 3116 ============================================================
13:56:38.0551 3116 Scan finished
13:56:38.0551 3116 ============================================================
13:56:38.0566 5076 Detected object count: 1
13:56:38.0566 5076 Actual detected object count: 1
13:56:57.0474 5076 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - skipped by user
13:56:57.0474 5076 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Skip
13:58:08.0797 1076 Deinitialize success

#5 Larusso

Larusso

    Selecta Jahrusso

  • Experts
  • PipPipPipPipPip
  • 907 posts
  • Gender:Male
  • Location:Austria
  • Interests:Dancehall DJing, Fighting against Babilon, Bodybuilding

Posted 03 February 2012 - 03:00 PM

Execute TDSSKiller.exe and press Start Scan.
  • Ensure Cure is selected ( it should be by default )
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed
  • Click Continue then click Reboot now.

Once complete, a log will be produced at the root drive which is typically C:\
For example, C:\TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txt.

Please post the contents of that log in your next reply.



Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to this topic How to disable your security applications


====================================================


Double click on combofix.exe & follow the prompts.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

*Note - if after running ComboFix you see a message similar to 'registry key marked for deletion..' rebooting the machine will resolve that.



Please post in your next reply
TDSSKiller Log
Combofix.txt

regards, Daniel

There will never be peace in a war so I don't understand what they are fighting for

I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif
 


#6 huntibilis

huntibilis

    New Member

  • Members
  • Pip
  • 16 posts

Posted 03 February 2012 - 04:10 PM

I had two TDSS logs this time, not sure if you need both but I will post them.

15:45:40.0578 0292 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
15:45:40.0890 0292 ============================================================
15:45:40.0890 0292 Current date / time: 2012/02/03 15:45:40.0890
15:45:40.0890 0292 SystemInfo:
15:45:40.0890 0292
15:45:40.0890 0292 OS Version: 6.1.7601 ServicePack: 1.0
15:45:40.0890 0292 Product type: Workstation
15:45:40.0890 0292 ComputerName: ADMIN-PC
15:45:40.0890 0292 UserName: Admin
15:45:40.0890 0292 Windows directory: C:\Windows
15:45:40.0890 0292 System windows directory: C:\Windows
15:45:40.0890 0292 Running under WOW64
15:45:40.0890 0292 Processor architecture: Intel x64
15:45:40.0890 0292 Number of processors: 4
15:45:40.0890 0292 Page size: 0x1000
15:45:40.0890 0292 Boot type: Normal boot
15:45:40.0890 0292 ============================================================
15:45:41.0530 0292 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:45:41.0546 0292 \Device\Harddisk0\DR0:
15:45:41.0546 0292 MBR used
15:45:41.0546 0292 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1C5E800, BlocksNum 0x2E935000
15:45:41.0546 0292 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x30593800, BlocksNum 0x44172800
15:45:41.0592 0292 Initialize success
15:45:41.0592 0292 ============================================================
15:45:43.0792 4328 Deinitialize success

15:45:50.0737 4016 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
15:45:51.0111 4016 ============================================================
15:45:51.0111 4016 Current date / time: 2012/02/03 15:45:51.0111
15:45:51.0111 4016 SystemInfo:
15:45:51.0111 4016
15:45:51.0111 4016 OS Version: 6.1.7601 ServicePack: 1.0
15:45:51.0111 4016 Product type: Workstation
15:45:51.0111 4016 ComputerName: ADMIN-PC
15:45:51.0111 4016 UserName: Admin
15:45:51.0111 4016 Windows directory: C:\Windows
15:45:51.0111 4016 System windows directory: C:\Windows
15:45:51.0111 4016 Running under WOW64
15:45:51.0111 4016 Processor architecture: Intel x64
15:45:51.0111 4016 Number of processors: 4
15:45:51.0111 4016 Page size: 0x1000
15:45:51.0111 4016 Boot type: Normal boot
15:45:51.0111 4016 ============================================================
15:45:51.0735 4016 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:45:51.0751 4016 \Device\Harddisk0\DR0:
15:45:51.0751 4016 MBR used
15:45:51.0751 4016 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1C5E800, BlocksNum 0x2E935000
15:45:51.0751 4016 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x30593800, BlocksNum 0x44172800
15:45:51.0798 4016 Initialize success
15:45:51.0798 4016 ============================================================
15:45:53.0935 4132 ============================================================
15:45:53.0935 4132 Scan started
15:45:53.0935 4132 Mode: Manual;
15:45:53.0935 4132 ============================================================
15:45:54.0777 4132 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:45:54.0777 4132 1394ohci - ok
15:45:54.0855 4132 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:45:54.0855 4132 ACPI - ok
15:45:54.0964 4132 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:45:54.0964 4132 AcpiPmi - ok
15:45:55.0074 4132 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:45:55.0074 4132 adp94xx - ok
15:45:55.0089 4132 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:45:55.0089 4132 adpahci - ok
15:45:55.0105 4132 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:45:55.0105 4132 adpu320 - ok
15:45:55.0136 4132 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
15:45:55.0136 4132 AFD - ok
15:45:55.0214 4132 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:45:55.0214 4132 agp440 - ok
15:45:55.0276 4132 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:45:55.0276 4132 aliide - ok
15:45:55.0339 4132 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:45:55.0339 4132 amdide - ok
15:45:55.0370 4132 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:45:55.0370 4132 AmdK8 - ok
15:45:55.0386 4132 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:45:55.0386 4132 AmdPPM - ok
15:45:55.0432 4132 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:45:55.0432 4132 amdsata - ok
15:45:55.0479 4132 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:45:55.0479 4132 amdsbs - ok
15:45:55.0495 4132 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:45:55.0495 4132 amdxata - ok
15:45:55.0542 4132 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:45:55.0542 4132 AppID - ok
15:45:55.0573 4132 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:45:55.0573 4132 arc - ok
15:45:55.0620 4132 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:45:55.0620 4132 arcsas - ok
15:45:55.0620 4132 AsIO - ok
15:45:55.0651 4132 AsUpIO - ok
15:45:55.0698 4132 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:45:55.0698 4132 AsyncMac - ok
15:45:55.0729 4132 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:45:55.0729 4132 atapi - ok
15:45:55.0776 4132 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:45:55.0776 4132 b06bdrv - ok
15:45:55.0822 4132 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:45:55.0822 4132 b57nd60a - ok
15:45:55.0854 4132 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:45:55.0854 4132 Beep - ok
15:45:55.0900 4132 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:45:55.0900 4132 blbdrive - ok
15:45:55.0916 4132 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:45:55.0916 4132 bowser - ok
15:45:55.0963 4132 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:45:55.0963 4132 BrFiltLo - ok
15:45:55.0994 4132 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:45:55.0994 4132 BrFiltUp - ok
15:45:56.0010 4132 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:45:56.0010 4132 Brserid - ok
15:45:56.0041 4132 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:45:56.0041 4132 BrSerWdm - ok
15:45:56.0056 4132 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:45:56.0056 4132 BrUsbMdm - ok
15:45:56.0119 4132 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:45:56.0119 4132 BrUsbSer - ok
15:45:56.0134 4132 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:45:56.0134 4132 BTHMODEM - ok
15:45:56.0166 4132 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:45:56.0166 4132 cdfs - ok
15:45:56.0259 4132 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
15:45:56.0259 4132 cdrom - ok
15:45:56.0290 4132 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:45:56.0290 4132 circlass - ok
15:45:56.0322 4132 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:45:56.0322 4132 CLFS - ok
15:45:56.0400 4132 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:45:56.0400 4132 CmBatt - ok
15:45:56.0415 4132 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:45:56.0415 4132 cmdide - ok
15:45:56.0446 4132 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
15:45:56.0446 4132 CNG - ok
15:45:56.0478 4132 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:45:56.0478 4132 Compbatt - ok
15:45:56.0556 4132 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:45:56.0556 4132 CompositeBus - ok
15:45:56.0618 4132 cpuz133 (95c88d25e211a4d52a82c53e5d93e634) C:\Windows\system32\drivers\cpuz133_x64.sys
15:45:56.0618 4132 cpuz133 - ok
15:45:56.0649 4132 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:45:56.0649 4132 crcdisk - ok
15:45:56.0743 4132 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:45:56.0743 4132 DfsC - ok
15:45:56.0774 4132 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:45:56.0774 4132 discache - ok
15:45:56.0821 4132 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:45:56.0821 4132 Disk - ok
15:45:56.0883 4132 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:45:56.0883 4132 drmkaud - ok
15:45:56.0930 4132 dump_wmimmc - ok
15:45:56.0977 4132 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:45:56.0992 4132 DXGKrnl - ok
15:45:57.0008 4132 EagleX64 - ok
15:45:57.0070 4132 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:45:57.0086 4132 ebdrv - ok
15:45:57.0164 4132 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:45:57.0180 4132 elxstor - ok
15:45:57.0211 4132 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:45:57.0211 4132 ErrDev - ok
15:45:57.0258 4132 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:45:57.0258 4132 exfat - ok
15:45:57.0320 4132 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:45:57.0320 4132 fastfat - ok
15:45:57.0336 4132 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:45:57.0351 4132 fdc - ok
15:45:57.0367 4132 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:45:57.0367 4132 FileInfo - ok
15:45:57.0382 4132 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:45:57.0382 4132 Filetrace - ok
15:45:57.0445 4132 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:45:57.0445 4132 flpydisk - ok
15:45:57.0476 4132 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:45:57.0476 4132 FltMgr - ok
15:45:57.0492 4132 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:45:57.0492 4132 FsDepends - ok
15:45:57.0538 4132 fssfltr (53dab1791917a72738539ad25c4eed7f) C:\Windows\system32\DRIVERS\fssfltr.sys
15:45:57.0538 4132 fssfltr - ok
15:45:57.0601 4132 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
15:45:57.0601 4132 Fs_Rec - ok
15:45:57.0648 4132 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:45:57.0648 4132 fvevol - ok
15:45:57.0663 4132 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:45:57.0663 4132 gagp30kx - ok
15:45:57.0694 4132 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:45:57.0694 4132 hcw85cir - ok
15:45:57.0772 4132 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:45:57.0772 4132 HdAudAddService - ok
15:45:57.0788 4132 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
15:45:57.0788 4132 HDAudBus - ok
15:45:57.0835 4132 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
15:45:57.0835 4132 HECIx64 - ok
15:45:57.0882 4132 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:45:57.0882 4132 HidBatt - ok
15:45:57.0897 4132 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:45:57.0897 4132 HidBth - ok
15:45:57.0928 4132 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:45:57.0928 4132 HidIr - ok
15:45:57.0960 4132 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
15:45:57.0960 4132 HidUsb - ok
15:45:57.0991 4132 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:45:57.0991 4132 HpSAMD - ok
15:45:58.0100 4132 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:45:58.0100 4132 HTTP - ok
15:45:58.0131 4132 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:45:58.0131 4132 hwpolicy - ok
15:45:58.0147 4132 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:45:58.0147 4132 i8042prt - ok
15:45:58.0178 4132 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:45:58.0178 4132 iaStorV - ok
15:45:58.0396 4132 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
15:45:58.0443 4132 igfx - ok
15:45:58.0506 4132 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:45:58.0506 4132 iirsp - ok
15:45:58.0552 4132 IntcAzAudAddService (f04d22d7a49a1b2210dbadf0b803e870) C:\Windows\system32\drivers\RTKVHD64.sys
15:45:58.0568 4132 IntcAzAudAddService - ok
15:45:58.0615 4132 IntcDAud (49072edbc5c2f964917d1b585c90ed0a) C:\Windows\system32\DRIVERS\IntcDAud.sys
15:45:58.0615 4132 IntcDAud - ok
15:45:58.0662 4132 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:45:58.0662 4132 intelide - ok
15:45:58.0693 4132 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:45:58.0693 4132 intelppm - ok
15:45:58.0724 4132 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:45:58.0724 4132 IpFilterDriver - ok
15:45:58.0802 4132 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:45:58.0802 4132 IPMIDRV - ok
15:45:58.0833 4132 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:45:58.0833 4132 IPNAT - ok
15:45:58.0864 4132 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:45:58.0864 4132 IRENUM - ok
15:45:58.0896 4132 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:45:58.0896 4132 isapnp - ok
15:45:58.0958 4132 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:45:58.0958 4132 iScsiPrt - ok
15:45:58.0974 4132 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
15:45:58.0974 4132 kbdclass - ok
15:45:59.0020 4132 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
15:45:59.0020 4132 kbdhid - ok
15:45:59.0052 4132 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
15:45:59.0052 4132 KSecDD - ok
15:45:59.0098 4132 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
15:45:59.0098 4132 KSecPkg - ok
15:45:59.0130 4132 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:45:59.0130 4132 ksthunk - ok
15:45:59.0161 4132 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:45:59.0161 4132 lltdio - ok
15:45:59.0223 4132 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:45:59.0223 4132 LSI_FC - ok
15:45:59.0270 4132 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:45:59.0270 4132 LSI_SAS - ok
15:45:59.0286 4132 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:45:59.0286 4132 LSI_SAS2 - ok
15:45:59.0317 4132 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:45:59.0317 4132 LSI_SCSI - ok
15:45:59.0364 4132 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:45:59.0364 4132 luafv - ok
15:45:59.0410 4132 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
15:45:59.0410 4132 MBAMProtector - ok
15:45:59.0457 4132 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:45:59.0457 4132 megasas - ok
15:45:59.0504 4132 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:45:59.0504 4132 MegaSR - ok
15:45:59.0520 4132 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:45:59.0520 4132 Modem - ok
15:45:59.0551 4132 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:45:59.0551 4132 monitor - ok
15:45:59.0598 4132 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
15:45:59.0598 4132 mouclass - ok
15:45:59.0644 4132 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:45:59.0644 4132 mouhid - ok
15:45:59.0676 4132 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:45:59.0676 4132 mountmgr - ok
15:45:59.0738 4132 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:45:59.0738 4132 mpio - ok
15:45:59.0769 4132 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:45:59.0769 4132 mpsdrv - ok
15:45:59.0800 4132 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:45:59.0816 4132 MRxDAV - ok
15:45:59.0847 4132 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:45:59.0847 4132 mrxsmb - ok
15:45:59.0878 4132 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:45:59.0878 4132 mrxsmb10 - ok
15:45:59.0925 4132 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:45:59.0925 4132 mrxsmb20 - ok
15:45:59.0972 4132 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:45:59.0972 4132 msahci - ok
15:46:00.0019 4132 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:46:00.0019 4132 msdsm - ok
15:46:00.0144 4132 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:46:00.0144 4132 Msfs - ok
15:46:00.0175 4132 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:46:00.0175 4132 mshidkmdf - ok
15:46:00.0191 4132 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:46:00.0191 4132 msisadrv - ok
15:46:00.0284 4132 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:46:00.0284 4132 MSKSSRV - ok
15:46:00.0300 4132 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:46:00.0300 4132 MSPCLOCK - ok
15:46:00.0315 4132 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:46:00.0315 4132 MSPQM - ok
15:46:00.0347 4132 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:46:00.0347 4132 MsRPC - ok
15:46:00.0409 4132 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:46:00.0409 4132 mssmbios - ok
15:46:00.0425 4132 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:46:00.0440 4132 MSTEE - ok
15:46:00.0456 4132 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:46:00.0456 4132 MTConfig - ok
15:46:00.0487 4132 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys
15:46:00.0487 4132 MTsensor - ok
15:46:00.0518 4132 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:46:00.0518 4132 Mup - ok
15:46:00.0549 4132 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:46:00.0549 4132 NativeWifiP - ok
15:46:00.0612 4132 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:46:00.0612 4132 NDIS - ok
15:46:00.0659 4132 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:46:00.0659 4132 NdisCap - ok
15:46:00.0690 4132 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:46:00.0690 4132 NdisTapi - ok
15:46:00.0721 4132 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:46:00.0721 4132 Ndisuio - ok
15:46:00.0768 4132 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:46:00.0768 4132 NdisWan - ok
15:46:00.0799 4132 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:46:00.0799 4132 NDProxy - ok
15:46:00.0877 4132 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:46:00.0877 4132 NetBIOS - ok
15:46:00.0924 4132 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:46:00.0924 4132 NetBT - ok
15:46:00.0971 4132 netr28x (b72bb9496a126fcfc7fc5945ded9b411) C:\Windows\system32\DRIVERS\netr28x.sys
15:46:00.0971 4132 netr28x - ok
15:46:01.0017 4132 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:46:01.0017 4132 nfrd960 - ok
15:46:01.0049 4132 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:46:01.0049 4132 Npfs - ok
15:46:01.0111 4132 NPPTNT2 - ok
15:46:01.0142 4132 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:46:01.0142 4132 nsiproxy - ok
15:46:01.0189 4132 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:46:01.0189 4132 Ntfs - ok
15:46:01.0220 4132 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:46:01.0220 4132 Null - ok
15:46:01.0283 4132 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:46:01.0283 4132 nvraid - ok
15:46:01.0314 4132 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:46:01.0314 4132 nvstor - ok
15:46:01.0345 4132 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:46:01.0345 4132 nv_agp - ok
15:46:01.0376 4132 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:46:01.0376 4132 ohci1394 - ok
15:46:01.0454 4132 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:46:01.0454 4132 Parport - ok
15:46:01.0485 4132 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
15:46:01.0485 4132 partmgr - ok
15:46:01.0517 4132 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:46:01.0517 4132 pci - ok
15:46:01.0548 4132 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:46:01.0548 4132 pciide - ok
15:46:01.0595 4132 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:46:01.0595 4132 pcmcia - ok
15:46:01.0626 4132 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:46:01.0626 4132 pcw - ok
15:46:01.0641 4132 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:46:01.0657 4132 PEAUTH - ok
15:46:01.0735 4132 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:46:01.0735 4132 PptpMiniport - ok
15:46:01.0766 4132 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:46:01.0766 4132 Processor - ok
15:46:01.0813 4132 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:46:01.0829 4132 Psched - ok
15:46:01.0875 4132 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:46:01.0891 4132 ql2300 - ok
15:46:01.0922 4132 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:46:01.0922 4132 ql40xx - ok
15:46:01.0953 4132 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:46:01.0953 4132 QWAVEdrv - ok
15:46:01.0985 4132 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:46:01.0985 4132 RasAcd - ok
15:46:02.0016 4132 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:46:02.0016 4132 RasAgileVpn - ok
15:46:02.0063 4132 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:46:02.0063 4132 Rasl2tp - ok
15:46:02.0094 4132 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:46:02.0094 4132 RasPppoe - ok
15:46:02.0109 4132 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:46:02.0109 4132 RasSstp - ok
15:46:02.0141 4132 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:46:02.0141 4132 rdbss - ok
15:46:02.0156 4132 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:46:02.0156 4132 rdpbus - ok
15:46:02.0219 4132 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:46:02.0219 4132 RDPCDD - ok
15:46:02.0281 4132 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:46:02.0281 4132 RDPENCDD - ok
15:46:02.0312 4132 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:46:02.0312 4132 RDPREFMP - ok
15:46:02.0343 4132 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
15:46:02.0343 4132 RDPWD - ok
15:46:02.0406 4132 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:46:02.0406 4132 rdyboost - ok
15:46:02.0453 4132 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:46:02.0453 4132 rspndr - ok
15:46:02.0484 4132 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys
15:46:02.0484 4132 RTL8167 - ok
15:46:02.0515 4132 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:46:02.0515 4132 sbp2port - ok
15:46:02.0546 4132 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:46:02.0546 4132 scfilter - ok
15:46:02.0609 4132 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:46:02.0609 4132 secdrv - ok
15:46:02.0640 4132 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:46:02.0640 4132 Serenum - ok
15:46:02.0671 4132 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:46:02.0671 4132 Serial - ok
15:46:02.0702 4132 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:46:02.0702 4132 sermouse - ok
15:46:02.0749 4132 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:46:02.0749 4132 sffdisk - ok
15:46:02.0765 4132 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:46:02.0780 4132 sffp_mmc - ok
15:46:02.0796 4132 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:46:02.0796 4132 sffp_sd - ok
15:46:02.0827 4132 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:46:02.0827 4132 sfloppy - ok
15:46:02.0874 4132 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:46:02.0874 4132 SiSRaid2 - ok
15:46:02.0905 4132 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:46:02.0905 4132 SiSRaid4 - ok
15:46:02.0936 4132 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:46:02.0936 4132 Smb - ok
15:46:02.0983 4132 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:46:02.0983 4132 spldr - ok
15:46:03.0014 4132 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:46:03.0030 4132 srv - ok
15:46:03.0077 4132 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:46:03.0077 4132 srv2 - ok
15:46:03.0092 4132 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:46:03.0092 4132 srvnet - ok
15:46:03.0139 4132 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:46:03.0139 4132 stexstor - ok
15:46:03.0186 4132 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:46:03.0186 4132 swenum - ok
15:46:03.0248 4132 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
15:46:03.0248 4132 Tcpip - ok
15:46:03.0311 4132 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
15:46:03.0311 4132 TCPIP6 - ok
15:46:03.0357 4132 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:46:03.0357 4132 tcpipreg - ok
15:46:03.0389 4132 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:46:03.0389 4132 TDPIPE - ok
15:46:03.0420 4132 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
15:46:03.0420 4132 TDTCP - ok
15:46:03.0482 4132 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:46:03.0482 4132 tdx - ok
15:46:03.0529 4132 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:46:03.0529 4132 TermDD - ok
15:46:03.0623 4132 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:46:03.0623 4132 tssecsrv - ok
15:46:03.0654 4132 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:46:03.0654 4132 TsUsbFlt - ok
15:46:03.0732 4132 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:46:03.0732 4132 tunnel - ok
15:46:03.0779 4132 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:46:03.0779 4132 uagp35 - ok
15:46:03.0810 4132 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:46:03.0810 4132 udfs - ok
15:46:03.0857 4132 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:46:03.0857 4132 uliagpkx - ok
15:46:03.0903 4132 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
15:46:03.0903 4132 umbus - ok
15:46:03.0935 4132 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:46:03.0935 4132 UmPass - ok
15:46:03.0997 4132 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
15:46:03.0997 4132 usbaudio - ok
15:46:04.0044 4132 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:46:04.0044 4132 usbccgp - ok
15:46:04.0075 4132 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:46:04.0075 4132 usbcir - ok
15:46:04.0106 4132 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
15:46:04.0106 4132 usbehci - ok
15:46:04.0153 4132 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:46:04.0153 4132 usbhub - ok
15:46:04.0184 4132 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
15:46:04.0184 4132 usbohci - ok
15:46:04.0200 4132 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:46:04.0215 4132 usbprint - ok
15:46:04.0247 4132 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:46:04.0247 4132 USBSTOR - ok
15:46:04.0293 4132 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
15:46:04.0293 4132 usbuhci - ok
15:46:04.0356 4132 USB_RNDIS_VISTA (d0fe8cb5f84303e73ff0754437fad3d1) C:\Windows\system32\DRIVERS\usb8023.sys
15:46:04.0356 4132 USB_RNDIS_VISTA - ok
15:46:04.0387 4132 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:46:04.0403 4132 vdrvroot - ok
15:46:04.0434 4132 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:46:04.0434 4132 vga - ok
15:46:04.0465 4132 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:46:04.0465 4132 VgaSave - ok
15:46:04.0496 4132 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:46:04.0496 4132 vhdmp - ok
15:46:04.0512 4132 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:46:04.0512 4132 viaide - ok
15:46:04.0543 4132 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:46:04.0543 4132 volmgr - ok
15:46:04.0590 4132 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:46:04.0590 4132 volmgrx - ok
15:46:04.0621 4132 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:46:04.0637 4132 volsnap - ok
15:46:04.0668 4132 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:46:04.0668 4132 vsmraid - ok
15:46:04.0683 4132 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
15:46:04.0683 4132 vwifibus - ok
15:46:04.0730 4132 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
15:46:04.0730 4132 vwififlt - ok
15:46:04.0777 4132 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:46:04.0777 4132 WacomPen - ok
15:46:04.0824 4132 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:46:04.0824 4132 WANARP - ok
15:46:04.0824 4132 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:46:04.0824 4132 Wanarpv6 - ok
15:46:04.0871 4132 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:46:04.0886 4132 Wd - ok
15:46:04.0917 4132 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:46:04.0917 4132 Wdf01000 - ok
15:46:04.0964 4132 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:46:04.0964 4132 WfpLwf - ok
15:46:04.0980 4132 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:46:04.0980 4132 WIMMount - ok
15:46:05.0042 4132 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
15:46:05.0042 4132 WinUsb - ok
15:46:05.0073 4132 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:46:05.0073 4132 WmiAcpi - ok
15:46:05.0120 4132 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:46:05.0120 4132 ws2ifsl - ok
15:46:05.0214 4132 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:46:05.0229 4132 WudfPf - ok
15:46:05.0307 4132 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:46:05.0307 4132 WUDFRd - ok
15:46:05.0385 4132 X6va003 - ok
15:46:05.0401 4132 MBR (0x1B8) (4bf077b4df3f4f5483a79d4ce511c7f3) \Device\Harddisk0\DR0
15:46:05.0432 4132 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
15:46:05.0432 4132 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
15:46:05.0463 4132 Boot (0x1200) (981a1928fb23fc1e673f913c659cbc75) \Device\Harddisk0\DR0\Partition0
15:46:05.0463 4132 \Device\Harddisk0\DR0\Partition0 - ok
15:46:05.0479 4132 Boot (0x1200) (1b2113e8147b731e8356e034bd1547d9) \Device\Harddisk0\DR0\Partition1
15:46:05.0479 4132 \Device\Harddisk0\DR0\Partition1 - ok
15:46:05.0479 4132 ============================================================
15:46:05.0479 4132 Scan finished
15:46:05.0479 4132 ============================================================
15:46:05.0495 5676 Detected object count: 1
15:46:05.0495 5676 Actual detected object count: 1
15:46:12.0452 5676 \Device\Harddisk0\DR0\# - copied to quarantine
15:46:12.0452 5676 \Device\Harddisk0\DR0 - copied to quarantine
15:46:12.0468 5676 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
15:46:12.0468 5676 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
15:46:12.0468 5676 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
15:46:12.0483 5676 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
15:46:12.0499 5676 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
15:46:12.0515 5676 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
15:46:12.0515 5676 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
15:46:12.0515 5676 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
15:46:12.0515 5676 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
15:46:12.0515 5676 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
15:46:12.0577 5676 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
15:46:12.0577 5676 \Device\Harddisk0\DR0 - ok
15:46:12.0577 5676 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
15:46:21.0500 3020 Deinitialize success


ComboFix 12-02-03.02 - Admin 02/03/2012 15:54:39.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7055.5765 [GMT -5:00]
Running from: c:\users\Admin\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\autorun.inf
c:\program files\Uninstall.exe
c:\users\Admin\AppData\Roaming\Local
c:\users\Admin\Favorites\Games.url
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-01-03 to 2012-02-03 )))))))))))))))))))))))))))))))
.
.
2012-02-03 20:58 . 2012-02-03 20:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-03 20:46 . 2012-02-03 20:46 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-03 18:49 . 2012-01-17 09:39 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{90F04104-A7C7-4E7B-86E8-E9B8A5C58A21}\mpengine.dll
2012-02-03 05:36 . 2012-02-03 05:36 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-02 20:14 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-02-02 20:14 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-02-02 20:14 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-02-02 20:14 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-02-02 20:07 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-02-02 20:07 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-30 20:11 . 2012-01-30 20:11 -------- d-----w- c:\users\Admin\AppData\Roaming\Unity
2012-01-28 00:00 . 2012-01-28 00:00 -------- d-----w- c:\windows\Sun
2012-01-25 06:09 . 2012-01-25 06:09 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\DACE.tmp
2012-01-25 06:09 . 2012-01-25 06:09 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\DABE.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-27 05:52 . 2010-09-19 00:25 279656 ------w- c:\windows\system32\MpSigStub.exe
2011-12-10 20:24 . 2010-09-19 01:01 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-24 04:52 . 2011-12-15 18:16 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-10-22 11:06 . 2011-10-22 11:06 68272 ----a-w- c:\program files\fraps64.dat
2011-10-22 11:06 . 2011-10-22 11:06 231600 ----a-w- c:\program files\fraps32.dll
2011-10-22 11:06 . 2011-10-22 11:06 185520 ----a-w- c:\program files\fraps64.dll
2011-10-22 11:06 . 2011-10-22 11:06 2533040 ----a-w- c:\program files\fraps.exe
2011-10-22 11:04 . 2011-10-22 11:04 140288 ----a-w- c:\program files\frapslcd.dll
2011-03-08 08:03 . 2011-03-08 06:19 258352 ----a-w- c:\program files\unicows.dll
2011-03-08 08:03 . 2011-03-08 06:19 372736 ----a-w- c:\program files\ijl15.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Admin\AppData\Local\Akamai\netsession_win.exe" [2011-12-23 3334432]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RunAIShell"="c:\program files (x86)\ASUS\AI Manager\AsShellApplication.exe" [2009-12-23 232064]
"ASUS VIBE"="c:\program files (x86)\ASUS\ASUS VIBE\ASUS VIBE.exe" [2010-03-02 102400]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer6"=wdmaud.drv
.
R3 dump_wmimmc;dump_wmimmc;c:\program files\Gpotato\Flyff\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USB_RNDIS_VISTA;Westell WireSpeed Dual Connect Modem;c:\windows\system32\DRIVERS\usb8023.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 X6va003;X6va003;c:\users\Admin\AppData\Local\Temp\003F557.tmp [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x64.sys [x]
S2 Device Handle Service;Device Handle Service;c:\windows\SysWOW64\AsHookDevice.exe [2009-12-23 203392]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-15 2280312]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3037155534-168446356-2890161075-1001Core.job
- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-11 15:19]
.
2012-02-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3037155534-168446356-2890161075-1001UA.job
- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-11 15:19]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-19 8067616]
"SKDaemon.exe"="c:\program files\LTONHIS\Touch Manager\SKDaemon.exe" [2009-06-16 318464]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.cfnews13.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {530F7E80-690F-438E-8A4F-E6CAECB4B6F3} - hxxp://taste.dvrdns.org/CMSPlugin.cab
DPF: {6F80BF27-CB16-4589-8C6A-DB422AAB2ED9} - hxxp://taste.dvrdns.org/vcredist_x86.exe
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
AddRemove-Fraps - c:\program files\uninstall.exe
AddRemove-{FBBC4667-2521-4E78-B1BD-8706F774549B} - c:\programdata\{249B9E04-F0FC-434D-B0D8-12D3EDFF3B77}\Best Buy Software Installer Setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_e286960.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va003]
"ImagePath"="\??\c:\users\Admin\AppData\Local\Temp\003F557.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
.
**************************************************************************
.
Completion time: 2012-02-03 16:03:57 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-03 21:03
.
Pre-Run: 300,275,650,560 bytes free
Post-Run: 300,033,708,032 bytes free
.
- - End Of File - - BECA44AC22CFD8B88FF1EFD1BB3FFA31

#7 Larusso

Larusso

    Selecta Jahrusso

  • Experts
  • PipPipPipPipPip
  • 907 posts
  • Gender:Male
  • Location:Austria
  • Interests:Dancehall DJing, Fighting against Babilon, Bodybuilding

Posted 03 February 2012 - 11:15 PM

Hy there,
Did you change any parameters in TDSSKiller ?

How is your system behaving now ? Please note all open issues.

regards, Daniel

There will never be peace in a war so I don't understand what they are fighting for

I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif
 


#8 huntibilis

huntibilis

    New Member

  • Members
  • Pip
  • 16 posts

Posted 03 February 2012 - 11:32 PM

No I didnt change anything in TDSS, should I have? As far as I can tell the outgoing has stoped.

#9 Larusso

Larusso

    Selecta Jahrusso

  • Experts
  • PipPipPipPipPip
  • 907 posts
  • Gender:Male
  • Location:Austria
  • Interests:Dancehall DJing, Fighting against Babilon, Bodybuilding

Posted 03 February 2012 - 11:34 PM

No, you should not. Something in the log shows me that the default settings has been changed or the tool gets an update I did not notice.

Could you please re-run TDSSKiller and choose Skip on all detections. Please post this log here

regards, Daniel

There will never be peace in a war so I don't understand what they are fighting for

I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif
 


#10 huntibilis

huntibilis

    New Member

  • Members
  • Pip
  • 16 posts

Posted 04 February 2012 - 12:28 AM

Nothing was detected.

00:26:14.0488 2800 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
00:26:15.0002 2800 ============================================================
00:26:15.0002 2800 Current date / time: 2012/02/04 00:26:15.0002
00:26:15.0002 2800 SystemInfo:
00:26:15.0002 2800
00:26:15.0002 2800 OS Version: 6.1.7601 ServicePack: 1.0
00:26:15.0002 2800 Product type: Workstation
00:26:15.0002 2800 ComputerName: ADMIN-PC
00:26:15.0002 2800 UserName: Admin
00:26:15.0002 2800 Windows directory: C:\Windows
00:26:15.0002 2800 System windows directory: C:\Windows
00:26:15.0002 2800 Running under WOW64
00:26:15.0002 2800 Processor architecture: Intel x64
00:26:15.0002 2800 Number of processors: 4
00:26:15.0002 2800 Page size: 0x1000
00:26:15.0002 2800 Boot type: Normal boot
00:26:15.0002 2800 ============================================================
00:26:15.0658 2800 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:26:15.0658 2800 \Device\Harddisk0\DR0:
00:26:15.0658 2800 MBR used
00:26:15.0658 2800 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1C5E800, BlocksNum 0x2E935000
00:26:15.0658 2800 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x30593800, BlocksNum 0x44172800
00:26:15.0704 2800 Initialize success
00:26:15.0704 2800 ============================================================
00:26:22.0490 3452 ============================================================
00:26:22.0490 3452 Scan started
00:26:22.0490 3452 Mode: Manual;
00:26:22.0490 3452 ============================================================
00:26:23.0520 3452 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
00:26:23.0536 3452 1394ohci - ok
00:26:23.0598 3452 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
00:26:23.0598 3452 ACPI - ok
00:26:23.0676 3452 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
00:26:23.0676 3452 AcpiPmi - ok
00:26:23.0707 3452 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
00:26:23.0707 3452 adp94xx - ok
00:26:23.0723 3452 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
00:26:23.0738 3452 adpahci - ok
00:26:23.0754 3452 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
00:26:23.0754 3452 adpu320 - ok
00:26:23.0832 3452 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
00:26:23.0832 3452 AFD - ok
00:26:23.0863 3452 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
00:26:23.0863 3452 agp440 - ok
00:26:23.0957 3452 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
00:26:23.0957 3452 aliide - ok
00:26:23.0988 3452 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
00:26:23.0988 3452 amdide - ok
00:26:24.0019 3452 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
00:26:24.0019 3452 AmdK8 - ok
00:26:24.0035 3452 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
00:26:24.0035 3452 AmdPPM - ok
00:26:24.0097 3452 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
00:26:24.0097 3452 amdsata - ok
00:26:24.0113 3452 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
00:26:24.0113 3452 amdsbs - ok
00:26:24.0144 3452 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
00:26:24.0144 3452 amdxata - ok
00:26:24.0206 3452 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
00:26:24.0206 3452 AppID - ok
00:26:24.0253 3452 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
00:26:24.0253 3452 arc - ok
00:26:24.0269 3452 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
00:26:24.0284 3452 arcsas - ok
00:26:24.0284 3452 AsIO - ok
00:26:24.0316 3452 AsUpIO - ok
00:26:24.0362 3452 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
00:26:24.0362 3452 AsyncMac - ok
00:26:24.0394 3452 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
00:26:24.0394 3452 atapi - ok
00:26:24.0456 3452 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
00:26:24.0456 3452 b06bdrv - ok
00:26:24.0518 3452 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
00:26:24.0534 3452 b57nd60a - ok
00:26:24.0550 3452 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
00:26:24.0550 3452 Beep - ok
00:26:24.0581 3452 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
00:26:24.0581 3452 blbdrive - ok
00:26:24.0643 3452 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
00:26:24.0643 3452 bowser - ok
00:26:24.0674 3452 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:26:24.0690 3452 BrFiltLo - ok
00:26:24.0690 3452 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:26:24.0690 3452 BrFiltUp - ok
00:26:24.0752 3452 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
00:26:24.0752 3452 BridgeMP - ok
00:26:24.0815 3452 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
00:26:24.0815 3452 Brserid - ok
00:26:24.0815 3452 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
00:26:24.0830 3452 BrSerWdm - ok
00:26:24.0830 3452 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
00:26:24.0830 3452 BrUsbMdm - ok
00:26:24.0877 3452 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
00:26:24.0877 3452 BrUsbSer - ok
00:26:24.0924 3452 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
00:26:24.0924 3452 BTHMODEM - ok
00:26:24.0940 3452 catchme - ok
00:26:24.0986 3452 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
00:26:24.0986 3452 cdfs - ok
00:26:25.0018 3452 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
00:26:25.0018 3452 cdrom - ok
00:26:25.0049 3452 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
00:26:25.0064 3452 circlass - ok
00:26:25.0080 3452 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
00:26:25.0080 3452 CLFS - ok
00:26:25.0158 3452 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
00:26:25.0158 3452 CmBatt - ok
00:26:25.0174 3452 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
00:26:25.0174 3452 cmdide - ok
00:26:25.0205 3452 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
00:26:25.0205 3452 CNG - ok
00:26:25.0236 3452 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
00:26:25.0236 3452 Compbatt - ok
00:26:25.0298 3452 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
00:26:25.0298 3452 CompositeBus - ok
00:26:25.0361 3452 cpuz133 (95c88d25e211a4d52a82c53e5d93e634) C:\Windows\system32\drivers\cpuz133_x64.sys
00:26:25.0361 3452 cpuz133 - ok
00:26:25.0392 3452 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
00:26:25.0392 3452 crcdisk - ok
00:26:25.0470 3452 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
00:26:25.0470 3452 DfsC - ok
00:26:25.0486 3452 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
00:26:25.0486 3452 discache - ok
00:26:25.0517 3452 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
00:26:25.0517 3452 Disk - ok
00:26:25.0564 3452 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
00:26:25.0564 3452 drmkaud - ok
00:26:25.0610 3452 dump_wmimmc - ok
00:26:25.0673 3452 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
00:26:25.0673 3452 DXGKrnl - ok
00:26:25.0720 3452 EagleX64 - ok
00:26:25.0782 3452 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
00:26:25.0798 3452 ebdrv - ok
00:26:25.0891 3452 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
00:26:25.0907 3452 elxstor - ok
00:26:25.0922 3452 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
00:26:25.0922 3452 ErrDev - ok
00:26:25.0954 3452 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
00:26:25.0954 3452 exfat - ok
00:26:26.0016 3452 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
00:26:26.0016 3452 fastfat - ok
00:26:26.0047 3452 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
00:26:26.0047 3452 fdc - ok
00:26:26.0063 3452 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
00:26:26.0063 3452 FileInfo - ok
00:26:26.0125 3452 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
00:26:26.0125 3452 Filetrace - ok
00:26:26.0141 3452 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
00:26:26.0141 3452 flpydisk - ok
00:26:26.0172 3452 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
00:26:26.0172 3452 FltMgr - ok
00:26:26.0188 3452 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
00:26:26.0188 3452 FsDepends - ok
00:26:26.0219 3452 fssfltr (53dab1791917a72738539ad25c4eed7f) C:\Windows\system32\DRIVERS\fssfltr.sys
00:26:26.0219 3452 fssfltr - ok
00:26:26.0297 3452 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
00:26:26.0297 3452 Fs_Rec - ok
00:26:26.0328 3452 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
00:26:26.0328 3452 fvevol - ok
00:26:26.0359 3452 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
00:26:26.0359 3452 gagp30kx - ok
00:26:26.0375 3452 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
00:26:26.0375 3452 hcw85cir - ok
00:26:26.0468 3452 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
00:26:26.0468 3452 HdAudAddService - ok
00:26:26.0484 3452 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
00:26:26.0484 3452 HDAudBus - ok
00:26:26.0515 3452 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
00:26:26.0515 3452 HECIx64 - ok
00:26:26.0578 3452 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
00:26:26.0578 3452 HidBatt - ok
00:26:26.0593 3452 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
00:26:26.0593 3452 HidBth - ok
00:26:26.0609 3452 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
00:26:26.0609 3452 HidIr - ok
00:26:26.0640 3452 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
00:26:26.0640 3452 HidUsb - ok
00:26:26.0718 3452 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
00:26:26.0718 3452 HpSAMD - ok
00:26:26.0749 3452 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
00:26:26.0765 3452 HTTP - ok
00:26:26.0780 3452 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
00:26:26.0780 3452 hwpolicy - ok
00:26:26.0796 3452 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
00:26:26.0796 3452 i8042prt - ok
00:26:26.0858 3452 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
00:26:26.0858 3452 iaStorV - ok
00:26:27.0046 3452 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
00:26:27.0186 3452 igfx - ok
00:26:27.0233 3452 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
00:26:27.0233 3452 iirsp - ok
00:26:27.0280 3452 IntcAzAudAddService (f04d22d7a49a1b2210dbadf0b803e870) C:\Windows\system32\drivers\RTKVHD64.sys
00:26:27.0295 3452 IntcAzAudAddService - ok
00:26:27.0342 3452 IntcDAud (49072edbc5c2f964917d1b585c90ed0a) C:\Windows\system32\DRIVERS\IntcDAud.sys
00:26:27.0342 3452 IntcDAud - ok
00:26:27.0389 3452 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
00:26:27.0389 3452 intelide - ok
00:26:27.0420 3452 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
00:26:27.0420 3452 intelppm - ok
00:26:27.0498 3452 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:26:27.0498 3452 IpFilterDriver - ok
00:26:27.0529 3452 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
00:26:27.0529 3452 IPMIDRV - ok
00:26:27.0560 3452 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
00:26:27.0560 3452 IPNAT - ok
00:26:27.0607 3452 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
00:26:27.0607 3452 IRENUM - ok
00:26:27.0638 3452 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
00:26:27.0638 3452 isapnp - ok
00:26:27.0654 3452 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
00:26:27.0654 3452 iScsiPrt - ok
00:26:27.0670 3452 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
00:26:27.0670 3452 kbdclass - ok
00:26:27.0685 3452 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
00:26:27.0685 3452 kbdhid - ok
00:26:27.0779 3452 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
00:26:27.0779 3452 KSecDD - ok
00:26:27.0794 3452 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
00:26:27.0794 3452 KSecPkg - ok
00:26:27.0810 3452 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
00:26:27.0826 3452 ksthunk - ok
00:26:27.0872 3452 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
00:26:27.0872 3452 lltdio - ok
00:26:27.0935 3452 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
00:26:27.0935 3452 LSI_FC - ok
00:26:27.0950 3452 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
00:26:27.0950 3452 LSI_SAS - ok
00:26:27.0982 3452 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:26:27.0982 3452 LSI_SAS2 - ok
00:26:27.0997 3452 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:26:27.0997 3452 LSI_SCSI - ok
00:26:28.0013 3452 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
00:26:28.0013 3452 luafv - ok
00:26:28.0075 3452 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
00:26:28.0075 3452 MBAMProtector - ok
00:26:28.0122 3452 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
00:26:28.0122 3452 megasas - ok
00:26:28.0153 3452 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
00:26:28.0153 3452 MegaSR - ok
00:26:28.0184 3452 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
00:26:28.0184 3452 Modem - ok
00:26:28.0231 3452 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
00:26:28.0231 3452 monitor - ok
00:26:28.0262 3452 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
00:26:28.0262 3452 mouclass - ok
00:26:28.0294 3452 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
00:26:28.0294 3452 mouhid - ok
00:26:28.0340 3452 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
00:26:28.0340 3452 mountmgr - ok
00:26:28.0387 3452 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
00:26:28.0387 3452 mpio - ok
00:26:28.0403 3452 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
00:26:28.0403 3452 mpsdrv - ok
00:26:28.0450 3452 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
00:26:28.0450 3452 MRxDAV - ok
00:26:28.0481 3452 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:26:28.0481 3452 mrxsmb - ok
00:26:28.0590 3452 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:26:28.0590 3452 mrxsmb10 - ok
00:26:28.0606 3452 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:26:28.0606 3452 mrxsmb20 - ok
00:26:28.0653 3452 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
00:26:28.0653 3452 msahci - ok
00:26:28.0668 3452 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
00:26:28.0684 3452 msdsm - ok
00:26:28.0715 3452 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
00:26:28.0715 3452 Msfs - ok
00:26:28.0731 3452 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
00:26:28.0746 3452 mshidkmdf - ok
00:26:28.0777 3452 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
00:26:28.0777 3452 msisadrv - ok
00:26:28.0809 3452 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
00:26:28.0809 3452 MSKSSRV - ok
00:26:28.0840 3452 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
00:26:28.0840 3452 MSPCLOCK - ok
00:26:28.0855 3452 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
00:26:28.0855 3452 MSPQM - ok
00:26:28.0887 3452 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
00:26:28.0887 3452 MsRPC - ok
00:26:28.0933 3452 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
00:26:28.0933 3452 mssmbios - ok
00:26:28.0965 3452 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
00:26:28.0965 3452 MSTEE - ok
00:26:28.0996 3452 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
00:26:28.0996 3452 MTConfig - ok
00:26:29.0027 3452 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys
00:26:29.0027 3452 MTsensor - ok
00:26:29.0043 3452 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
00:26:29.0043 3452 Mup - ok
00:26:29.0089 3452 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
00:26:29.0105 3452 NativeWifiP - ok
00:26:29.0167 3452 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
00:26:29.0167 3452 NDIS - ok
00:26:29.0183 3452 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
00:26:29.0183 3452 NdisCap - ok
00:26:29.0214 3452 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
00:26:29.0230 3452 NdisTapi - ok
00:26:29.0245 3452 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
00:26:29.0245 3452 Ndisuio - ok
00:26:29.0277 3452 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
00:26:29.0277 3452 NdisWan - ok
00:26:29.0308 3452 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
00:26:29.0308 3452 NDProxy - ok
00:26:29.0370 3452 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
00:26:29.0370 3452 NetBIOS - ok
00:26:29.0417 3452 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
00:26:29.0433 3452 NetBT - ok
00:26:29.0511 3452 netr28x (b72bb9496a126fcfc7fc5945ded9b411) C:\Windows\system32\DRIVERS\netr28x.sys
00:26:29.0511 3452 netr28x - ok
00:26:29.0557 3452 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
00:26:29.0557 3452 nfrd960 - ok
00:26:29.0573 3452 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
00:26:29.0573 3452 Npfs - ok
00:26:29.0620 3452 NPPTNT2 - ok
00:26:29.0667 3452 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
00:26:29.0667 3452 nsiproxy - ok
00:26:29.0729 3452 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
00:26:29.0729 3452 Ntfs - ok
00:26:29.0760 3452 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
00:26:29.0760 3452 Null - ok
00:26:29.0807 3452 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
00:26:29.0807 3452 nvraid - ok
00:26:29.0823 3452 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
00:26:29.0823 3452 nvstor - ok
00:26:29.0854 3452 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
00:26:29.0854 3452 nv_agp - ok
00:26:29.0916 3452 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
00:26:29.0916 3452 ohci1394 - ok
00:26:29.0963 3452 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
00:26:29.0963 3452 Parport - ok
00:26:29.0979 3452 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
00:26:29.0979 3452 partmgr - ok
00:26:30.0010 3452 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
00:26:30.0010 3452 pci - ok
00:26:30.0057 3452 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
00:26:30.0057 3452 pciide - ok
00:26:30.0088 3452 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
00:26:30.0088 3452 pcmcia - ok
00:26:30.0119 3452 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
00:26:30.0119 3452 pcw - ok
00:26:30.0150 3452 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
00:26:30.0166 3452 PEAUTH - ok
00:26:30.0259 3452 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
00:26:30.0259 3452 PptpMiniport - ok
00:26:30.0291 3452 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
00:26:30.0291 3452 Processor - ok
00:26:30.0322 3452 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
00:26:30.0337 3452 Psched - ok
00:26:30.0369 3452 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
00:26:30.0384 3452 ql2300 - ok
00:26:30.0447 3452 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
00:26:30.0447 3452 ql40xx - ok
00:26:30.0462 3452 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
00:26:30.0462 3452 QWAVEdrv - ok
00:26:30.0478 3452 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
00:26:30.0478 3452 RasAcd - ok
00:26:30.0493 3452 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
00:26:30.0493 3452 RasAgileVpn - ok
00:26:30.0525 3452 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:26:30.0525 3452 Rasl2tp - ok
00:26:30.0603 3452 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
00:26:30.0603 3452 RasPppoe - ok
00:26:30.0618 3452 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
00:26:30.0618 3452 RasSstp - ok
00:26:30.0634 3452 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
00:26:30.0634 3452 rdbss - ok
00:26:30.0649 3452 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
00:26:30.0649 3452 rdpbus - ok
00:26:30.0681 3452 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:26:30.0681 3452 RDPCDD - ok
00:26:30.0727 3452 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
00:26:30.0727 3452 RDPENCDD - ok
00:26:30.0743 3452 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
00:26:30.0743 3452 RDPREFMP - ok
00:26:30.0774 3452 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
00:26:30.0774 3452 RDPWD - ok
00:26:30.0821 3452 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
00:26:30.0821 3452 rdyboost - ok
00:26:30.0883 3452 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
00:26:30.0883 3452 rspndr - ok
00:26:30.0930 3452 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys
00:26:30.0946 3452 RTL8167 - ok
00:26:30.0961 3452 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
00:26:30.0961 3452 sbp2port - ok
00:26:30.0977 3452 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
00:26:30.0977 3452 scfilter - ok
00:26:31.0039 3452 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
00:26:31.0039 3452 secdrv - ok
00:26:31.0071 3452 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
00:26:31.0071 3452 Serenum - ok
00:26:31.0102 3452 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
00:26:31.0102 3452 Serial - ok
00:26:31.0117 3452 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
00:26:31.0117 3452 sermouse - ok
00:26:31.0164 3452 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
00:26:31.0164 3452 sffdisk - ok
00:26:31.0195 3452 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
00:26:31.0195 3452 sffp_mmc - ok
00:26:31.0195 3452 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
00:26:31.0195 3452 sffp_sd - ok
00:26:31.0227 3452 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
00:26:31.0227 3452 sfloppy - ok
00:26:31.0273 3452 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:26:31.0289 3452 SiSRaid2 - ok
00:26:31.0305 3452 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
00:26:31.0305 3452 SiSRaid4 - ok
00:26:31.0320 3452 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
00:26:31.0320 3452 Smb - ok
00:26:31.0367 3452 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
00:26:31.0367 3452 spldr - ok
00:26:31.0414 3452 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
00:26:31.0414 3452 srv - ok
00:26:31.0461 3452 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
00:26:31.0461 3452 srv2 - ok
00:26:31.0476 3452 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
00:26:31.0476 3452 srvnet - ok
00:26:31.0539 3452 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
00:26:31.0539 3452 stexstor - ok
00:26:31.0570 3452 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
00:26:31.0585 3452 swenum - ok
00:26:31.0632 3452 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
00:26:31.0648 3452 Tcpip - ok
00:26:31.0695 3452 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
00:26:31.0710 3452 TCPIP6 - ok
00:26:31.0741 3452 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
00:26:31.0741 3452 tcpipreg - ok
00:26:31.0773 3452 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
00:26:31.0773 3452 TDPIPE - ok
00:26:31.0788 3452 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
00:26:31.0788 3452 TDTCP - ok
00:26:31.0804 3452 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
00:26:31.0804 3452 tdx - ok
00:26:31.0897 3452 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
00:26:31.0897 3452 TermDD - ok
00:26:31.0929 3452 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:26:31.0944 3452 tssecsrv - ok
00:26:31.0960 3452 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
00:26:31.0960 3452 TsUsbFlt - ok
00:26:32.0053 3452 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
00:26:32.0069 3452 tunnel - ok
00:26:32.0085 3452 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
00:26:32.0085 3452 uagp35 - ok
00:26:32.0116 3452 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
00:26:32.0116 3452 udfs - ok
00:26:32.0163 3452 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
00:26:32.0163 3452 uliagpkx - ok
00:26:32.0209 3452 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
00:26:32.0209 3452 umbus - ok
00:26:32.0241 3452 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
00:26:32.0241 3452 UmPass - ok
00:26:32.0287 3452 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
00:26:32.0287 3452 usbaudio - ok
00:26:32.0334 3452 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
00:26:32.0334 3452 usbccgp - ok
00:26:32.0350 3452 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
00:26:32.0350 3452 usbcir - ok
00:26:32.0365 3452 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
00:26:32.0365 3452 usbehci - ok
00:26:32.0412 3452 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
00:26:32.0412 3452 usbhub - ok
00:26:32.0443 3452 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
00:26:32.0443 3452 usbohci - ok
00:26:32.0490 3452 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
00:26:32.0490 3452 usbprint - ok
00:26:32.0506 3452 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:26:32.0506 3452 USBSTOR - ok
00:26:32.0521 3452 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
00:26:32.0521 3452 usbuhci - ok
00:26:32.0568 3452 USB_RNDIS_VISTA (d0fe8cb5f84303e73ff0754437fad3d1) C:\Windows\system32\DRIVERS\usb8023.sys
00:26:32.0568 3452 USB_RNDIS_VISTA - ok
00:26:32.0615 3452 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
00:26:32.0615 3452 vdrvroot - ok
00:26:32.0631 3452 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
00:26:32.0631 3452 vga - ok
00:26:32.0631 3452 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
00:26:32.0646 3452 VgaSave - ok
00:26:32.0662 3452 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
00:26:32.0662 3452 vhdmp - ok
00:26:32.0693 3452 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
00:26:32.0693 3452 viaide - ok
00:26:32.0709 3452 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
00:26:32.0709 3452 volmgr - ok
00:26:32.0755 3452 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
00:26:32.0755 3452 volmgrx - ok
00:26:32.0771 3452 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
00:26:32.0787 3452 volsnap - ok
00:26:32.0818 3452 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
00:26:32.0818 3452 vsmraid - ok
00:26:32.0849 3452 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
00:26:32.0849 3452 vwifibus - ok
00:26:32.0896 3452 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
00:26:32.0896 3452 vwififlt - ok
00:26:32.0911 3452 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
00:26:32.0911 3452 WacomPen - ok
00:26:32.0958 3452 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:26:32.0958 3452 WANARP - ok
00:26:32.0958 3452 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:26:32.0958 3452 Wanarpv6 - ok
00:26:33.0036 3452 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
00:26:33.0036 3452 Wd - ok
00:26:33.0067 3452 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
00:26:33.0067 3452 Wdf01000 - ok
00:26:33.0099 3452 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
00:26:33.0099 3452 WfpLwf - ok
00:26:33.0130 3452 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
00:26:33.0130 3452 WIMMount - ok
00:26:33.0192 3452 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
00:26:33.0192 3452 WinUsb - ok
00:26:33.0208 3452 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
00:26:33.0208 3452 WmiAcpi - ok
00:26:33.0270 3452 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
00:26:33.0270 3452 ws2ifsl - ok
00:26:33.0301 3452 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
00:26:33.0301 3452 WudfPf - ok
00:26:33.0333 3452 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:26:33.0333 3452 WUDFRd - ok
00:26:33.0395 3452 X6va003 - ok
00:26:33.0426 3452 MBR (0x1B8) (4976d4a7a40b83fc7f06ee4bdd84eb9b) \Device\Harddisk0\DR0
00:26:33.0489 3452 \Device\Harddisk0\DR0 - ok
00:26:33.0489 3452 Boot (0x1200) (981a1928fb23fc1e673f913c659cbc75) \Device\Harddisk0\DR0\Partition0
00:26:33.0489 3452 \Device\Harddisk0\DR0\Partition0 - ok
00:26:33.0504 3452 Boot (0x1200) (1b2113e8147b731e8356e034bd1547d9) \Device\Harddisk0\DR0\Partition1
00:26:33.0504 3452 \Device\Harddisk0\DR0\Partition1 - ok
00:26:33.0504 3452 ============================================================
00:26:33.0504 3452 Scan finished
00:26:33.0504 3452 ============================================================
00:26:33.0520 3464 Detected object count: 0
00:26:33.0520 3464 Actual detected object count: 0
00:26:46.0764 2120 Deinitialize success

#11 Larusso

Larusso

    Selecta Jahrusso

  • Experts
  • PipPipPipPipPip
  • 907 posts
  • Gender:Male
  • Location:Austria
  • Interests:Dancehall DJing, Fighting against Babilon, Bodybuilding

Posted 04 February 2012 - 08:10 AM

Go here to run an online scanner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
  • Click Start
  • Wait for the scan to finish
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name.
  • Push the Back button.
  • Push Finish

Please post this logfile in your next reply



Please launch DDS
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop and post both in your next reply



Please post in your next reply
ESET log
dds.txt
attach.txt

regards, Daniel

There will never be peace in a war so I don't understand what they are fighting for

I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif
 


#12 huntibilis

huntibilis

    New Member

  • Members
  • Pip
  • 16 posts

Posted 05 February 2012 - 01:45 AM

Here you go.

C:\ProgramData\Microsoft\Windows\DRM\DABE.tmp Win64/Olmarik.AD trojan
C:\ProgramData\Microsoft\Windows\DRM\DACE.tmp Win64/Olmarik.AD trojan
C:\TDSSKiller_Quarantine\03.02.2012_15.45.51\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\03.02.2012_15.45.51\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan
C:\TDSSKiller_Quarantine\03.02.2012_15.45.51\mbr0000\tdlfs0000\tsk0002.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\03.02.2012_15.45.51\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AC trojan
C:\TDSSKiller_Quarantine\03.02.2012_15.45.51\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\03.02.2012_15.45.51\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.X trojan
C:\Users\All Users\Microsoft\Windows\DRM\DABE.tmp Win64/Olmarik.AD trojan
C:\Users\All Users\Microsoft\Windows\DRM\DACE.tmp Win64/Olmarik.AD trojan


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Admin at 1:40:49 on 2012-02-05
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7055.5275 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Windows\SysWOW64\AsHookDevice.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\LTONHIS\Touch Manager\SKDaemon.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Users\Admin\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Admin\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.cfnews13.com/
uInternet Settings,ProxyOverride = 127.0.0.1:9421
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Akamai NetSession Interface] "C:\Users\Admin\AppData\Local\Akamai\netsession_win.exe"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
mRun: [ASUS VIBE] C:\Program Files (x86)\ASUS\ASUS VIBE\ASUS VIBE.exe /S
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {530F7E80-690F-438E-8A4F-E6CAECB4B6F3} - hxxp://taste.dvrdns.org/CMSPlugin.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6F80BF27-CB16-4589-8C6A-DB422AAB2ED9} - hxxp://taste.dvrdns.org/vcredist_x86.exe
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} - hxxp://www.shockwave.com/content/feedingfrenzy/sis/SproutLauncher.cab
DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} - hxxp://zone.msn.com/bingame/cnma/default/cinematycoon.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.shockwave.com/content/bejeweled2/sis/popcaploader_v10.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{B115E509-5C33-4517-9410-62410AF08CF7} : DhcpNameServer = 65.32.5.111 65.32.5.112
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
mRun-x64: [ASUS VIBE] C:\Program Files (x86)\ASUS\ASUS VIBE\ASUS VIBE.exe /S
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 cpuz133;cpuz133;\??\C:\Windows\system32\drivers\cpuz133_x64.sys --> C:\Windows\system32\drivers\cpuz133_x64.sys [?]
R2 Device Handle Service;Device Handle Service;C:\Windows\SysWOW64\AsHookDevice.exe [2010-4-27 203392]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-2 652360]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-4-15 2280312]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-4-27 2314240]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2009-8-5 704864]
S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USB_RNDIS_VISTA;Westell WireSpeed Dual Connect Modem;C:\Windows\system32\DRIVERS\usb8023.sys --> C:\Windows\system32\DRIVERS\usb8023.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-02-05 06:05:53 -------- d-----w- C:\Program Files (x86)\ESET
2012-02-04 08:37:45 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{90F04104-A7C7-4E7B-86E8-E9B8A5C58A21}\offreg.dll
2012-02-03 21:06:49 -------- d-sh--w- C:\$RECYCLE.BIN
2012-02-03 20:53:02 98816 ----a-w- C:\Windows\sed.exe
2012-02-03 20:53:02 518144 ----a-w- C:\Windows\SWREG.exe
2012-02-03 20:53:02 256000 ----a-w- C:\Windows\PEV.exe
2012-02-03 20:53:02 208896 ----a-w- C:\Windows\MBR.exe
2012-02-03 20:46:12 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-03 18:49:15 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{90F04104-A7C7-4E7B-86E8-E9B8A5C58A21}\mpengine.dll
2012-02-03 05:36:32 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-02 20:14:16 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-02-02 20:14:16 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll
2012-02-02 20:14:15 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-02-02 20:14:15 1572864 ----a-w- C:\Windows\System32\quartz.dll
2012-02-02 20:07:04 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2012-02-02 20:07:04 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-01-30 20:11:38 -------- d-----w- C:\Users\Admin\AppData\Roaming\Unity
2012-01-25 06:09:52 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\DACE.tmp
2012-01-25 06:09:52 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\DABE.tmp
.
==================== Find3M ====================
.
2012-01-27 05:52:58 279656 ------w- C:\Windows\System32\MpSigStub.exe
2011-12-10 20:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-11-19 14:58:00 77312 ----a-w- C:\Windows\System32\packager.dll
2011-11-19 14:01:00 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2011-11-17 06:49:14 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2011-11-17 06:49:14 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2011-11-17 06:44:43 459232 ----a-w- C:\Windows\System32\drivers\cng.sys
2011-11-17 06:35:28 395776 ----a-w- C:\Windows\System32\webio.dll
2011-11-17 06:35:26 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2011-11-17 06:35:26 136192 ----a-w- C:\Windows\System32\sspicli.dll
2011-11-17 06:35:25 340992 ----a-w- C:\Windows\System32\schannel.dll
2011-11-17 06:35:25 28160 ----a-w- C:\Windows\System32\secur32.dll
2011-11-17 06:35:19 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2011-11-17 06:33:55 31232 ----a-w- C:\Windows\System32\lsass.exe
2011-11-17 05:35:02 314880 ----a-w- C:\Windows\SysWow64\webio.dll
2011-11-17 05:34:52 224768 ----a-w- C:\Windows\SysWow64\schannel.dll
2011-11-17 05:34:52 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2011-11-17 05:28:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2011-10-22 11:06:32 68272 ----a-w- C:\Program Files\fraps64.dat
2011-10-22 11:06:32 231600 ----a-w- C:\Program Files\fraps32.dll
2011-10-22 11:06:32 185520 ----a-w- C:\Program Files\fraps64.dll
2011-10-22 11:06:30 2533040 ----a-w- C:\Program Files\fraps.exe
2011-10-22 11:04:34 140288 ----a-w- C:\Program Files\frapslcd.dll
2011-03-08 08:03:37 258352 ----a-w- C:\Program Files\unicows.dll
2011-03-08 08:03:10 372736 ----a-w- C:\Program Files\ijl15.dll
.
============= FINISH: 1:41:04.56 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 9/18/2010 8:10:08 PM
System Uptime: 2/5/2012 12:49:07 AM (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | CM5675
Processor: Intel® Core™ i5 CPU 650 @ 3.20GHz | LGA1156 | 3201/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 373 GiB total, 279.024 GiB free.
D: is FIXED (NTFS) - 545 GiB total, 544.619 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {36fc9e60-c465-11cf-8056-444553540000}
Description: Unknown Device
Device ID: USB\VID_0000&PID_0000\6&3AEBB249&0&4
Manufacturer: (Standard USB Host Controller)
Name: Unknown Device
PNP Device ID: USB\VID_0000&PID_0000\6&3AEBB249&0&4
Service:
.
Class GUID: {36fc9e60-c465-11cf-8056-444553540000}
Description: Unknown Device
Device ID: USB\VID_0000&PID_0000\6&3AEBB249&0&5
Manufacturer: (Standard USB Host Controller)
Name: Unknown Device
PNP Device ID: USB\VID_0000&PID_0000\6&3AEBB249&0&5
Service:
.
==== System Restore Points ===================
.
RP249: 2/2/2012 2:53:13 PM - Restore Operation
RP250: 2/2/2012 3:06:46 PM - Windows Update
RP251: 2/2/2012 11:21:20 PM - Removed Adobe Reader X (10.1.1).
RP252: 2/2/2012 11:22:24 PM - Removed Adobe Reader X (10.1.1).
RP253: 2/3/2012 2:26:52 AM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office Suite Service Pack 2 (SP2)
Acrobat.com
Advertising Center
AI Manager
Akamai NetSession Interface
Akamai NetSession Interface Service
ASUS Backup Wizard
ASUS VIBE
ASUSUpdate
Bandisoft MPEG-1 Decoder
Big Fish Games: Game Manager
Curse Client
EPU-4 Engine
ESET Online Scanner v3
File Uploader
Fraps (remove only)
Google Talk Plugin
ImagXpress
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Components
Internet TV for Windows Media Center
Island Tribe 2
Java Auto Updater
Java™ 6 Update 22
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft .NET Framework 1.1
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel 2007 Help Actualización (KB963678)
Microsoft Office Excel MUI (Dutch) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel MUI (French) 2007
Microsoft Office Excel MUI (German) 2007
Microsoft Office Excel MUI (Spanish) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (Dutch) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office OneNote MUI (French) 2007
Microsoft Office OneNote MUI (German) 2007
Microsoft Office OneNote MUI (Spanish) 2007
Microsoft Office Powerpoint 2007 Help Actualización (KB963669)
Microsoft Office PowerPoint MUI (Dutch) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint MUI (French) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office PowerPoint MUI (Spanish) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (Arabic) 2007
Microsoft Office Proof (Basque) 2007
Microsoft Office Proof (Catalan) 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Galician) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proof (Portuguese (Brazil)) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (Dutch) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (French) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Proofing (Spanish) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (Dutch) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (French) 2007
Microsoft Office Shared MUI (German) 2007
Microsoft Office Shared MUI (Spanish) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word 2007 Help Actualización (KB963665)
Microsoft Office Word MUI (Dutch) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office Word MUI (French) 2007
Microsoft Office Word MUI (German) 2007
Microsoft Office Word MUI (Spanish) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mise à jour Microsoft Office Excel 2007 Help (KB963678)
Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)
Mise à jour Microsoft Office Word 2007 Help (KB963665)
MSVCRT
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser (KB973685)
Nero 9 Essentials
Nero BurnRights
Nero BurnRights Help
Nero ControlCenter
Nero CoverDesigner
Nero CoverDesigner Help
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
NeroExpress
neroxml
Netflix in Windows Media Center
Nikon Transfer
Pando Media Booster
Picture Control Utility
Realtek Ethernet Controller Driver For Windows Vista and Later
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Spelling Dictionaries Support For Adobe Reader 9
TeamViewer 6
Unity Web Player
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update voor Microsoft Office Excel 2007 Help (KB963678)
Update voor Microsoft Office Powerpoint 2007 Help (KB963669)
Update voor Microsoft Office Word 2007 Help (KB963665)
Ventrilo Client
ViewNX
Windows Live Communications Platform
Windows Live Essentials
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Writer
World of Warcraft
Xfire (remove only)
.
==== Event Viewer Messages From Past Week ========
.
2/3/2012 3:58:48 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
2/3/2012 3:58:11 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
2/3/2012 3:52:48 PM, Error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
2/2/2012 3:01:43 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Akamai NetSession Interface service, but this action failed with the following error: An instance of the service is already running.
2/2/2012 1:26:31 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8a0007ff000, 0x0000000000000000, 0xfffff80002ece38e, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 020212-17472-01.
1/30/2012 12:11:06 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8a000ffa000, 0x0000000000000000, 0xfffff80002f2638e, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 013012-15990-01.
.
==== End Of File ===========================

#13 huntibilis

huntibilis

    New Member

  • Members
  • Pip
  • 16 posts

Posted 05 February 2012 - 02:22 AM

So just after I finished posting the logs you asked for the computer freaked out on me. about 20 windows poped up all the same, and then one saying there was a issue with my hard drive that needed to be fixed before I used the computer again. I didnt click any thing forced a shutdown, rebooted and it still did the same thing with everything appearing to be gone/missing from the computer. I rebooted in safemode ran MBAM quick scan and attempted to remove what it found and reboot. It seems it was all quarantined. The windows did not come up this time but everything still seems to be gone! I have a black screen for a desktop and my trashbin/MBAM with all programs in the start menu seeming to be gone. I was only able to open IE using the MBAM online link to get the window to open. So if anyone even if it is not the person who was originaly helping me can do anything please do!

#14 huntibilis

huntibilis

    New Member

  • Members
  • Pip
  • 16 posts

Posted 05 February 2012 - 02:47 AM

I just spoke with with a MBAM admin, and was told I should not have changed/scanned/fixed anything without your say so Daniel. So I just wanted to say im sorry if I messed anything up in advance, I freaked out when that all happened and am not used to having someone to help with issues. I jumped the gun, but am now waiting for your advice.

#15 Larusso

Larusso

    Selecta Jahrusso

  • Experts
  • PipPipPipPipPip
  • 907 posts
  • Gender:Male
  • Location:Austria
  • Interests:Dancehall DJing, Fighting against Babilon, Bodybuilding

Posted 05 February 2012 - 03:36 AM

Hy there,
Sorry to hear that you still have problems

Are you able to run in Normalmode now ?



Please re-run TDSSKiller. This time click on Change Parameters --> Check Detect TDLFS Filesystem and Verify driver digital signatures --> Click Start Scan.
Let it run uninterrupted.
When done, ensure Cure is selected.
If Cure is not an option, choose skip.

Please post the created Logfile in your next reply.


Please also post the MBAM Log from your last run where I can see the deleted detections. Looks like something hides itself from us.

regards, Daniel

There will never be peace in a war so I don't understand what they are fighting for

I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif
 


#16 huntibilis

huntibilis

    New Member

  • Members
  • Pip
  • 16 posts

Posted 05 February 2012 - 07:41 AM

Yes im running in normal mode, but every program on the computer seems to be missing besides MBAM, thank god because that is how i got IE to open using the link from that. here is what i call pull together from the empty shell i seem to be left with.

Malwarebytes Anti-Malware (PRO) 1.60.1.1000
www.malwarebytes.org
Database version: v2012.02.04.02
Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.7601.17514
Admin :: ADMIN-PC [administrator]
Protection: Disabled
2/5/2012 2:06:34 AM
mbam-log-2012-02-05 (02-06-34).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 186482
Time elapsed: 2 minute(s), 1 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|vkAHVCUBeFA.exe (Trojan.FakeAlert) -> Data: C:\ProgramData\vkAHVCUBeFA.exe -> Quarantined and deleted successfully.
Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
C:\ProgramData\vkAHVCUBeFA.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Admin\AppData\Local\Temp\pb8ZG2raInFj03.exe.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
(end)

2012/02/05 01:01:24 -0500 ADMIN-PC Admin MESSAGE Starting protection
2012/02/05 01:01:26 -0500 ADMIN-PC Admin MESSAGE Protection started successfully
2012/02/05 01:01:29 -0500 ADMIN-PC Admin MESSAGE Starting IP protection
2012/02/05 01:01:29 -0500 ADMIN-PC Admin MESSAGE IP Protection started successfully
2012/02/05 01:01:37 -0500 ADMIN-PC Admin IP-BLOCK 194.54.81.86 (Type: outgoing, Port: 49166, Process: teamviewer_service.exe)
2012/02/05 01:01:37 -0500 ADMIN-PC Admin IP-BLOCK 194.54.81.86 (Type: outgoing, Port: 51703, Process: teamviewer_service.exe)
2012/02/05 01:01:37 -0500 ADMIN-PC Admin IP-BLOCK 194.54.81.86 (Type: outgoing, Port: 51708, Process: teamviewer_service.exe)
2012/02/05 01:01:37 -0500 ADMIN-PC Admin IP-BLOCK 194.54.81.86 (Type: outgoing, Port: 51713, Process: teamviewer_service.exe)
2012/02/05 01:01:45 -0500 ADMIN-PC Admin IP-BLOCK 194.54.81.86 (Type: outgoing, Port: 51731, Process: teamviewer_service.exe)
2012/02/05 01:01:45 -0500 ADMIN-PC Admin IP-BLOCK 194.54.81.86 (Type: outgoing, Port: 51749, Process: teamviewer_service.exe)
2012/02/05 01:01:45 -0500 ADMIN-PC Admin IP-BLOCK 194.54.81.86 (Type: outgoing, Port: 51759, Process: teamviewer_service.exe)
2012/02/05 01:01:45 -0500 ADMIN-PC Admin IP-BLOCK 194.54.81.86 (Type: outgoing, Port: 51760, Process: teamviewer_service.exe)
2012/02/05 01:01:45 -0500 ADMIN-PC Admin IP-BLOCK 194.54.81.86 (Type: outgoing, Port: 51761, Process: teamviewer_service.exe)
2012/02/05 01:50:03 -0500 ADMIN-PC Admin DETECTION C:\Users\Admin\AppData\Local\Temp\fylhenx.exe Trojan.FakeAlert ALLOW
2012/02/05 01:53:09 -0500 ADMIN-PC Admin DETECTION C:\ProgramData\vkAHVCUBeFA.exe Trojan.FakeAlert ALLOW
2012/02/05 01:53:28 -0500 ADMIN-PC Admin IP-BLOCK 31.44.184.49 (Type: outgoing, Port: 64145, Process: fylhenx.exe)
2012/02/05 01:53:29 -0500 ADMIN-PC Admin IP-BLOCK 31.44.184.49 (Type: outgoing, Port: 64146, Process: fylhenx.exe)
2012/02/05 02:12:33 -0500 ADMIN-PC Admin MESSAGE Starting protection
2012/02/05 02:12:34 -0500 ADMIN-PC Admin MESSAGE Protection started successfully
2012/02/05 02:12:37 -0500 ADMIN-PC Admin MESSAGE Starting IP protection
2012/02/05 02:12:38 -0500 ADMIN-PC Admin MESSAGE IP Protection started successfully

TDSS also seems to be gone so i went to your link and DL it again, but it wont show up in the start menu or on a search, also i wanted to save it to the desktop, but that didnt show up as a option. I had to choose to open it from the install since i could not find it or save it to the desktop, not sure if thats important.

06:25:56.0863 2892 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
06:25:57.0160 2892 ============================================================
06:25:57.0160 2892 Current date / time: 2012/02/05 06:25:57.0160
06:25:57.0160 2892 SystemInfo:
06:25:57.0160 2892
06:25:57.0160 2892 OS Version: 6.1.7601 ServicePack: 1.0
06:25:57.0160 2892 Product type: Workstation
06:25:57.0160 2892 ComputerName: ADMIN-PC
06:25:57.0160 2892 UserName: Admin
06:25:57.0160 2892 Windows directory: C:\Windows
06:25:57.0160 2892 System windows directory: C:\Windows
06:25:57.0160 2892 Running under WOW64
06:25:57.0160 2892 Processor architecture: Intel x64
06:25:57.0160 2892 Number of processors: 4
06:25:57.0160 2892 Page size: 0x1000
06:25:57.0160 2892 Boot type: Normal boot
06:25:57.0160 2892 ============================================================
06:25:57.0784 2892 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
06:25:57.0784 2892 \Device\Harddisk0\DR0:
06:25:57.0784 2892 MBR used
06:25:57.0784 2892 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1C5E800, BlocksNum 0x2E935000
06:25:57.0784 2892 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x30593800, BlocksNum 0x44172800
06:25:57.0830 2892 Initialize success
06:25:57.0830 2892 ============================================================
07:39:10.0096 1472 ============================================================
07:39:10.0096 1472 Scan started
07:39:10.0096 1472 Mode: Manual; SigCheck; TDLFS;
07:39:10.0096 1472 ============================================================
07:39:10.0393 1472 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
07:39:10.0486 1472 1394ohci - ok
07:39:10.0564 1472 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
07:39:10.0564 1472 ACPI - ok
07:39:10.0627 1472 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
07:39:10.0673 1472 AcpiPmi - ok
07:39:10.0736 1472 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
07:39:10.0751 1472 adp94xx - ok
07:39:10.0798 1472 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
07:39:10.0814 1472 adpahci - ok
07:39:10.0829 1472 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
07:39:10.0829 1472 adpu320 - ok
07:39:10.0876 1472 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
07:39:10.0923 1472 AFD - ok
07:39:10.0985 1472 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
07:39:11.0001 1472 agp440 - ok
07:39:11.0063 1472 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
07:39:11.0063 1472 aliide - ok
07:39:11.0126 1472 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
07:39:11.0141 1472 amdide - ok
07:39:11.0173 1472 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
07:39:11.0204 1472 AmdK8 - ok
07:39:11.0251 1472 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
07:39:11.0282 1472 AmdPPM - ok
07:39:11.0329 1472 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
07:39:11.0329 1472 amdsata - ok
07:39:11.0360 1472 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
07:39:11.0375 1472 amdsbs - ok
07:39:11.0422 1472 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
07:39:11.0422 1472 amdxata - ok
07:39:11.0453 1472 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
07:39:11.0563 1472 AppID - ok
07:39:11.0625 1472 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
07:39:11.0641 1472 arc - ok
07:39:11.0656 1472 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
07:39:11.0656 1472 arcsas - ok
07:39:11.0672 1472 AsIO - ok
07:39:11.0687 1472 AsUpIO - ok
07:39:11.0750 1472 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
07:39:11.0843 1472 AsyncMac - ok
07:39:11.0906 1472 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
07:39:11.0906 1472 atapi - ok
07:39:11.0968 1472 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
07:39:11.0984 1472 b06bdrv - ok
07:39:12.0046 1472 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
07:39:12.0077 1472 b57nd60a - ok
07:39:12.0109 1472 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
07:39:12.0155 1472 Beep - ok
07:39:12.0218 1472 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
07:39:12.0233 1472 blbdrive - ok
07:39:12.0280 1472 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
07:39:12.0311 1472 bowser - ok
07:39:12.0374 1472 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
07:39:12.0421 1472 BrFiltLo - ok
07:39:12.0421 1472 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
07:39:12.0452 1472 BrFiltUp - ok
07:39:12.0530 1472 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
07:39:12.0577 1472 BridgeMP - ok
07:39:12.0608 1472 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
07:39:12.0623 1472 Brserid - ok
07:39:12.0639 1472 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
07:39:12.0670 1472 BrSerWdm - ok
07:39:12.0733 1472 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
07:39:12.0748 1472 BrUsbMdm - ok
07:39:12.0764 1472 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
07:39:12.0795 1472 BrUsbSer - ok
07:39:12.0811 1472 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
07:39:12.0811 1472 BTHMODEM - ok
07:39:12.0842 1472 catchme - ok
07:39:12.0889 1472 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
07:39:12.0935 1472 cdfs - ok
07:39:12.0967 1472 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
07:39:12.0998 1472 cdrom - ok
07:39:13.0076 1472 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
07:39:13.0091 1472 circlass - ok
07:39:13.0123 1472 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
07:39:13.0123 1472 CLFS - ok
07:39:13.0169 1472 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
07:39:13.0201 1472 CmBatt - ok
07:39:13.0263 1472 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
07:39:13.0263 1472 cmdide - ok
07:39:13.0294 1472 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
07:39:13.0310 1472 CNG - ok
07:39:13.0325 1472 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
07:39:13.0341 1472 Compbatt - ok
07:39:13.0419 1472 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
07:39:13.0450 1472 CompositeBus - ok
07:39:13.0528 1472 cpuz133 (95c88d25e211a4d52a82c53e5d93e634) C:\Windows\system32\drivers\cpuz133_x64.sys
07:39:13.0559 1472 cpuz133 - ok
07:39:13.0591 1472 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
07:39:13.0606 1472 crcdisk - ok
07:39:13.0684 1472 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
07:39:13.0715 1472 DfsC - ok
07:39:13.0778 1472 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
07:39:13.0809 1472 discache - ok
07:39:13.0871 1472 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
07:39:13.0871 1472 Disk - ok
07:39:13.0934 1472 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
07:39:13.0949 1472 drmkaud - ok
07:39:13.0981 1472 dump_wmimmc - ok
07:39:14.0027 1472 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
07:39:14.0043 1472 DXGKrnl - ok
07:39:14.0090 1472 EagleX64 - ok
07:39:14.0152 1472 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
07:39:14.0215 1472 ebdrv - ok
07:39:14.0308 1472 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
07:39:14.0324 1472 elxstor - ok
07:39:14.0339 1472 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
07:39:14.0371 1472 ErrDev - ok
07:39:14.0449 1472 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
07:39:14.0480 1472 exfat - ok
07:39:14.0511 1472 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
07:39:14.0558 1472 fastfat - ok
07:39:14.0620 1472 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
07:39:14.0651 1472 fdc - ok
07:39:14.0683 1472 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
07:39:14.0698 1472 FileInfo - ok
07:39:14.0698 1472 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
07:39:14.0745 1472 Filetrace - ok
07:39:14.0807 1472 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
07:39:14.0807 1472 flpydisk - ok
07:39:14.0839 1472 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
07:39:14.0854 1472 FltMgr - ok
07:39:14.0870 1472 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
07:39:14.0870 1472 FsDepends - ok
07:39:14.0901 1472 fssfltr (53dab1791917a72738539ad25c4eed7f) C:\Windows\system32\DRIVERS\fssfltr.sys
07:39:14.0917 1472 fssfltr - ok
07:39:14.0979 1472 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
07:39:14.0979 1472 Fs_Rec - ok
07:39:15.0010 1472 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
07:39:15.0010 1472 fvevol - ok
07:39:15.0041 1472 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
07:39:15.0057 1472 gagp30kx - ok
07:39:15.0073 1472 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
07:39:15.0088 1472 hcw85cir - ok
07:39:15.0197 1472 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
07:39:15.0213 1472 HdAudAddService - ok
07:39:15.0244 1472 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
07:39:15.0260 1472 HDAudBus - ok
07:39:15.0338 1472 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
07:39:15.0338 1472 HECIx64 - ok
07:39:15.0353 1472 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
07:39:15.0353 1472 HidBatt - ok
07:39:15.0369 1472 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
07:39:15.0400 1472 HidBth - ok
07:39:15.0463 1472 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
07:39:15.0478 1472 HidIr - ok
07:39:15.0509 1472 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
07:39:15.0525 1472 HidUsb - ok
07:39:15.0572 1472 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
07:39:15.0587 1472 HpSAMD - ok
07:39:15.0665 1472 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
07:39:15.0712 1472 HTTP - ok
07:39:15.0728 1472 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
07:39:15.0743 1472 hwpolicy - ok
07:39:15.0759 1472 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
07:39:15.0775 1472 i8042prt - ok
07:39:15.0821 1472 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
07:39:15.0837 1472 iaStorV - ok
07:39:16.0024 1472 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
07:39:16.0243 1472 igfx - ok
07:39:16.0305 1472 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
07:39:16.0321 1472 iirsp - ok
07:39:16.0367 1472 IntcAzAudAddService (f04d22d7a49a1b2210dbadf0b803e870) C:\Windows\system32\drivers\RTKVHD64.sys
07:39:16.0399 1472 IntcAzAudAddService - ok
07:39:16.0414 1472 IntcDAud (49072edbc5c2f964917d1b585c90ed0a) C:\Windows\system32\DRIVERS\IntcDAud.sys
07:39:16.0445 1472 IntcDAud - ok
07:39:16.0508 1472 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
07:39:16.0508 1472 intelide - ok
07:39:16.0539 1472 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
07:39:16.0555 1472 intelppm - ok
07:39:16.0586 1472 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:39:16.0633 1472 IpFilterDriver - ok
07:39:16.0695 1472 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
07:39:16.0695 1472 IPMIDRV - ok
07:39:16.0726 1472 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
07:39:16.0757 1472 IPNAT - ok
07:39:16.0773 1472 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
07:39:16.0789 1472 IRENUM - ok
07:39:16.0820 1472 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
07:39:16.0820 1472 isapnp - ok
07:39:16.0882 1472 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
07:39:16.0882 1472 iScsiPrt - ok
07:39:16.0960 1472 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
07:39:16.0976 1472 kbdclass - ok
07:39:17.0054 1472 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
07:39:17.0085 1472 kbdhid - ok
07:39:17.0116 1472 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
07:39:17.0132 1472 KSecDD - ok
07:39:17.0163 1472 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
07:39:17.0179 1472 KSecPkg - ok
07:39:17.0210 1472 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
07:39:17.0257 1472 ksthunk - ok
07:39:17.0319 1472 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
07:39:17.0366 1472 lltdio - ok
07:39:17.0428 1472 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
07:39:17.0428 1472 LSI_FC - ok
07:39:17.0475 1472 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
07:39:17.0475 1472 LSI_SAS - ok
07:39:17.0491 1472 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
07:39:17.0506 1472 LSI_SAS2 - ok
07:39:17.0506 1472 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
07:39:17.0522 1472 LSI_SCSI - ok
07:39:17.0537 1472 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
07:39:17.0584 1472 luafv - ok
07:39:17.0647 1472 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
07:39:17.0647 1472 MBAMProtector - ok
07:39:17.0693 1472 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
07:39:17.0709 1472 megasas - ok
07:39:17.0709 1472 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
07:39:17.0725 1472 MegaSR - ok
07:39:17.0740 1472 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
07:39:17.0771 1472 Modem - ok
07:39:17.0818 1472 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
07:39:17.0849 1472 monitor - ok
07:39:17.0896 1472 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
07:39:17.0912 1472 mouclass - ok
07:39:17.0959 1472 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
07:39:17.0974 1472 mouhid - ok
07:39:18.0037 1472 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
07:39:18.0052 1472 mountmgr - ok
07:39:18.0068 1472 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
[size=4]07:39:18.0068 1472 mpio - ok[/size]
[size="1"][size=4]07:39:18.0115 1472 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys[/size][/size]
[size="1"][size=4]07:39:18.0161 1472 mpsdrv - ok[/size][/size]
[size="1"][size=4]07:39:18.0208 1472 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys[/size][/size]
[size="1"][size=4]07:39:18.0224 1472 MRxDAV - ok[/size][/size]
[size="1"][size=4]07:39:18.0255 1472 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys[/size][/size]
[size="1"][size=4]07:39:18.0286 1472 mrxsmb - ok[/size][/size]
[size="1"][size=4]07:39:18.0333 1472 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys[/size][/size]
[size="1"][size=4]07:39:18.0364 1472 mrxsmb10 - ok[/size][/size]
[size="1"][size=4]07:39:18.0395 1472 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys[/size][/size]
[size="1"][size=4]07:39:18.0411 1472 mrxsmb20 - ok[/size][/size]
[size="1"][size=4]07:39:18.0442 1472 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys[/size][/size]
[size="1"][size=4]07:39:18.0442 1472 msahci - ok[/size][/size]
[size="1"][size=4]07:39:18.0489 1472 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys[/size][/size]
[size="1"][size=4]07:39:18.0505 1472 msdsm - ok[/size][/size]
[size="1"][size=4]07:39:18.0536 1472 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys[/size][/size]
[size="1"][size=4]07:39:18.0567 1472 Msfs - ok[/size][/size]
[size="1"][size=4]07:39:18.0583 1472 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys[/size][/size]
[size="1"][size=4]07:39:18.0629 1472 mshidkmdf - ok[/size][/size]
[size="1"][size=4]07:39:18.0676 1472 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys[/size][/size]
[size="1"][size=4]07:39:18.0692 1472 msisadrv - ok[/size][/size]
[size="1"][size=4]07:39:18.0723 1472 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys[/size][/size]
[size="1"][size=4]07:39:18.0770 1472 MSKSSRV - ok[/size][/size]
[size="1"][size=4]07:39:18.0785 1472 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys[/size][/size]
[size="1"][size=4]07:39:18.0832 1472 MSPCLOCK - ok[/size][/size]
[size="1"][size=4]07:39:18.0832 1472 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys[/size][/size]
[size="1"][size=4]07:39:18.0863 1472 MSPQM - ok[/size][/size]
[size="1"][size=4]07:39:18.0926 1472 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys[/size][/size]
[size="1"][size=4]07:39:18.0926 1472 MsRPC - ok[/size][/size]
[size="1"][size=4]07:39:18.0973 1472 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys[/size][/size]
[size="1"][size=4]07:39:18.0973 1472 mssmbios - ok[/size][/size]
[size="1"][size=4]07:39:19.0004 1472 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys[/size][/size]
[size="1"][size=4]07:39:19.0035 1472 MSTEE - ok[/size][/size]
[size="1"][size=4]07:39:19.0082 1472 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys[/size][/size]
[size="1"][size=4]07:39:19.0113 1472 MTConfig - ok[/size][/size]
[size="1"][size=4]07:39:19.0160 1472 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys[/size][/size]
[size="1"][size=4]07:39:19.0175 1472 MTsensor - ok[/size][/size]
[size="1"][size=4]07:39:19.0191 1472 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys[/size][/size]
[size="1"][size=4]07:39:19.0191 1472 Mup - ok[/size][/size]
[size="1"][size=4]07:39:19.0253 1472 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys[/size][/size]
[size="1"][size=4]07:39:19.0269 1472 NativeWifiP - ok[/size][/size]
[size="1"][size=4]07:39:19.0347 1472 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys[/size][/size]
[size="1"][size=4]07:39:19.0363 1472 NDIS - ok[/size][/size]
[size="1"][size=4]07:39:19.0409 1472 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys[/size][/size]
[size="1"][size=4]07:39:19.0441 1472 NdisCap - ok[/size][/size]
[size="1"][size=4]07:39:19.0472 1472 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys[/size][/size]
[size="1"][size=4]07:39:19.0519 1472 NdisTapi - ok[/size][/size]
[size="1"][size=4]07:39:19.0534 1472 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys[/size][/size]
[size="1"][size=4]07:39:19.0581 1472 Ndisuio - ok[/size][/size]
[size="1"][size=4]07:39:19.0643 1472 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys[/size][/size]
[size="1"][size=4]07:39:19.0675 1472 NdisWan - ok[/size][/size]
[size="1"][size=4]07:39:19.0721 1472 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys[/size][/size]
[size="1"][size=4]07:39:19.0753 1472 NDProxy - ok[/size][/size]
[size="1"][size=4]07:39:19.0846 1472 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys[/size][/size]
[size="1"][size=4]07:39:19.0877 1472 NetBIOS - ok[/size][/size]
[size="1"][size=4]07:39:19.0940 1472 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys[/size][/size]
[size="1"][size=4]07:39:19.0955 1472 NetBT - ok[/size][/size]
[size="1"][size=4]07:39:20.0033 1472 netr28x (b72bb9496a126fcfc7fc5945ded9b411) C:\Windows\system32\DRIVERS\netr28x.sys[/size][/size]
[size="1"][size=4]07:39:20.0049 1472 netr28x - ok[/size][/size]
[size="1"][size=4]07:39:20.0096 1472 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys[/size][/size]
[size="1"][size=4]07:39:20.0096 1472 nfrd960 - ok[/size][/size]
[size="1"][size=4]07:39:20.0143 1472 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys[/size][/size]
[size="1"][size=4]07:39:20.0174 1472 Npfs - ok[/size][/size]
[size="1"][size=4]07:39:20.0236 1472 NPPTNT2 - ok[/size][/size]
[size="1"][size=4]07:39:20.0252 1472 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys[/size][/size]
[size="1"][size=4]07:39:20.0299 1472 nsiproxy - ok[/size][/size]
[size="1"][size=4]07:39:20.0361 1472 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys[/size][/size]
[size="1"][size=4]07:39:20.0392 1472 Ntfs - ok[/size][/size]
[size="1"][size=4]07:39:20.0408 1472 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys[/size][/size]
[size="1"][size=4]07:39:20.0455 1472 Null - ok[/size][/size]
[size="1"][size=4]07:39:20.0501 1472 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys[/size][/size]
[size="1"][size=4]07:39:20.0517 1472 nvraid - ok[/size][/size]
[size="1"][size=4]07:39:20.0548 1472 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys[/size][/size]
[size="1"][size=4]07:39:20.0548 1472 nvstor - ok[/size][/size]
[size="1"][size=4]07:39:20.0579 1472 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys[/size][/size]
[size="1"][size=4]07:39:20.0579 1472 nv_agp - ok[/size][/size]
[size="1"][size=4]07:39:20.0611 1472 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys[/size][/size]
[size="1"][size=4]07:39:20.0642 1472 ohci1394 - ok[/size][/size]
[size="1"][size=4]07:39:20.0735 1472 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys[/size][/size]
[size="1"][size=4]07:39:20.0751 1472 Parport - ok[/size][/size]
[size="1"][size=4]07:39:20.0782 1472 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys[/size][/size]
[size="1"][size=4]07:39:20.0798 1472 partmgr - ok[/size][/size]
[size="1"][size=4]07:39:20.0813 1472 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys[/size][/size]
[size="1"][size=4]07:39:20.0829 1472 pci - ok[/size][/size]
[size="1"][size=4]07:39:20.0860 1472 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys[/size][/size]
[size="1"][size=4]07:39:20.0876 1472 pciide - ok[/size][/size]
[size="1"][size=4]07:39:20.0891 1472 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys[/size][/size]
[size="1"][size=4]07:39:20.0907 1472 pcmcia - ok[/size][/size]
[size="1"][size=4]07:39:20.0923 1472 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys[/size][/size]
[size="1"][size=4]07:39:20.0923 1472 pcw - ok[/size][/size]
[size="1"][size=4]07:39:20.0938 1472 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys[/size][/size]
[size="1"][size=4]07:39:20.0985 1472 PEAUTH - ok[/size][/size]
[size="1"][size=4]07:39:21.0094 1472 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys[/size][/size]
[size="1"][size=4]07:39:21.0141 1472 PptpMiniport - ok[/size][/size]
[size="1"][size=4]07:39:21.0157 1472 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys[/size][/size]
[size="1"][size=4]07:39:21.0172 1472 Processor - ok[/size][/size]
[size="1"][size=4]07:39:21.0219 1472 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys[/size][/size]
[size="1"][size=4]07:39:21.0266 1472 Psched - ok[/size][/size]
[size="1"][size=4]07:39:21.0359 1472 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys[/size][/size]
[size="1"][size=4]07:39:21.0391 1472 ql2300 - ok[/size][/size]
[size="1"][size=4]07:39:21.0422 1472 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys[/size][/size]
[size="1"][size=4]07:39:21.0422 1472 ql40xx - ok[/size][/size]
[size="1"][size=4]07:39:21.0437 1472 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys[/size][/size]
[size="1"][size=4]07:39:21.0469 1472 QWAVEdrv - ok[/size][/size]
[size="1"][size=4]07:39:21.0531 1472 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys[/size][/size]
[size="1"][size=4]07:39:21.0562 1472 RasAcd - ok[/size][/size]
[size="1"][size=4]07:39:21.0578 1472 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys[/size][/size]
[size="1"][size=4]07:39:21.0625 1472 RasAgileVpn - ok[/size][/size]
[size="1"][size=4]07:39:21.0656 1472 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys[/size][/size]
[size="1"][size=4]07:39:21.0703 1472 Rasl2tp - ok[/size][/size]
[size="1"][size=4]07:39:21.0765 1472 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys[/size][/size]
[size="1"][size=4]07:39:21.0812 1472 RasPppoe - ok[/size][/size]
[size="1"][size=4]07:39:21.0843 1472 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys[/size][/size]
[size="1"][size=4]07:39:21.0890 1472 RasSstp - ok[/size][/size]
[size="1"][size=4]07:39:21.0905 1472 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys[/size][/size]
[size="1"][size=4]07:39:21.0952 1472 rdbss - ok[/size][/size]
[size="1"][size=4]07:39:22.0015 1472 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys[/size][/size]
[size="1"][size=4]07:39:22.0046 1472 rdpbus - ok[/size][/size]
[size="1"][size=4]07:39:22.0077 1472 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys[/size][/size]
[size="1"][size=4]07:39:22.0124 1472 RDPCDD - ok[/size][/size]
[size="1"][size=4]07:39:22.0139 1472 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys[/size][/size]
[size="1"][size=4]07:39:22.0171 1472 RDPENCDD - ok[/size][/size]
[size="1"][size=4]07:39:22.0233 1472 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys[/size][/size]
[size="1"][size=4]07:39:22.0264 1472 RDPREFMP - ok[/size][/size]
[size="1"][size=4]07:39:22.0295 1472 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys[/size][/size]
[size="1"][size=4]07:39:22.0311 1472 RDPWD - ok[/size][/size]
[size="1"][size=4]07:39:22.0358 1472 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys[/size][/size]
[size="1"][size=4]07:39:22.0373 1472 rdyboost - ok[/size][/size]
[size="1"][size=4]07:39:22.0436 1472 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys[/size][/size]
[size="1"][size=4]07:39:22.0467 1472 rspndr - ok[/size][/size]
[size="1"][size=4]07:39:22.0498 1472 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys[/size][/size]
[size="1"][size=4]07:39:22.0498 1472 RTL8167 - ok[/size][/size]
[size="1"][size=4]07:39:22.0529 1472 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys[/size][/size]
[size="1"][size=4]07:39:22.0529 1472 sbp2port - ok[/size][/size]
[size="1"][size=4]07:39:22.0561 1472 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys[/size][/size]
[size="1"][size=4]07:39:22.0592 1472 scfilter - ok[/size][/size]
[size="1"][size=4]07:39:22.0670 1472 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys[/size][/size]
[size="1"][size=4]07:39:22.0701 1472 secdrv - ok[/size][/size]
[size="1"][size=4]07:39:22.0732 1472 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys[/size][/size]
[size="1"][size=4]07:39:22.0763 1472 Serenum - ok[/size][/size]
[size="1"][size=4]07:39:22.0826 1472 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys[/size][/size]
[size="1"][size=4]07:39:22.0857 1472 Serial - ok[/size][/size]
[size="1"][size=4]07:39:22.0888 1472 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys[/size][/size]
[size="1"][size=4]07:39:22.0904 1472 sermouse - ok[/size][/size]
[size="1"][size=4]07:39:22.0935 1472 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys[/size][/size]
[size="1"][size=4]07:39:22.0951 1472 sffdisk - ok[/size][/size]
[size="1"][size=4]07:39:22.0997 1472 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys[/size][/size]
[size="1"][size=4]07:39:23.0029 1472 sffp_mmc - ok[/size][/size]
[size="1"][size=4]07:39:23.0044 1472 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys[/size][/size]
[size="1"][size=4]07:39:23.0060 1472 sffp_sd - ok[/size][/size]
[size="1"][size=4]07:39:23.0075 1472 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys[/size][/size]
[size="1"][size=4]07:39:23.0091 1472 sfloppy - ok[/size][/size]
[size="1"][size=4]07:39:23.0169 1472 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys[/size][/size]
[size="1"][size=4]07:39:23.0169 1472 SiSRaid2 - ok[/size][/size]
[size="1"][size=4]07:39:23.0185 1472 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys[/size][/size]
[size="1"][size=4]07:39:23.0185 1472 SiSRaid4 - ok[/size][/size]
[size="1"][size=4]07:39:23.0231 1472 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys[/size][/size]
[size="1"][size=4]07:39:23.0263 1472 Smb - ok[/size][/size]
[size="1"][size=4]07:39:23.0325 1472 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys[/size][/size]
[size="1"][size=4]07:39:23.0341 1472 spldr - ok[/size][/size]
[size="1"][size=4]07:39:23.0372 1472 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys[/size][/size]
[size="1"][size=4]07:39:23.0403 1472 srv - ok[/size][/size]
[size="1"][size=4]07:39:23.0419 1472 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys[/size][/size]
[size="1"][size=4]07:39:23.0434 1472 srv2 - ok[/size][/size]
[size="1"][size=4]07:39:23.0481 1472 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys[/size][/size]
[size="1"][size=4]07:39:23.0497 1472 srvnet - ok[/size][/size]
[size="1"][size=4]07:39:23.0528 1472 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys[/size][/size]
[size="1"][size=4]07:39:23.0528 1472 stexstor - ok[/size][/size]
[size="1"][size=4]07:39:23.0559 1472 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys[/size][/size]
[size="1"][size=4]07:39:23.0559 1472 swenum - ok[/size][/size]
[size="1"][size=4]07:39:23.0621 1472 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys[/size][/size]
[size="1"][size=4]07:39:23.0653 1472 Tcpip - ok[/size][/size]
[size="1"][size=4]07:39:23.0699 1472 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys[/size][/size]
[size="1"][size=4]07:39:23.0731 1472 TCPIP6 - ok[/size][/size]
[size="1"][size=4]07:39:23.0762 1472 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys[/size][/size]
[size="1"][size=4]07:39:23.0793 1472 tcpipreg - ok[/size][/size]
[size="1"][size=4]07:39:23.0809 1472 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys[/size][/size]
[size="1"][size=4]07:39:23.0840 1472 TDPIPE - ok[/size][/size]
[size="1"][size=4]07:39:23.0855 1472 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys[/size][/size]
[size="1"][size=4]07:39:23.0902 1472 TDTCP - ok[/size][/size]
[size="1"][size=4]07:39:23.0933 1472 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys[/size][/size]
[size="1"][size=4]07:39:23.0965 1472 tdx - ok[/size][/size]
[size="1"][size=4]07:39:24.0058 1472 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys[/size][/size]
[size="1"][size=4]07:39:24.0074 1472 TermDD - ok[/size][/size]
[size="1"][size=4]07:39:24.0089 1472 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys[/size][/size]
[size="1"][size=4]07:39:24.0136 1472 tssecsrv - ok[/size][/size]
[size="1"][size=4]07:39:24.0167 1472 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys[/size][/size]
[size="1"][size=4]07:39:24.0183 1472 TsUsbFlt - ok[/size][/size]
[size="1"][size=4]07:39:24.0261 1472 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys[/size][/size]
[size="1"][size=4]07:39:24.0292 1472 tunnel - ok[/size][/size]
[size="1"][size=4]07:39:24.0323 1472 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys[/size][/size]
[size="1"][size=4]07:39:24.0323 1472 uagp35 - ok[/size][/size]
[size="1"][size=4]07:39:24.0355 1472 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys[/size][/size]
[size="1"][size=4]07:39:24.0386 1472 udfs - ok[/size][/size]
[size="1"][size=4]07:39:24.0448 1472 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys[/size][/size]
[size="1"][size=4]07:39:24.0464 1472 uliagpkx - ok[/size][/size]
[size="1"][size=4]07:39:24.0479 1472 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys[/size][/size]
[size="1"][size=4]07:39:24.0495 1472 umbus - ok[/size][/size]
[size="1"][size=4]07:39:24.0526 1472 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys[/size][/size]
[size="1"][size=4]07:39:24.0557 1472 UmPass - ok[/size][/size]
[size="1"][size=4]07:39:24.0635 1472 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys[/size][/size]
[size="1"][size=4]07:39:24.0651 1472 usbaudio - ok[/size][/size]
[size="1"][size=4]07:39:24.0667 1472 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys[/size][/size]
[size="1"][size=4]07:39:24.0682 1472 usbccgp - ok[/size][/size]
[size="1"][size=4]07:39:24.0713 1472 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys[/size][/size]
[size="1"][size=4]07:39:24.0729 1472 usbcir - ok[/size][/size]
[size="1"][size=4]07:39:24.0791 1472 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys[/size][/size]
[size="1"][size=4]07:39:24.0823 1472 usbehci - ok[/size][/size]
[size="1"][size=4]07:39:24.0854 1472 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys[/size][/size]
[size="1"][size=4]07:39:24.0869 1472 usbhub - ok[/size][/size]
[size="1"][size=4]07:39:24.0947 1472 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys[/size][/size]
[size="1"][size=4]07:39:24.0963 1472 usbohci - ok[/size][/size]
[size="1"][size=4]07:39:24.0979 1472 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys[/size][/size]
[size="1"][size=4]07:39:25.0010 1472 usbprint - ok[/size][/size]
[size="1"][size=4]07:39:25.0025 1472 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS[/size][/size]
[size="1"][size=4]07:39:25.0057 1472 USBSTOR - ok[/size][/size]
[size="1"][size=4]07:39:25.0119 1472 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys[/size][/size]
[size="1"][size=4]07:39:25.0150 1472 usbuhci - ok[/size][/size]
[size="1"][size=4]07:39:25.0166 1472 USB_RNDIS_VISTA (d0fe8cb5f84303e73ff0754437fad3d1) C:\Windows\system32\DRIVERS\usb8023.sys[/size][/size]
[size="1"][size=4]07:39:25.0213 1472 USB_RNDIS_VISTA - ok[/size][/size]
[size="1"][size=4]07:39:25.0244 1472 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys[/size][/size]
[size="1"][size=4]07:39:25.0244 1472 vdrvroot - ok[/size][/size]
[size="1"][size=4]07:39:25.0306 1472 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys[/size][/size]
[size="1"][size=4]07:39:25.0322 1472 vga - ok[/size][/size]
[size="1"][size=4]07:39:25.0337 1472 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys[/size][/size]
[size="1"][size=4]07:39:25.0369 1472 VgaSave - ok[/size][/size]
[size="1"][size=4]07:39:25.0462 1472 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys[/size][/size]
[size="1"][size=4]07:39:25.0462 1472 vhdmp - ok[/size][/size]
[size="1"][size=4]07:39:25.0493 1472 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys[/size][/size]
[size="1"][size=4]07:39:25.0493 1472 viaide - ok[/size][/size]
[size="1"][size=4]07:39:25.0525 1472 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys[/size][/size]
[size="1"][size=4]07:39:25.0525 1472 volmgr - ok[/size][/size]
[size="1"][size=4]07:39:25.0556 1472 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys[/size][/size]
[size="1"][size=4]07:39:25.0571 1472 volmgrx - ok[/size][/size]
[size="1"][size=4]07:39:25.0603 1472 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys[/size][/size]
[size="1"][size=4]07:39:25.0603 1472 volsnap - ok[/size][/size]
[size="1"][size=4]07:39:25.0649 1472 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys[/size][/size]
[size="1"][size=4]07:39:25.0649 1472 vsmraid - ok[/size][/size]
[size="1"][size=4]07:39:25.0681 1472 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys[/size][/size]
[size="1"][size=4]07:39:25.0712 1472 vwifibus - ok[/size][/size]
[size="1"][size=4]07:39:25.0743 1472 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys[/size][/size]
[size="1"][size=4]07:39:25.0774 1472 vwififlt - ok[/size][/size]
[size="1"][size=4]07:39:25.0805 1472 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys[/size][/size]
[size="1"][size=4]07:39:25.0821 1472 WacomPen - ok[/size][/size]
[size="1"][size=4]07:39:25.0883 1472 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys[/size][/size]
[size="1"][size=4]07:39:25.0915 1472 WANARP - ok[/size][/size]
[size="1"][size=4]07:39:25.0915 1472 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys[/size][/size]
[size="1"][size=4]07:39:25.0946 1472 Wanarpv6 - ok[/size][/size]
[size="1"][size=4]07:39:25.0993 1472 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys[/size][/size]
[size="1"][size=4]07:39:25.0993 1472 Wd - ok[/size][/size]
[size="1"][size=4]07:39:26.0024 1472 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys[/size][/size]
[size="1"][size=4]07:39:26.0039 1472 Wdf01000 - ok[/size][/size]
[size="1"][size=4]07:39:26.0086 1472 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys[/size][/size]
[size="1"][size=4]07:39:26.0133 1472 WfpLwf - ok[/size][/size]
[size="1"][size=4]07:39:26.0164 1472 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys[/size][/size]
[size="1"][size=4]07:39:26.0180 1472 WIMMount - ok[/size][/size]
[size="1"][size=4]07:39:26.0227 1472 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys[/size][/size]
[size="1"][size=4]07:39:26.0242 1472 WinUsb - ok[/size][/size]
[size="1"][size=4]07:39:26.0289 1472 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys[/size][/size]
[size="1"][size=4]07:39:26.0305 1472 WmiAcpi - ok[/size][/size]
[size="1"][size=4]07:39:26.0367 1472 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys[/size][/size]
[size="1"][size=4]07:39:26.0398 1472 ws2ifsl - ok[/size][/size]
[size="1"][size=4]07:39:26.0445 1472 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys[/size][/size]
[size="1"][size=4]07:39:26.0476 1472 WudfPf - ok[/size][/size]
[size="1"][size=4]07:39:26.0507 1472 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys[/size][/size]
[size="1"][size=4]07:39:26.0539 1472 WUDFRd - ok[/size][/size]
[size="1"][size=4]07:39:26.0601 1472 X6va003 - ok[/size][/size]
[size="1"][size=4]07:39:26.0632 1472 MBR (0x1B8) (4976d4a7a40b83fc7f06ee4bdd84eb9b) \Device\Harddisk0\DR0[/size][/size]
[size="1"][size=4]07:39:26.0741 1472 \Device\Harddisk0\DR0 ( TDSS File System ) - warning[/size][/size]
[size="1"][size=4]07:39:26.0741 1472 \Device\Harddisk0\DR0 - detected TDSS File System (1)[/size][/size]
[size="1"][size=4]07:39:26.0741 1472 Boot (0x1200) (981a1928fb23fc1e673f913c659cbc75) \Device\Harddisk0\DR0\Partition0[/size][/size]
[size="1"][size=4]07:39:26.0741 1472 \Device\Harddisk0\DR0\Partition0 - ok[/size][/size]
[size="1"][size=4]07:39:26.0773 1472 Boot (0x1200) (1b2113e8147b731e8356e034bd1547d9) \Device\Harddisk0\DR0\Partition1[/size][/size]
[size="1"][size=4]07:39:26.0773 1472 \Device\Harddisk0\DR0\Partition1 - ok[/size][/size]
[size="1"][size=4]07:39:26.0773 1472 ============================================================[/size][/size]
[size="1"][size=4]07:39:26.0773 1472 Scan finished[/size][/size]
[size="1"][size=4]07:39:26.0773 1472 ============================================================[/size][/size]
[size="1"][size=4]07:39:26.0773 3152 Detected object count: 1[/size][/size]
[size="1"][size=4]07:39:26.0773 3152 Actual detected object count: 1[/size][/size]
[size="1"][size=4]07:39:48.0722 3152 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user[/size][/size]
[size="1"][size=4]07:39:48.0722 3152 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip [/size][/size]

#17 Larusso

Larusso

    Selecta Jahrusso

  • Experts
  • PipPipPipPipPip
  • 907 posts
  • Gender:Male
  • Location:Austria
  • Interests:Dancehall DJing, Fighting against Babilon, Bodybuilding

Posted 05 February 2012 - 08:19 AM

Sounds odd but we will fix it.

Please download unhide by grinler.
Double click on the program to start the unhide process.
Once done a window will pop and let you know the tool has completed its job.



Please rerun TDSSK with the changed parameters. This time choose delete.
TDSSKiller will ask to reboot your system.If not, please manually reboot.


After the reboot run Combofix.exe immediately and follow the prompts and post the C:\Combofix.txt in your next reply

regards, Daniel

There will never be peace in a war so I don't understand what they are fighting for

I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif
 


#18 huntibilis

huntibilis

    New Member

  • Members
  • Pip
  • 16 posts

Posted 06 February 2012 - 05:12 AM

The system seems to have regained files but the computer as a whole is still not the same as before. Here is the log you asked for.

ComboFix 12-02-03.02 - Admin 02/06/2012 2:25.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7055.5700 [GMT -5:00]
Running from: c:\users\Admin\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Admin\unhide.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-01-06 to 2012-02-06 )))))))))))))))))))))))))))))))
.
.
2012-02-06 07:30 . 2012-02-06 07:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-05 11:18 . 2012-02-05 11:25 2059312 ----a-w- C:\tdsskiller.exe
2012-02-05 06:05 . 2012-02-05 06:05 -------- d-----w- c:\program files (x86)\ESET
2012-02-04 08:37 . 2012-02-05 09:20 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{90F04104-A7C7-4E7B-86E8-E9B8A5C58A21}\offreg.dll
2012-02-03 20:46 . 2012-02-06 07:19 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-03 18:49 . 2012-01-17 09:39 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{90F04104-A7C7-4E7B-86E8-E9B8A5C58A21}\mpengine.dll
2012-02-03 05:36 . 2012-02-03 05:36 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-02 20:14 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-02-02 20:14 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-02-02 20:14 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-02-02 20:14 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-02-02 20:07 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-02-02 20:07 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-30 20:11 . 2012-01-30 20:11 -------- d-----w- c:\users\Admin\AppData\Roaming\Unity
2012-01-28 00:00 . 2012-01-28 00:00 -------- d-----w- c:\windows\Sun
2012-01-25 06:09 . 2012-01-25 06:09 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\DACE.tmp
2012-01-25 06:09 . 2012-01-25 06:09 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\DABE.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-27 05:52 . 2010-09-19 00:25 279656 ------w- c:\windows\system32\MpSigStub.exe
2011-12-10 20:24 . 2010-09-19 01:01 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-24 04:52 . 2011-12-15 18:16 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-10-22 11:06 . 2011-10-22 11:06 68272 ----a-w- c:\program files\fraps64.dat
2011-10-22 11:06 . 2011-10-22 11:06 231600 ----a-w- c:\program files\fraps32.dll
2011-10-22 11:06 . 2011-10-22 11:06 185520 ----a-w- c:\program files\fraps64.dll
2011-10-22 11:06 . 2011-10-22 11:06 2533040 ----a-w- c:\program files\fraps.exe
2011-10-22 11:04 . 2011-10-22 11:04 140288 ----a-w- c:\program files\frapslcd.dll
2011-03-08 08:03 . 2011-03-08 06:19 258352 ----a-w- c:\program files\unicows.dll
2011-03-08 08:03 . 2011-03-08 06:19 372736 ----a-w- c:\program files\ijl15.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-03_21.00.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-05 18:23 . 2012-02-06 07:22 48856 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-02-06 07:22 35776 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-09-19 00:31 . 2012-02-06 07:22 16508 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3037155534-168446356-2890161075-1001_UserData.bin
- 2010-09-19 02:04 . 2012-02-03 09:26 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-19 02:04 . 2012-02-06 07:24 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-19 02:04 . 2012-02-03 09:26 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-09-19 02:04 . 2012-02-06 07:24 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-06 07:24 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-03 09:26 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-19 00:30 . 2012-02-06 08:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-19 00:30 . 2012-02-03 20:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-19 00:30 . 2012-02-06 08:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-09-19 00:30 . 2012-02-03 20:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-02-04 02:30 . 2012-02-04 02:30 54784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\6c13d7fb161ed4d7da730a70375b07c9\System.Web.DynamicData.Design.ni.dll
+ 2012-02-04 02:22 . 2012-02-04 02:22 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\94787ab3efcc074396a60ff3d83edf78\System.Web.DynamicData.Design.ni.dll
+ 2010-10-13 01:55 . 2012-02-03 21:04 3450 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-02-03 20:59 . 2012-02-03 20:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-06 07:31 . 2012-02-06 07:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-02-03 20:59 . 2012-02-03 20:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-06 07:31 . 2012-02-06 07:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-02-03 20:51 633076 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-02-06 07:35 633076 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-02-06 07:35 110710 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-02-03 20:51 110710 c:\windows\system32\perfc009.dat
- 2009-07-14 05:12 . 2012-01-28 23:33 245760 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:12 . 2012-02-06 07:24 245760 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:01 . 2012-02-03 20:58 308040 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-02-06 07:30 308040 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-02-04 02:30 . 2012-02-04 02:30 187392 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Routing\f715b47c2f0440ea23a71f1076b0af2b\System.Web.Routing.ni.dll
+ 2012-02-04 02:30 . 2012-02-04 02:30 449024 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity\d258f45340e6e538a19a56d1165b750f\System.Web.Entity.ni.dll
+ 2012-02-04 02:30 . 2012-02-04 02:30 398848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity.D#\6f6d11e33e2f3f6bddd4c33809340a48\System.Web.Entity.Design.ni.dll
+ 2012-02-04 02:30 . 2012-02-04 02:30 753664 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\bca38e802e2b45f80f8fbde2b54ce0a2\System.Web.DynamicData.ni.dll
+ 2012-02-04 02:30 . 2012-02-04 02:30 204800 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Abstract#\0e411c30fc2caebb55813b8fa0689d42\System.Web.Abstractions.ni.dll
+ 2012-02-04 02:21 . 2012-02-04 02:21 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\ee9e8808e97e2219b4bea89279c2750d\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2012-02-04 02:21 . 2012-02-04 02:21 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d121b6ec166e2af4c1b3f902bd380298\WindowsLive.Writer.HtmlParser.ni.dll
+ 2012-02-04 02:21 . 2012-02-04 02:21 594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\6208495fcebfbb463e91d7af8c160623\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2012-02-04 02:21 . 2012-02-04 02:21 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\5ae7e69722d9d75f19bb9da14065d60d\WindowsLive.Writer.BlogClient.ni.dll
+ 2012-02-04 02:22 . 2012-02-04 02:22 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\8e576ae7d946a5440bddfdbe06818a8b\System.Web.Routing.ni.dll
+ 2012-02-04 02:22 . 2012-02-04 02:22 860160 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\5bd4f855a0b0386cb4baf093216ad2d3\System.Web.Extensions.Design.ni.dll
+ 2012-02-04 02:22 . 2012-02-04 02:22 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\8d56e2f2a05dbde707d87cb3bdf0dffc\System.Web.Entity.ni.dll
+ 2012-02-04 02:22 . 2012-02-04 02:22 301568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f560658d9ee6d2786cab976e775758d6\System.Web.Entity.Design.ni.dll
+ 2012-02-04 02:22 . 2012-02-04 02:22 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\e94f08faeb08a8ee9d51a3480083bd07\System.Web.DynamicData.ni.dll
+ 2012-02-04 02:22 . 2012-02-04 02:22 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\2dc7ec41005f6e6fe45e0cc0a20a12bc\System.Web.Abstractions.ni.dll
+ 2012-02-04 02:21 . 2012-02-04 02:21 763392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\e6fa2be533d9e540ccafe51980ae0103\System.Data.Entity.Design.ni.dll
+ 2012-02-04 02:30 . 2012-02-04 02:30 1818112 c:\windows\assembly\NativeImages_v2.0.50727_64\System.WorkflowServ#\455567dae39910d806447b77ee657a85\System.WorkflowServices.ni.dll
+ 2012-02-04 02:30 . 2012-02-04 02:30 3336704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Mobile\91ecefc70d74ed44e5139ea2929adbb8\System.Web.Mobile.ni.dll
+ 2012-02-04 02:30 . 2012-02-04 02:30 3044352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\71da5a6d09e12eb94be32935e4a8d5a2\System.Web.Extensions.ni.dll
+ 2012-02-04 02:30 . 2012-02-04 02:30 1155072 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\2bb91a2edcc92d2bb79007e7d2ddc2ae\System.Web.Extensions.Design.ni.dll
+ 2012-02-04 02:30 . 2012-02-04 02:30 2312704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel#\3a6ac85c04453976c0f3a7c6a64ec43a\System.ServiceModel.Web.ni.dll
+ 2012-02-04 02:22 . 2012-02-04 02:22 1444352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityModel\1f90d38a42906a776be313d9720e350d\System.IdentityModel.ni.dll
+ 2012-02-04 02:30 . 2012-02-04 02:30 2805760 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Services\1d2c369d8e2d6f95c99ca90aca273418\System.Data.Services.ni.dll
+ 2012-02-04 02:30 . 2012-02-04 02:30 1080320 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity.#\b7bd7d91dc9abd73f2506bb7a0292373\System.Data.Entity.Design.ni.dll
+ 2012-02-04 02:23 . 2012-02-04 02:23 7970304 c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\53fcf7f34708a9482d3e4059ce29608c\MIGUIControls.ni.dll
+ 2012-02-04 02:29 . 2012-02-04 02:29 2131968 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\486ff8cee09c8c63aa9c60ff4f5feafa\Microsoft.VisualBasic.ni.dll
+ 2012-02-04 02:29 . 2012-02-04 02:29 2176512 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\b68f19bf3f3d545547d2b680eb54a660\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-02-04 02:23 . 2012-02-04 02:23 8979456 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\7e81f50c34dec17b90bfebec5929853a\Microsoft.MediaCenter.UI.ni.dll
+ 2012-02-04 02:22 . 2012-02-04 02:22 1516544 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\65a892a923b49b062bd8fc97254940d3\Microsoft.MediaCenter.ni.dll
+ 2012-02-04 02:23 . 2012-02-04 02:23 1508864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\33fd1381f221898a53253303cb7e5380\Microsoft.MediaCenter.Bml.ni.dll
+ 2012-02-04 02:21 . 2012-02-04 02:21 2002432 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d0f5cda30f56427cc504834d4cb0b8b9\WindowsLive.Writer.CoreServices.ni.dll
+ 2012-02-04 02:21 . 2012-02-04 02:21 6394368 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c85df34f1db849bbe50ecf11d6bf4cad\WindowsLive.Writer.PostEditor.ni.dll
+ 2012-02-04 02:22 . 2012-02-04 02:22 1358336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\a612958eaf641f0ba83b0daae44cb7b1\System.WorkflowServices.ni.dll
+ 2012-02-04 02:22 . 2012-02-04 02:22 2209792 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\d957ec1fb12ff02282a7f73d6318b66b\System.Web.Mobile.ni.dll
+ 2012-02-04 02:22 . 2012-02-04 02:22 2404352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\a90f033a5a062ff29f7df8f9edc1a80c\System.Web.Extensions.ni.dll
+ 2012-02-04 02:22 . 2012-02-04 02:22 1707008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\828e31a37bfd9d432083be6307845630\System.ServiceModel.Web.ni.dll
+ 2012-02-04 02:21 . 2012-02-04 02:21 1083392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c0d9df88f2b37d14cf416281364c5b7f\System.IdentityModel.ni.dll
+ 2012-02-04 02:22 . 2012-02-04 02:22 2029568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\76e676a9b6387aad5544d61a4ac12a78\System.Data.Services.ni.dll
+ 2012-02-04 02:21 . 2012-02-04 02:21 6438912 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\20d18697deb8413c01119531c6b987ad\MIGUIControls.ni.dll
+ 2012-02-04 02:21 . 2012-02-04 02:21 1670144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\dd759df05fad8dc6d3404e8e02b40819\Microsoft.VisualBasic.ni.dll
+ 2012-02-04 02:21 . 2012-02-04 02:21 1681920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\695508ea67706e5f66208cabe5363099\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-02-04 02:21 . 2012-02-04 02:21 1009664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\5662462cfa995c71817791af93686db2\Microsoft.MediaCenter.ni.dll
+ 2012-02-04 02:21 . 2012-02-04 02:21 6499840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\4676e3f99469bd1120f8aed9cf37e4d2\Microsoft.MediaCenter.UI.ni.dll
+ 2012-02-04 02:22 . 2012-02-04 02:22 23913984 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel\4bf05a9a1aebde89033c40b9e51af495\System.ServiceModel.ni.dll
+ 2012-02-04 02:23 . 2012-02-04 02:23 25470976 c:\windows\assembly\NativeImages_v2.0.50727_64\ehshell\897b2e70eb1754bf8c557fadd93faf98\ehshell.ni.dll
+ 2012-02-04 02:21 . 2012-02-04 02:21 17478656 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\7bc7e33d4568a214f226cdb6a161a37a\System.ServiceModel.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Admin\AppData\Local\Akamai\netsession_win.exe" [2011-12-23 3334432]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RunAIShell"="c:\program files (x86)\ASUS\AI Manager\AsShellApplication.exe" [2009-12-23 232064]
"ASUS VIBE"="c:\program files (x86)\ASUS\ASUS VIBE\ASUS VIBE.exe" [2010-03-02 102400]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer6"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 dump_wmimmc;dump_wmimmc;c:\program files\Gpotato\Flyff\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USB_RNDIS_VISTA;Westell WireSpeed Dual Connect Modem;c:\windows\system32\DRIVERS\usb8023.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 X6va003;X6va003;c:\users\Admin\AppData\Local\Temp\003F557.tmp [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x64.sys [x]
S2 Device Handle Service;Device Handle Service;c:\windows\SysWOW64\AsHookDevice.exe [2009-12-23 203392]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-15 2280312]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3037155534-168446356-2890161075-1001Core.job
- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-11 15:19]
.
2012-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3037155534-168446356-2890161075-1001UA.job
- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-11 15:19]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-19 8067616]
"SKDaemon.exe"="c:\program files\LTONHIS\Touch Manager\SKDaemon.exe" [2009-06-16 318464]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.cfnews13.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {530F7E80-690F-438E-8A4F-E6CAECB4B6F3} - hxxp://taste.dvrdns.org/CMSPlugin.cab
DPF: {6F80BF27-CB16-4589-8C6A-DB422AAB2ED9} - hxxp://taste.dvrdns.org/vcredist_x86.exe
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_e286960.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va003]
"ImagePath"="\??\c:\users\Admin\AppData\Local\Temp\003F557.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe
c:\program files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
.
**************************************************************************
.
Completion time: 2012-02-06 03:36:45 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-06 08:36
.
Pre-Run: 299,297,652,736 bytes free
Post-Run: 298,234,806,272 bytes free
.
- - End Of File - - 4960D29A61C677A2378C96FB515C266F

#19 Larusso

Larusso

    Selecta Jahrusso

  • Experts
  • PipPipPipPipPip
  • 907 posts
  • Gender:Male
  • Location:Austria
  • Interests:Dancehall DJing, Fighting against Babilon, Bodybuilding

Posted 06 February 2012 - 08:56 AM

Hy there,

but the computer as a whole is still not the same as before.

Could you give me a little bit more details ?


c:\users\Admin\unhide.exe

Did you save unhide.exe in this path ?

regards, Daniel

There will never be peace in a war so I don't understand what they are fighting for

I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif
 


#20 huntibilis

huntibilis

    New Member

  • Members
  • Pip
  • 16 posts

Posted 06 February 2012 - 09:36 AM

The more i looked, im starting to think its just settings that did not get restored. Everything seems to be there now the computer was just not back to how im used to it being such as my notifactions not being hidden, and full text names on programs that i pin. If there is anything i notice that is not just a simple settings change i will let you know asap.

As far as the unhide.exe, at the time i saved it, the computer was still rather empty (no desktop on my save options) i wanted to save it just to C:\unhide.exe but for some reason i was told i could not do that and the computer suggested the path C:\users\Admin\unhide.exe so i just went with it. Is that a issue?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users