Jump to content


Photo
- - - - -

Trojan Agent - svchost.exe


  • This topic is locked This topic is locked
14 replies to this topic

#1 Sizzle2686

Sizzle2686

    New Member

  • Members
  • Pip
  • 7 posts

Posted 28 February 2012 - 01:36 PM

Hi -

Malware recently found 2 Trojan Agents (both related to svchost.exe) while I was running a scan. It has prompted me to immediately restart for removal. However, after restarting the Trojan Agents are still there. I run AVG and it finds nothing.

I'm luckily able to use the internet and my laptop to what I believe it normal, but it has slowed down the speed of the laptop. Is there any way to remove these? I've attached the necessary files.

Attached Files



#2 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,424 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 28 February 2012 - 06:10 PM

Hello Sizzle2686 and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:
  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

You no longer have AVG, right? It is still in the list of installed applications, but there are still many remnants of it on your system.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#3 Sizzle2686

Sizzle2686

    New Member

  • Members
  • Pip
  • 7 posts

Posted 28 February 2012 - 10:39 PM

Hi -

Thank you for helping. AVG is still on my system. What I meant was that when I run a scan on AVG it doesn't find the Trojan that Malware has been finding.

Going forward I'll paste any logs into the reply.

Thanks

#4 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,424 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 29 February 2012 - 08:53 AM

Please uninstall it and post a new fresh DDS log files.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#5 Sizzle2686

Sizzle2686

    New Member

  • Members
  • Pip
  • 7 posts

Posted 29 February 2012 - 02:25 PM

AVG is finally uninstalled. New logs below.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Sarah Sizzle at 14:19:35 on 2012-02-29
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2378 [GMT -5:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Users\Sarah Sizzle\AppData\Local\Akamai\netsession_win.exe
C:\Windows\System32\StikyNot.exe
C:\Users\Sarah Sizzle\AppData\Local\Akamai\netsession_win.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
-netsvcs
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10w_ActiveX.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [Akamai NetSession Interface] "C:\Users\Sarah Sizzle\AppData\Local\Akamai\netsession_win.exe"
uRun: [Google Update] "C:\Users\Sarah Sizzle\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Reader Library Launcher] C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxps://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{CCDF0562-D131-49B9-B916-7B20657165A7} : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{CCDF0562-D131-49B9-B916-7B20657165A7}\25F657475627131313630383 : DhcpNameServer = 68.87.75.198 68.87.64.150
TCP: Interfaces\{CCDF0562-D131-49B9-B916-7B20657165A7}\35168716E45647 : DhcpNameServer = 141.161.200.201 141.161.100.201
TCP: Interfaces\{CCDF0562-D131-49B9-B916-7B20657165A7}\7455F575966496F53556475707 : DhcpNameServer = 141.161.200.201 141.161.100.201
TCP: Interfaces\{CCDF0562-D131-49B9-B916-7B20657165A7}\7457563747E45647 : DhcpNameServer = 141.161.200.201 141.161.100.201
TCP: Interfaces\{CCDF0562-D131-49B9-B916-7B20657165A7}\C45736B697 : DhcpNameServer = 75.75.76.76 75.75.75.75
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Reader Library Launcher] C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe [2011-5-14 514232]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
S4 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S4 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
S4 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-17 682040]
S4 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
S4 hpCMSrv;HP Connection Manager 4 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-9-13 1098296]
S4 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-9-1 227896]
S4 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-7-11 26680]
S4 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-12-30 13336]
S4 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-12-30 2372096]
S4 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-1-31 158856]
S4 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-12-30 2320920]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-02-29 19:10:20 -------- d-----w- C:\Users\Sarah Sizzle\AppData\Roaming\AVG2012
2012-02-29 16:23:51 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C04894C9-7949-4FCE-8A3C-735345B15928}\mpengine.dll
2012-02-28 18:05:13 20480 ----a-w- C:\Windows\svchost.exe
2012-02-28 17:43:35 -------- d-----w- C:\Program Files (x86)\HP
2012-02-20 01:07:10 -------- d-----w- C:\Users\Sarah Sizzle\AppData\Local\ID Vault
2012-02-20 01:04:39 -------- d-----w- C:\Users\Sarah Sizzle\AppData\Roaming\ID Vault
2012-02-20 01:04:12 -------- d-----w- C:\ProgramData\GID
2012-02-20 01:04:11 -------- d-----w- C:\Program Files (x86)\SFT
2012-02-20 01:03:58 -------- d-----w- C:\Program Files (x86)\Constant Guard Protection Suite
2012-02-20 01:03:26 -------- d-----w- C:\ProgramData\White Sky, Inc
2012-02-18 19:46:14 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-02-18 19:46:14 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-02-18 19:46:13 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-02-18 19:46:13 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-02-18 19:46:12 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-02-18 19:46:11 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-02-18 19:46:07 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-02-18 19:46:07 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2012-02-07 19:18:08 -------- d-----w- C:\Users\Sarah Sizzle\AppData\Local\{CE9CAC3C-CF4E-4D9C-962F-182CC6233439}
2012-02-07 19:17:58 -------- d-----w- C:\Users\Sarah Sizzle\AppData\Local\{F541CBBB-EC44-41BC-A388-1E1C4134AA6A}
2012-02-03 21:44:06 -------- d-----w- C:\Users\Sarah Sizzle\AppData\Local\Research In Motion
2012-02-03 21:44:04 -------- d-----w- C:\Users\Sarah Sizzle\AppData\Roaming\Research In Motion
2012-02-03 21:42:56 44032 ----a-w- C:\Windows\System32\drivers\RimSerial_AMD64.sys
2012-02-03 21:42:33 -------- d-----w- C:\ProgramData\Research In Motion
2012-02-03 21:42:18 -------- d-----w- C:\Program Files (x86)\Research In Motion
2012-02-03 21:42:18 -------- d-----w- C:\Program Files (x86)\Common Files\Research In Motion
2012-02-02 21:51:57 -------- d-----w- C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
.
==================== Find3M ====================
.
2012-02-26 02:48:50 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-01-29 10:10:42 279656 ------w- C:\Windows\System32\MpSigStub.exe
2011-12-14 07:11:03 2308096 ----a-w- C:\Windows\System32\jscript9.dll
2011-12-14 07:04:30 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-12-14 07:03:38 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-12-14 06:57:28 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-12-14 03:04:54 1798656 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-12-10 20:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 14:22:20.50 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 8/14/2011 6:39:18 PM
System Uptime: 2/29/2012 2:14:19 PM (0 hours ago)
.
Motherboard: Hewlett-Packard | | 166A
Processor: Intel® Core™ i3 CPU M 370 @ 2.40GHz | CPU | 2399/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 582 GiB total, 528.681 GiB free.
D: is FIXED (NTFS) - 14 GiB total, 1.551 GiB free.
E: is CDROM ()
F: is FIXED (FAT32) - 0 GiB total, 0.083 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP112: 2/18/2012 9:34:24 PM - Windows Update
RP113: 2/19/2012 8:25:26 PM - Windows Backup
RP114: 2/25/2012 9:47:55 PM - Installed Java™ 6 Update 31
RP115: 2/26/2012 10:11:04 PM - Removed Adobe Acrobat X Pro - English, Français, Deutsch.
RP116: 2/28/2012 12:43:02 PM - Installed HP Product Detection
RP117: 2/29/2012 11:21:21 AM - Removed AVG 2012
RP118: 2/29/2012 11:23:00 AM - Removed AVG 2012
RP119: 2/29/2012 11:23:29 AM - Windows Update
RP120: 2/29/2012 12:03:18 PM - avast! Free Antivirus Setup
RP121: 2/29/2012 2:16:46 PM - avast! Free Antivirus Setup
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.1.2) MUI
Adobe Shockwave Player 11.5
Agatha Christie - Peril at End House
AIM 7
Akamai NetSession Interface
Apple Application Support
Apple Software Update
avast! Free Antivirus
Bejeweled 2 Deluxe
Bejeweled 3
BlackBerry Desktop Software 6.1
Blackhawk Striker 2
Blasterball 3
Blio
Bounce Symphony
Build-a-lot 2
Cake Mania
Chuzzle Deluxe
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Diner Dash 2 Restaurant Rescue
Dora's World Adventure
Download Updater (AOL LLC)
Energy Star Digital Logo
ESU for Microsoft Windows 7 SP1
Evernote v. 4.2.2
Farm Frenzy
FATE - The Traitor Soul
Google Chrome
Hewlett-Packard ACLM.NET v1.1.2.0
HP Connection Manager
HP Customer Experience Enhancements
HP Documentation
HP Games
HP MovieStore
HP On Screen Display
HP Power Manager
HP Product Detection
HP Quick Launch
HP Setup
HP Setup Manager
HP Software Framework
HP Support Assistant
IDT Audio
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
Java Auto Updater
Java™ 6 Update 31
Junk Mail filter update
Mah Jong Medley
Malwarebytes Anti-Malware version 1.60.1.1000
Mesh Runtime
Microsoft Office 2010
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WSE 3.0 Runtime
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery P.I. - Stolen in San Francisco
Namco All-Stars PAC-MAN
Penguins!
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
PrimoPDF -- brought to you by Nitro PDF Software
QuickTime
Ralink RT5390 802.11b/g/n WiFi Adapter
Reader Library by Sony
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
Recovery Manager
RoxioNow Player
Secure Download Manager
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
Skype™ 5.8
Slingo Supreme
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
Update Installer for WildTangent Games App
VC80CRTRedist - 8.0.50727.6195
Virtual Villagers 4 - The Tree of Life
Visual Studio 2008 x64 Redistributables
Wheel of Fortune 2
WildTangent Games App (HP Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
2/28/2012 12:23:25 PM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/28/2012 12:13:30 PM, Error: Service Control Manager [7034] - The HP Auto service terminated unexpectedly. It has done this 1 time(s).
2/26/2012 2:05:34 PM, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/26/2012 2:05:34 PM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/26/2012 2:05:34 PM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/26/2012 2:05:34 PM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/26/2012 2:05:34 PM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
2/26/2012 2:05:34 PM, Error: Service Control Manager [7031] - The HomeGroup Listener service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/26/2012 2:05:34 PM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/26/2012 2:05:34 PM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/24/2012 7:05:09 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc000001d, 0xfffff8800121b519, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: .
2/24/2012 7:05:08 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1005] - Unable to produce a minidump file from the full dump file.
.
==== End Of File ===========================

#6 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,424 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 03 March 2012 - 07:49 AM

Step 1

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Step 2

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.


In your next post, please include:

  • TDSSKiller log
  • ComboFix log

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#7 Sizzle2686

Sizzle2686

    New Member

  • Members
  • Pip
  • 7 posts

Posted 03 March 2012 - 12:33 PM

I ran both programs and the logs are pasted below.

12:31:20.0355 1528 TDSS rootkit removing tool 2.7.18.0 Mar 2 2012 09:40:07
12:31:20.0652 1528 ============================================================
12:31:20.0652 1528 Current date / time: 2012/03/03 12:31:20.0652
12:31:20.0652 1528 SystemInfo:
12:31:20.0652 1528
12:31:20.0652 1528 OS Version: 6.1.7601 ServicePack: 1.0
12:31:20.0652 1528 Product type: Workstation
12:31:20.0652 1528 ComputerName: SARAHSIZZLE-HP
12:31:20.0652 1528 UserName: Sarah Sizzle
12:31:20.0652 1528 Windows directory: C:\Windows
12:31:20.0652 1528 System windows directory: C:\Windows
12:31:20.0652 1528 Running under WOW64
12:31:20.0652 1528 Processor architecture: Intel x64
12:31:20.0652 1528 Number of processors: 4
12:31:20.0652 1528 Page size: 0x1000
12:31:20.0652 1528 Boot type: Normal boot
12:31:20.0652 1528 ============================================================
12:31:21.0556 1528 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:31:21.0556 1528 \Device\Harddisk0\DR0:
12:31:21.0556 1528 MBR used
12:31:21.0556 1528 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
12:31:21.0556 1528 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x48BF9800
12:31:21.0556 1528 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x48C5D800, BlocksNum 0x1BC6800
12:31:21.0556 1528 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x4A824000, BlocksNum 0x33AB0
12:31:21.0681 1528 Initialize success
12:31:21.0681 1528 ============================================================

ComboFix 12-03-02.01 - Sarah Sizzle 03/03/2012 12:09:30.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2746 [GMT -5:00]
Running from: c:\users\Sarah Sizzle\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-03 to 2012-03-03 )))))))))))))))))))))))))))))))
.
.
2012-03-03 17:16 . 2012-03-03 17:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-03 17:00 . 2012-03-03 17:00 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-03 16:53 . 2012-02-20 06:05 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{833112DE-5159-4D39-A8AE-77D4512EF1B5}\mpengine.dll
2012-02-29 21:47 . 2012-02-29 21:47 -------- d-----w- c:\program files (x86)\Common Files\Telespree
2012-02-29 19:10 . 2012-02-29 19:10 -------- d-----w- c:\users\Sarah Sizzle\AppData\Roaming\AVG2012
2012-02-28 17:43 . 2012-02-28 17:43 -------- d-----w- c:\program files (x86)\HP
2012-02-26 15:26 . 2012-02-26 15:26 -------- d-----w- c:\windows\Sun
2012-02-26 02:49 . 2012-02-26 02:49 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-02-20 01:07 . 2012-02-20 01:07 -------- d-----w- c:\users\Sarah Sizzle\AppData\Local\ID Vault
2012-02-20 01:04 . 2012-02-20 01:04 -------- d-----w- c:\users\Sarah Sizzle\AppData\Roaming\ID Vault
2012-02-20 01:04 . 2012-02-20 01:04 -------- d-----w- c:\programdata\GID
2012-02-20 01:04 . 2012-02-20 01:04 -------- d-----w- c:\program files (x86)\SFT
2012-02-20 01:03 . 2012-02-28 17:29 -------- d-----w- c:\program files (x86)\Constant Guard Protection Suite
2012-02-20 01:03 . 2012-02-20 01:03 -------- d-----w- c:\programdata\White Sky, Inc
2012-02-18 19:46 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-18 19:46 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-18 19:46 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-18 19:46 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-18 19:46 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-18 19:46 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-18 19:46 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-18 19:46 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-14 18:58 . 2012-02-14 18:58 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-02-03 21:44 . 2012-02-03 21:44 -------- d-----w- c:\users\Sarah Sizzle\AppData\Local\Research In Motion
2012-02-03 21:44 . 2012-02-03 21:46 -------- d-----w- c:\users\Sarah Sizzle\AppData\Roaming\Research In Motion
2012-02-03 21:42 . 2011-07-20 19:58 44032 ----a-w- c:\windows\system32\drivers\RimSerial_AMD64.sys
2012-02-03 21:42 . 2012-02-03 21:42 -------- d-----w- c:\programdata\Research In Motion
2012-02-03 21:42 . 2012-02-03 21:42 -------- d-----w- c:\program files (x86)\Common Files\Research In Motion
2012-02-03 21:42 . 2012-02-03 21:42 -------- d-----w- c:\program files (x86)\Research In Motion
2012-02-02 21:51 . 2012-02-02 21:51 -------- d-----w- c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-26 02:48 . 2011-05-14 20:42 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-01-29 10:10 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2011-12-30 08:38 . 2011-12-30 08:38 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-12-30 08:38 . 2011-12-30 08:38 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-12-30 08:38 . 2011-12-30 08:38 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-12-30 08:38 . 2011-12-30 08:38 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-12-30 08:38 . 2011-12-30 08:38 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-12-30 08:38 . 2011-12-30 08:38 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-12-30 08:38 . 2011-12-30 08:38 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-12-30 08:38 . 2011-12-30 08:38 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-12-30 08:38 . 2011-12-30 08:38 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-12-30 08:38 . 2011-12-30 08:38 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-12-30 08:38 . 2011-12-30 08:38 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-12-30 08:38 . 2011-12-30 08:38 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-12-30 08:38 . 2011-12-30 08:38 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-12-30 08:38 . 2011-12-30 08:38 448512 ----a-w- c:\windows\system32\html.iec
2011-12-30 08:38 . 2011-12-30 08:38 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-12-30 08:38 . 2011-12-30 08:38 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-12-30 08:38 . 2011-12-30 08:38 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-12-30 08:38 . 2011-12-30 08:38 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-30 08:38 . 2011-12-30 08:38 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-12-30 08:38 . 2011-12-30 08:38 222208 ----a-w- c:\windows\system32\msls31.dll
2011-12-30 08:38 . 2011-12-30 08:38 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-12-30 08:38 . 2011-12-30 08:38 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-12-30 08:38 . 2011-12-30 08:38 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-12-30 08:38 . 2011-12-30 08:38 160256 ----a-w- c:\windows\system32\wextract.exe
2011-12-30 08:38 . 2011-12-30 08:38 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-12-30 08:38 . 2011-12-30 08:38 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-12-30 08:38 . 2011-12-30 08:38 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-12-30 08:38 . 2011-12-30 08:38 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-12-30 08:38 . 2011-12-30 08:38 12288 ----a-w- c:\windows\system32\mshta.exe
2011-12-30 08:38 . 2011-12-30 08:38 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-12-30 08:38 . 2011-12-30 08:38 114176 ----a-w- c:\windows\system32\admparse.dll
2011-12-30 08:38 . 2011-12-30 08:38 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-12-30 08:38 . 2011-12-30 08:38 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-12-30 08:38 . 2011-12-30 08:38 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-12-10 20:24 . 2011-12-05 03:21 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
R3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R4 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R4 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040]
R4 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
R4 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-07-11 26680]
R4 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336]
R4 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-02-18 2372096]
R4 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856]
R4 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-07-23 2320920]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 aswSnx;aswSnx; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3972041120-1517518076-1995607898-1001Core.job
- c:\users\Sarah Sizzle\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-29 19:48]
.
2012-03-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3972041120-1517518076-1995607898-1001UA.job
- c:\users\Sarah Sizzle\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-29 19:48]
.
2012-03-02 c:\windows\Tasks\HPCeeScheduleForSarah Sizzle.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2012-02-03 c:\windows\Tasks\HPCeeScheduleForSARAHSIZZLE-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\ezSharedSvcHost.exe
.
**************************************************************************
.
Completion time: 2012-03-03 12:24:57 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-03 17:24
.
Pre-Run: 571,734,020,096 bytes free
Post-Run: 573,583,298,560 bytes free
.
- - End Of File - - 8F2823C8F86158D8F9964E4579BFE2EC


#8 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,424 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 04 March 2012 - 11:07 AM

Your TDSSKiller log is cut. Please copy/paste the entire content from C:\TDSSKiller.txt
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#9 Sizzle2686

Sizzle2686

    New Member

  • Members
  • Pip
  • 7 posts

Posted 04 March 2012 - 11:31 AM

I see two logs - here they are.

11:56:12.0935 4464 TDSS rootkit removing tool 2.7.18.0 Mar 2 2012 09:40:07
11:56:13.0284 4464 ============================================================
11:56:13.0284 4464 Current date / time: 2012/03/03 11:56:13.0284
11:56:13.0284 4464 SystemInfo:
11:56:13.0284 4464
11:56:13.0284 4464 OS Version: 6.1.7601 ServicePack: 1.0
11:56:13.0284 4464 Product type: Workstation
11:56:13.0285 4464 ComputerName: SARAHSIZZLE-HP
11:56:13.0285 4464 UserName: Sarah Sizzle
11:56:13.0285 4464 Windows directory: C:\Windows
11:56:13.0285 4464 System windows directory: C:\Windows
11:56:13.0285 4464 Running under WOW64
11:56:13.0285 4464 Processor architecture: Intel x64
11:56:13.0285 4464 Number of processors: 4
11:56:13.0285 4464 Page size: 0x1000
11:56:13.0285 4464 Boot type: Normal boot
11:56:13.0285 4464 ============================================================
11:56:13.0770 4464 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:56:13.0777 4464 \Device\Harddisk0\DR0:
11:56:13.0777 4464 MBR used
11:56:13.0777 4464 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
11:56:13.0777 4464 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x48BF9800
11:56:13.0777 4464 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x48C5D800, BlocksNum 0x1BC6800
11:56:13.0777 4464 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x4A824000, BlocksNum 0x33AB0
11:56:13.0968 4464 Initialize success
11:56:13.0968 4464 ============================================================
11:56:33.0334 3336 ============================================================
11:56:33.0334 3336 Scan started
11:56:33.0334 3336 Mode: Manual; SigCheck; TDLFS;
11:56:33.0334 3336 ============================================================
11:56:43.0507 3336 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
11:56:43.0674 3336 1394ohci - ok
11:56:43.0912 3336 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
11:56:43.0935 3336 ACPI - ok
11:56:44.0228 3336 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
11:56:44.0344 3336 AcpiPmi - ok
11:56:44.0830 3336 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
11:56:44.0864 3336 adp94xx - ok
11:56:45.0223 3336 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
11:56:45.0259 3336 adpahci - ok
11:56:45.0493 3336 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
11:56:45.0509 3336 adpu320 - ok
11:56:45.0871 3336 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
11:56:46.0025 3336 AFD - ok
11:56:46.0504 3336 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
11:56:46.0515 3336 agp440 - ok
11:56:46.0849 3336 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
11:56:46.0864 3336 aliide - ok
11:56:47.0348 3336 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
11:56:47.0365 3336 amdide - ok
11:56:47.0962 3336 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
11:56:48.0068 3336 AmdK8 - ok
11:56:48.0318 3336 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
11:56:48.0355 3336 AmdPPM - ok
11:56:48.0651 3336 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
11:56:48.0679 3336 amdsata - ok
11:56:49.0004 3336 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
11:56:49.0028 3336 amdsbs - ok
11:56:49.0143 3336 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
11:56:49.0154 3336 amdxata - ok
11:56:49.0555 3336 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
11:56:49.0663 3336 AppID - ok
11:56:50.0016 3336 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
11:56:50.0045 3336 arc - ok
11:56:50.0622 3336 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
11:56:50.0650 3336 arcsas - ok
11:56:50.0984 3336 aswMonFlt (b38061cdefb71361e0c7547ac60527e8) C:\Windows\system32\drivers\aswMonFlt.sys
11:56:51.0007 3336 aswMonFlt - ok
11:56:51.0718 3336 aswSnx (2b15499f68fad60ce69264a327e9b0f0) C:\Windows\system32\drivers\aswSnx.sys
11:56:51.0738 3336 aswSnx - ok
11:56:51.0897 3336 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:56:52.0035 3336 AsyncMac - ok
11:56:52.0270 3336 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
11:56:52.0287 3336 atapi - ok
11:56:52.0864 3336 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
11:56:52.0941 3336 b06bdrv - ok
11:56:53.0286 3336 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:56:53.0375 3336 b57nd60a - ok
11:56:53.0830 3336 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
11:56:53.0940 3336 BCM43XX - ok
11:56:54.0353 3336 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:56:54.0432 3336 Beep - ok
11:56:54.0908 3336 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
11:56:54.0950 3336 blbdrive - ok
11:56:55.0541 3336 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
11:56:55.0672 3336 bowser - ok
11:56:56.0097 3336 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
11:56:56.0166 3336 BrFiltLo - ok
11:56:56.0587 3336 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
11:56:56.0622 3336 BrFiltUp - ok
11:56:57.0010 3336 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:56:57.0144 3336 Brserid - ok
11:56:57.0453 3336 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:56:57.0501 3336 BrSerWdm - ok
11:56:57.0893 3336 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:56:58.0005 3336 BrUsbMdm - ok
11:56:58.0401 3336 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:56:58.0446 3336 BrUsbSer - ok
11:56:58.0840 3336 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
11:56:58.0890 3336 BTHMODEM - ok
11:56:59.0394 3336 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:56:59.0464 3336 cdfs - ok
11:56:59.0763 3336 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
11:56:59.0794 3336 cdrom - ok
11:57:00.0231 3336 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
11:57:00.0268 3336 circlass - ok
11:57:00.0475 3336 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:57:00.0510 3336 CLFS - ok
11:57:00.0803 3336 clwvd - ok
11:57:01.0251 3336 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
11:57:01.0303 3336 CmBatt - ok
11:57:01.0665 3336 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
11:57:01.0676 3336 cmdide - ok
11:57:01.0881 3336 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
11:57:01.0905 3336 CNG - ok
11:57:02.0091 3336 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
11:57:02.0103 3336 Compbatt - ok
11:57:02.0195 3336 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
11:57:02.0236 3336 CompositeBus - ok
11:57:02.0484 3336 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
11:57:02.0512 3336 crcdisk - ok
11:57:02.0693 3336 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
11:57:02.0762 3336 DfsC - ok
11:57:02.0978 3336 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:57:03.0054 3336 discache - ok
11:57:03.0366 3336 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
11:57:03.0412 3336 Disk - ok
11:57:03.0704 3336 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:57:03.0749 3336 drmkaud - ok
11:57:03.0921 3336 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
11:57:03.0947 3336 DXGKrnl - ok
11:57:04.0429 3336 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
11:57:04.0520 3336 ebdrv - ok
11:57:04.0766 3336 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
11:57:04.0804 3336 elxstor - ok
11:57:05.0011 3336 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
11:57:05.0069 3336 ErrDev - ok
11:57:05.0273 3336 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:57:05.0334 3336 exfat - ok
11:57:05.0748 3336 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:57:05.0873 3336 fastfat - ok
11:57:06.0166 3336 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
11:57:06.0211 3336 fdc - ok
11:57:06.0405 3336 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:57:06.0422 3336 FileInfo - ok
11:57:06.0455 3336 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:57:06.0548 3336 Filetrace - ok
11:57:06.0620 3336 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
11:57:06.0640 3336 flpydisk - ok
11:57:06.0759 3336 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
11:57:06.0777 3336 FltMgr - ok
11:57:06.0812 3336 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:57:06.0824 3336 FsDepends - ok
11:57:06.0843 3336 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
11:57:06.0854 3336 Fs_Rec - ok
11:57:06.0911 3336 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:57:06.0928 3336 fvevol - ok
11:57:07.0012 3336 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
11:57:07.0024 3336 gagp30kx - ok
11:57:07.0100 3336 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:57:07.0110 3336 GEARAspiWDM - ok
11:57:07.0319 3336 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:57:07.0374 3336 hcw85cir - ok
11:57:07.0741 3336 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
11:57:07.0787 3336 HdAudAddService - ok
11:57:07.0944 3336 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
11:57:08.0008 3336 HDAudBus - ok
11:57:08.0214 3336 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
11:57:08.0222 3336 HECIx64 - ok
11:57:08.0517 3336 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
11:57:08.0610 3336 HidBatt - ok
11:57:08.0836 3336 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
11:57:08.0880 3336 HidBth - ok
11:57:09.0022 3336 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
11:57:09.0066 3336 HidIr - ok
11:57:09.0302 3336 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
11:57:09.0337 3336 HidUsb - ok
11:57:09.0813 3336 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
11:57:09.0833 3336 HpSAMD - ok
11:57:10.0004 3336 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
11:57:10.0076 3336 HTTP - ok
11:57:10.0188 3336 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
11:57:10.0199 3336 hwpolicy - ok
11:57:10.0368 3336 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
11:57:10.0385 3336 i8042prt - ok
11:57:10.0570 3336 iaStor (d469b77687e12fe43e344806740b624d) C:\Windows\system32\DRIVERS\iaStor.sys
11:57:10.0588 3336 iaStor - ok
11:57:10.0900 3336 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
11:57:10.0933 3336 iaStorV - ok
11:57:13.0517 3336 igfx (33faa40b288002c89529dbd14f3ab72c) C:\Windows\system32\DRIVERS\igdkmd64.sys
11:57:14.0040 3336 igfx - ok
11:57:14.0498 3336 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
11:57:14.0535 3336 iirsp - ok
11:57:15.0000 3336 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
11:57:15.0048 3336 Impcd - ok
11:57:15.0507 3336 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
11:57:15.0566 3336 IntcDAud - ok
11:57:16.0030 3336 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
11:57:16.0188 3336 intelide - ok
11:57:16.0511 3336 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:57:16.0583 3336 intelppm - ok
11:57:17.0001 3336 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:57:17.0047 3336 IpFilterDriver - ok
11:57:17.0493 3336 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
11:57:17.0571 3336 IPMIDRV - ok
11:57:17.0835 3336 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:57:17.0935 3336 IPNAT - ok
11:57:18.0213 3336 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:57:18.0240 3336 IRENUM - ok
11:57:18.0502 3336 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
11:57:18.0533 3336 isapnp - ok
11:57:18.0841 3336 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
11:57:18.0868 3336 iScsiPrt - ok
11:57:18.0983 3336 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
11:57:18.0997 3336 kbdclass - ok
11:57:19.0461 3336 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
11:57:19.0514 3336 kbdhid - ok
11:57:19.0747 3336 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
11:57:19.0766 3336 KSecDD - ok
11:57:19.0793 3336 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
11:57:19.0809 3336 KSecPkg - ok
11:57:19.0877 3336 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:57:19.0937 3336 ksthunk - ok
11:57:20.0025 3336 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:57:20.0100 3336 lltdio - ok
11:57:20.0219 3336 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
11:57:20.0239 3336 LSI_FC - ok
11:57:20.0279 3336 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
11:57:20.0300 3336 LSI_SAS - ok
11:57:20.0351 3336 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
11:57:20.0365 3336 LSI_SAS2 - ok
11:57:20.0391 3336 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
11:57:20.0405 3336 LSI_SCSI - ok
11:57:20.0490 3336 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:57:20.0558 3336 luafv - ok
11:57:20.0788 3336 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
11:57:20.0806 3336 megasas - ok
11:57:20.0911 3336 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
11:57:20.0931 3336 MegaSR - ok
11:57:20.0984 3336 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:57:21.0069 3336 Modem - ok
11:57:21.0131 3336 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:57:21.0192 3336 monitor - ok
11:57:21.0244 3336 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
11:57:21.0256 3336 mouclass - ok
11:57:21.0319 3336 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:57:21.0377 3336 mouhid - ok
11:57:21.0430 3336 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
11:57:21.0442 3336 mountmgr - ok
11:57:21.0498 3336 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
11:57:21.0523 3336 mpio - ok
11:57:21.0553 3336 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:57:21.0652 3336 mpsdrv - ok
11:57:21.0678 3336 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
11:57:21.0712 3336 MRxDAV - ok
11:57:21.0733 3336 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:57:21.0812 3336 mrxsmb - ok
11:57:21.0858 3336 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:57:21.0879 3336 mrxsmb10 - ok
11:57:21.0913 3336 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:57:21.0945 3336 mrxsmb20 - ok
11:57:21.0977 3336 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
11:57:21.0992 3336 msahci - ok
11:57:22.0059 3336 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
11:57:22.0089 3336 msdsm - ok
11:57:22.0156 3336 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:57:22.0217 3336 Msfs - ok
11:57:22.0251 3336 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:57:22.0322 3336 mshidkmdf - ok
11:57:22.0483 3336 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
11:57:22.0496 3336 msisadrv - ok
11:57:22.0722 3336 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:57:22.0817 3336 MSKSSRV - ok
11:57:22.0864 3336 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:57:22.0941 3336 MSPCLOCK - ok
11:57:22.0966 3336 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:57:23.0042 3336 MSPQM - ok
11:57:23.0164 3336 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
11:57:23.0185 3336 MsRPC - ok
11:57:23.0250 3336 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
11:57:23.0264 3336 mssmbios - ok
11:57:23.0362 3336 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:57:23.0429 3336 MSTEE - ok
11:57:23.0635 3336 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
11:57:23.0678 3336 MTConfig - ok
11:57:23.0892 3336 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:57:23.0903 3336 Mup - ok
11:57:24.0182 3336 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:57:24.0248 3336 NativeWifiP - ok
11:57:24.0462 3336 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
11:57:24.0496 3336 NDIS - ok
11:57:24.0828 3336 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:57:24.0913 3336 NdisCap - ok
11:57:25.0181 3336 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:57:25.0268 3336 NdisTapi - ok
11:57:25.0612 3336 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
11:57:25.0674 3336 Ndisuio - ok
11:57:25.0974 3336 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
11:57:26.0099 3336 NdisWan - ok
11:57:26.0626 3336 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
11:57:26.0677 3336 NDProxy - ok
11:57:27.0028 3336 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:57:27.0130 3336 NetBIOS - ok
11:57:27.0573 3336 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
11:57:27.0624 3336 NetBT - ok
11:57:28.0562 3336 netr28x (a98071e3e1e5e503462cc9e0ded91a36) C:\Windows\system32\DRIVERS\netr28x.sys
11:57:28.0811 3336 netr28x - ok
11:57:29.0045 3336 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
11:57:29.0067 3336 nfrd960 - ok
11:57:29.0373 3336 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:57:29.0441 3336 Npfs - ok
11:57:29.0624 3336 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:57:29.0693 3336 nsiproxy - ok
11:57:30.0612 3336 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
11:57:30.0716 3336 Ntfs - ok
11:57:31.0130 3336 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:57:31.0204 3336 Null - ok
11:57:31.0529 3336 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
11:57:31.0578 3336 NVENETFD - ok
11:57:32.0258 3336 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
11:57:32.0286 3336 nvraid - ok
11:57:32.0663 3336 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
11:57:32.0731 3336 nvstor - ok
11:57:33.0043 3336 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
11:57:33.0095 3336 nv_agp - ok
11:57:33.0299 3336 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
11:57:33.0323 3336 ohci1394 - ok
11:57:33.0545 3336 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
11:57:33.0566 3336 Parport - ok
11:57:33.0795 3336 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
11:57:33.0823 3336 partmgr - ok
11:57:34.0137 3336 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
11:57:34.0153 3336 pci - ok
11:57:34.0329 3336 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
11:57:34.0378 3336 pciide - ok
11:57:34.0620 3336 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
11:57:34.0640 3336 pcmcia - ok
11:57:34.0831 3336 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:57:34.0846 3336 pcw - ok
11:57:35.0340 3336 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:57:35.0436 3336 PEAUTH - ok
11:57:35.0736 3336 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
11:57:35.0800 3336 PptpMiniport - ok
11:57:36.0188 3336 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
11:57:36.0239 3336 Processor - ok
11:57:36.0464 3336 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
11:57:36.0617 3336 Psched - ok
11:57:37.0158 3336 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
11:57:37.0225 3336 ql2300 - ok
11:57:37.0565 3336 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
11:57:37.0591 3336 ql40xx - ok
11:57:38.0090 3336 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:57:38.0211 3336 QWAVEdrv - ok
11:57:38.0502 3336 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:57:38.0611 3336 RasAcd - ok
11:57:38.0763 3336 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:57:38.0834 3336 RasAgileVpn - ok
11:57:38.0873 3336 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:57:39.0006 3336 Rasl2tp - ok
11:57:39.0054 3336 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:57:39.0204 3336 RasPppoe - ok
11:57:39.0247 3336 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:57:39.0358 3336 RasSstp - ok
11:57:39.0462 3336 rcmirror (96597c96d5acf4a3ef0b24d396853879) C:\Windows\system32\DRIVERS\rcmirror.sys
11:57:39.0521 3336 rcmirror - ok
11:57:39.0569 3336 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
11:57:39.0669 3336 rdbss - ok
11:57:39.0966 3336 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
11:57:40.0049 3336 rdpbus - ok
11:57:40.0163 3336 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:57:40.0254 3336 RDPCDD - ok
11:57:40.0306 3336 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:57:40.0408 3336 RDPENCDD - ok
11:57:40.0480 3336 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:57:40.0539 3336 RDPREFMP - ok
11:57:40.0571 3336 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
11:57:40.0637 3336 RDPWD - ok
11:57:40.0689 3336 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
11:57:40.0708 3336 rdyboost - ok
11:57:40.0780 3336 RimUsb (ad42432d22940b4215177be113e4919c) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
11:57:40.0849 3336 RimUsb - ok
11:57:40.0939 3336 RimVSerPort (4aafffa67ac4dfa3d9985d78573887e2) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
11:57:40.0982 3336 RimVSerPort - ok
11:57:41.0065 3336 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
11:57:41.0145 3336 ROOTMODEM - ok
11:57:41.0461 3336 RSPCIESTOR (546d7f426776090b90ef5f195b6ae662) C:\Windows\system32\DRIVERS\RtsPStor.sys
11:57:41.0487 3336 RSPCIESTOR - ok
11:57:41.0561 3336 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:57:41.0655 3336 rspndr - ok
11:57:41.0799 3336 RTL8167 (9140db0911de035fed0a9a77a2d156ea) C:\Windows\system32\DRIVERS\Rt64win7.sys
11:57:41.0817 3336 RTL8167 - ok
11:57:42.0162 3336 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
11:57:42.0183 3336 sbp2port - ok
11:57:42.0470 3336 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
11:57:42.0531 3336 scfilter - ok
11:57:42.0771 3336 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
11:57:42.0819 3336 sdbus - ok
11:57:42.0873 3336 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:57:42.0981 3336 secdrv - ok
11:57:43.0112 3336 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
11:57:43.0151 3336 Serenum - ok
11:57:43.0197 3336 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
11:57:43.0253 3336 Serial - ok
11:57:43.0319 3336 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
11:57:43.0369 3336 sermouse - ok
11:57:43.0435 3336 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
11:57:43.0467 3336 sffdisk - ok
11:57:43.0527 3336 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:57:43.0565 3336 sffp_mmc - ok
11:57:43.0589 3336 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
11:57:43.0650 3336 sffp_sd - ok
11:57:43.0718 3336 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
11:57:43.0759 3336 sfloppy - ok
11:57:43.0826 3336 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
11:57:43.0843 3336 SiSRaid2 - ok
11:57:43.0879 3336 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
11:57:43.0890 3336 SiSRaid4 - ok
11:57:44.0003 3336 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:57:44.0081 3336 Smb - ok
11:57:44.0424 3336 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:57:44.0434 3336 spldr - ok
11:57:44.0615 3336 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
11:57:44.0672 3336 srv - ok
11:57:44.0949 3336 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
11:57:44.0999 3336 srv2 - ok
11:57:45.0408 3336 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
11:57:45.0428 3336 SrvHsfHDA - ok
11:57:45.0823 3336 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
11:57:45.0901 3336 SrvHsfV92 - ok
11:57:46.0391 3336 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
11:57:46.0422 3336 SrvHsfWinac - ok
11:57:46.0828 3336 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
11:57:46.0899 3336 srvnet - ok
11:57:47.0246 3336 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
11:57:47.0266 3336 stexstor - ok
11:57:47.0714 3336 STHDA (ebc1a5e076a9be314d3d9e8ed19abb0a) C:\Windows\system32\DRIVERS\stwrt64.sys
11:57:47.0788 3336 STHDA - ok
11:57:48.0094 3336 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
11:57:48.0104 3336 swenum - ok
11:57:48.0421 3336 SynTP (c447977ed2a4ae9346fe3a0579a34d7c) C:\Windows\system32\DRIVERS\SynTP.sys
11:57:48.0458 3336 SynTP - ok
11:57:48.0924 3336 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
11:57:49.0002 3336 Tcpip - ok
11:57:49.0405 3336 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
11:57:49.0453 3336 TCPIP6 - ok
11:57:49.0706 3336 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
11:57:49.0799 3336 tcpipreg - ok
11:57:50.0245 3336 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:57:50.0423 3336 TDPIPE - ok
11:57:50.0677 3336 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
11:57:50.0760 3336 TDTCP - ok
11:57:50.0928 3336 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
11:57:50.0986 3336 tdx - ok
11:57:51.0352 3336 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
11:57:51.0364 3336 TermDD - ok
11:57:51.0575 3336 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:57:51.0660 3336 tssecsrv - ok
11:57:51.0782 3336 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
11:57:51.0946 3336 TsUsbFlt - ok
11:57:52.0089 3336 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
11:57:52.0121 3336 TsUsbGD - ok
11:57:52.0383 3336 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
11:57:52.0461 3336 tunnel - ok
11:57:52.0678 3336 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
11:57:52.0699 3336 uagp35 - ok
11:57:52.0925 3336 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
11:57:53.0024 3336 udfs - ok
11:57:53.0297 3336 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
11:57:53.0324 3336 uliagpkx - ok
11:57:53.0581 3336 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
11:57:53.0629 3336 umbus - ok
11:57:53.0886 3336 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
11:57:53.0934 3336 UmPass - ok
11:57:54.0157 3336 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
11:57:54.0209 3336 USBAAPL64 - ok
11:57:54.0491 3336 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
11:57:54.0553 3336 usbccgp - ok
11:57:54.0723 3336 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
11:57:54.0762 3336 usbcir - ok
11:57:54.0905 3336 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
11:57:54.0940 3336 usbehci - ok
11:57:55.0108 3336 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
11:57:55.0147 3336 usbhub - ok
11:57:55.0470 3336 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
11:57:55.0516 3336 usbohci - ok
11:57:55.0829 3336 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:57:55.0924 3336 usbprint - ok
11:57:56.0208 3336 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
11:57:56.0270 3336 usbscan - ok
11:57:56.0555 3336 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:57:56.0625 3336 USBSTOR - ok
11:57:56.0923 3336 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
11:57:56.0967 3336 usbuhci - ok
11:57:57.0371 3336 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
11:57:57.0422 3336 usbvideo - ok
11:57:57.0718 3336 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
11:57:57.0734 3336 vdrvroot - ok
11:57:58.0072 3336 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:57:58.0092 3336 vga - ok
11:57:58.0289 3336 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:57:58.0374 3336 VgaSave - ok
11:57:58.0779 3336 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
11:57:58.0809 3336 vhdmp - ok
11:57:59.0155 3336 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
11:57:59.0178 3336 viaide - ok
11:57:59.0523 3336 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
11:57:59.0550 3336 volmgr - ok
11:57:59.0985 3336 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
11:58:00.0012 3336 volmgrx - ok
11:58:00.0509 3336 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
11:58:00.0543 3336 volsnap - ok
11:58:01.0094 3336 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
11:58:01.0119 3336 vsmraid - ok
11:58:01.0276 3336 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
11:58:01.0769 3336 vwifibus - ok
11:58:02.0079 3336 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
11:58:02.0240 3336 vwififlt - ok
11:58:02.0412 3336 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
11:58:02.0519 3336 WacomPen - ok
11:58:02.0638 3336 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:58:02.0743 3336 WANARP - ok
11:58:02.0804 3336 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:58:02.0851 3336 Wanarpv6 - ok
11:58:03.0189 3336 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
11:58:03.0210 3336 Wd - ok
11:58:03.0668 3336 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:58:03.0722 3336 Wdf01000 - ok
11:58:04.0197 3336 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:58:04.0257 3336 WfpLwf - ok
11:58:04.0510 3336 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:58:04.0538 3336 WIMMount - ok
11:58:04.0729 3336 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
11:58:04.0804 3336 WinUsb - ok
11:58:04.0906 3336 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
11:58:04.0933 3336 WmiAcpi - ok
11:58:05.0006 3336 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:58:05.0054 3336 ws2ifsl - ok
11:58:05.0088 3336 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
11:58:05.0163 3336 WudfPf - ok
11:58:05.0199 3336 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:58:05.0262 3336 WUDFRd - ok
11:58:05.0342 3336 MBR (0x1B8) (c0dcf0ac171db02db8b0014c5d767cf1) \Device\Harddisk0\DR0
11:58:05.0374 3336 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
11:58:05.0374 3336 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
11:58:06.0208 3336 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
11:58:06.0209 3336 \Device\Harddisk0\DR0 - detected TDSS File System (1)
11:58:06.0239 3336 Boot (0x1200) (54210647adf02a0077bc75ded00f20f6) \Device\Harddisk0\DR0\Partition0
11:58:06.0286 3336 \Device\Harddisk0\DR0\Partition0 - ok
11:58:06.0319 3336 Boot (0x1200) (93efbfab3221d70da6d144773cdf6145) \Device\Harddisk0\DR0\Partition1
11:58:06.0352 3336 \Device\Harddisk0\DR0\Partition1 - ok
11:58:06.0404 3336 Boot (0x1200) (e786f36715408bd1dbf015733bdd020d) \Device\Harddisk0\DR0\Partition2
11:58:06.0446 3336 \Device\Harddisk0\DR0\Partition2 - ok
11:58:06.0490 3336 Boot (0x1200) (73a43bb82e2c9f247a5d4d9b1a5b5446) \Device\Harddisk0\DR0\Partition3
11:58:06.0516 3336 \Device\Harddisk0\DR0\Partition3 - ok
11:58:06.0517 3336 ============================================================
11:58:06.0517 3336 Scan finished
11:58:06.0517 3336 ============================================================
11:58:06.0536 4684 Detected object count: 2
11:58:06.0536 4684 Actual detected object count: 2
11:58:20.0966 4684 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - skipped by user
11:58:20.0966 4684 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Skip
11:58:20.0969 4684 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
11:58:20.0969 4684 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
11:59:10.0085 2604 ============================================================
11:59:10.0085 2604 Scan started
11:59:10.0085 2604 Mode: Manual; SigCheck; TDLFS;
11:59:10.0085 2604 ============================================================
11:59:15.0787 2604 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
11:59:15.0823 2604 1394ohci - ok
11:59:16.0723 2604 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
11:59:16.0740 2604 ACPI - ok
11:59:17.0128 2604 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
11:59:17.0149 2604 AcpiPmi - ok
11:59:17.0729 2604 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
11:59:17.0747 2604 adp94xx - ok
11:59:18.0411 2604 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
11:59:18.0427 2604 adpahci - ok
11:59:18.0825 2604 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
11:59:18.0843 2604 adpu320 - ok
11:59:19.0509 2604 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
11:59:19.0531 2604 AFD - ok
11:59:20.0324 2604 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
11:59:20.0342 2604 agp440 - ok
11:59:20.0868 2604 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
11:59:20.0882 2604 aliide - ok
11:59:21.0511 2604 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
11:59:21.0521 2604 amdide - ok
11:59:21.0704 2604 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
11:59:21.0719 2604 AmdK8 - ok
11:59:21.0894 2604 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
11:59:21.0916 2604 AmdPPM - ok
11:59:22.0360 2604 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
11:59:22.0373 2604 amdsata - ok
11:59:22.0469 2604 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
11:59:22.0482 2604 amdsbs - ok
11:59:22.0575 2604 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
11:59:22.0585 2604 amdxata - ok
11:59:22.0677 2604 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
11:59:22.0727 2604 AppID - ok
11:59:22.0771 2604 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
11:59:22.0788 2604 arc - ok
11:59:22.0856 2604 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
11:59:22.0872 2604 arcsas - ok
11:59:22.0908 2604 aswMonFlt (b38061cdefb71361e0c7547ac60527e8) C:\Windows\system32\drivers\aswMonFlt.sys
11:59:22.0923 2604 aswMonFlt - ok
11:59:22.0966 2604 aswSnx (2b15499f68fad60ce69264a327e9b0f0) C:\Windows\system32\drivers\aswSnx.sys
11:59:22.0988 2604 aswSnx - ok
11:59:23.0031 2604 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:59:23.0098 2604 AsyncMac - ok
11:59:23.0151 2604 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
11:59:23.0169 2604 atapi - ok
11:59:23.0222 2604 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
11:59:23.0245 2604 b06bdrv - ok
11:59:23.0273 2604 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:59:23.0300 2604 b57nd60a - ok
11:59:23.0601 2604 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
11:59:23.0642 2604 BCM43XX - ok
11:59:23.0814 2604 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:59:23.0874 2604 Beep - ok
11:59:24.0070 2604 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
11:59:24.0087 2604 blbdrive - ok
11:59:24.0192 2604 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
11:59:24.0208 2604 bowser - ok
11:59:24.0360 2604 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
11:59:24.0382 2604 BrFiltLo - ok
11:59:24.0528 2604 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
11:59:24.0546 2604 BrFiltUp - ok
11:59:24.0662 2604 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:59:24.0685 2604 Brserid - ok
11:59:24.0906 2604 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:59:24.0927 2604 BrSerWdm - ok
11:59:24.0980 2604 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:59:25.0000 2604 BrUsbMdm - ok
11:59:25.0021 2604 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:59:25.0040 2604 BrUsbSer - ok
11:59:25.0254 2604 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
11:59:25.0285 2604 BTHMODEM - ok
11:59:25.0394 2604 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:59:25.0447 2604 cdfs - ok
11:59:25.0685 2604 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
11:59:25.0700 2604 cdrom - ok
11:59:25.0842 2604 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
11:59:25.0881 2604 circlass - ok
11:59:26.0131 2604 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:59:26.0153 2604 CLFS - ok
11:59:26.0381 2604 clwvd - ok
11:59:26.0673 2604 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
11:59:26.0691 2604 CmBatt - ok
11:59:26.0933 2604 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
11:59:26.0949 2604 cmdide - ok
11:59:27.0215 2604 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
11:59:27.0245 2604 CNG - ok
11:59:27.0503 2604 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
11:59:27.0514 2604 Compbatt - ok
11:59:27.0951 2604 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
11:59:27.0967 2604 CompositeBus - ok
11:59:28.0240 2604 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
11:59:28.0250 2604 crcdisk - ok
11:59:28.0527 2604 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
11:59:28.0579 2604 DfsC - ok
11:59:28.0845 2604 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:59:28.0896 2604 discache - ok
11:59:29.0277 2604 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
11:59:29.0287 2604 Disk - ok
11:59:29.0578 2604 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:59:29.0598 2604 drmkaud - ok
11:59:30.0097 2604 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
11:59:30.0124 2604 DXGKrnl - ok
11:59:30.0984 2604 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
11:59:31.0034 2604 ebdrv - ok
11:59:31.0387 2604 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
11:59:31.0412 2604 elxstor - ok
11:59:31.0698 2604 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
11:59:31.0720 2604 ErrDev - ok
11:59:31.0949 2604 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:59:32.0001 2604 exfat - ok
11:59:32.0457 2604 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:59:32.0521 2604 fastfat - ok
11:59:32.0631 2604 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
11:59:32.0648 2604 fdc - ok
11:59:32.0748 2604 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:59:32.0759 2604 FileInfo - ok
11:59:32.0787 2604 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:59:32.0841 2604 Filetrace - ok
11:59:33.0075 2604 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
11:59:33.0099 2604 flpydisk - ok
11:59:33.0424 2604 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
11:59:33.0440 2604 FltMgr - ok
11:59:33.0721 2604 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:59:33.0733 2604 FsDepends - ok
11:59:34.0063 2604 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
11:59:34.0073 2604 Fs_Rec - ok
11:59:34.0498 2604 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:59:34.0519 2604 fvevol - ok
11:59:34.0787 2604 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
11:59:34.0805 2604 gagp30kx - ok
11:59:35.0120 2604 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:59:35.0129 2604 GEARAspiWDM - ok
11:59:35.0405 2604 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:59:35.0419 2604 hcw85cir - ok
11:59:35.0838 2604 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
11:59:35.0862 2604 HdAudAddService - ok
11:59:36.0828 2604 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
11:59:36.0857 2604 HDAudBus - ok
11:59:37.0065 2604 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
11:59:37.0075 2604 HECIx64 - ok
11:59:37.0157 2604 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
11:59:37.0171 2604 HidBatt - ok
11:59:37.0210 2604 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
11:59:37.0230 2604 HidBth - ok
11:59:37.0264 2604 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
11:59:37.0296 2604 HidIr - ok
11:59:37.0334 2604 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
11:59:37.0364 2604 HidUsb - ok
11:59:37.0454 2604 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
11:59:37.0472 2604 HpSAMD - ok
11:59:37.0511 2604 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
11:59:37.0586 2604 HTTP - ok
11:59:37.0630 2604 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
11:59:37.0645 2604 hwpolicy - ok
11:59:37.0667 2604 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
11:59:37.0698 2604 i8042prt - ok
11:59:37.0747 2604 iaStor (d469b77687e12fe43e344806740b624d) C:\Windows\system32\DRIVERS\iaStor.sys
11:59:37.0772 2604 iaStor - ok
11:59:37.0819 2604 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
11:59:37.0854 2604 iaStorV - ok
11:59:38.0117 2604 igfx (33faa40b288002c89529dbd14f3ab72c) C:\Windows\system32\DRIVERS\igdkmd64.sys
11:59:38.0400 2604 igfx - ok
11:59:38.0500 2604 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
11:59:38.0515 2604 iirsp - ok
11:59:38.0558 2604 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
11:59:38.0579 2604 Impcd - ok
11:59:38.0622 2604 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
11:59:38.0653 2604 IntcDAud - ok
11:59:38.0691 2604 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
11:59:38.0705 2604 intelide - ok
11:59:38.0739 2604 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:59:38.0783 2604 intelppm - ok
11:59:38.0807 2604 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:59:38.0873 2604 IpFilterDriver - ok
11:59:38.0912 2604 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
11:59:38.0932 2604 IPMIDRV - ok
11:59:38.0941 2604 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:59:39.0011 2604 IPNAT - ok
11:59:39.0033 2604 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:59:39.0088 2604 IRENUM - ok
11:59:39.0113 2604 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
11:59:39.0128 2604 isapnp - ok
11:59:39.0161 2604 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
11:59:39.0184 2604 iScsiPrt - ok
11:59:39.0215 2604 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
11:59:39.0232 2604 kbdclass - ok
11:59:39.0260 2604 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
11:59:39.0282 2604 kbdhid - ok
11:59:39.0314 2604 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
11:59:39.0330 2604 KSecDD - ok
11:59:39.0359 2604 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
11:59:39.0380 2604 KSecPkg - ok
11:59:39.0410 2604 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:59:39.0489 2604 ksthunk - ok
11:59:39.0525 2604 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:59:39.0585 2604 lltdio - ok
11:59:39.0630 2604 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
11:59:39.0646 2604 LSI_FC - ok
11:59:39.0667 2604 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
11:59:39.0683 2604 LSI_SAS - ok
11:59:39.0707 2604 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
11:59:39.0725 2604 LSI_SAS2 - ok
11:59:39.0747 2604 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
11:59:39.0762 2604 LSI_SCSI - ok
11:59:39.0779 2604 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:59:39.0845 2604 luafv - ok
11:59:40.0132 2604 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
11:59:40.0142 2604 megasas - ok
11:59:40.0588 2604 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
11:59:40.0604 2604 MegaSR - ok
11:59:40.0705 2604 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:59:40.0773 2604 Modem - ok
11:59:40.0853 2604 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:59:40.0879 2604 monitor - ok
11:59:40.0967 2604 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
11:59:40.0983 2604 mouclass - ok
11:59:41.0085 2604 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:59:41.0104 2604 mouhid - ok
11:59:41.0229 2604 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
11:59:41.0245 2604 mountmgr - ok
11:59:41.0375 2604 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
11:59:41.0393 2604 mpio - ok
11:59:41.0508 2604 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:59:41.0570 2604 mpsdrv - ok
11:59:41.0611 2604 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
11:59:41.0642 2604 MRxDAV - ok
11:59:41.0687 2604 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:59:41.0705 2604 mrxsmb - ok
11:59:41.0747 2604 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:59:41.0768 2604 mrxsmb10 - ok
11:59:41.0812 2604 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:59:41.0829 2604 mrxsmb20 - ok
11:59:41.0987 2604 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
11:59:42.0001 2604 msahci - ok
11:59:42.0101 2604 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
11:59:42.0116 2604 msdsm - ok
11:59:42.0221 2604 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:59:42.0279 2604 Msfs - ok
11:59:42.0372 2604 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:59:42.0441 2604 mshidkmdf - ok
11:59:42.0470 2604 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
11:59:42.0484 2604 msisadrv - ok
11:59:42.0522 2604 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:59:42.0577 2604 MSKSSRV - ok
11:59:42.0608 2604 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:59:42.0664 2604 MSPCLOCK - ok
11:59:42.0710 2604 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:59:42.0771 2604 MSPQM - ok
11:59:42.0797 2604 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
11:59:42.0818 2604 MsRPC - ok
11:59:42.0872 2604 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
11:59:42.0889 2604 mssmbios - ok
11:59:42.0917 2604 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:59:42.0982 2604 MSTEE - ok
11:59:43.0013 2604 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
11:59:43.0033 2604 MTConfig - ok
11:59:43.0047 2604 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:59:43.0063 2604 Mup - ok
11:59:43.0104 2604 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:59:43.0140 2604 NativeWifiP - ok
11:59:43.0186 2604 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
11:59:43.0222 2604 NDIS - ok
11:59:43.0250 2604 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:59:43.0308 2604 NdisCap - ok
11:59:43.0327 2604 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:59:43.0379 2604 NdisTapi - ok
11:59:43.0393 2604 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
11:59:43.0447 2604 Ndisuio - ok
11:59:43.0465 2604 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
11:59:43.0521 2604 NdisWan - ok
11:59:43.0541 2604 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
11:59:43.0604 2604 NDProxy - ok
11:59:43.0621 2604 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:59:43.0674 2604 NetBIOS - ok
11:59:43.0690 2604 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
11:59:43.0759 2604 NetBT - ok
11:59:43.0975 2604 netr28x (a98071e3e1e5e503462cc9e0ded91a36) C:\Windows\system32\DRIVERS\netr28x.sys
11:59:44.0013 2604 netr28x - ok
11:59:44.0141 2604 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
11:59:44.0152 2604 nfrd960 - ok
11:59:44.0181 2604 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:59:44.0229 2604 Npfs - ok
11:59:44.0265 2604 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:59:44.0324 2604 nsiproxy - ok
11:59:44.0399 2604 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
11:59:44.0447 2604 Ntfs - ok
11:59:44.0541 2604 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:59:44.0599 2604 Null - ok
11:59:44.0625 2604 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
11:59:44.0648 2604 NVENETFD - ok
11:59:44.0669 2604 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
11:59:44.0687 2604 nvraid - ok
11:59:44.0708 2604 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
11:59:44.0723 2604 nvstor - ok
11:59:44.0755 2604 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
11:59:44.0773 2604 nv_agp - ok
11:59:44.0800 2604 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
11:59:44.0820 2604 ohci1394 - ok
11:59:44.0869 2604 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
11:59:44.0885 2604 Parport - ok
11:59:44.0919 2604 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
11:59:44.0933 2604 partmgr - ok
11:59:44.0973 2604 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
11:59:44.0988 2604 pci - ok
11:59:45.0009 2604 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
11:59:45.0022 2604 pciide - ok
11:59:45.0056 2604 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
11:59:45.0076 2604 pcmcia - ok
11:59:45.0090 2604 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:59:45.0105 2604 pcw - ok
11:59:45.0133 2604 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:59:45.0194 2604 PEAUTH - ok
11:59:45.0273 2604 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
11:59:45.0322 2604 PptpMiniport - ok
11:59:45.0349 2604 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
11:59:45.0370 2604 Processor - ok
11:59:45.0403 2604 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
11:59:45.0456 2604 Psched - ok
11:59:45.0509 2604 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
11:59:45.0546 2604 ql2300 - ok
11:59:45.0580 2604 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
11:59:45.0592 2604 ql40xx - ok
11:59:45.0629 2604 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:59:45.0651 2604 QWAVEdrv - ok
11:59:45.0666 2604 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:59:45.0714 2604 RasAcd - ok
11:59:45.0750 2604 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:59:45.0798 2604 RasAgileVpn - ok
11:59:46.0203 2604 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:59:46.0244 2604 Rasl2tp - ok
11:59:46.0351 2604 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:59:46.0396 2604 RasPppoe - ok
11:59:46.0489 2604 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:59:46.0536 2604 RasSstp - ok
11:59:46.0704 2604 rcmirror (96597c96d5acf4a3ef0b24d396853879) C:\Windows\system32\DRIVERS\rcmirror.sys
11:59:46.0716 2604 rcmirror - ok
11:59:46.0765 2604 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
11:59:46.0823 2604 rdbss - ok
11:59:46.0854 2604 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
11:59:46.0875 2604 rdpbus - ok
11:59:46.0894 2604 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:59:46.0943 2604 RDPCDD - ok
11:59:46.0954 2604 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:59:47.0001 2604 RDPENCDD - ok
11:59:47.0024 2604 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:59:47.0071 2604 RDPREFMP - ok
11:59:47.0092 2604 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
11:59:47.0144 2604 RDPWD - ok
11:59:47.0165 2604 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
11:59:47.0183 2604 rdyboost - ok
11:59:47.0234 2604 RimUsb (ad42432d22940b4215177be113e4919c) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
11:59:47.0246 2604 RimUsb - ok
11:59:47.0282 2604 RimVSerPort (4aafffa67ac4dfa3d9985d78573887e2) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
11:59:47.0292 2604 RimVSerPort - ok
11:59:47.0320 2604 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
11:59:47.0368 2604 ROOTMODEM - ok
11:59:47.0416 2604 RSPCIESTOR (546d7f426776090b90ef5f195b6ae662) C:\Windows\system32\DRIVERS\RtsPStor.sys
11:59:47.0430 2604 RSPCIESTOR - ok
11:59:47.0447 2604 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:59:47.0491 2604 rspndr - ok
11:59:47.0531 2604 RTL8167 (9140db0911de035fed0a9a77a2d156ea) C:\Windows\system32\DRIVERS\Rt64win7.sys
11:59:47.0554 2604 RTL8167 - ok
11:59:47.0585 2604 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
11:59:47.0602 2604 sbp2port - ok
11:59:47.0639 2604 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
11:59:47.0686 2604 scfilter - ok
11:59:47.0717 2604 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
11:59:47.0745 2604 sdbus - ok
11:59:47.0774 2604 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:59:47.0835 2604 secdrv - ok
11:59:48.0212 2604 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
11:59:48.0229 2604 Serenum - ok
11:59:48.0865 2604 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
11:59:48.0883 2604 Serial - ok
11:59:48.0975 2604 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
11:59:48.0989 2604 sermouse - ok
11:59:49.0102 2604 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
11:59:49.0123 2604 sffdisk - ok
11:59:49.0217 2604 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:59:49.0237 2604 sffp_mmc - ok
11:59:49.0289 2604 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
11:59:49.0310 2604 sffp_sd - ok
11:59:49.0363 2604 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
11:59:49.0378 2604 sfloppy - ok
11:59:49.0414 2604 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
11:59:49.0425 2604 SiSRaid2 - ok
11:59:49.0470 2604 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
11:59:49.0483 2604 SiSRaid4 - ok
11:59:49.0524 2604 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:59:49.0582 2604 Smb - ok
11:59:49.0637 2604 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:59:49.0648 2604 spldr - ok
11:59:49.0698 2604 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
11:59:49.0718 2604 srv - ok
11:59:49.0764 2604 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
11:59:49.0791 2604 srv2 - ok
11:59:49.0883 2604 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
11:59:49.0910 2604 SrvHsfHDA - ok
11:59:50.0046 2604 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
11:59:50.0084 2604 SrvHsfV92 - ok
11:59:50.0191 2604 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
11:59:50.0244 2604 SrvHsfWinac - ok
11:59:50.0365 2604 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
11:59:50.0416 2604 srvnet - ok
11:59:50.0528 2604 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
11:59:50.0544 2604 stexstor - ok
11:59:50.0597 2604 STHDA (ebc1a5e076a9be314d3d9e8ed19abb0a) C:\Windows\system32\DRIVERS\stwrt64.sys
11:59:50.0626 2604 STHDA - ok
11:59:50.0678 2604 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
11:59:50.0689 2604 swenum - ok
11:59:50.0751 2604 SynTP (c447977ed2a4ae9346fe3a0579a34d7c) C:\Windows\system32\DRIVERS\SynTP.sys
11:59:50.0792 2604 SynTP - ok
11:59:50.0943 2604 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
11:59:50.0999 2604 Tcpip - ok
11:59:51.0131 2604 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
11:59:51.0193 2604 TCPIP6 - ok
11:59:51.0302 2604 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
11:59:51.0370 2604 tcpipreg - ok
11:59:51.0407 2604 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:59:51.0515 2604 TDPIPE - ok
11:59:51.0544 2604 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
11:59:51.0628 2604 TDTCP - ok
11:59:51.0659 2604 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
11:59:51.0743 2604 tdx - ok
11:59:51.0772 2604 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
11:59:51.0786 2604 TermDD - ok
11:59:51.0829 2604 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:59:51.0907 2604 tssecsrv - ok
11:59:51.0925 2604 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
11:59:51.0945 2604 TsUsbFlt - ok
11:59:51.0966 2604 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
11:59:51.0992 2604 TsUsbGD - ok
11:59:52.0016 2604 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
11:59:52.0094 2604 tunnel - ok
11:59:52.0122 2604 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
11:59:52.0140 2604 uagp35 - ok
11:59:52.0213 2604 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
11:59:52.0317 2604 udfs - ok
11:59:52.0374 2604 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
11:59:52.0390 2604 uliagpkx - ok
11:59:52.0416 2604 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
11:59:52.0443 2604 umbus - ok
11:59:52.0465 2604 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
11:59:52.0529 2604 UmPass - ok
11:59:52.0581 2604 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
11:59:52.0626 2604 USBAAPL64 - ok
11:59:52.0659 2604 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
11:59:52.0719 2604 usbccgp - ok
11:59:52.0747 2604 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
11:59:52.0774 2604 usbcir - ok
11:59:52.0797 2604 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
11:59:52.0851 2604 usbehci - ok
11:59:52.0926 2604 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
11:59:52.0961 2604 usbhub - ok
11:59:52.0995 2604 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
11:59:53.0022 2604 usbohci - ok
11:59:53.0054 2604 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:59:53.0092 2604 usbprint - ok
11:59:53.0123 2604 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
11:59:53.0146 2604 usbscan - ok
11:59:53.0181 2604 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:59:53.0202 2604 USBSTOR - ok
11:59:53.0232 2604 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
11:59:53.0270 2604 usbuhci - ok
11:59:53.0310 2604 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
11:59:53.0342 2604 usbvideo - ok
11:59:53.0414 2604 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
11:59:53.0437 2604 vdrvroot - ok
11:59:53.0469 2604 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:59:53.0506 2604 vga - ok
11:59:53.0530 2604 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:59:53.0605 2604 VgaSave - ok
11:59:53.0642 2604 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
11:59:53.0670 2604 vhdmp - ok
11:59:53.0716 2604 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
11:59:53.0734 2604 viaide - ok
11:59:53.0776 2604 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
11:59:53.0796 2604 volmgr - ok
11:59:54.0116 2604 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
11:59:54.0140 2604 volmgrx - ok
11:59:54.0385 2604 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
11:59:54.0427 2604 volsnap - ok
11:59:54.0537 2604 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
11:59:54.0555 2604 vsmraid - ok
11:59:54.0653 2604 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
11:59:54.0691 2604 vwifibus - ok
11:59:54.0790 2604 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
11:59:54.0818 2604 vwififlt - ok
11:59:54.0946 2604 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
11:59:54.0970 2604 WacomPen - ok
11:59:55.0017 2604 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:59:55.0085 2604 WANARP - ok
11:59:55.0091 2604 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:59:55.0193 2604 Wanarpv6 - ok
11:59:55.0246 2604 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
11:59:55.0261 2604 Wd - ok
11:59:55.0314 2604 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:59:55.0347 2604 Wdf01000 - ok
11:59:55.0444 2604 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:59:55.0515 2604 WfpLwf - ok
11:59:55.0557 2604 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:59:55.0572 2604 WIMMount - ok
11:59:55.0633 2604 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
11:59:55.0660 2604 WinUsb - ok
11:59:55.0710 2604 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
11:59:55.0729 2604 WmiAcpi - ok
11:59:55.0766 2604 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:59:55.0843 2604 ws2ifsl - ok
11:59:55.0959 2604 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
11:59:56.0017 2604 WudfPf - ok
11:59:56.0058 2604 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:59:56.0134 2604 WUDFRd - ok
11:59:56.0179 2604 MBR (0x1B8) (c0dcf0ac171db02db8b0014c5d767cf1) \Device\Harddisk0\DR0
11:59:56.0212 2604 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
11:59:56.0212 2604 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
11:59:56.0261 2604 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
11:59:56.0261 2604 \Device\Harddisk0\DR0 - detected TDSS File System (1)
11:59:56.0299 2604 Boot (0x1200) (54210647adf02a0077bc75ded00f20f6) \Device\Harddisk0\DR0\Partition0
11:59:56.0300 2604 \Device\Harddisk0\DR0\Partition0 - ok
11:59:56.0313 2604 Boot (0x1200) (93efbfab3221d70da6d144773cdf6145) \Device\Harddisk0\DR0\Partition1
11:59:56.0314 2604 \Device\Harddisk0\DR0\Partition1 - ok
11:59:56.0343 2604 Boot (0x1200) (e786f36715408bd1dbf015733bdd020d) \Device\Harddisk0\DR0\Partition2
11:59:56.0344 2604 \Device\Harddisk0\DR0\Partition2 - ok
11:59:56.0379 2604 Boot (0x1200) (73a43bb82e2c9f247a5d4d9b1a5b5446) \Device\Harddisk0\DR0\Partition3
11:59:56.0380 2604 \Device\Harddisk0\DR0\Partition3 - ok
11:59:56.0385 2604 ============================================================
11:59:56.0385 2604 Scan finished
11:59:56.0385 2604 ============================================================
11:59:56.0428 4328 Detected object count: 2
11:59:56.0428 4328 Actual detected object count: 2
12:00:13.0996 4328 \Device\Harddisk0\DR0\# - copied to quarantine
12:00:13.0996 4328 \Device\Harddisk0\DR0 - copied to quarantine
12:00:14.0038 4328 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
12:00:14.0041 4328 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
12:00:14.0056 4328 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
12:00:14.0064 4328 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
12:00:14.0066 4328 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
12:00:14.0067 4328 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
12:00:14.0069 4328 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
12:00:14.0073 4328 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
12:00:14.0076 4328 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
12:00:14.0078 4328 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
12:00:14.0104 4328 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
12:00:14.0105 4328 \Device\Harddisk0\DR0 - ok
12:00:14.0423 4328 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
12:00:14.0423 4328 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
12:00:14.0423 4328 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
12:00:29.0397 4828 Deinitialize success


12:31:20.0355 1528 TDSS rootkit removing tool 2.7.18.0 Mar 2 2012 09:40:07
12:31:20.0652 1528 ============================================================
12:31:20.0652 1528 Current date / time: 2012/03/03 12:31:20.0652
12:31:20.0652 1528 SystemInfo:
12:31:20.0652 1528
12:31:20.0652 1528 OS Version: 6.1.7601 ServicePack: 1.0
12:31:20.0652 1528 Product type: Workstation
12:31:20.0652 1528 ComputerName: SARAHSIZZLE-HP
12:31:20.0652 1528 UserName: Sarah Sizzle
12:31:20.0652 1528 Windows directory: C:\Windows
12:31:20.0652 1528 System windows directory: C:\Windows
12:31:20.0652 1528 Running under WOW64
12:31:20.0652 1528 Processor architecture: Intel x64
12:31:20.0652 1528 Number of processors: 4
12:31:20.0652 1528 Page size: 0x1000
12:31:20.0652 1528 Boot type: Normal boot
12:31:20.0652 1528 ============================================================
12:31:21.0556 1528 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:31:21.0556 1528 \Device\Harddisk0\DR0:
12:31:21.0556 1528 MBR used
12:31:21.0556 1528 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
12:31:21.0556 1528 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x48BF9800
12:31:21.0556 1528 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x48C5D800, BlocksNum 0x1BC6800
12:31:21.0556 1528 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x4A824000, BlocksNum 0x33AB0
12:31:21.0681 1528 Initialize success
12:31:21.0681 1528 ============================================================
12:31:36.0564 4060 Deinitialize success

#10 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,424 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 04 March 2012 - 11:48 AM

Very good! :)

Please locate and manually delete the following folder:
c:\users\Sarah Sizzle\AppData\Roaming\AVG2012

Next:

  • Launch Malwarebytes' Anti-Malware
  • Go to Update" tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#11 Sizzle2686

Sizzle2686

    New Member

  • Members
  • Pip
  • 7 posts

Posted 04 March 2012 - 11:57 AM

This time no items were detected! Does this mean the issue was with AVG and I shouldn't consider re-installing it?

THANK YOU so much for all of your help.

---

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
Database version: v2012.03.04.03
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Sarah Sizzle :: SARAHSIZZLE-HP [administrator]
3/4/2012 11:52:34 AM
mbam-log-2012-03-04 (11-52-34).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 191040
Time elapsed: 3 minute(s), 2 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

#12 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,424 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 04 March 2012 - 02:35 PM

Does this mean the issue was with AVG and I shouldn't consider re-installing it?


Theoretically, the work of two antivirals together may also cause system instability, is also a danger of conflict between them, as a result of which it is possible to misses infection.

How are things running now?
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#13 Sizzle2686

Sizzle2686

    New Member

  • Members
  • Pip
  • 7 posts

Posted 06 March 2012 - 04:40 PM

Ok, I understand. I was away yesterday but today I've been using it and the system seems to be running like it used to.

Thank you VERY much for your help. I'm glad everything could be fixed and I understand the issue with AVG now.

#14 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,424 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 06 March 2012 - 04:49 PM

Glad I could help! :)

Please uninstall ComboFix:
www.bleepingcomputer.com/combofix/how-to-use-combofix#uninstall

Next, manually delete TDSSKiller and DDS.

Here some malware preventions:
http://forums.malwar...=0


Safe surfing! :)
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#15 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,551 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 08 March 2012 - 08:33 PM

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users