FBoT

ESET unable to remove Win32/Olmarik.TDL4

22 posts in this topic

Hello!

I have very recently been infected by Win32/Olmarik.TDL4 trojan.

My AV software (ESET Smart Security 5) has detected it but is unable to remove it for some reason...

SS5-error.jpg

Remedies i've tried so far:

- TDSSKiller (didn't even detect TDL4)

- Various malware scanners inc. SuperAntiSpyware and MalwareBytes

- EOlmarikTdl4Cleaner.exe

...all to no avail.

Thanks very much in anticipation of your much needed help.

Regards,

FBoT

DDS.txt

Attach.zip

Ah, it seems C&P of the logs is the done thing. Apologies...

DDS.txt:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24

Run by Admin at 18:32:51 on 2011-12-02

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3959.2244 [GMT 0:00]

.

AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\ESET\ESET Smart Security\x86\ekrn.exe

C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe

C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe

C:\Program Files (x86)\ESET\ESET Smart Security\egui.exe

C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe

C:\Program Files (x86)\EXPERTool\EXPERTool\TBPANEL.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\IDM\idman.exe

C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe

C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

C:\Program Files (x86)\Citrix\ICA Client\concentr.exe

C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe

C:\Program Files (x86)\IDM\IEMonitor.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\explorer.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\REGSVR32.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = https://outlook.leeds.ac.uk/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2foutlook.leeds.ac.uk%2fowa%2f

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=userinit.exe,

BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - C:\Program Files (x86)\IDM\IDMIECC.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

uRun: [GAINWARD] C:\Program Files (x86)\EXPERTool\EXPERTool\TBPanel.exe /A

uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

uRun: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [Google Update] "C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [iDMan] C:\Program Files (x86)\IDM\idman.exe /onboot

mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup

mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin

StartupFolder: C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: Download all links with IDM - C:\Program Files (x86)\IDM\IEGetAll.htm

IE: Download with IDM - C:\Program Files (x86)\IDM\IEExt.htm

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{3B3D4C4B-0CB2-4ADE-ADA2-E38153F20C85} : DhcpNameServer = 192.168.1.254

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

BHO-X64: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\IDM\IDMIECC.dll

BHO-X64: IDM Helper - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

mRun-x64: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup

mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s8q0czql.default\

FF - component: C:\Users\Admin\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll

FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll

FF - plugin: C:\Users\Admin\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Users\Admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s8q0czql.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 epfwwfp;epfwwfp;C:\Windows\system32\DRIVERS\epfwwfp.sys --> C:\Windows\system32\DRIVERS\epfwwfp.sys [?]

R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\system32\DRIVERS\ctxusbm.sys --> C:\Windows\system32\DRIVERS\ctxusbm.sys [?]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\system32\DRIVERS\EpfwLWF.sys --> C:\Windows\system32\DRIVERS\EpfwLWF.sys [?]

R1 SASDIFSV;SASDIFSV;C:\Users\Admin\AppData\Local\Temp\SAS_SelfExtract\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Users\Admin\AppData\Local\Temp\SAS_SelfExtract\saskutil64.sys [2011-7-12 12368]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]

R2 ekrn;ESET Service;C:\Program Files (x86)\ESET\ESET Smart Security\x86\ekrn.exe [2011-9-22 974944]

R2 IDMWFP;IDMWFP;C:\Windows\system32\DRIVERS\idmwfp.sys --> C:\Windows\system32\DRIVERS\idmwfp.sys [?]

R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-7-6 375176]

R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2011-1-11 15928]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-6-26 2253120]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-22 2314240]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]

R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

.

=============== Created Last 30 ================

.

2011-12-02 17:32:13 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{71F89B0C-1C07-4571-A903-69299F55AF18}\offreg.dll

2011-12-02 01:46:23 -------- d-----w- C:\Program Files (x86)\ESET

2011-12-02 00:15:07 -------- d-----w- C:\Users\Admin\AppData\Roaming\ESET

2011-12-02 00:15:07 -------- d-----w- C:\Users\Admin\AppData\Local\ESET

2011-12-02 00:01:28 -------- d-----w- C:\Program Files (x86)\TNod User & Password Finder

2011-12-01 23:49:22 -------- d-----w- C:\ProgramData\Kaspersky Lab

2011-12-01 23:04:24 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{71F89B0C-1C07-4571-A903-69299F55AF18}\mpengine.dll

2011-12-01 19:05:45 -------- d-----w- C:\Users\Admin\AppData\Roaming\SUPERAntiSpyware.com

2011-12-01 19:05:45 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2011-12-01 18:30:24 -------- d-----w- C:\Users\Admin\AppData\Roaming\Malwarebytes

2011-12-01 18:30:16 -------- d-----w- C:\ProgramData\Malwarebytes

2011-12-01 18:30:12 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-12-01 18:19:56 -------- d-----w- C:\Users\Admin\AppData\Local\{80A33584-3E92-4E4B-8CEF-BE13E4C9815C}

2011-12-01 18:19:41 -------- d-----w- C:\Users\Admin\AppData\Local\{4590B032-ACC9-496E-8EF6-FE48F3CCFF4C}

2011-12-01 18:17:56 -------- d-----w- C:\Users\Admin\AppData\Local\{ED66A165-FB0A-4BFC-A508-5F50EA704CD1}

2011-12-01 18:17:43 -------- d-----w- C:\Users\Admin\AppData\Local\{C75A7F20-7C0E-491B-8DE2-BAFB91226971}

2011-12-01 01:08:17 -------- d-----w- C:\Users\Admin\AppData\Local\{A7F42FD9-DC99-41A7-B14E-1927624982C2}

2011-12-01 01:08:04 -------- d-----w- C:\Users\Admin\AppData\Local\{2FDA8460-F90B-4AD0-B5C4-790104087F00}

2011-11-30 08:34:58 -------- d-----w- C:\Users\Admin\AppData\Local\{B82C658F-684C-452E-8B60-8D6DA0E2BD1E}

2011-11-30 08:34:48 -------- d-----w- C:\Users\Admin\AppData\Local\{529B51C0-27DB-4AAB-BF01-967FD2B8EE97}

2011-11-29 17:13:56 -------- d-----w- C:\Users\Admin\AppData\Local\{06FCBABB-D7B6-4495-93D4-07A10F78A76E}

2011-11-29 17:13:46 -------- d-----w- C:\Users\Admin\AppData\Local\{04392381-72AE-4DCD-B68F-2436C5230F00}

2011-11-28 17:02:45 -------- d-----w- C:\Users\Admin\AppData\Local\{91B965A3-6DDF-4357-994C-936F12C322D5}

2011-11-28 17:02:35 -------- d-----w- C:\Users\Admin\AppData\Local\{04F33627-3500-48EF-AF84-1D4DEE524552}

2011-11-28 01:53:48 -------- d-----w- C:\Users\Admin\AppData\Local\{A36C67F8-A0C7-44E2-BE23-9CD6B0213A8A}

2011-11-27 13:53:26 -------- d-----w- C:\Users\Admin\AppData\Local\{83B267DD-4BB7-4F1C-AB2A-C4F27ABF9922}

2011-11-27 13:53:14 -------- d-----w- C:\Users\Admin\AppData\Local\{A0698E14-A461-42BD-9A54-24833411E5C7}

2011-11-24 08:52:07 -------- d-----w- C:\Users\Admin\AppData\Local\{3752D7CF-6604-4A35-8104-C472CCB795F6}

2011-11-24 08:51:57 -------- d-----w- C:\Users\Admin\AppData\Local\{D8F99282-AF7C-4A8A-AE9E-F34F048638BA}

2011-11-23 20:51:33 -------- d-----w- C:\Users\Admin\AppData\Local\{5733A627-8871-4384-B28E-C2BAFE3F1AE7}

2011-11-23 20:51:23 -------- d-----w- C:\Users\Admin\AppData\Local\{0E7BCC40-E5E3-4192-917E-A01E8A562ABB}

2011-11-22 20:18:15 -------- d-----w- C:\Users\Admin\AppData\Local\{0845DFA9-F00F-4EA5-81F6-94D9767F5829}

2011-11-22 20:18:05 -------- d-----w- C:\Users\Admin\AppData\Local\{DDA144E6-663F-4057-9760-07D08C95FA2E}

2011-11-22 07:40:46 -------- d-----w- C:\Users\Admin\AppData\Local\{9EEEFD57-69CE-4D6A-AD0C-D6C6DC478F73}

2011-11-22 07:40:36 -------- d-----w- C:\Users\Admin\AppData\Local\{E713D221-D2FF-472F-8F49-2F09A0C459E7}

2011-11-21 08:45:33 -------- d-----w- C:\Users\Admin\AppData\Local\{B0141C86-5A19-4D3C-9CE5-E5B1808504BD}

2011-11-21 08:45:22 -------- d-----w- C:\Users\Admin\AppData\Local\{5BDACED7-1FB3-4B0D-96D0-14ED9D1E7066}

2011-11-20 10:11:20 -------- d-----w- C:\Users\Admin\AppData\Local\{6D947101-0B77-4245-AECF-B769B8523690}

2011-11-20 10:11:10 -------- d-----w- C:\Users\Admin\AppData\Local\{FB03BEA9-4E70-4833-A2E7-C410BB60452C}

2011-11-18 08:27:40 -------- d-----w- C:\Users\Admin\AppData\Local\{A38B251C-E94D-4B23-97DD-696FA118BFA8}

2011-11-18 08:27:29 -------- d-----w- C:\Users\Admin\AppData\Local\{AF545D53-C4FF-4612-B5AF-F7F3F6FE9953}

2011-11-17 18:37:49 -------- d-----w- C:\Users\Admin\AppData\Local\{765E5B3F-9FBC-4BA2-9D1D-7C482C8A15CF}

2011-11-17 18:37:38 -------- d-----w- C:\Users\Admin\AppData\Local\{7968F557-0CB4-4C70-9115-70C606744F3A}

2011-11-16 08:02:14 -------- d-----w- C:\Users\Admin\AppData\Local\{108CBE22-F5AA-4549-868C-9E163DF8A94A}

2011-11-16 08:02:03 -------- d-----w- C:\Users\Admin\AppData\Local\{556B9934-3320-43A7-BB65-2B3AE0B78814}

2011-11-15 19:58:09 -------- d-----w- C:\Users\Admin\AppData\Local\{8DA525FF-07B8-4022-9ABD-6F709FA15870}

2011-11-15 19:57:59 -------- d-----w- C:\Users\Admin\AppData\Local\{B3A847B5-439E-4B51-81C3-514B82574B81}

2011-11-15 07:57:36 -------- d-----w- C:\Users\Admin\AppData\Local\{DE3534F1-42E7-4152-9981-6A53D5EB7EF4}

2011-11-15 07:57:25 -------- d-----w- C:\Users\Admin\AppData\Local\{BFB08354-A14D-42EB-A021-D0499F5E2BD3}

2011-11-14 18:28:09 -------- d-----w- C:\Users\Admin\AppData\Local\{45288C09-59D7-4DAD-86D1-6227FC268553}

2011-11-14 18:27:56 -------- d-----w- C:\Users\Admin\AppData\Local\{34620225-79B9-4EDF-964A-EB70B9514AE0}

2011-11-13 23:46:23 -------- d-----w- C:\Users\Admin\AppData\Local\{17B10425-E42E-4980-A492-35EFD96BC343}

2011-11-13 23:46:13 -------- d-----w- C:\Users\Admin\AppData\Local\{35E55562-3CFE-420D-B30B-968C335973D6}

2011-11-12 10:52:47 -------- d-----w- C:\Users\Admin\AppData\Local\{7D0BA985-D5A2-4098-B9E3-15575B6D77C3}

2011-11-12 10:52:36 -------- d-----w- C:\Users\Admin\AppData\Local\{DC174F83-4BD8-4CC5-ACD0-5BAB2E9DD4F6}

2011-11-11 17:36:41 -------- d-----w- C:\Users\Admin\AppData\Local\{59248A2C-E3DA-4EB2-91E2-34DFC5C797C3}

2011-11-11 17:36:31 -------- d-----w- C:\Users\Admin\AppData\Local\{9A1EC609-0569-40E7-AE9A-8B8E9E732F74}

2011-11-11 00:14:59 81768 ----a-w- C:\Windows\SysWow64\xinput1_3.dll

2011-11-10 08:34:19 -------- d-----w- C:\Users\Admin\AppData\Local\{DDAA00AF-C8B0-4D24-840F-0C1282C35E7F}

2011-11-10 08:34:09 -------- d-----w- C:\Users\Admin\AppData\Local\{170EBD28-AE5F-4AA2-A149-CDAAC0451062}

2011-11-09 19:58:02 -------- d-----w- C:\Users\Admin\AppData\Local\{12EB4FC0-7B38-43F9-9BD6-BEAB07FBB015}

2011-11-09 19:57:51 -------- d-----w- C:\Users\Admin\AppData\Local\{E55C2563-351A-480F-8A83-6C542A4605FC}

2011-11-09 07:57:27 -------- d-----w- C:\Users\Admin\AppData\Local\{46277018-457B-4FC2-8A6E-E478BFDC5B49}

2011-11-09 07:57:17 -------- d-----w- C:\Users\Admin\AppData\Local\{BDCA8DFA-6A9B-4621-B311-B60AE58C9AD8}

2011-11-08 18:20:00 -------- d-----w- C:\Users\Admin\AppData\Local\{DC427B37-1A4E-454C-A21F-B3A2F3D69DE8}

2011-11-08 18:19:49 -------- d-----w- C:\Users\Admin\AppData\Local\{F8376B6D-B3C1-4A88-87BC-D3B76B7AEB75}

2011-11-06 15:39:03 -------- d-----w- C:\Users\Admin\AppData\Local\{D9C719C2-18F0-495B-90DF-55D862E5A070}

2011-11-06 15:38:51 -------- d-----w- C:\Users\Admin\AppData\Local\{FF89A0E8-9CB1-44CE-AEDC-029B437AABF9}

2011-11-05 16:50:02 -------- d-----w- C:\Users\Admin\AppData\Local\{0593A8E1-992F-49F0-9828-ECD820D74D4C}

2011-11-05 16:49:51 -------- d-----w- C:\Users\Admin\AppData\Local\{4C88134B-158F-4CAB-A92B-C893B6AD6ED7}

2011-11-04 08:53:12 -------- d-----w- C:\Users\Admin\AppData\Local\{07F5BA98-F52B-4A71-BE6B-BE3201F72B90}

2011-11-04 08:53:01 -------- d-----w- C:\Users\Admin\AppData\Local\{7AB8789F-E7F2-45F8-98E5-543E7ADFF9EB}

2011-11-03 19:49:27 -------- d-----w- C:\Users\Admin\AppData\Local\{3B263BB8-9E46-41F8-88AB-1B2CE18DE920}

2011-11-03 19:49:17 -------- d-----w- C:\Users\Admin\AppData\Local\{B7671940-7826-4649-9CDE-7D149D8CCFE9}

2011-11-03 07:48:53 -------- d-----w- C:\Users\Admin\AppData\Local\{5DE2DF7E-B665-4255-BC2B-BBDBE0D42F24}

2011-11-03 07:48:43 -------- d-----w- C:\Users\Admin\AppData\Local\{415B3EF3-8764-4F68-856F-B4DBF0F86F5B}

.

==================== Find3M ====================

.

2011-10-15 00:54:52 321856 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

2011-10-07 17:11:25 87456 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll

2011-10-07 17:11:24 80768 ----a-w- C:\Windows\System32\LMIinit.dll

2011-10-07 17:11:24 34688 ----a-w- C:\Windows\System32\LMIport.dll

2011-10-02 17:54:28 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2011-10-02 17:54:28 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2011-10-02 17:52:22 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2011-09-29 18:32:01 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe

.

============= FINISH: 18:40:15.76 ===============

Attach.txt

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 22/12/2010 15:51:54

System Uptime: 02/12/2011 17:29:33 (1 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | P7H55-M/USB3

Processor: Intel® Core i3 CPU 540 @ 3.07GHz | LGA1156 | 4186/182mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 466 GiB total, 243.901 GiB free.

D: is CDROM ()

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: SASDIFSV

Device ID: ROOT\LEGACY_SASDIFSV\0000

Manufacturer:

Name: SASDIFSV

PNP Device ID: ROOT\LEGACY_SASDIFSV\0000

Service: SASDIFSV

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: SASKUTIL

Device ID: ROOT\LEGACY_SASKUTIL\0000

Manufacturer:

Name: SASKUTIL

PNP Device ID: ROOT\LEGACY_SASKUTIL\0000

Service: SASKUTIL

.

==== System Restore Points ===================

.

RP121: 26/11/2011 01:45:30 - Scheduled Checkpoint

RP122: 02/12/2011 00:10:55 - Installed ESET Smart Security

RP123: 02/12/2011 00:38:25 - Installed ESET NOD32 Antivirus

RP124: 02/12/2011 01:43:47 - Installed ESET Smart Security

.

==== Installed Programs ======================

.

3DMark06

AC3Filter 1.63b

Adobe AIR

Adobe Community Help

Adobe Dreamweaver CS5.5

Adobe Flash Player 10 Plugin

Adobe Reader X (10.1.1)

Adobe Widget Browser

ANNO 1404

Apache HTTP Server 2.2.20

Apple Application Support

Apple Software Update

Battlefield Play4Free

Battlelog Web Plugins

BlackBerry Desktop Software 6.1

Braid

Call of Duty® 4 - Modern Warfare 1.6 Patch

Call of Duty® 4 - Modern Warfare 1.7 Patch

Cities XL 2011

Citrix online plug-in - web

Citrix online plug-in (DV)

Citrix online plug-in (HDX)

Citrix online plug-in (USB)

Citrix online plug-in (Web)

Company of Heroes

D3DX10

DAEMON Tools Pro

Deus Ex: Game of the Year Edition

Deus Ex: Human Revolution

ESN Sonar

EXPERTool 7.20

ffdshow v1.1.3800 [2011-03-28]

Football Manager 2011

Fraps

Futuremark SystemInfo

FXAA Post Process Injector

GIMP 2.6.11

Google Chrome

Haali Media Splitter

Half-Life 2: Episode Two

Intel® Management Engine Components

Internet Download Manager

IsoBuster 2.8

Java Auto Updater

Java 6 Update 22

Java 6 Update 24

LogMeIn

Malwarebytes' Anti-Malware version 1.51.2.1300

MediaMonkey 3.2

Metro 2033

Metro 2033 Update 2

Microsoft Games for Windows - LIVE

Microsoft Games for Windows - LIVE Redistributable

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft XNA Framework Redistributable 3.1

Microsoft_VC80_CRT_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFCLOC_x86

Mozilla Firefox 7.0.1 (x86 en-US)

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NEC Electronics USB 3.0 Host Controller Driver

neroxml

Notepad++

NVIDIA 3D Vision Controller Driver

NVIDIA PhysX

NVIDIA Stereoscopic 3D Driver

OnLive

OpenAL

OpenOffice.org 3.3

Operation Flashpoint ®: Red River

PHP 5.2.17

PunkBuster Services

QuickTime

Realtek Ethernet Controller Driver For Windows 7

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Sid Meier's Civilization IV

Sid Meier's Civilization IV: Beyond the Sword

SopCast 3.2.9

Spotify

SQLyog Trial 9.20

Steam

System Requirements Lab

System Requirements Lab CYRI

System Shock 2 - Warsong Edition

Team Fortress 2

The Elder Scrolls V: Skyrim

The Longest Journey

The Witcher 2

Ubisoft Game Launcher

Unity Web Player

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

VCRedistSetup

VLC media player 1.1.11

Vuze

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Messenger

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

.

==== Event Viewer Messages From Past Week ========

.

02/12/2011 18:11:53, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume .

02/12/2011 17:33:42, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} as /. The error: "5" Happened while starting this command: C:\Windows\System32\slui.exe -Embedding

02/12/2011 17:29:57, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL

02/12/2011 02:05:57, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

02/12/2011 01:30:29, Error: Microsoft-Windows-WMPNSS-Service [14365] - Proximity detection failed due to unknown error '0x80004004'. The best proximity time detected was -1 milliseconds.

02/12/2011 01:01:24, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.

01/12/2011 21:56:29, Error: Microsoft-Windows-WMPNSS-Service [14346] - A new media server was not initialized because RegisterRunningDevice() encountered error '0x80070005'. Restart your computer, and then restart the WMPNetworkSvc service.

01/12/2011 01:12:33, Error: Microsoft-Windows-Directory-Services-SAM [12291] - SAM failed to start the TCP/IP or SPX/IPX listening thread

01/12/2011 01:12:30, Error: Service Control Manager [7038] - The PolicyAgent service was unable to log on as NT Authority\NetworkService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

01/12/2011 01:12:30, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The service did not start due to a logon failure.

01/12/2011 01:12:29, Error: Service Control Manager [7038] - The WinHttpAutoProxySvc service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

01/12/2011 01:12:29, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The service did not start due to a logon failure.

01/12/2011 00:56:38, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

01/12/2011 00:56:27, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

01/12/2011 00:56:27, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

01/12/2011 00:56:27, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

01/12/2011 00:56:27, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

01/12/2011 00:56:25, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

01/12/2011 00:56:20, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

01/12/2011 00:56:09, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD ctxusbm DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr sptd tdx Wanarpv6 WfpLwf

01/12/2011 00:56:09, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

01/12/2011 00:56:09, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

01/12/2011 00:56:09, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

01/12/2011 00:56:09, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

01/12/2011 00:56:09, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

01/12/2011 00:56:09, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

01/12/2011 00:56:09, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

01/12/2011 00:56:09, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

01/12/2011 00:56:09, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

01/12/2011 00:56:09, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

01/12/2011 00:55:46, Error: sptd [4] - Driver detected an internal error in its data structures for .

.

==== End Of File ===========================

Share this post


Link to post
Share on other sites

Hello FBoT and welcome to Malwarebytes! :welcome:

I apologize for the delay.

I am D-FRED-BROWN and I will be helping you. :)

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

-------------

First,

I see you have Daemon Tools installed. This program can and will interfere with some of the fixes I ask you to peform. DeFogger will temporarily disable these emulation drivers.

Please download DeFogger to your Desktop.

Double click DeFogger to run the tool.

  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your Desktop.
Do not re-enable these drivers until otherwise instructed.
-------------
Let's try TDSSKiller one more time- it is updated on a pretty consistent basis:
Please download to your Desktop:
  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue tdsskiller2.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue tdsskiller3.png
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):

  • TDSSKiller_log.txt
how the PC is running now?
-------------
Please print out these instructions or copy them to a Notepad file for an easier reading and download MBRCheck by a_d_13 to your Desktop from one of these locations:
http://ad13.geekstogo.com/MBRCheck.exe
http://download.bleepingcomputer.com/rootrepeal/MBRCheck.exe
http://www.kernelmode.info/MBRCheck.exe
Close all opened programs/ windows and double-click on MBRCheck.exe.
It will produce a log file saved automatically on your Desktop as "MBRCheck_[Date]_[Time].txt".
Press the "Enter" key to close the MBRCheck window and post the contents of the log file.
-------------
Please do the following:
  • Please download aswMBR.exe from here and save it to your Desktop.
  • Double click aswMBR.exe to start the tool. (Vista - Win 7 Rt click to run as Administrator)
  • Click Scan
  • Upon completion of the scan, click Save log and save it to your Desktop, and post that log in your next reply. Do NOT attempt any Fix at this time!
  • This will also create a file on your Desktop named MBR.dat. Right click that file and select Send To->Compressed (zipped) folder. Attach that zipped folder in your next reply as well.

NOTE: The Avast! scan is not necessary ;).

-------------

Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.

Also, please let me know if any problems still remain.

-------------

Please download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-------------

In your next reply, please include:

  • TDSSKiller report
  • MBRCheck report
  • aswMBR log & MBR.dat zip file
  • C:\ComboFix.txt
  • checkup.txt

How is your computer running now?

Share this post


Link to post
Share on other sites

Hi D-Fred-Brown

Thanks for helping me with this.

1. Defrogger ran successfully.

2. TDSSkiller again didn't detect anything, here's the log:

17:42:38.0075 1612 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44

17:42:40.0076 1612 ============================================================

17:42:40.0076 1612 Current date / time: 2011/12/05 17:42:40.0076

17:42:40.0076 1612 SystemInfo:

17:42:40.0076 1612

17:42:40.0076 1612 OS Version: 6.1.7600 ServicePack: 0.0

17:42:40.0076 1612 Product type: Workstation

17:42:40.0076 1612 ComputerName: ADMIN-PC

17:42:40.0076 1612 UserName: Admin

17:42:40.0076 1612 Windows directory: C:\Windows

17:42:40.0076 1612 System windows directory: C:\Windows

17:42:40.0076 1612 Running under WOW64

17:42:40.0076 1612 Processor architecture: Intel x64

17:42:40.0076 1612 Number of processors: 4

17:42:40.0076 1612 Page size: 0x1000

17:42:40.0076 1612 Boot type: Normal boot

17:42:40.0076 1612 ============================================================

17:42:41.0628 1612 Initialize success

17:42:43.0452 1328 ============================================================

17:42:43.0452 1328 Scan started

17:42:43.0452 1328 Mode: Manual;

17:42:43.0452 1328 ============================================================

17:42:44.0878 1328 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys

17:42:44.0888 1328 1394ohci - ok

17:42:44.0914 1328 78416385 - ok

17:42:44.0936 1328 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys

17:42:44.0939 1328 ACPI - ok

17:42:44.0946 1328 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys

17:42:44.0961 1328 AcpiPmi - ok

17:42:45.0067 1328 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

17:42:45.0101 1328 adp94xx - ok

17:42:45.0123 1328 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

17:42:45.0157 1328 adpahci - ok

17:42:45.0171 1328 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

17:42:45.0175 1328 adpu320 - ok

17:42:45.0213 1328 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys

17:42:45.0217 1328 AFD - ok

17:42:45.0223 1328 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys

17:42:45.0244 1328 agp440 - ok

17:42:45.0313 1328 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys

17:42:45.0321 1328 aliide - ok

17:42:45.0382 1328 ALSysIO - ok

17:42:45.0389 1328 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys

17:42:45.0399 1328 amdide - ok

17:42:45.0436 1328 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

17:42:45.0445 1328 AmdK8 - ok

17:42:45.0480 1328 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

17:42:45.0489 1328 AmdPPM - ok

17:42:45.0531 1328 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys

17:42:45.0541 1328 amdsata - ok

17:42:45.0566 1328 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

17:42:45.0577 1328 amdsbs - ok

17:42:45.0591 1328 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys

17:42:45.0592 1328 amdxata - ok

17:42:45.0626 1328 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys

17:42:45.0642 1328 AppID - ok

17:42:45.0677 1328 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

17:42:45.0686 1328 arc - ok

17:42:45.0702 1328 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

17:42:45.0705 1328 arcsas - ok

17:42:45.0726 1328 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

17:42:45.0735 1328 AsyncMac - ok

17:42:45.0748 1328 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys

17:42:45.0749 1328 atapi - ok

17:42:45.0787 1328 atksgt (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys

17:42:45.0796 1328 atksgt - ok

17:42:45.0862 1328 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

17:42:45.0882 1328 b06bdrv - ok

17:42:45.0907 1328 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

17:42:45.0918 1328 b57nd60a - ok

17:42:45.0939 1328 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

17:42:45.0940 1328 Beep - ok

17:42:45.0973 1328 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

17:42:45.0983 1328 blbdrive - ok

17:42:46.0030 1328 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys

17:42:46.0046 1328 bowser - ok

17:42:46.0076 1328 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

17:42:46.0078 1328 BrFiltLo - ok

17:42:46.0090 1328 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

17:42:46.0092 1328 BrFiltUp - ok

17:42:46.0109 1328 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

17:42:46.0120 1328 Brserid - ok

17:42:46.0136 1328 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

17:42:46.0146 1328 BrSerWdm - ok

17:42:46.0162 1328 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

17:42:46.0171 1328 BrUsbMdm - ok

17:42:46.0183 1328 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

17:42:46.0185 1328 BrUsbSer - ok

17:42:46.0206 1328 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

17:42:46.0215 1328 BTHMODEM - ok

17:42:46.0289 1328 Cardex (2bd001601496ae87f7cb86f1fcd6f1ec) C:\Windows\SysWOW64\drivers\TBPANELX64.SYS

17:42:46.0289 1328 Cardex - ok

17:42:46.0301 1328 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

17:42:46.0303 1328 cdfs - ok

17:42:46.0336 1328 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys

17:42:46.0338 1328 cdrom - ok

17:42:46.0369 1328 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

17:42:46.0371 1328 circlass - ok

17:42:46.0403 1328 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

17:42:46.0406 1328 CLFS - ok

17:42:46.0449 1328 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

17:42:46.0458 1328 CmBatt - ok

17:42:46.0468 1328 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys

17:42:46.0477 1328 cmdide - ok

17:42:46.0494 1328 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys

17:42:46.0506 1328 CNG - ok

17:42:46.0522 1328 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

17:42:46.0532 1328 Compbatt - ok

17:42:46.0550 1328 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys

17:42:46.0552 1328 CompositeBus - ok

17:42:46.0589 1328 cpuz130 - ok

17:42:46.0607 1328 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

17:42:46.0609 1328 crcdisk - ok

17:42:46.0735 1328 ctxusbm (ba8e5b2291c01ef71ca80e25f0c79d55) C:\Windows\system32\DRIVERS\ctxusbm.sys

17:42:46.0750 1328 ctxusbm - ok

17:42:46.0773 1328 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys

17:42:46.0776 1328 DfsC - ok

17:42:46.0784 1328 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

17:42:46.0785 1328 discache - ok

17:42:46.0816 1328 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

17:42:46.0826 1328 Disk - ok

17:42:46.0864 1328 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

17:42:46.0873 1328 drmkaud - ok

17:42:46.0923 1328 dtsoftbus01 (1cecd1252261153c7873b5d9eb259d65) C:\Windows\system32\DRIVERS\dtsoftbus01.sys

17:42:46.0924 1328 dtsoftbus01 - ok

17:42:46.0959 1328 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys

17:42:46.0963 1328 DXGKrnl - ok

17:42:46.0994 1328 eamonm (13533557d01b88c83110d5cf749f14d7) C:\Windows\system32\DRIVERS\eamonm.sys

17:42:47.0316 1328 eamonm - ok

17:42:47.0376 1328 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

17:42:47.0432 1328 ebdrv - ok

17:42:47.0463 1328 ehdrv (e097728129e7b79bf1089d7aef42332b) C:\Windows\system32\DRIVERS\ehdrv.sys

17:42:47.0464 1328 ehdrv - ok

17:42:47.0515 1328 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

17:42:47.0520 1328 elxstor - ok

17:42:47.0552 1328 epfw (198c6fbc30bbd9632ea051203dccf204) C:\Windows\system32\DRIVERS\epfw.sys

17:42:47.0568 1328 epfw - ok

17:42:47.0599 1328 EpfwLWF (56de463f517710a8aa44eef82c35b3c9) C:\Windows\system32\DRIVERS\EpfwLWF.sys

17:42:47.0615 1328 EpfwLWF - ok

17:42:47.0634 1328 epfwwfp (710b0442bb2f99278d7b8e02a8849c11) C:\Windows\system32\DRIVERS\epfwwfp.sys

17:42:47.0643 1328 epfwwfp - ok

17:42:47.0676 1328 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys

17:42:47.0685 1328 ErrDev - ok

17:42:47.0716 1328 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

17:42:47.0733 1328 exfat - ok

17:42:47.0748 1328 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

17:42:47.0765 1328 fastfat - ok

17:42:47.0782 1328 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

17:42:47.0798 1328 fdc - ok

17:42:47.0817 1328 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

17:42:47.0826 1328 FileInfo - ok

17:42:47.0836 1328 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

17:42:47.0848 1328 Filetrace - ok

17:42:47.0864 1328 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

17:42:47.0865 1328 flpydisk - ok

17:42:47.0886 1328 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys

17:42:47.0900 1328 FltMgr - ok

17:42:47.0917 1328 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

17:42:47.0926 1328 FsDepends - ok

17:42:47.0938 1328 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

17:42:47.0946 1328 Fs_Rec - ok

17:42:47.0976 1328 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys

17:42:47.0978 1328 fvevol - ok

17:42:48.0006 1328 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

17:42:48.0030 1328 gagp30kx - ok

17:42:48.0072 1328 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

17:42:48.0073 1328 GEARAspiWDM - ok

17:42:48.0085 1328 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

17:42:48.0086 1328 hcw85cir - ok

17:42:48.0124 1328 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys

17:42:48.0127 1328 HdAudAddService - ok

17:42:48.0138 1328 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys

17:42:48.0139 1328 HDAudBus - ok

17:42:48.0168 1328 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys

17:42:48.0169 1328 HECIx64 - ok

17:42:48.0179 1328 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

17:42:48.0195 1328 HidBatt - ok

17:42:48.0208 1328 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

17:42:48.0218 1328 HidBth - ok

17:42:48.0236 1328 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

17:42:48.0253 1328 HidIr - ok

17:42:48.0293 1328 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys

17:42:48.0302 1328 HidUsb - ok

17:42:48.0328 1328 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys

17:42:48.0337 1328 HpSAMD - ok

17:42:48.0360 1328 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys

17:42:48.0365 1328 HTTP - ok

17:42:48.0377 1328 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys

17:42:48.0377 1328 hwpolicy - ok

17:42:48.0404 1328 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

17:42:48.0414 1328 i8042prt - ok

17:42:48.0434 1328 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys

17:42:48.0446 1328 iaStorV - ok

17:42:48.0502 1328 IDMWFP (71359fc89451bf54fa06f049d3a87adf) C:\Windows\system32\DRIVERS\idmwfp.sys

17:42:48.0511 1328 IDMWFP - ok

17:42:48.0536 1328 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

17:42:48.0538 1328 iirsp - ok

17:42:48.0558 1328 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys

17:42:48.0559 1328 intelide - ok

17:42:48.0582 1328 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

17:42:48.0583 1328 intelppm - ok

17:42:48.0597 1328 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys

17:42:48.0599 1328 IpFilterDriver - ok

17:42:48.0615 1328 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys

17:42:48.0621 1328 IPMIDRV - ok

17:42:48.0652 1328 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

17:42:48.0663 1328 IPNAT - ok

17:42:48.0681 1328 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

17:42:48.0682 1328 IRENUM - ok

17:42:48.0697 1328 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys

17:42:48.0706 1328 isapnp - ok

17:42:48.0726 1328 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys

17:42:48.0736 1328 iScsiPrt - ok

17:42:48.0758 1328 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

17:42:48.0759 1328 kbdclass - ok

17:42:48.0781 1328 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys

17:42:48.0782 1328 kbdhid - ok

17:42:48.0796 1328 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys

17:42:48.0798 1328 KSecDD - ok

17:42:48.0819 1328 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys

17:42:48.0821 1328 KSecPkg - ok

17:42:48.0837 1328 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

17:42:48.0846 1328 ksthunk - ok

17:42:48.0908 1328 lirsgt (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys

17:42:48.0924 1328 lirsgt - ok

17:42:48.0958 1328 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

17:42:48.0967 1328 lltdio - ok

17:42:49.0052 1328 LMIInfo (0317335b15ff3bda8e10197e3434cfc0) C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys

17:42:49.0060 1328 LMIInfo - ok

17:42:49.0114 1328 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys

17:42:49.0127 1328 lmimirr - ok

17:42:49.0142 1328 LMIRfsClientNP - ok

17:42:49.0160 1328 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys

17:42:49.0161 1328 LMIRfsDriver - ok

17:42:49.0209 1328 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

17:42:49.0219 1328 LSI_FC - ok

17:42:49.0235 1328 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

17:42:49.0258 1328 LSI_SAS - ok

17:42:49.0273 1328 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

17:42:49.0283 1328 LSI_SAS2 - ok

17:42:49.0300 1328 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

17:42:49.0310 1328 LSI_SCSI - ok

17:42:49.0335 1328 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

17:42:49.0338 1328 luafv - ok

17:42:49.0382 1328 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys

17:42:49.0393 1328 mcdbus - ok

17:42:49.0411 1328 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

17:42:49.0427 1328 megasas - ok

17:42:49.0442 1328 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

17:42:49.0454 1328 MegaSR - ok

17:42:49.0471 1328 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

17:42:49.0472 1328 Modem - ok

17:42:49.0512 1328 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

17:42:49.0512 1328 monitor - ok

17:42:49.0535 1328 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

17:42:49.0536 1328 mouclass - ok

17:42:49.0557 1328 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

17:42:49.0559 1328 mouhid - ok

17:42:49.0575 1328 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys

17:42:49.0576 1328 mountmgr - ok

17:42:49.0592 1328 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys

17:42:49.0595 1328 mpio - ok

17:42:49.0613 1328 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

17:42:49.0623 1328 mpsdrv - ok

17:42:49.0641 1328 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys

17:42:49.0643 1328 MRxDAV - ok

17:42:49.0672 1328 mrxsmb (b7f3d2c40bdf8ffb73ebfb19c77734e2) C:\Windows\system32\DRIVERS\mrxsmb.sys

17:42:49.0682 1328 mrxsmb - ok

17:42:49.0698 1328 mrxsmb10 (86c6f88b5168ce21cf8d69d0b3ff5d19) C:\Windows\system32\DRIVERS\mrxsmb10.sys

17:42:49.0701 1328 mrxsmb10 - ok

17:42:49.0717 1328 mrxsmb20 (b081069251c8e9f42cb8769d07148f9c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

17:42:49.0741 1328 mrxsmb20 - ok

17:42:49.0769 1328 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys

17:42:49.0779 1328 msahci - ok

17:42:49.0793 1328 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys

17:42:49.0802 1328 msdsm - ok

17:42:49.0820 1328 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

17:42:49.0823 1328 Msfs - ok

17:42:49.0851 1328 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

17:42:49.0853 1328 mshidkmdf - ok

17:42:49.0866 1328 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys

17:42:49.0875 1328 msisadrv - ok

17:42:49.0903 1328 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

17:42:49.0904 1328 MSKSSRV - ok

17:42:49.0916 1328 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

17:42:49.0918 1328 MSPCLOCK - ok

17:42:49.0924 1328 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

17:42:49.0932 1328 MSPQM - ok

17:42:49.0950 1328 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys

17:42:49.0954 1328 MsRPC - ok

17:42:49.0977 1328 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

17:42:49.0978 1328 mssmbios - ok

17:42:49.0996 1328 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

17:42:49.0998 1328 MSTEE - ok

17:42:50.0017 1328 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

17:42:50.0019 1328 MTConfig - ok

17:42:50.0047 1328 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys

17:42:50.0056 1328 MTsensor - ok

17:42:50.0078 1328 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

17:42:50.0086 1328 Mup - ok

17:42:50.0127 1328 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

17:42:50.0130 1328 NativeWifiP - ok

17:42:50.0162 1328 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys

17:42:50.0168 1328 NDIS - ok

17:42:50.0188 1328 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

17:42:50.0197 1328 NdisCap - ok

17:42:50.0217 1328 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

17:42:50.0219 1328 NdisTapi - ok

17:42:50.0236 1328 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys

17:42:50.0237 1328 Ndisuio - ok

17:42:50.0250 1328 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys

17:42:50.0259 1328 NdisWan - ok

17:42:50.0274 1328 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys

17:42:50.0284 1328 NDProxy - ok

17:42:50.0310 1328 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

17:42:50.0319 1328 NetBIOS - ok

17:42:50.0333 1328 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys

17:42:50.0335 1328 NetBT - ok

17:42:50.0358 1328 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

17:42:50.0375 1328 nfrd960 - ok

17:42:50.0391 1328 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

17:42:50.0400 1328 Npfs - ok

17:42:50.0421 1328 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

17:42:50.0422 1328 nsiproxy - ok

17:42:50.0451 1328 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys

17:42:50.0489 1328 Ntfs - ok

17:42:50.0507 1328 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

17:42:50.0518 1328 Null - ok

17:42:50.0547 1328 nusb3hub (088cd71003f21f96f01c63955150a1fb) C:\Windows\system32\DRIVERS\nusb3hub.sys

17:42:50.0571 1328 nusb3hub - ok

17:42:50.0599 1328 nusb3xhc (d90a2d44e93daea47aea946d9e87000f) C:\Windows\system32\DRIVERS\nusb3xhc.sys

17:42:50.0602 1328 nusb3xhc - ok

17:42:50.0636 1328 NVHDA (10204955027011e08a9dc27737a48a54) C:\Windows\system32\drivers\nvhda64v.sys

17:42:50.0645 1328 NVHDA - ok

17:42:50.0807 1328 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys

17:42:50.0854 1328 nvlddmkm - ok

17:42:50.0903 1328 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys

17:42:50.0906 1328 nvraid - ok

17:42:50.0920 1328 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys

17:42:50.0930 1328 nvstor - ok

17:42:50.0964 1328 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys

17:42:50.0978 1328 nv_agp - ok

17:42:50.0984 1328 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys

17:42:50.0993 1328 ohci1394 - ok

17:42:51.0012 1328 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

17:42:51.0022 1328 Parport - ok

17:42:51.0032 1328 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys

17:42:51.0041 1328 partmgr - ok

17:42:51.0055 1328 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys

17:42:51.0065 1328 pci - ok

17:42:51.0073 1328 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys

17:42:51.0082 1328 pciide - ok

17:42:51.0112 1328 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

17:42:51.0123 1328 pcmcia - ok

17:42:51.0143 1328 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

17:42:51.0151 1328 pcw - ok

17:42:51.0180 1328 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

17:42:51.0194 1328 PEAUTH - ok

17:42:51.0244 1328 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys

17:42:51.0253 1328 PptpMiniport - ok

17:42:51.0266 1328 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

17:42:51.0275 1328 Processor - ok

17:42:51.0298 1328 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys

17:42:51.0299 1328 Psched - ok

17:42:51.0337 1328 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

17:42:51.0362 1328 ql2300 - ok

17:42:51.0382 1328 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

17:42:51.0385 1328 ql40xx - ok

17:42:51.0402 1328 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

17:42:51.0412 1328 QWAVEdrv - ok

17:42:51.0427 1328 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

17:42:51.0436 1328 RasAcd - ok

17:42:51.0461 1328 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

17:42:51.0462 1328 RasAgileVpn - ok

17:42:51.0476 1328 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys

17:42:51.0486 1328 Rasl2tp - ok

17:42:51.0495 1328 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

17:42:51.0497 1328 RasPppoe - ok

17:42:51.0506 1328 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

17:42:51.0515 1328 RasSstp - ok

17:42:51.0533 1328 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys

17:42:51.0538 1328 rdbss - ok

17:42:51.0552 1328 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

17:42:51.0575 1328 rdpbus - ok

17:42:51.0588 1328 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

17:42:51.0588 1328 RDPCDD - ok

17:42:51.0610 1328 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

17:42:51.0610 1328 RDPENCDD - ok

17:42:51.0621 1328 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

17:42:51.0622 1328 RDPREFMP - ok

17:42:51.0644 1328 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys

17:42:51.0654 1328 RDPWD - ok

17:42:51.0686 1328 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys

17:42:51.0697 1328 rdyboost - ok

17:42:51.0742 1328 RimUsb (71b48ddaf5e9c2b40e64de5c405f5aac) C:\Windows\system32\Drivers\RimUsb_AMD64.sys

17:42:51.0752 1328 RimUsb - ok

17:42:51.0785 1328 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys

17:42:51.0796 1328 RimVSerPort - ok

17:42:51.0808 1328 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys

17:42:51.0809 1328 ROOTMODEM - ok

17:42:51.0844 1328 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

17:42:51.0853 1328 rspndr - ok

17:42:51.0890 1328 RTL8167 (4fbda07ef0a3097ce14c5cabf723b278) C:\Windows\system32\DRIVERS\Rt64win7.sys

17:42:51.0899 1328 RTL8167 - ok

17:42:52.0004 1328 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Users\Admin\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS

17:42:52.0013 1328 SASDIFSV - ok

17:42:52.0037 1328 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Users\Admin\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS

17:42:52.0045 1328 SASKUTIL - ok

17:42:52.0098 1328 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys

17:42:52.0108 1328 sbp2port - ok

17:42:52.0124 1328 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys

17:42:52.0133 1328 scfilter - ok

17:42:52.0155 1328 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

17:42:52.0164 1328 secdrv - ok

17:42:52.0184 1328 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

17:42:52.0193 1328 Serenum - ok

17:42:52.0211 1328 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

17:42:52.0241 1328 Serial - ok

17:42:52.0258 1328 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

17:42:52.0267 1328 sermouse - ok

17:42:52.0287 1328 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys

17:42:52.0302 1328 sffdisk - ok

17:42:52.0308 1328 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys

17:42:52.0317 1328 sffp_mmc - ok

17:42:52.0323 1328 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys

17:42:52.0324 1328 sffp_sd - ok

17:42:52.0347 1328 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

17:42:52.0356 1328 sfloppy - ok

17:42:52.0372 1328 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

17:42:52.0389 1328 SiSRaid2 - ok

17:42:52.0405 1328 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

17:42:52.0415 1328 SiSRaid4 - ok

17:42:52.0439 1328 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

17:42:52.0442 1328 Smb - ok

17:42:52.0465 1328 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

17:42:52.0473 1328 spldr - ok

17:42:52.0528 1328 sptd (34f974f8b3c86de03a30dcbe79091c97) C:\Windows\System32\Drivers\sptd.sys

17:42:52.0564 1328 sptd - ok

17:42:52.0607 1328 srv (148d50904d2a0df29a19778715eb35bb) C:\Windows\system32\DRIVERS\srv.sys

17:42:52.0611 1328 srv - ok

17:42:52.0629 1328 srv2 (ce2189fe31d36678ac9eb7ddee08ec96) C:\Windows\system32\DRIVERS\srv2.sys

17:42:52.0648 1328 srv2 - ok

17:42:52.0680 1328 srvnet (cb69edeb069a49577592835659cd0e46) C:\Windows\system32\DRIVERS\srvnet.sys

17:42:52.0682 1328 srvnet - ok

17:42:52.0733 1328 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

17:42:52.0736 1328 stexstor - ok

17:42:52.0748 1328 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

17:42:52.0756 1328 swenum - ok

17:42:52.0774 1328 TBPanel - ok

17:42:52.0816 1328 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys

17:42:52.0850 1328 Tcpip - ok

17:42:52.0891 1328 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys

17:42:52.0897 1328 TCPIP6 - ok

17:42:52.0928 1328 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys

17:42:52.0930 1328 tcpipreg - ok

17:42:52.0943 1328 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

17:42:52.0952 1328 TDPIPE - ok

17:42:52.0966 1328 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

17:42:52.0972 1328 TDTCP - ok

17:42:52.0999 1328 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys

17:42:53.0029 1328 tdx - ok

17:42:53.0044 1328 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys

17:42:53.0045 1328 TermDD - ok

17:42:53.0063 1328 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys

17:42:53.0065 1328 tssecsrv - ok

17:42:53.0097 1328 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys

17:42:53.0106 1328 tunnel - ok

17:42:53.0117 1328 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

17:42:53.0127 1328 uagp35 - ok

17:42:53.0146 1328 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys

17:42:53.0149 1328 udfs - ok

17:42:53.0168 1328 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys

17:42:53.0178 1328 uliagpkx - ok

17:42:53.0198 1328 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys

17:42:53.0208 1328 umbus - ok

17:42:53.0218 1328 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

17:42:53.0227 1328 UmPass - ok

17:42:53.0256 1328 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys

17:42:53.0265 1328 usbccgp - ok

17:42:53.0288 1328 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys

17:42:53.0290 1328 usbcir - ok

17:42:53.0304 1328 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys

17:42:53.0306 1328 usbehci - ok

17:42:53.0319 1328 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys

17:42:53.0330 1328 usbhub - ok

17:42:53.0341 1328 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys

17:42:53.0350 1328 usbohci - ok

17:42:53.0361 1328 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

17:42:53.0370 1328 usbprint - ok

17:42:53.0386 1328 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS

17:42:53.0396 1328 USBSTOR - ok

17:42:53.0411 1328 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys

17:42:53.0413 1328 usbuhci - ok

17:42:53.0430 1328 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys

17:42:53.0446 1328 vdrvroot - ok

17:42:53.0463 1328 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

17:42:53.0465 1328 vga - ok

17:42:53.0483 1328 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

17:42:53.0492 1328 VgaSave - ok

17:42:53.0512 1328 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys

17:42:53.0524 1328 vhdmp - ok

17:42:53.0541 1328 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys

17:42:53.0550 1328 viaide - ok

17:42:53.0564 1328 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys

17:42:53.0580 1328 volmgr - ok

17:42:53.0600 1328 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys

17:42:53.0603 1328 volmgrx - ok

17:42:53.0615 1328 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys

17:42:53.0641 1328 volsnap - ok

17:42:53.0671 1328 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

17:42:53.0681 1328 vsmraid - ok

17:42:53.0700 1328 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

17:42:53.0715 1328 vwifibus - ok

17:42:53.0753 1328 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

17:42:53.0755 1328 WacomPen - ok

17:42:53.0778 1328 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

17:42:53.0788 1328 WANARP - ok

17:42:53.0793 1328 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

17:42:53.0794 1328 Wanarpv6 - ok

17:42:53.0811 1328 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

17:42:53.0812 1328 Wd - ok

17:42:53.0834 1328 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

17:42:53.0841 1328 Wdf01000 - ok

17:42:53.0864 1328 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

17:42:53.0873 1328 WfpLwf - ok

17:42:53.0890 1328 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

17:42:53.0899 1328 WIMMount - ok

17:42:53.0956 1328 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys

17:42:53.0964 1328 WinUsb - ok

17:42:53.0979 1328 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

17:42:53.0987 1328 WmiAcpi - ok

17:42:54.0021 1328 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

17:42:54.0040 1328 ws2ifsl - ok

17:42:54.0058 1328 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys

17:42:54.0068 1328 WudfPf - ok

17:42:54.0095 1328 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys

17:42:54.0105 1328 WUDFRd - ok

17:42:54.0119 1328 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

17:42:54.0126 1328 \Device\Harddisk0\DR0 - ok

17:42:54.0134 1328 Boot (0x1200) (1d56c2db9dac2985e525e639466eda01) \Device\Harddisk0\DR0\Partition0

17:42:54.0135 1328 \Device\Harddisk0\DR0\Partition0 - ok

17:42:54.0145 1328 Boot (0x1200) (06e53e36b0475eda4fc7daa6cd054e2d) \Device\Harddisk0\DR0\Partition1

17:42:54.0145 1328 \Device\Harddisk0\DR0\Partition1 - ok

17:42:54.0146 1328 ============================================================

17:42:54.0146 1328 Scan finished

17:42:54.0146 1328 ============================================================

17:42:54.0151 2492 Detected object count: 0

17:42:54.0151 2492 Actual detected object count: 0

17:45:42.0964 2840 ============================================================

17:45:42.0964 2840 Scan started

17:45:42.0964 2840 Mode: Manual;

17:45:42.0964 2840 ============================================================

17:45:43.0391 2840 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys

17:45:43.0392 2840 1394ohci - ok

17:45:43.0430 2840 78416385 - ok

17:45:43.0491 2840 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys

17:45:43.0493 2840 ACPI - ok

17:45:43.0577 2840 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys

17:45:43.0577 2840 AcpiPmi - ok

17:45:43.0648 2840 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

17:45:43.0650 2840 adp94xx - ok

17:45:43.0689 2840 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

17:45:43.0691 2840 adpahci - ok

17:45:43.0777 2840 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

17:45:43.0778 2840 adpu320 - ok

17:45:43.0902 2840 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys

17:45:43.0903 2840 AFD - ok

17:45:43.0951 2840 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys

17:45:43.0952 2840 agp440 - ok

17:45:43.0959 2840 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys

17:45:43.0959 2840 aliide - ok

17:45:44.0046 2840 ALSysIO - ok

17:45:44.0159 2840 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys

17:45:44.0160 2840 amdide - ok

17:45:44.0238 2840 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

17:45:44.0239 2840 AmdK8 - ok

17:45:44.0285 2840 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

17:45:44.0286 2840 AmdPPM - ok

17:45:44.0336 2840 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys

17:45:44.0337 2840 amdsata - ok

17:45:44.0344 2840 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

17:45:44.0345 2840 amdsbs - ok

17:45:44.0363 2840 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys

17:45:44.0363 2840 amdxata - ok

17:45:44.0380 2840 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys

17:45:44.0381 2840 AppID - ok

17:45:44.0423 2840 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

17:45:44.0424 2840 arc - ok

17:45:44.0516 2840 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

17:45:44.0516 2840 arcsas - ok

17:45:44.0581 2840 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

17:45:44.0581 2840 AsyncMac - ok

17:45:44.0603 2840 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys

17:45:44.0603 2840 atapi - ok

17:45:44.0725 2840 atksgt (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys

17:45:44.0726 2840 atksgt - ok

17:45:44.0875 2840 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

17:45:44.0877 2840 b06bdrv - ok

17:45:45.0037 2840 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

17:45:45.0038 2840 b57nd60a - ok

17:45:45.0135 2840 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

17:45:45.0135 2840 Beep - ok

17:45:45.0169 2840 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

17:45:45.0170 2840 blbdrive - ok

17:45:45.0209 2840 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys

17:45:45.0210 2840 bowser - ok

17:45:45.0322 2840 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

17:45:45.0323 2840 BrFiltLo - ok

17:45:45.0428 2840 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

17:45:45.0428 2840 BrFiltUp - ok

17:45:45.0497 2840 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

17:45:45.0498 2840 Brserid - ok

17:45:45.0540 2840 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

17:45:45.0541 2840 BrSerWdm - ok

17:45:45.0582 2840 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

17:45:45.0583 2840 BrUsbMdm - ok

17:45:45.0662 2840 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

17:45:45.0663 2840 BrUsbSer - ok

17:45:45.0760 2840 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

17:45:45.0760 2840 BTHMODEM - ok

17:45:45.0926 2840 Cardex (2bd001601496ae87f7cb86f1fcd6f1ec) C:\Windows\SysWOW64\drivers\TBPANELX64.SYS

17:45:45.0926 2840 Cardex - ok

17:45:46.0038 2840 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

17:45:46.0038 2840 cdfs - ok

17:45:46.0312 2840 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys

17:45:46.0312 2840 cdrom - ok

17:45:46.0522 2840 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

17:45:46.0523 2840 circlass - ok

17:45:46.0719 2840 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

17:45:46.0720 2840 CLFS - ok

17:45:46.0952 2840 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

17:45:46.0953 2840 CmBatt - ok

17:45:47.0170 2840 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys

17:45:47.0171 2840 cmdide - ok

17:45:47.0488 2840 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys

17:45:47.0490 2840 CNG - ok

17:45:47.0716 2840 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

17:45:47.0717 2840 Compbatt - ok

17:45:47.0860 2840 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys

17:45:47.0861 2840 CompositeBus - ok

17:45:47.0941 2840 cpuz130 - ok

17:45:48.0100 2840 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

17:45:48.0100 2840 crcdisk - ok

17:45:48.0187 2840 ctxusbm (ba8e5b2291c01ef71ca80e25f0c79d55) C:\Windows\system32\DRIVERS\ctxusbm.sys

17:45:48.0188 2840 ctxusbm - ok

17:45:48.0350 2840 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys

17:45:48.0351 2840 DfsC - ok

17:45:48.0627 2840 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

17:45:48.0628 2840 discache - ok

17:45:48.0725 2840 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

17:45:48.0726 2840 Disk - ok

17:45:48.0957 2840 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

17:45:48.0957 2840 drmkaud - ok

17:45:49.0258 2840 dtsoftbus01 (1cecd1252261153c7873b5d9eb259d65) C:\Windows\system32\DRIVERS\dtsoftbus01.sys

17:45:49.0259 2840 dtsoftbus01 - ok

17:45:49.0596 2840 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys

17:45:49.0599 2840 DXGKrnl - ok

17:45:49.0843 2840 eamonm (13533557d01b88c83110d5cf749f14d7) C:\Windows\system32\DRIVERS\eamonm.sys

17:45:49.0844 2840 eamonm - ok

17:45:50.0233 2840 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

17:45:50.0244 2840 ebdrv - ok

17:45:50.0547 2840 ehdrv (e097728129e7b79bf1089d7aef42332b) C:\Windows\system32\DRIVERS\ehdrv.sys

17:45:50.0548 2840 ehdrv - ok

17:45:50.0780 2840 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

17:45:50.0782 2840 elxstor - ok

17:45:50.0995 2840 epfw (198c6fbc30bbd9632ea051203dccf204) C:\Windows\system32\DRIVERS\epfw.sys

17:45:50.0996 2840 epfw - ok

17:45:51.0338 2840 EpfwLWF (56de463f517710a8aa44eef82c35b3c9) C:\Windows\system32\DRIVERS\EpfwLWF.sys

17:45:51.0339 2840 EpfwLWF - ok

17:45:51.0624 2840 epfwwfp (710b0442bb2f99278d7b8e02a8849c11) C:\Windows\system32\DRIVERS\epfwwfp.sys

17:45:51.0624 2840 epfwwfp - ok

17:45:51.0940 2840 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys

17:45:51.0941 2840 ErrDev - ok

17:45:52.0005 2840 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

17:45:52.0007 2840 exfat - ok

17:45:52.0256 2840 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

17:45:52.0257 2840 fastfat - ok

17:45:52.0579 2840 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

17:45:52.0579 2840 fdc - ok

17:45:52.0706 2840 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

17:45:52.0707 2840 FileInfo - ok

17:45:52.0808 2840 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

17:45:52.0808 2840 Filetrace - ok

17:45:52.0927 2840 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

17:45:52.0928 2840 flpydisk - ok

17:45:52.0983 2840 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys

17:45:52.0985 2840 FltMgr - ok

17:45:53.0055 2840 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

17:45:53.0055 2840 FsDepends - ok

17:45:53.0192 2840 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

17:45:53.0193 2840 Fs_Rec - ok

17:45:53.0297 2840 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys

17:45:53.0298 2840 fvevol - ok

17:45:53.0336 2840 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

17:45:53.0336 2840 gagp30kx - ok

17:45:53.0401 2840 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

17:45:53.0402 2840 GEARAspiWDM - ok

17:45:53.0597 2840 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

17:45:53.0598 2840 hcw85cir - ok

17:45:53.0736 2840 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys

17:45:53.0738 2840 HdAudAddService - ok

17:45:53.0875 2840 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys

17:45:53.0876 2840 HDAudBus - ok

17:45:53.0955 2840 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys

17:45:53.0956 2840 HECIx64 - ok

17:45:54.0083 2840 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

17:45:54.0083 2840 HidBatt - ok

17:45:54.0303 2840 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

17:45:54.0304 2840 HidBth - ok

17:45:54.0415 2840 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

17:45:54.0415 2840 HidIr - ok

17:45:54.0438 2840 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys

17:45:54.0440 2840 HidUsb - ok

17:45:54.0573 2840 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys

17:45:54.0574 2840 HpSAMD - ok

17:45:54.0730 2840 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys

17:45:54.0733 2840 HTTP - ok

17:45:54.0888 2840 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys

17:45:54.0889 2840 hwpolicy - ok

17:45:55.0082 2840 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

17:45:55.0082 2840 i8042prt - ok

17:45:55.0242 2840 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys

17:45:55.0243 2840 iaStorV - ok

17:45:55.0413 2840 IDMWFP (71359fc89451bf54fa06f049d3a87adf) C:\Windows\system32\DRIVERS\idmwfp.sys

17:45:55.0414 2840 IDMWFP - ok

17:45:55.0522 2840 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

17:45:55.0523 2840 iirsp - ok

17:45:55.0660 2840 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys

17:45:55.0661 2840 intelide - ok

17:45:55.0793 2840 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

17:45:55.0793 2840 intelppm - ok

17:45:55.0949 2840 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys

17:45:55.0950 2840 IpFilterDriver - ok

17:45:56.0001 2840 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys

17:45:56.0001 2840 IPMIDRV - ok

17:45:56.0029 2840 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

17:45:56.0030 2840 IPNAT - ok

17:45:56.0049 2840 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

17:45:56.0050 2840 IRENUM - ok

17:45:56.0066 2840 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys

17:45:56.0066 2840 isapnp - ok

17:45:56.0236 2840 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys

17:45:56.0237 2840 iScsiPrt - ok

17:45:56.0352 2840 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

17:45:56.0352 2840 kbdclass - ok

17:45:56.0457 2840 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys

17:45:56.0458 2840 kbdhid - ok

17:45:56.0573 2840 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys

17:45:56.0573 2840 KSecDD - ok

17:45:56.0761 2840 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys

17:45:56.0762 2840 KSecPkg - ok

17:45:56.0922 2840 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

17:45:56.0922 2840 ksthunk - ok

17:45:57.0109 2840 lirsgt (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys

17:45:57.0110 2840 lirsgt - ok

17:45:57.0259 2840 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

17:45:57.0260 2840 lltdio - ok

17:45:57.0395 2840 LMIInfo (0317335b15ff3bda8e10197e3434cfc0) C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys

17:45:57.0395 2840 LMIInfo - ok

17:45:57.0549 2840 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys

17:45:57.0549 2840 lmimirr - ok

17:45:57.0697 2840 LMIRfsClientNP - ok

17:45:57.0769 2840 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys

17:45:57.0769 2840 LMIRfsDriver - ok

17:45:57.0835 2840 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

17:45:57.0836 2840 LSI_FC - ok

17:45:57.0986 2840 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

17:45:57.0987 2840 LSI_SAS - ok

17:45:58.0157 2840 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

17:45:58.0157 2840 LSI_SAS2 - ok

17:45:58.0342 2840 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

17:45:58.0343 2840 LSI_SCSI - ok

17:45:58.0511 2840 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

17:45:58.0511 2840 luafv - ok

17:45:58.0608 2840 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys

17:45:58.0609 2840 mcdbus - ok

17:45:58.0694 2840 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

17:45:58.0694 2840 megasas - ok

17:45:58.0769 2840 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

17:45:58.0770 2840 MegaSR - ok

17:45:58.0946 2840 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

17:45:58.0946 2840 Modem - ok

17:45:59.0278 2840 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

17:45:59.0278 2840 monitor - ok

17:45:59.0352 2840 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

17:45:59.0353 2840 mouclass - ok

17:45:59.0366 2840 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

17:45:59.0366 2840 mouhid - ok

17:45:59.0375 2840 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys

17:45:59.0376 2840 mountmgr - ok

17:45:59.0393 2840 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys

17:45:59.0394 2840 mpio - ok

17:45:59.0405 2840 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

17:45:59.0406 2840 mpsdrv - ok

17:45:59.0508 2840 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys

17:45:59.0509 2840 MRxDAV - ok

17:45:59.0606 2840 mrxsmb (b7f3d2c40bdf8ffb73ebfb19c77734e2) C:\Windows\system32\DRIVERS\mrxsmb.sys

17:45:59.0606 2840 mrxsmb - ok

17:45:59.0731 2840 mrxsmb10 (86c6f88b5168ce21cf8d69d0b3ff5d19) C:\Windows\system32\DRIVERS\mrxsmb10.sys

17:45:59.0732 2840 mrxsmb10 - ok

17:45:59.0809 2840 mrxsmb20 (b081069251c8e9f42cb8769d07148f9c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

17:45:59.0810 2840 mrxsmb20 - ok

17:45:59.0836 2840 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys

17:45:59.0837 2840 msahci - ok

17:45:59.0868 2840 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys

17:45:59.0869 2840 msdsm - ok

17:45:59.0920 2840 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

17:45:59.0920 2840 Msfs - ok

17:45:59.0968 2840 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

17:45:59.0968 2840 mshidkmdf - ok

17:45:59.0983 2840 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys

17:45:59.0984 2840 msisadrv - ok

17:46:00.0078 2840 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

17:46:00.0078 2840 MSKSSRV - ok

17:46:00.0158 2840 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

17:46:00.0158 2840 MSPCLOCK - ok

17:46:00.0211 2840 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

17:46:00.0212 2840 MSPQM - ok

17:46:00.0319 2840 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys

17:46:00.0320 2840 MsRPC - ok

17:46:00.0485 2840 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

17:46:00.0486 2840 mssmbios - ok

17:46:00.0521 2840 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

17:46:00.0521 2840 MSTEE - ok

17:46:00.0533 2840 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

17:46:00.0534 2840 MTConfig - ok

17:46:00.0605 2840 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys

17:46:00.0606 2840 MTsensor - ok

17:46:00.0628 2840 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

17:46:00.0628 2840 Mup - ok

17:46:00.0660 2840 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

17:46:00.0662 2840 NativeWifiP - ok

17:46:00.0733 2840 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys

17:46:00.0737 2840 NDIS - ok

17:46:00.0754 2840 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

17:46:00.0754 2840 NdisCap - ok

17:46:00.0792 2840 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

17:46:00.0792 2840 NdisTapi - ok

17:46:00.0810 2840 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys

17:46:00.0811 2840 Ndisuio - ok

17:46:00.0866 2840 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys

17:46:00.0867 2840 NdisWan - ok

17:46:00.0899 2840 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys

17:46:00.0899 2840 NDProxy - ok

17:46:00.0935 2840 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

17:46:00.0935 2840 NetBIOS - ok

17:46:01.0007 2840 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys

17:46:01.0008 2840 NetBT - ok

17:46:01.0024 2840 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

17:46:01.0025 2840 nfrd960 - ok

17:46:01.0082 2840 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

17:46:01.0082 2840 Npfs - ok

17:46:01.0112 2840 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

17:46:01.0113 2840 nsiproxy - ok

17:46:01.0177 2840 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys

17:46:01.0183 2840 Ntfs - ok

17:46:01.0248 2840 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

17:46:01.0249 2840 Null - ok

17:46:01.0296 2840 nusb3hub (088cd71003f21f96f01c63955150a1fb) C:\Windows\system32\DRIVERS\nusb3hub.sys

17:46:01.0297 2840 nusb3hub - ok

17:46:01.0356 2840 nusb3xhc (d90a2d44e93daea47aea946d9e87000f) C:\Windows\system32\DRIVERS\nusb3xhc.sys

17:46:01.0357 2840 nusb3xhc - ok

17:46:01.0402 2840 NVHDA (10204955027011e08a9dc27737a48a54) C:\Windows\system32\drivers\nvhda64v.sys

17:46:01.0403 2840 NVHDA - ok

17:46:01.0608 2840 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys

17:46:01.0650 2840 nvlddmkm - ok

17:46:01.0769 2840 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys

17:46:01.0770 2840 nvraid - ok

17:46:01.0786 2840 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys

17:46:01.0787 2840 nvstor - ok

17:46:01.0847 2840 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys

17:46:01.0847 2840 nv_agp - ok

17:46:01.0854 2840 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys

17:46:01.0855 2840 ohci1394 - ok

17:46:01.0886 2840 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

17:46:01.0887 2840 Parport - ok

17:46:01.0906 2840 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys

17:46:01.0907 2840 partmgr - ok

17:46:02.0052 2840 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys

17:46:02.0053 2840 pci - ok

17:46:02.0347 2840 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys

17:46:02.0357 2840 pciide - ok

17:46:02.0686 2840 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

17:46:02.0687 2840 pcmcia - ok

17:46:02.0774 2840 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

17:46:02.0775 2840 pcw - ok

17:46:02.0796 2840 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

17:46:02.0798 2840 PEAUTH - ok

17:46:02.0909 2840 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys

17:46:02.0909 2840 PptpMiniport - ok

17:46:02.0931 2840 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

17:46:02.0931 2840 Processor - ok

17:46:02.0960 2840 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys

17:46:02.0961 2840 Psched - ok

17:46:03.0137 2840 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

17:46:03.0142 2840 ql2300 - ok

17:46:03.0322 2840 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

17:46:03.0323 2840 ql40xx - ok

17:46:03.0350 2840 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

17:46:03.0351 2840 QWAVEdrv - ok

17:46:03.0375 2840 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

17:46:03.0376 2840 RasAcd - ok

17:46:03.0417 2840 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

17:46:03.0418 2840 RasAgileVpn - ok

17:46:03.0457 2840 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys

17:46:03.0458 2840 Rasl2tp - ok

17:46:03.0643 2840 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

17:46:03.0644 2840 RasPppoe - ok

17:46:03.0712 2840 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

17:46:03.0713 2840 RasSstp - ok

17:46:03.0785 2840 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys

17:46:03.0786 2840 rdbss - ok

17:46:03.0941 2840 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

17:46:03.0941 2840 rdpbus - ok

17:46:04.0010 2840 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

17:46:04.0011 2840 RDPCDD - ok

17:46:04.0024 2840 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

17:46:04.0024 2840 RDPENCDD - ok

17:46:04.0127 2840 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

17:46:04.0128 2840 RDPREFMP - ok

17:46:04.0167 2840 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys

17:46:04.0168 2840 RDPWD - ok

17:46:04.0300 2840 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys

17:46:04.0301 2840 rdyboost - ok

17:46:04.0365 2840 RimUsb (71b48ddaf5e9c2b40e64de5c405f5aac) C:\Windows\system32\Drivers\RimUsb_AMD64.sys

17:46:04.0365 2840 RimUsb - ok

17:46:04.0449 2840 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys

17:46:04.0449 2840 RimVSerPort - ok

17:46:04.0557 2840 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys

17:46:04.0557 2840 ROOTMODEM - ok

17:46:04.0758 2840 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

17:46:04.0758 2840 rspndr - ok

17:46:04.0837 2840 RTL8167 (4fbda07ef0a3097ce14c5cabf723b278) C:\Windows\system32\DRIVERS\Rt64win7.sys

17:46:04.0838 2840 RTL8167 - ok

17:46:04.0934 2840 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Users\Admin\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS

17:46:04.0935 2840 SASDIFSV - ok

17:46:05.0125 2840 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Users\Admin\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS

17:46:05.0125 2840 SASKUTIL - ok

17:46:05.0519 2840 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys

17:46:05.0520 2840 sbp2port - ok

17:46:05.0603 2840 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys

17:46:05.0604 2840 scfilter - ok

17:46:05.0676 2840 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

17:46:05.0677 2840 secdrv - ok

17:46:05.0805 2840 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

17:46:05.0806 2840 Serenum - ok

17:46:05.0965 2840 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

17:46:05.0966 2840 Serial - ok

17:46:06.0462 2840 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

17:46:06.0462 2840 sermouse - ok

17:46:06.0732 2840 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys

17:46:06.0732 2840 sffdisk - ok

17:46:06.0857 2840 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys

17:46:06.0858 2840 sffp_mmc - ok

17:46:07.0015 2840 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys

17:46:07.0015 2840 sffp_sd - ok

17:46:07.0167 2840 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

17:46:07.0167 2840 sfloppy - ok

17:46:07.0317 2840 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

17:46:07.0318 2840 SiSRaid2 - ok

17:46:07.0491 2840 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

17:46:07.0492 2840 SiSRaid4 - ok

17:46:07.0559 2840 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

17:46:07.0559 2840 Smb - ok

17:46:07.0900 2840 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

17:46:07.0901 2840 spldr - ok

17:46:08.0189 2840 sptd (34f974f8b3c86de03a30dcbe79091c97) C:\Windows\System32\Drivers\sptd.sys

17:46:08.0191 2840 sptd - ok

17:46:08.0397 2840 srv (148d50904d2a0df29a19778715eb35bb) C:\Windows\system32\DRIVERS\srv.sys

17:46:08.0399 2840 srv - ok

17:46:08.0506 2840 srv2 (ce2189fe31d36678ac9eb7ddee08ec96) C:\Windows\system32\DRIVERS\srv2.sys

17:46:08.0508 2840 srv2 - ok

17:46:08.0523 2840 srvnet (cb69edeb069a49577592835659cd0e46) C:\Windows\system32\DRIVERS\srvnet.sys

17:46:08.0524 2840 srvnet - ok

17:46:08.0552 2840 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

17:46:08.0552 2840 stexstor - ok

17:46:08.0566 2840 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

17:46:08.0567 2840 swenum - ok

17:46:08.0577 2840 TBPanel - ok

17:46:08.0618 2840 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys

17:46:08.0624 2840 Tcpip - ok

17:46:08.0660 2840 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys

17:46:08.0666 2840 TCPIP6 - ok

17:46:08.0680 2840 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys

17:46:08.0680 2840 tcpipreg - ok

17:46:08.0728 2840 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

17:46:08.0729 2840 TDPIPE - ok

17:46:08.0743 2840 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

17:46:08.0743 2840 TDTCP - ok

17:46:08.0776 2840 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys

17:46:08.0777 2840 tdx - ok

17:46:08.0796 2840 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys

17:46:08.0796 2840 TermDD - ok

17:46:08.0808 2840 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys

17:46:08.0809 2840 tssecsrv - ok

17:46:08.0824 2840 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys

17:46:08.0825 2840 tunnel - ok

17:46:08.0853 2840 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

17:46:08.0853 2840 uagp35 - ok

17:46:08.0873 2840 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys

17:46:08.0874 2840 udfs - ok

17:46:08.0895 2840 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys

17:46:08.0896 2840 uliagpkx - ok

17:46:08.0916 2840 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys

17:46:08.0917 2840 umbus - ok

17:46:08.0937 2840 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

17:46:08.0937 2840 UmPass - ok

17:46:09.0066 2840 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys

17:46:09.0067 2840 usbccgp - ok

17:46:09.0206 2840 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys

17:46:09.0207 2840 usbcir - ok

17:46:09.0314 2840 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys

17:46:09.0315 2840 usbehci - ok

17:46:09.0412 2840 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys

17:46:09.0414 2840 usbhub - ok

17:46:09.0451 2840 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys

17:46:09.0452 2840 usbohci - ok

17:46:09.0496 2840 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

17:46:09.0497 2840 usbprint - ok

17:46:09.0571 2840 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS

17:46:09.0572 2840 USBSTOR - ok

17:46:09.0729 2840 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys

17:46:09.0729 2840 usbuhci - ok

17:46:09.0823 2840 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys

17:46:09.0824 2840 vdrvroot - ok

17:46:09.0923 2840 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

17:46:09.0923 2840 vga - ok

17:46:09.0942 2840 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

17:46:09.0943 2840 VgaSave - ok

17:46:10.0149 2840 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys

17:46:10.0150 2840 vhdmp - ok

17:46:10.0291 2840 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys

17:46:10.0292 2840 viaide - ok

17:46:10.0373 2840 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys

17:46:10.0374 2840 volmgr - ok

17:46:10.0510 2840 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys

17:46:10.0511 2840 volmgrx - ok

17:46:10.0613 2840 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys

17:46:10.0614 2840 volsnap - ok

17:46:10.0708 2840 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

17:46:10.0709 2840 vsmraid - ok

17:46:10.0759 2840 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

17:46:10.0759 2840 vwifibus - ok

17:46:10.0878 2840 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

17:46:10.0879 2840 WacomPen - ok

17:46:10.0978 2840 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

17:46:10.0979 2840 WANARP - ok

17:46:11.0003 2840 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

17:46:11.0004 2840 Wanarpv6 - ok

17:46:11.0127 2840 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

17:46:11.0128 2840 Wd - ok

17:46:11.0284 2840 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

17:46:11.0286 2840 Wdf01000 - ok

17:46:11.0456 2840 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

17:46:11.0456 2840 WfpLwf - ok

17:46:11.0656 2840 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

17:46:11.0656 2840 WIMMount - ok

17:46:11.0706 2840 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys

17:46:11.0706 2840 WinUsb - ok

17:46:11.0714 2840 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

17:46:11.0715 2840 WmiAcpi - ok

17:46:11.0737 2840 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

17:46:11.0737 2840 ws2ifsl - ok

17:46:11.0758 2840 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys

17:46:11.0759 2840 WudfPf - ok

17:46:11.0778 2840 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys

17:46:11.0779 2840 WUDFRd - ok

17:46:11.0794 2840 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

17:46:11.0800 2840 \Device\Harddisk0\DR0 - ok

17:46:11.0808 2840 Boot (0x1200) (1d56c2db9dac2985e525e639466eda01) \Device\Harddisk0\DR0\Partition0

17:46:11.0809 2840 \Device\Harddisk0\DR0\Partition0 - ok

17:46:11.0819 2840 Boot (0x1200) (06e53e36b0475eda4fc7daa6cd054e2d) \Device\Harddisk0\DR0\Partition1

17:46:11.0820 2840 \Device\Harddisk0\DR0\Partition1 - ok

17:46:11.0821 2840 ============================================================

17:46:11.0821 2840 Scan finished

17:46:11.0821 2840 ============================================================

17:46:11.0825 3988 Detected object count: 0

17:46:11.0825 3988 Actual detected object count: 0

Other logs to follow in next post...

MBR.zip

Share this post


Link to post
Share on other sites

3. MBR Check log:

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows 7 Home Premium Edition

Windows Information: (build 7600), 64-bit

Base Board Manufacturer: ASUSTeK Computer INC.

BIOS Manufacturer: American Megatrends Inc.

System Manufacturer: System manufacturer

System Product Name: System Product Name

Logical Drives Mask: 0x0000002c

Kernel Drivers (total 200):

0x02E19000 \SystemRoot\system32\ntoskrnl.exe

0x033F5000 \SystemRoot\system32\hal.dll

0x00BD2000 \SystemRoot\system32\kdcom.dll

0x00C68000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

0x00CAC000 \SystemRoot\system32\PSHED.dll

0x00CC0000 \SystemRoot\system32\CLFS.SYS

0x00D1E000 \SystemRoot\system32\CI.dll

0x00E33000 \SystemRoot\system32\drivers\Wdf01000.sys

0x00ED7000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x00EE6000 \SystemRoot\system32\DRIVERS\ACPI.sys

0x00F3D000 \SystemRoot\system32\DRIVERS\WMILIB.SYS

0x00F46000 \SystemRoot\system32\DRIVERS\msisadrv.sys

0x00F50000 \SystemRoot\system32\DRIVERS\vdrvroot.sys

0x00F5D000 \SystemRoot\system32\DRIVERS\pci.sys

0x00F90000 \SystemRoot\System32\drivers\partmgr.sys

0x00FA5000 \SystemRoot\system32\DRIVERS\volmgr.sys

0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys

0x00FBA000 \SystemRoot\system32\DRIVERS\pciide.sys

0x00FC1000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS

0x00FD1000 \SystemRoot\System32\drivers\mountmgr.sys

0x00FEB000 \SystemRoot\system32\DRIVERS\atapi.sys

0x00E00000 \SystemRoot\system32\DRIVERS\ataport.SYS

0x00FF4000 \SystemRoot\system32\DRIVERS\amdxata.sys

0x01071000 \SystemRoot\system32\drivers\fltmgr.sys

0x010BD000 \SystemRoot\system32\drivers\fileinfo.sys

0x0120C000 \SystemRoot\System32\Drivers\Ntfs.sys

0x010D1000 \SystemRoot\System32\Drivers\msrpc.sys

0x013AF000 \SystemRoot\System32\Drivers\ksecdd.sys

0x0112F000 \SystemRoot\System32\Drivers\cng.sys

0x013C9000 \SystemRoot\System32\drivers\pcw.sys

0x013DA000 \SystemRoot\System32\Drivers\Fs_Rec.sys

0x0148D000 \SystemRoot\system32\drivers\ndis.sys

0x0157F000 \SystemRoot\system32\drivers\NETIO.SYS

0x01400000 \SystemRoot\System32\Drivers\ksecpkg.sys

0x01602000 \SystemRoot\System32\drivers\tcpip.sys

0x0142B000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x01475000 \SystemRoot\system32\DRIVERS\epfwwfp.sys

0x011A2000 \SystemRoot\system32\DRIVERS\volsnap.sys

0x015DF000 \SystemRoot\System32\Drivers\spldr.sys

0x01000000 \SystemRoot\System32\drivers\rdyboost.sys

0x015E7000 \SystemRoot\System32\Drivers\mup.sys

0x013E4000 \SystemRoot\System32\drivers\hwpolicy.sys

0x018A7000 \SystemRoot\System32\DRIVERS\fvevol.sys

0x018E1000 \SystemRoot\system32\DRIVERS\disk.sys

0x018F7000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS

0x0195D000 \SystemRoot\system32\DRIVERS\dtsoftbus01.sys

0x019A3000 \SystemRoot\system32\DRIVERS\cdrom.sys

0x019CD000 \SystemRoot\System32\Drivers\Null.SYS

0x019D6000 \SystemRoot\System32\Drivers\Beep.SYS

0x01800000 \SystemRoot\system32\DRIVERS\ehdrv.sys

0x01827000 \SystemRoot\System32\drivers\vga.sys

0x01835000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x0185A000 \SystemRoot\System32\drivers\watchdog.sys

0x0186A000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x01873000 \SystemRoot\system32\drivers\rdpencdd.sys

0x0187C000 \SystemRoot\system32\drivers\rdprefmp.sys

0x01885000 \SystemRoot\System32\Drivers\Msfs.SYS

0x01890000 \SystemRoot\System32\Drivers\Npfs.SYS

0x019DD000 \SystemRoot\system32\DRIVERS\tdx.sys

0x013ED000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x0661C000 \SystemRoot\system32\drivers\afd.sys

0x066A6000 \SystemRoot\System32\DRIVERS\netbt.sys

0x066EB000 \SystemRoot\system32\DRIVERS\wfplwf.sys

0x066F4000 \SystemRoot\system32\DRIVERS\pacer.sys

0x0671A000 \SystemRoot\system32\DRIVERS\EpfwLWF.sys

0x06727000 \SystemRoot\system32\DRIVERS\netbios.sys

0x06736000 \SystemRoot\system32\DRIVERS\serial.sys

0x06753000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x0676E000 \SystemRoot\system32\DRIVERS\termdd.sys

0x06782000 \??\C:\Users\Admin\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS

0x0678C000 \??\C:\Users\Admin\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS

0x06796000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x067E7000 \SystemRoot\system32\drivers\nsiproxy.sys

0x067F3000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0x06600000 \SystemRoot\System32\drivers\discache.sys

0x0103A000 \SystemRoot\System32\Drivers\dfsc.sys

0x00DDE000 \SystemRoot\system32\DRIVERS\ctxusbm.sys

0x01058000 \SystemRoot\system32\DRIVERS\blbdrive.sys

0x06860000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x06886000 \SystemRoot\system32\DRIVERS\intelppm.sys

0x0FEC4000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys

0x10B3B000 \SystemRoot\System32\Drivers\nvBridge.kmd

0x0689C000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x10B40000 \SystemRoot\System32\drivers\dxgmms1.sys

0x10B86000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0x10BAA000 \SystemRoot\system32\DRIVERS\HECIx64.sys

0x10BBB000 \SystemRoot\system32\DRIVERS\usbehci.sys

0x0FE00000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0x0FE56000 \SystemRoot\system32\DRIVERS\Rt64win7.sys

0x10BCC000 \SystemRoot\system32\DRIVERS\nusb3xhc.sys

0x10BFC000 \SystemRoot\system32\DRIVERS\USBD.SYS

0x0FEAD000 \SystemRoot\system32\DRIVERS\ASACPI.sys

0x0FEB5000 \SystemRoot\system32\DRIVERS\serenum.sys

0x06990000 \SystemRoot\system32\DRIVERS\parport.sys

0x069AD000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

0x069BA000 \SystemRoot\system32\DRIVERS\CompositeBus.sys

0x069CA000 \SystemRoot\system32\DRIVERS\lmimirr.sys

0x069D1000 \SystemRoot\System32\Drivers\RootMdm.sys

0x069D9000 \SystemRoot\system32\drivers\modem.sys

0x069E8000 \SystemRoot\system32\DRIVERS\AgileVpn.sys

0x06800000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x06824000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x06830000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x06A23000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x06A3E000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x06A5F000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x06A79000 \SystemRoot\system32\DRIVERS\RimSerial_AMD64.sys

0x06A81000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0x06A90000 \SystemRoot\system32\DRIVERS\mouclass.sys

0x06A9F000 \SystemRoot\system32\DRIVERS\swenum.sys

0x06AA1000 \SystemRoot\system32\DRIVERS\ks.sys

0x06AE4000 \SystemRoot\system32\DRIVERS\umbus.sys

0x06AF6000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x06B50000 \SystemRoot\system32\DRIVERS\nusb3hub.sys

0x06B68000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x06B7D000 \SystemRoot\system32\drivers\nvhda64v.sys

0x06BAA000 \SystemRoot\system32\drivers\portcls.sys

0x06A00000 \SystemRoot\system32\drivers\drmk.sys

0x06BE7000 \SystemRoot\system32\drivers\ksthunk.sys

0x07485000 \SystemRoot\system32\drivers\HdAudio.sys

0x00070000 \SystemRoot\System32\win32k.sys

0x074E1000 \SystemRoot\System32\drivers\Dxapi.sys

0x074ED000 \SystemRoot\system32\DRIVERS\monitor.sys

0x074FB000 \SystemRoot\System32\Drivers\crashdmp.sys

0x07509000 \SystemRoot\System32\Drivers\dump_dumpata.sys

0x07515000 \SystemRoot\System32\Drivers\dump_atapi.sys

0x0751E000 \SystemRoot\System32\Drivers\dump_dumpfve.sys

0x00490000 \SystemRoot\System32\TSDDD.dll

0x006C0000 \SystemRoot\System32\cdd.dll

0x07531000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0x0754E000 \SystemRoot\system32\DRIVERS\hidusb.sys

0x0755C000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0x07575000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0x0757E000 \SystemRoot\system32\DRIVERS\kbdhid.sys

0x0758C000 \SystemRoot\system32\DRIVERS\mouhid.sys

0x07599000 \SystemRoot\system32\drivers\luafv.sys

0x070C1000 \SystemRoot\system32\DRIVERS\eamonm.sys

0x071A3000 \SystemRoot\system32\drivers\WudfPf.sys

0x071C4000 \SystemRoot\system32\DRIVERS\epfw.sys

0x07000000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x07015000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x08E17000 \SystemRoot\system32\drivers\HTTP.sys

0x08EDF000 \SystemRoot\system32\DRIVERS\bowser.sys

0x08EFD000 \SystemRoot\System32\drivers\mpsdrv.sys

0x08F15000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0x08F42000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0x08F90000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0x0702D000 \SystemRoot\system32\DRIVERS\atksgt.sys

0x08FB3000 \SystemRoot\system32\DRIVERS\idmwfp.sys

0x08FDA000 \SystemRoot\system32\DRIVERS\lirsgt.sys

0x08FE7000 \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys

0x08E00000 \??\C:\Windows\system32\drivers\LMIRfsDriver.sys

0x09451000 \SystemRoot\system32\drivers\peauth.sys

0x094F7000 \SystemRoot\System32\Drivers\secdrv.SYS

0x09502000 \SystemRoot\System32\DRIVERS\srvnet.sys

0x0952F000 \SystemRoot\System32\drivers\tcpipreg.sys

0x09541000 \SystemRoot\System32\DRIVERS\srv2.sys

0x098D8000 \SystemRoot\System32\DRIVERS\srv.sys

0x0996D000 \SystemRoot\system32\DRIVERS\nwifi.sys

0x099C0000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0x099D3000 \??\C:\Windows\SysWOW64\drivers\TBPANELX64.SYS

0x77240000 \Windows\System32\ntdll.dll

0x47A40000 \Windows\System32\smss.exe

0xFF560000 \Windows\System32\apisetschema.dll

0xFFBE0000 \Windows\System32\autochk.exe

0xFF470000 \Windows\System32\advapi32.dll

0x770F0000 \Windows\System32\urlmon.dll

0xFF340000 \Windows\System32\rpcrt4.dll

0xFF270000 \Windows\System32\usp10.dll

0xFF1F0000 \Windows\System32\shlwapi.dll

0xFF1C0000 \Windows\System32\imm32.dll

0x76F90000 \Windows\System32\wininet.dll

0x76E70000 \Windows\System32\kernel32.dll

0xFE430000 \Windows\System32\shell32.dll

0xFE3E0000 \Windows\System32\Wldap32.dll

0xFE360000 \Windows\System32\difxapi.dll

0xFE280000 \Windows\System32\oleaut32.dll

0xFE260000 \Windows\System32\sechost.dll

0xFE210000 \Windows\System32\ws2_32.dll

0xFE100000 \Windows\System32\msctf.dll

0xFDEF0000 \Windows\System32\ole32.dll

0x77410000 \Windows\System32\psapi.dll

0x76C60000 \Windows\System32\iertutil.dll

0xFDEE0000 \Windows\System32\lpk.dll

0x76B60000 \Windows\System32\user32.dll

0xFDED0000 \Windows\System32\nsi.dll

0xFDE30000 \Windows\System32\clbcatq.dll

0xFDE10000 \Windows\System32\imagehlp.dll

0xFDD70000 \Windows\System32\msvcrt.dll

0xFDD00000 \Windows\System32\gdi32.dll

0xFDB20000 \Windows\System32\setupapi.dll

0xFDA80000 \Windows\System32\comdlg32.dll

0x77400000 \Windows\System32\normaliz.dll

0xFDA40000 \Windows\System32\cfgmgr32.dll

0xFDA20000 \Windows\System32\devobj.dll

0xFD9E0000 \Windows\System32\wintrust.dll

0xFD970000 \Windows\System32\KernelBase.dll

0xFD8D0000 \Windows\System32\comctl32.dll

0xFD760000 \Windows\System32\crypt32.dll

0xFD750000 \Windows\System32\msasn1.dll

Processes (total 72):

0 System Idle Process

4 System

296 C:\Windows\System32\smss.exe

424 csrss.exe

492 C:\Windows\System32\wininit.exe

516 csrss.exe

548 C:\Windows\System32\services.exe

588 C:\Windows\System32\lsass.exe

596 C:\Windows\System32\lsm.exe

716 C:\Windows\System32\winlogon.exe

744 C:\Windows\System32\svchost.exe

800 C:\Windows\System32\nvvsvc.exe

824 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

872 C:\Windows\System32\svchost.exe

936 C:\Windows\System32\svchost.exe

976 C:\Windows\System32\svchost.exe

1004 C:\Windows\System32\svchost.exe

1036 C:\Windows\System32\svchost.exe

1188 C:\Windows\System32\svchost.exe

1304 C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

1316 C:\Windows\System32\nvvsvc.exe

1376 C:\Windows\System32\spoolsv.exe

1404 C:\Windows\System32\svchost.exe

1500 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

1612 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

1640 C:\Program Files (x86)\Bonjour\mDNSResponder.exe

1676 C:\Program Files (x86)\ESET\ESET Smart Security\x86\ekrn.exe

1712 C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe

1736 C:\Program Files (x86)\LogMeIn\x64\ramaint.exe

1792 C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

1832 C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe

1988 C:\Windows\SysWOW64\PnkBstrA.exe

2032 C:\Windows\System32\svchost.exe

1228 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

1776 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

2464 WmiPrvSE.exe

2724 C:\Windows\System32\svchost.exe

2864 C:\Windows\System32\taskhost.exe

2956 C:\Windows\explorer.exe

2964 C:\Windows\System32\dwm.exe

2976 C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe

2400 C:\Program Files (x86)\ESET\ESET Smart Security\egui.exe

3004 C:\Program Files (x86)\EXPERTool\EXPERTool\TBPANEL.exe

2804 C:\Program Files (x86)\Steam\Steam.exe

3000 C:\Program Files\Windows Sidebar\sidebar.exe

3216 C:\Windows\System32\SearchIndexer.exe

3296 C:\Program Files (x86)\IDM\idman.exe

3332 C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

3352 C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

3376 C:\Program Files (x86)\Citrix\ICA Client\concentr.exe

3436 C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe

3600 C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe

3680 C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

3808 C:\Windows\System32\svchost.exe

3836 C:\Windows\servicing\TrustedInstaller.exe

4020 C:\Program Files\Windows Media Player\wmpnetwk.exe

420 C:\Program Files (x86)\IDM\IEMonitor.exe

2216 C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe

4456 C:\Windows\System32\wuauclt.exe

4508 C:\Program Files (x86)\Mozilla Firefox\firefox.exe

3876 C:\Windows\explorer.exe

1388 C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

2700 C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

4668 C:\Windows\System32\svchost.exe

4836 C:\Windows\explorer.exe

2308 C:\Windows\System32\wbem\WMIADAP.exe

1336 C:\Windows\System32\SearchProtocolHost.exe

728 C:\Windows\System32\SearchFilterHost.exe

3468 C:\Windows\explorer.exe

3824 C:\Users\Admin\Desktop\MBRCheck.exe

2396 C:\Windows\System32\conhost.exe

2220 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)

PhysicalDrive0 Model Number: ST3500418AS, Rev: CC46

Size Device Name MBR Status

--------------------------------------------

465 GB \\.\PhysicalDrive0 MBR Code Faked!

SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Options:

[1] Dump the MBR of a physical disk to file.

[2] Restore the MBR of a physical disk with a standard boot code.

[3] Exit.

Enter your choice:

Done!

4. aswMBR.exe log:

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software

Run date: 2011-12-05 17:49:11

-----------------------------

17:49:11.905 OS Version: Windows x64 6.1.7600

17:49:11.905 Number of processors: 4 586 0x2505

17:49:11.905 ComputerName: ADMIN-PC UserName: Admin

17:49:15.939 Initialize success

17:49:38.844 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-4

17:49:38.845 Disk 0 Vendor: ST3500418AS CC46 Size: 476940MB BusType: 3

17:49:40.858 Disk 0 MBR read successfully

17:49:40.859 Disk 0 MBR scan

17:49:40.860 Disk 0 Windows 7 default MBR code

17:49:40.862 Service scanning

17:49:42.262 Modules scanning

17:49:42.263 Disk 0 trace - called modules:

17:49:42.279 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys

17:49:42.281 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80045b2060]

17:49:42.282 3 CLASSPNP.SYS[fffff8800145143f] -> nt!IofCallDriver -> [0xfffffa8004327580]

17:49:42.284 5 ACPI.sys[fffff88000f02781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-4[0xfffffa8004329060]

17:49:42.286 Scan finished successfully

17:49:53.773 Disk 0 MBR has been saved successfully to "C:\Users\Admin\Desktop\MBR.dat"

17:49:53.778 The log file has been saved successfully to "C:\Users\Admin\Desktop\aswMBR.txt"

The aswMBR.dat file is attached as a zip file. MBR.zip

5. Combo Fix log:

ComboFix 11-12-04.02 - Admin 05/12/2011 17:58:07.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3959.2696 [GMT 0:00]

Running from: c:\users\Admin\Desktop\ComboFix.exe

AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}

SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\data

c:\data\ibdata1

c:\program files (x86)\TNod User & Password Finder\TNODUP.exe

c:\users\Admin\AppData\Roaming\chrtmp

c:\users\Admin\AppData\Roaming\winrar-x64-40b6.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-11-05 to 2011-12-05 )))))))))))))))))))))))))))))))

.

.

2011-12-05 18:02 . 2011-12-05 18:02 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2011-12-05 18:02 . 2011-12-05 18:02 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-12-03 12:13 . 2011-12-03 12:13 -------- d-----w- C:\_Quarantine

2011-12-02 01:46 . 2011-12-02 01:46 -------- d-----w- c:\program files (x86)\ESET

2011-12-02 00:15 . 2011-12-02 00:15 -------- d-----w- c:\users\Admin\AppData\Local\ESET

2011-12-02 00:01 . 2011-12-05 18:02 -------- d-----w- c:\program files (x86)\TNod User & Password Finder

2011-12-01 23:49 . 2011-12-01 23:49 -------- d-----w- c:\programdata\Kaspersky Lab

2011-12-01 23:04 . 2011-11-30 02:21 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{71F89B0C-1C07-4571-A903-69299F55AF18}\mpengine.dll

2011-12-01 19:05 . 2011-12-01 19:05 -------- d-----w- c:\users\Admin\AppData\Roaming\SUPERAntiSpyware.com

2011-12-01 19:05 . 2011-12-01 19:05 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2011-12-01 18:30 . 2011-12-01 18:30 -------- d-----w- c:\users\Admin\AppData\Roaming\Malwarebytes

2011-12-01 18:30 . 2011-12-01 18:30 -------- d-----w- c:\programdata\Malwarebytes

2011-12-01 18:30 . 2011-12-01 18:30 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-11-11 00:14 . 2007-04-04 18:55 403304 ----a-w- c:\windows\system32\xactengine2_7.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-15 08:53 . 2011-10-25 20:46 15693120 ----a-w- c:\windows\system32\nvd3dumx.dll

2011-10-15 08:53 . 2011-09-27 18:08 2808128 ----a-w- c:\windows\system32\nvapi64.dll

2011-10-15 08:53 . 2011-09-27 18:08 1533248 ----a-w- c:\windows\system32\nvdispco64.dll

2011-10-15 08:53 . 2011-09-27 18:08 1454400 ----a-w- c:\windows\system32\nvgenco64.dll

2011-10-15 08:53 . 2011-06-26 11:05 837952 ----a-w- c:\windows\system32\easyupdatusapiu64.dll

2011-10-15 08:53 . 2011-06-26 11:05 5067584 ----a-w- c:\windows\system32\nvsvc64.dll

2011-10-15 08:53 . 2011-06-26 11:05 222528 ----a-w- c:\windows\system32\nvmctray.dll

2011-10-15 08:53 . 2011-06-26 11:05 1640768 ----a-w- c:\windows\system32\nvvsvc.exe

2011-10-15 08:53 . 2011-06-26 11:05 137536 ----a-w- c:\windows\system32\nvshext.dll

2011-10-15 08:53 . 2011-06-26 11:05 10406208 ----a-w- c:\windows\system32\nvcpl.dll

2011-10-15 08:53 . 2011-03-25 16:37 8791360 ----a-w- c:\windows\system32\nvwgf2umx.dll

2011-10-15 08:53 . 2011-03-25 16:37 7041856 ----a-w- c:\windows\SysWow64\nvwgf2um.dll

2011-10-15 08:53 . 2011-03-25 16:37 2458432 ----a-w- c:\windows\SysWow64\nvapi.dll

2011-10-15 00:54 . 2011-10-15 00:54 321856 ----a-w- c:\windows\SysWow64\nvStreaming.exe

2011-10-07 17:11 . 2011-09-05 18:43 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2011-10-07 17:11 . 2011-09-05 18:43 34688 ----a-w- c:\windows\system32\LMIport.dll

2011-10-07 17:11 . 2011-09-05 18:43 80768 ----a-w- c:\windows\system32\LMIinit.dll

2011-10-02 17:54 . 2011-07-23 15:16 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2011-10-02 17:54 . 2011-03-30 18:36 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2011-10-02 17:52 . 2011-03-30 18:36 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2011-09-29 18:32 . 2011-03-30 18:36 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll

[-] 2011-03-29 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll

.

[-] 2011-03-29 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll

[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GAINWARD"="c:\program files (x86)\EXPERTool\EXPERTool\TBPanel.exe" [2011-04-08 2265416]

"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-02 1242448]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]

"IDMan"="c:\program files (x86)\IDM\idman.exe" [2011-09-15 3425688]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-03-30 113296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]

"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]

"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]

.

c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Monitor Apache Servers.lnk - c:\program files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2011-8-30 41051]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R1 SASDIFSV;SASDIFSV;c:\users\Admin\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x]

R1 SASKUTIL;SASKUTIL;c:\users\Admin\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 78416385;78416385; [x]

R3 ALSysIO;ALSysIO;c:\users\Admin\AppData\Local\Temp\ALSysIO64.sys [x]

R3 cpuz130;cpuz130;c:\users\Admin\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]

R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]

S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]

S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]

S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]

S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]

S2 ekrn;ESET Service;c:\program files (x86)\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-22 974944]

S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [x]

S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-10-07 375176]

S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2011-01-11 15928]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-09-30 2314240]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-12-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2788789940-3457343511-3605309129-1000Core.job

- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-04 21:04]

.

2011-12-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2788789940-3457343511-3605309129-1000UA.job

- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-04 21:04]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]

@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"

[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]

2011-05-30 16:50 22408 ----a-w- c:\program files (x86)\IDM\IDMShellExt64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2011-01-11 57928]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]

"egui"="c:\program files (x86)\ESET\ESET Smart Security\egui.exe" [2011-09-22 4035152]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = https://outlook.leeds.ac.uk/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2foutlook.leeds.ac.uk%2fowa%2f

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Download all links with IDM - c:\program files (x86)\IDM\IEGetAll.htm

IE: Download with IDM - c:\program files (x86)\IDM\IEExt.htm

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s8q0czql.default\

.

- - - - ORPHANS REMOVED - - - -

.

HKLM-Run-TNOD UP - c:\program files (x86)\TNod User & Password Finder\TNODUP.exe

AddRemove-{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B} - c:\program files (x86)\InstallShield Installation Information\{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}\setup.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL]

"ImagePath"="\"c:\program files (x86)\MySQL\bin\mysqld\" --defaults-file=\"c:\program files (x86)\MySQL\my.ini\" MySQL"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2788789940-3457343511-3605309129-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"scansk"=hex(0):31,a4,bc,b9,16,0b,a8,98,39,d2,7d,40,d7,d3,24,89,1b,09,9e,68,ba,

04,aa,6d,ce,44,df,a7,83,a4,db,93,dd,b9,33,cd,0d,15,c7,f2,00,00,00,00,00,00,\

.

[HKEY_USERS\S-1-5-21-2788789940-3457343511-3605309129-1000_Classes\Wow6432Node\CLSID\{7c2fc850-7f63-4577-818d-c22a5c68498c}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"Model"=dword:000000da

"Therad"=dword:0000001a

"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,

1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\DAEMON Tools Pro\DTShellHlp.exe

c:\program files (x86)\Citrix\ICA Client\wfcrun32.exe

c:\program files (x86)\IDM\IEMonitor.exe

.

**************************************************************************

.

Completion time: 2011-12-05 18:06:53 - machine was rebooted

ComboFix-quarantined-files.txt 2011-12-05 18:06

.

Pre-Run: 266,611,916,800 bytes free

Post-Run: 267,051,380,736 bytes free

.

- - End Of File - - 0F16A4404F1F03F5C0358EE8E9F514B0

6. Checkup.txt

Results of screen317's Security Check version 0.99.28

Windows 7 x64 (UAC is disabled!)

Internet Explorer 9

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Disabled!

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 22

Java 6 Update 24

Java version out of date!

Adobe Flash Player ( 10.3.181.26) Flash Player out of Date!

Adobe Reader X (10.1.1)

Mozilla Firefox (7.0.1) Firefox out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

``````````End of Log````````````

Thanks again, much appreciated.

FBoT

Share this post


Link to post
Share on other sites

Please try the following. You will need a USB drive.

Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer

  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK
  • It will install a little bootable OS on your USB
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Press Tool at the top
  • Choose Open Terminal
  • Type in: dd if=/dev/sda of=MBRbackup.zip bs=512 count=1 and hit Enter.

MBRbackup.zip should be created on your flash drive, please attach it to your next reply.

Share this post


Link to post
Share on other sites

Hi

I've successfully created the bootable USB. But once I boot from it and xPUD loads (after i've selected English as language) it says a fatal error has occurred (No screens found). Dude to this no MBRbackup.zip file is being written to the USB.

Cheers,

FBoT

Share this post


Link to post
Share on other sites

Let's try the following:

The Kaspersky Rescue Disk is a bootable CD based version of Kaspersky Antivirus.

The download is in ISO format.

If you are not sure how to burn an image, please read How to write a CD/DVD image or ISO. If you need a FREE utility to burn the ISO image, download and use ImgBurn.

Download the Kaspersky Rescue Disk:

http://rescuedisk.kaspersky-labs.com/rescuedisk/updatable/ .

  • Burn the Kaspersky Rescue Disk ISO image to CD.
  • Insert the Kaspersky Rescue Disk CD into your CD/DVD drive and boot the computer (you may need to change the boot sequence in your system's BIOS to boot from the CD/DVD drive).
  • Follow the instructions in the initial text screen to press Enter to start Kaspersky AntiVirus.
  • Select your language (or wait a few seconds for the default English to load).
  • Your screen may go blank for several minutes while the program loads.
  • After the Kaspersky Rescue Disk loads, the database will be updated (if you have network connectivity)
    • Click the Update tab to view the update progress.
    • When the update has completed, click the Scan tab.

    [*]Place a checkmark in all the available drives to scan the entire system.

    [*]Click the "Security level" option, and select options.

    • Make sure "All Files" is selected
    • Under "Scan of compound files" ensure all options are selected and click the OK button.

    [*]Click the "On threat detection" option

    • Select "Do not prompt", "Disinfect", and "Delete if disinfection fails".

    [*]Click the "Start scan" button.

    [*]When the scan has completed, click the Reports button.

    • Click the Save button, and select your System drive (normally your C: drive)
    • In the "File name" box, name the file krd-log and click the Save button.
    • Click Close to close the Reports window.

    [*]Click the Exit button to close the Rescue Disk program and confirm.

    In the lower left of the screen, left-click the red K button, select Logout, and confirm.

    [*]The computer will shut down.

    [*]Restart the computer and reboot normally.

    [*]Please post the log (krd-log.txt) in your next reply.

Share this post


Link to post
Share on other sites

Hi

I successfully ran the Kaspersky Rescue Disk scan and zero threats were reported.

Also, since running ComboFix and the various other apps you listed yesterday I haven't experienced any virus-like behaviour (e.g. browser redirecting to dodgy sites) and ESET hasn't displayed the TDL4 virus warning.

Is it safe to assume the virus has been removed? :lol:

Many thanks,

FBoT

Share this post


Link to post
Share on other sites

This is a rather difficult infection characterized by its ability to remain extremely well-hidden on the system. For peace of mind (if anything :lol:), let's run another series of scans to make sure it is indeed gone ;)

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:


    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Share this post


Link to post
Share on other sites

Hi DFB

One of the side-effects of contracting the virus was that I was unable to access the Advanced Boot Options screen, when I press F8 I go to the AVB screen for a milliscecond and then it instantly goes to the screen which allows you to select which device to boot from, e.h. HDD, CD, USB etc. So i'm unable access the Repair your computer menu item. Is this a known side-effect of this virus? (The virus came bundled within the "System Fix" malware by the way).

Also I don't have the Win installation disc so that's not an option.

Is there an alternative method of running frst64.exe?

Cheers,

FBoT

Share this post


Link to post
Share on other sites

Please run ComboFix another time, and post the newly-created C:\ComboFix.txt. Let me know how things go ;)

Share this post


Link to post
Share on other sites

Hi

Here's the new ComboFix log...

ComboFix 11-12-04.02 - Admin 08/12/2011 1:26.2.4 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3959.2643 [GMT 0:00]

Running from: c:\users\Admin\Desktop\ComboFix.exe

AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}

SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2011-11-08 to 2011-12-08 )))))))))))))))))))))))))))))))

.

.

2011-12-08 01:34 . 2011-12-08 01:34 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{71F89B0C-1C07-4571-A903-69299F55AF18}\offreg.dll

2011-12-08 01:31 . 2011-12-08 01:31 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2011-12-08 01:31 . 2011-12-08 01:31 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-12-07 00:19 . 2011-12-07 02:11 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0

2011-12-06 23:46 . 2011-12-06 23:50 -------- d-----w- c:\users\Admin\AppData\Roaming\ImgBurn

2011-12-06 23:42 . 2011-12-06 23:42 -------- d-----w- c:\program files (x86)\ImgBurn

2011-12-03 12:13 . 2011-12-03 12:13 -------- d-----w- C:\_Quarantine

2011-12-02 01:46 . 2011-12-02 01:46 -------- d-----w- c:\program files (x86)\ESET

2011-12-02 00:15 . 2011-12-02 00:15 -------- d-----w- c:\users\Admin\AppData\Local\ESET

2011-12-02 00:01 . 2011-12-05 18:02 -------- d-----w- c:\program files (x86)\TNod User & Password Finder

2011-12-01 23:49 . 2011-12-01 23:49 -------- d-----w- c:\programdata\Kaspersky Lab

2011-12-01 23:04 . 2011-11-30 02:21 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{71F89B0C-1C07-4571-A903-69299F55AF18}\mpengine.dll

2011-12-01 19:05 . 2011-12-01 19:05 -------- d-----w- c:\users\Admin\AppData\Roaming\SUPERAntiSpyware.com

2011-12-01 19:05 . 2011-12-01 19:05 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2011-12-01 18:30 . 2011-12-01 18:30 -------- d-----w- c:\users\Admin\AppData\Roaming\Malwarebytes

2011-12-01 18:30 . 2011-12-01 18:30 -------- d-----w- c:\programdata\Malwarebytes

2011-12-01 18:30 . 2011-12-01 18:30 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-11-11 00:14 . 2007-04-04 18:55 403304 ----a-w- c:\windows\system32\xactengine2_7.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-06 18:43 . 2011-06-07 18:36 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-10-15 08:53 . 2011-10-25 20:46 15693120 ----a-w- c:\windows\system32\nvd3dumx.dll

2011-10-15 08:53 . 2011-09-27 18:08 2808128 ----a-w- c:\windows\system32\nvapi64.dll

2011-10-15 08:53 . 2011-09-27 18:08 1533248 ----a-w- c:\windows\system32\nvdispco64.dll

2011-10-15 08:53 . 2011-09-27 18:08 1454400 ----a-w- c:\windows\system32\nvgenco64.dll

2011-10-15 08:53 . 2011-06-26 11:05 837952 ----a-w- c:\windows\system32\easyupdatusapiu64.dll

2011-10-15 08:53 . 2011-06-26 11:05 5067584 ----a-w- c:\windows\system32\nvsvc64.dll

2011-10-15 08:53 . 2011-06-26 11:05 222528 ----a-w- c:\windows\system32\nvmctray.dll

2011-10-15 08:53 . 2011-06-26 11:05 1640768 ----a-w- c:\windows\system32\nvvsvc.exe

2011-10-15 08:53 . 2011-06-26 11:05 137536 ----a-w- c:\windows\system32\nvshext.dll

2011-10-15 08:53 . 2011-06-26 11:05 10406208 ----a-w- c:\windows\system32\nvcpl.dll

2011-10-15 08:53 . 2011-03-25 16:37 8791360 ----a-w- c:\windows\system32\nvwgf2umx.dll

2011-10-15 08:53 . 2011-03-25 16:37 7041856 ----a-w- c:\windows\SysWow64\nvwgf2um.dll

2011-10-15 08:53 . 2011-03-25 16:37 2458432 ----a-w- c:\windows\SysWow64\nvapi.dll

2011-10-15 00:54 . 2011-10-15 00:54 321856 ----a-w- c:\windows\SysWow64\nvStreaming.exe

2011-10-07 17:11 . 2011-09-05 18:43 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2011-10-07 17:11 . 2011-09-05 18:43 34688 ----a-w- c:\windows\system32\LMIport.dll

2011-10-07 17:11 . 2011-09-05 18:43 80768 ----a-w- c:\windows\system32\LMIinit.dll

2011-10-02 17:54 . 2011-07-23 15:16 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2011-10-02 17:54 . 2011-03-30 18:36 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2011-10-02 17:52 . 2011-03-30 18:36 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2011-09-29 18:32 . 2011-03-30 18:36 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll

[-] 2011-03-29 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll

.

[-] 2011-03-29 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll

[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll

.

((((((((((((((((((((((((((((( SnapShot@2011-12-05_18.03.34 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-12-22 16:41 . 2011-12-07 20:43 44574 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2011-12-07 20:43 35900 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-12-22 16:19 . 2011-12-07 20:43 14896 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2788789940-3457343511-3605309129-1000_UserData.bin

- 2010-12-22 15:49 . 2011-12-05 17:54 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-12-22 15:49 . 2011-12-07 20:41 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-12-22 15:49 . 2011-12-05 17:54 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2010-12-22 15:49 . 2011-12-07 20:41 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2011-12-07 20:41 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2011-12-05 17:54 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-12-08 01:31 . 2011-12-08 01:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-12-05 18:03 . 2011-12-05 18:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-12-08 01:31 . 2011-12-08 01:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-12-05 18:03 . 2011-12-05 18:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-12-06 18:43 . 2011-12-06 18:43 247968 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11e_Plugin.exe

- 2009-07-14 02:36 . 2011-12-05 18:01 628024 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2011-12-08 01:35 628024 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2011-12-05 18:01 110208 c:\windows\system32\perfc009.dat

+ 2009-07-14 02:36 . 2011-12-08 01:35 110208 c:\windows\system32\perfc009.dat

+ 2011-12-06 18:43 . 2011-12-06 18:43 461984 c:\windows\system32\Macromed\Flash\FlashUtil64_11_1_102_Plugin.exe

- 2009-07-14 05:01 . 2011-12-05 18:02 273868 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2011-12-08 01:31 273868 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-03-29 19:53 . 2011-12-06 18:43 8527008 c:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll

- 2009-07-14 02:34 . 2011-12-05 17:50 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT

+ 2009-07-14 02:34 . 2011-12-07 20:52 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT

+ 2011-12-06 18:43 . 2011-12-06 18:43 11336864 c:\windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll

+ 2011-03-29 22:25 . 2011-12-08 01:31 24266048 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2788789940-3457343511-3605309129-1000-12288.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GAINWARD"="c:\program files (x86)\EXPERTool\EXPERTool\TBPanel.exe" [2011-04-08 2265416]

"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-02 1242448]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]

"IDMan"="c:\program files (x86)\IDM\idman.exe" [2011-09-15 3425688]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-03-30 113296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]

"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]

"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]

.

c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Monitor Apache Servers.lnk - c:\program files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2011-8-30 41051]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R1 SASDIFSV;SASDIFSV;c:\users\Admin\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x]

R1 SASKUTIL;SASKUTIL;c:\users\Admin\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 78416385;78416385; [x]

R3 ALSysIO;ALSysIO;c:\users\Admin\AppData\Local\Temp\ALSysIO64.sys [x]

R3 cpuz130;cpuz130;c:\users\Admin\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]

R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]

S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]

S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]

S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]

S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]

S2 ekrn;ESET Service;c:\program files (x86)\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-22 974944]

S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [x]

S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-10-07 375176]

S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2011-01-11 15928]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-09-30 2314240]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-12-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2788789940-3457343511-3605309129-1000Core.job

- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-04 21:04]

.

2011-12-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2788789940-3457343511-3605309129-1000UA.job

- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-04 21:04]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]

@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"

[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]

2011-05-30 16:50 22408 ----a-w- c:\program files (x86)\IDM\IDMShellExt64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2011-01-11 57928]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]

"TNOD UP"="c:\program files (x86)\TNod User & Password Finder\TNODUP.exe" [bU]

"egui"="c:\program files (x86)\ESET\ESET Smart Security\egui.exe" [2011-09-22 4035152]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = https://outlook.leeds.ac.uk/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2foutlook.leeds.ac.uk%2fowa%2f

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Download all links with IDM - c:\program files (x86)\IDM\IEGetAll.htm

IE: Download with IDM - c:\program files (x86)\IDM\IEExt.htm

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s8q0czql.default\

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL]

"ImagePath"="\"c:\program files (x86)\MySQL\bin\mysqld\" --defaults-file=\"c:\program files (x86)\MySQL\my.ini\" MySQL"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2788789940-3457343511-3605309129-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"scansk"=hex(0):31,a4,bc,b9,16,0b,a8,98,39,d2,7d,40,d7,d3,24,89,1b,09,9e,68,ba,

04,aa,6d,ce,44,df,a7,83,a4,db,93,dd,b9,33,cd,0d,15,c7,f2,00,00,00,00,00,00,\

.

[HKEY_USERS\S-1-5-21-2788789940-3457343511-3605309129-1000_Classes\Wow6432Node\CLSID\{7c2fc850-7f63-4577-818d-c22a5c68498c}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"Model"=dword:000000da

"Therad"=dword:0000001a

"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,

1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\DAEMON Tools Pro\DTShellHlp.exe

c:\program files (x86)\Citrix\ICA Client\wfcrun32.exe

.

**************************************************************************

.

Completion time: 2011-12-08 01:42:51 - machine was rebooted

ComboFix-quarantined-files.txt 2011-12-08 01:42

ComboFix2.txt 2011-12-05 18:06

.

Pre-Run: 266,587,500,544 bytes free

Post-Run: 267,118,817,280 bytes free

.

- - End Of File - - 5344E7FC79A736EE2985B07A7C2DD1A1

Cheers,

FBoT

Share this post


Link to post
Share on other sites

Let's try the following ;):

Step 1

Run MBRCheck.exe once again.

You will be presented with the following dialog:

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Enter Y and press Enter.

The following dialog will be presented:

Options:

[1] Dump the MBR of a physical disk to file.

[2] Restore the MBR of a physical disk with a standard boot code.

[3] Exit.

Enter your choice:

Enter 1 and press Enter

The following dialog will be presented:

Enter the physical disk number to fix (0-99, -1 to cancel):

Enter 0 (zero) and press Enter

The following dialog will be presented:

Enter filename to dump to:

Type mbr-dump.dat and press Enter

The following dialog will be presented:

Dumped successfully!

Enter the physical disk to dump (0-99, -1 to exit):

Enter -1 and press Enter

And last the following dialog will be presented:

Done! Press ENTER to exit...

Press Enter.

A file mbr-dump.dat will be produced on the desktop. Now you have to compress this file:

  • Right click on it
  • Navigate and select Send to
  • Then navigate and select Compressed (zipped) Folder
  • A file mbr-dump.zip will be produced on the desktop

Please attach this file (mbr-dump.zip) in your next reply.

Share this post


Link to post
Share on other sites

Hi

When I run MBRCheck.exe, it seems to run but it doesn't give me the chance to input the options you mentioned, e.g. saving the log as a zipped file etc etc. This is what I see when it runs:

mbrcheck_dump.jpg

It generated the following log file:

MBRCheck_12.08.11_08.49.52.txt

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows 7 Home Premium Edition

Windows Information: (build 7600), 64-bit

Base Board Manufacturer: ASUSTeK Computer INC.

BIOS Manufacturer: American Megatrends Inc.

System Manufacturer: System manufacturer

System Product Name: System Product Name

Logical Drives Mask: 0x0000002c

Kernel Drivers (total 200):

0x03066000 \SystemRoot\system32\ntoskrnl.exe

0x0301D000 \SystemRoot\system32\hal.dll

0x00BBC000 \SystemRoot\system32\kdcom.dll

0x00C31000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

0x00C75000 \SystemRoot\system32\PSHED.dll

0x00C89000 \SystemRoot\system32\CLFS.SYS

0x00CE7000 \SystemRoot\system32\CI.dll

0x00E7F000 \SystemRoot\system32\drivers\Wdf01000.sys

0x00F23000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x00F32000 \SystemRoot\system32\DRIVERS\ACPI.sys

0x00F89000 \SystemRoot\system32\DRIVERS\WMILIB.SYS

0x00F92000 \SystemRoot\system32\DRIVERS\msisadrv.sys

0x00F9C000 \SystemRoot\system32\DRIVERS\vdrvroot.sys

0x00FA9000 \SystemRoot\system32\DRIVERS\pci.sys

0x00FDC000 \SystemRoot\System32\drivers\partmgr.sys

0x00E00000 \SystemRoot\system32\DRIVERS\volmgr.sys

0x00E15000 \SystemRoot\System32\drivers\volmgrx.sys

0x00E71000 \SystemRoot\system32\DRIVERS\pciide.sys

0x00DA7000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS

0x00DB7000 \SystemRoot\System32\drivers\mountmgr.sys

0x00FF1000 \SystemRoot\system32\DRIVERS\atapi.sys

0x00DD1000 \SystemRoot\system32\DRIVERS\ataport.SYS

0x00C00000 \SystemRoot\system32\DRIVERS\amdxata.sys

0x01052000 \SystemRoot\system32\drivers\fltmgr.sys

0x0109E000 \SystemRoot\system32\drivers\fileinfo.sys

0x01230000 \SystemRoot\System32\Drivers\Ntfs.sys

0x010B2000 \SystemRoot\System32\Drivers\msrpc.sys

0x013D3000 \SystemRoot\System32\Drivers\ksecdd.sys

0x01110000 \SystemRoot\System32\Drivers\cng.sys

0x013ED000 \SystemRoot\System32\drivers\pcw.sys

0x01200000 \SystemRoot\System32\Drivers\Fs_Rec.sys

0x01475000 \SystemRoot\system32\drivers\ndis.sys

0x01567000 \SystemRoot\system32\drivers\NETIO.SYS

0x015C7000 \SystemRoot\System32\Drivers\ksecpkg.sys

0x01601000 \SystemRoot\System32\drivers\tcpip.sys

0x01400000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x0144A000 \SystemRoot\system32\DRIVERS\epfwwfp.sys

0x01183000 \SystemRoot\system32\DRIVERS\volsnap.sys

0x0145F000 \SystemRoot\System32\Drivers\spldr.sys

0x01000000 \SystemRoot\System32\drivers\rdyboost.sys

0x0120A000 \SystemRoot\System32\Drivers\mup.sys

0x01467000 \SystemRoot\System32\drivers\hwpolicy.sys

0x0186D000 \SystemRoot\System32\DRIVERS\fvevol.sys

0x018A7000 \SystemRoot\system32\DRIVERS\disk.sys

0x018BD000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS

0x01923000 \SystemRoot\system32\DRIVERS\dtsoftbus01.sys

0x01969000 \SystemRoot\system32\DRIVERS\cdrom.sys

0x01993000 \SystemRoot\System32\Drivers\Null.SYS

0x0199C000 \SystemRoot\System32\Drivers\Beep.SYS

0x019A3000 \SystemRoot\system32\DRIVERS\ehdrv.sys

0x019CA000 \SystemRoot\System32\drivers\vga.sys

0x019D8000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x01800000 \SystemRoot\System32\drivers\watchdog.sys

0x01810000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x01819000 \SystemRoot\system32\drivers\rdpencdd.sys

0x01822000 \SystemRoot\system32\drivers\rdprefmp.sys

0x0182B000 \SystemRoot\System32\Drivers\Msfs.SYS

0x01836000 \SystemRoot\System32\Drivers\Npfs.SYS

0x01847000 \SystemRoot\system32\DRIVERS\tdx.sys

0x015F2000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x06640000 \SystemRoot\system32\drivers\afd.sys

0x066CA000 \SystemRoot\System32\DRIVERS\netbt.sys

0x0670F000 \SystemRoot\system32\DRIVERS\wfplwf.sys

0x06718000 \SystemRoot\system32\DRIVERS\pacer.sys

0x0673E000 \SystemRoot\system32\DRIVERS\EpfwLWF.sys

0x0674B000 \SystemRoot\system32\DRIVERS\netbios.sys

0x0675A000 \SystemRoot\system32\DRIVERS\serial.sys

0x06777000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x06792000 \SystemRoot\system32\DRIVERS\termdd.sys

0x067A6000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x06600000 \SystemRoot\system32\drivers\nsiproxy.sys

0x0660C000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0x06617000 \SystemRoot\System32\drivers\discache.sys

0x011CF000 \SystemRoot\System32\Drivers\dfsc.sys

0x00C0B000 \SystemRoot\system32\DRIVERS\ctxusbm.sys

0x06626000 \SystemRoot\system32\DRIVERS\blbdrive.sys

0x068C6000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x068EC000 \SystemRoot\system32\DRIVERS\intelppm.sys

0x0FE6B000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys

0x10AE2000 \SystemRoot\System32\Drivers\nvBridge.kmd

0x10AE7000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x0FE00000 \SystemRoot\System32\drivers\dxgmms1.sys

0x0FE46000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0x10BDB000 \SystemRoot\system32\DRIVERS\HECIx64.sys

0x10BEC000 \SystemRoot\system32\DRIVERS\usbehci.sys

0x06902000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0x06958000 \SystemRoot\system32\DRIVERS\Rt64win7.sys

0x069AF000 \SystemRoot\system32\DRIVERS\nusb3xhc.sys

0x10BFD000 \SystemRoot\system32\DRIVERS\USBD.SYS

0x069DF000 \SystemRoot\system32\DRIVERS\ASACPI.sys

0x069E7000 \SystemRoot\system32\DRIVERS\serenum.sys

0x06800000 \SystemRoot\system32\DRIVERS\parport.sys

0x0681D000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

0x0682A000 \SystemRoot\system32\DRIVERS\CompositeBus.sys

0x0683A000 \SystemRoot\system32\DRIVERS\lmimirr.sys

0x06841000 \SystemRoot\System32\Drivers\RootMdm.sys

0x06849000 \SystemRoot\system32\drivers\modem.sys

0x06858000 \SystemRoot\system32\DRIVERS\AgileVpn.sys

0x0686E000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x06892000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x06A73000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x06AA2000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x06ABD000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x06ADE000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x06AF8000 \SystemRoot\system32\DRIVERS\RimSerial_AMD64.sys

0x06B00000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0x06B0F000 \SystemRoot\system32\DRIVERS\mouclass.sys

0x06B1E000 \SystemRoot\system32\DRIVERS\swenum.sys

0x06B20000 \SystemRoot\system32\DRIVERS\ks.sys

0x06B63000 \SystemRoot\system32\DRIVERS\umbus.sys

0x06B75000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x06BCF000 \SystemRoot\system32\DRIVERS\nusb3hub.sys

0x06BE7000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x06A00000 \SystemRoot\system32\drivers\nvhda64v.sys

0x06A2D000 \SystemRoot\system32\drivers\portcls.sys

0x0689E000 \SystemRoot\system32\drivers\drmk.sys

0x06A6A000 \SystemRoot\system32\drivers\ksthunk.sys

0x07447000 \SystemRoot\system32\drivers\HdAudio.sys

0x00010000 \SystemRoot\System32\win32k.sys

0x074A3000 \SystemRoot\System32\drivers\Dxapi.sys

0x074AF000 \SystemRoot\system32\DRIVERS\monitor.sys

0x074BD000 \SystemRoot\System32\Drivers\crashdmp.sys

0x074CB000 \SystemRoot\System32\Drivers\dump_dumpata.sys

0x074D7000 \SystemRoot\System32\Drivers\dump_atapi.sys

0x074E0000 \SystemRoot\System32\Drivers\dump_dumpfve.sys

0x00440000 \SystemRoot\System32\TSDDD.dll

0x00630000 \SystemRoot\System32\cdd.dll

0x074F3000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0x07510000 \SystemRoot\system32\DRIVERS\hidusb.sys

0x0751E000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0x07537000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0x07540000 \SystemRoot\system32\DRIVERS\kbdhid.sys

0x0754E000 \SystemRoot\system32\DRIVERS\mouhid.sys

0x0755B000 \SystemRoot\system32\drivers\luafv.sys

0x038E1000 \SystemRoot\system32\DRIVERS\eamonm.sys

0x039C3000 \SystemRoot\system32\drivers\WudfPf.sys

0x03800000 \SystemRoot\system32\DRIVERS\epfw.sys

0x03831000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x03846000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x07097000 \SystemRoot\system32\drivers\HTTP.sys

0x0715F000 \SystemRoot\system32\DRIVERS\bowser.sys

0x0717D000 \SystemRoot\System32\drivers\mpsdrv.sys

0x07195000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0x07000000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0x0704E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0x0385E000 \SystemRoot\system32\DRIVERS\atksgt.sys

0x071C2000 \SystemRoot\system32\DRIVERS\idmwfp.sys

0x071E9000 \SystemRoot\system32\DRIVERS\lirsgt.sys

0x071F6000 \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys

0x07071000 \??\C:\Windows\system32\drivers\LMIRfsDriver.sys

0x07A98000 \SystemRoot\system32\drivers\peauth.sys

0x07B3E000 \SystemRoot\System32\Drivers\secdrv.SYS

0x07B49000 \SystemRoot\System32\DRIVERS\srvnet.sys

0x07B76000 \SystemRoot\System32\drivers\tcpipreg.sys

0x07B88000 \SystemRoot\System32\DRIVERS\srv2.sys

0x07A00000 \SystemRoot\System32\DRIVERS\srv.sys

0x0757E000 \SystemRoot\system32\DRIVERS\nwifi.sys

0x07084000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0x07BEF000 \??\C:\Windows\SysWOW64\drivers\TBPANELX64.SYS

0x0A404000 \SystemRoot\system32\drivers\spsys.sys

0x0A475000 \SystemRoot\system32\DRIVERS\asyncmac.sys

0x77B80000 \Windows\System32\ntdll.dll

0x47790000 \Windows\System32\smss.exe

0xFFEA0000 \Windows\System32\apisetschema.dll

0xFF5E0000 \Windows\System32\autochk.exe

0x77A30000 \Windows\System32\urlmon.dll

0xFFDF0000 \Windows\System32\msvcrt.dll

0x77820000 \Windows\System32\iertutil.dll

0xFFDE0000 \Windows\System32\nsi.dll

0xFFDC0000 \Windows\System32\sechost.dll

0x77700000 \Windows\System32\kernel32.dll

0x77D50000 \Windows\System32\normaliz.dll

0xFFBB0000 \Windows\System32\ole32.dll

0xFFB10000 \Windows\System32\comdlg32.dll

0xFFAC0000 \Windows\System32\ws2_32.dll

0xFFA20000 \Windows\System32\clbcatq.dll

0xFF950000 \Windows\System32\usp10.dll

0xFF8E0000 \Windows\System32\gdi32.dll

0xFF700000 \Windows\System32\setupapi.dll

0xFF6B0000 \Windows\System32\Wldap32.dll

0x775A0000 \Windows\System32\wininet.dll

0xFF690000 \Windows\System32\imagehlp.dll

0xFF680000 \Windows\System32\lpk.dll

0xFF600000 \Windows\System32\difxapi.dll

0xFF4D0000 \Windows\System32\rpcrt4.dll

0xFE740000 \Windows\System32\shell32.dll

0x774A0000 \Windows\System32\user32.dll

0xFE630000 \Windows\System32\msctf.dll

0x77D40000 \Windows\System32\psapi.dll

0xFE550000 \Windows\System32\advapi32.dll

0xFE520000 \Windows\System32\imm32.dll

0xFE4A0000 \Windows\System32\shlwapi.dll

0xFE3C0000 \Windows\System32\oleaut32.dll

0xFE320000 \Windows\System32\comctl32.dll

0xFE2E0000 \Windows\System32\wintrust.dll

0xFE2A0000 \Windows\System32\cfgmgr32.dll

0xFE130000 \Windows\System32\crypt32.dll

0xFE0C0000 \Windows\System32\KernelBase.dll

0xFE0A0000 \Windows\System32\devobj.dll

0xFE090000 \Windows\System32\msasn1.dll

Processes (total 66):

0 System Idle Process

4 System

288 C:\Windows\System32\smss.exe

416 csrss.exe

484 C:\Windows\System32\wininit.exe

504 csrss.exe

540 C:\Windows\System32\services.exe

564 C:\Windows\System32\lsass.exe

572 C:\Windows\System32\lsm.exe

688 C:\Windows\System32\winlogon.exe

716 C:\Windows\System32\svchost.exe

776 C:\Windows\System32\nvvsvc.exe

800 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

848 C:\Windows\System32\svchost.exe

912 C:\Windows\System32\svchost.exe

948 C:\Windows\System32\svchost.exe

988 C:\Windows\System32\svchost.exe

732 C:\Windows\System32\svchost.exe

1068 C:\Windows\System32\svchost.exe

1128 C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

1140 C:\Windows\System32\nvvsvc.exe

1344 C:\Windows\System32\spoolsv.exe

1372 C:\Windows\System32\svchost.exe

1472 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

1492 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

1652 C:\Program Files (x86)\Bonjour\mDNSResponder.exe

1704 C:\Program Files (x86)\ESET\ESET Smart Security\x86\ekrn.exe

1740 C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe

1768 C:\Program Files (x86)\LogMeIn\x64\ramaint.exe

1788 C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

1812 C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe

1936 C:\Windows\SysWOW64\PnkBstrA.exe

1968 C:\Windows\System32\svchost.exe

1180 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

1924 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

2608 C:\Windows\System32\svchost.exe

2648 WmiPrvSE.exe

2900 C:\Windows\servicing\TrustedInstaller.exe

2952 C:\Windows\System32\svchost.exe

1520 C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

2656 C:\Windows\System32\dwm.exe

2776 C:\Windows\System32\taskhost.exe

2456 C:\Windows\explorer.exe

2228 C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe

2400 C:\Program Files (x86)\ESET\ESET Smart Security\egui.exe

2288 C:\Program Files (x86)\EXPERTool\EXPERTool\TBPANEL.exe

492 C:\Program Files (x86)\Steam\Steam.exe

2732 C:\Program Files\Windows Sidebar\sidebar.exe

2984 C:\Program Files (x86)\IDM\idman.exe

2192 C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe

2464 C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe

2380 C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

2968 C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

3084 C:\Program Files (x86)\Citrix\ICA Client\concentr.exe

3204 C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe

3492 C:\Program Files (x86)\IDM\IEMonitor.exe

3592 C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

3720 C:\Windows\System32\SearchIndexer.exe

3908 C:\Program Files\Windows Media Player\wmpnetwk.exe

4060 C:\Windows\System32\wuauclt.exe

3568 C:\Windows\System32\sppsvc.exe

1276 C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

4156 C:\Windows\System32\svchost.exe

4236 C:\Users\Admin\Desktop\MBRCheck.exe

4244 C:\Windows\System32\conhost.exe

1228 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)

PhysicalDrive0 Model Number: ST3500418AS, Rev: CC46

Size Device Name MBR Status

--------------------------------------------

465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected

SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

Done!

Cheers,

FBoT

Share this post


Link to post
Share on other sites

Looking much better. Before we move on to the next step, please do the following:

Please do the following:

  • Please download aswMBR.exe from here and save it to your Desktop.
  • Double click aswMBR.exe to start the tool. (Vista - Win 7 Rt click to run as Administrator)
  • Click Scan
  • Upon completion of the scan, click Save log and save it to your Desktop, and post that log in your next reply. Do NOT attempt any Fix at this time!
  • This will also create a file on your Desktop named MBR.dat. Right click that file and select Send To->Compressed (zipped) folder. Attach that zipped folder in your next reply as well.

Share this post


Link to post
Share on other sites

Hi

As requested...

aswMBR.txt

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software

Run date: 2011-12-08 21:36:52

-----------------------------

21:36:52.211 OS Version: Windows x64 6.1.7600

21:36:52.211 Number of processors: 4 586 0x2505

21:36:52.211 ComputerName: ADMIN-PC UserName: Admin

21:36:54.255 Initialize success

21:37:07.319 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-4

21:37:07.319 Disk 0 Vendor: ST3500418AS CC46 Size: 476940MB BusType: 3

21:37:09.332 Disk 0 MBR read successfully

21:37:09.332 Disk 0 MBR scan

21:37:09.332 Disk 0 Windows 7 default MBR code

21:37:09.332 Service scanning

21:37:10.424 Modules scanning

21:37:10.424 Disk 0 trace - called modules:

21:37:10.424 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys

21:37:10.424 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80045b0060]

21:37:10.424 3 CLASSPNP.SYS[fffff880018a443f] -> nt!IofCallDriver -> [0xfffffa800435e580]

21:37:10.424 5 ACPI.sys[fffff88000f14781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-4[0xfffffa8004360060]

21:37:10.424 Scan finished successfully

21:40:57.373 Disk 0 MBR has been saved successfully to "C:\Users\Admin\Desktop\MBR.dat"

21:40:57.373 The log file has been saved successfully to "C:\Users\Admin\Desktop\aswMBR.txt"

And the compressed DAT file...MBRdat.zip

Many thanks!

Share this post


Link to post
Share on other sites

Looking much better! How are things running now? Before we move on to the next step, let's see if there are any remnants that need taking care of:

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats is Unchecked and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Share this post


Link to post
Share on other sites

Things seem to be running great now, no sign of the virus since I ran combofix etc for the first time a few days ago and no infected files were detected by the online scanner. :)

Online Scanner log:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

# version=7

# IEXPLORE.EXE=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=8f84e1b46b0bb64ba3dc14ed265b96b7

# end=finished

# remove_checked=false

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-12-08 11:03:48

# local_time=2011-12-08 11:03:48 (+0000, GMT Standard Time)

# country="United Kingdom"

# lang=9

# osver=6.1.7600 NT

# compatibility_mode=5893 16776573 100 94 78117 75847619 0 0

# compatibility_mode=8206 39157117 100 74 100726 6689733 0 0

# scanned=233986

# found=0

# cleaned=0

# scan_time=2859

# nod_component=V3 Build:0x30000000

Share this post


Link to post
Share on other sites

Glad to hear things are well! :)

Let's update some of your programs- using outdated applications leaves you vulnerable to getting infected again:

----------

I see you have User Accounts Control (UAC) disabled.

This is an important security feature which helps prevent malware and other unwanted software from being installed on your computer.

I strongly suggest you keep it enabled. See this link for instructions on how to enable it: http://windows.microsoft.com/en-US/windows-vista/Turn-User-Account-Control-on-or-off

----------

Java is out of date and older versions contain vulnerabilities. Please update to the newest version.

Download the newest version from here http://www.oracle.com/technetwork/java/javase/downloads/index.html.

It's important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.

Go to Start > Control Panel and open Add or Remove Programs.

Search in the list for all previous installed versions of Java. (J2SE Runtime Environment).

They will have this icon next to them: javaicon.gif

Select each in turn and click Remove.

Once old versions are gone, please install the newest version.

----------

Your Flash Player is out of date!

To make sure you have the latest version of Adobe Flash Player installed:

1. To uninstall an older version, download this file to your Desktop: uninstall_flash_player.exe

2. Quit ALL running applications, including all Internet Explorer or other browser windows, and messenger applications (like AOL Instant Messenger, Yahoo Messenger, MSN Messenger).

3. Double-click on the file you've downloaded to uninstall Flash.

4. If uninstalled successfully, go to this site: Install Adobe Flash Player, and choose Agree and install now. This will install the newest version of Flash for your browser (note: Flash plugins for IE and Firefox must be installed separately).

Note: I recommend you uncheck an optional install (Free McAfee Security Scan or Free Google Toolbar).

----------

Firefox is out of date. Using an outdated version of a web browser leaves you extremely vulnerable to malware!

Please visit Mozilla site and update it to the latest version.

----------

Please let me know how the updates went, as failed updates may indicate additional malware.

Share this post


Link to post
Share on other sites

Hi

I'm happy to say all updates ran successfully!

Cheers,

FBoT

Share this post


Link to post
Share on other sites

I am glad to hear the updates went well! :)

Before we move on, please remove ComboFix:

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

-------------

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future. :)

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

It is really dangerous to go online without an antivirus. Without one, you are extremely likely to get infected and the consequences could be even worse next time. All of the following are excellent free antiviruses. Be sure to only install one.

avast!.

AntiVir

AVG

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Spybot-Search & Destroy

A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features if you don't have the resident part of another anti-spyware program running.

SpywareBlaster

A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

SpywareGuard

A tutorial on using SpywareGuard for real-time protection against spyware and hijackers may be found here.

Please, consider maintaining a firewall with HIPS (Host Intrusion Prevention Systems). Firewalls are extremely important and are the first part of your computer's defense. HIPS stops malware by monitoring its behavior and it's very important, too.

A firewall is a software program or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet.

If you are using the Windows Firewall please note that it doesn't monitor or block outbound traffic and is therefore less effective than other free alternatives.

These firewalls are good and do have free versions available

A tutorial on understanding and using firewalls may be found here.

If you use Internet Explorer, it is a good idea to use IE-Spyad for ZonedOut which provides protections against malicious websites. (Requires 2 downloads)

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster and IE-Spyad can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:

http://www.spywarewarrior.com/rogue_anti-spyware.htm

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScripts, can make it even more secure. Opera is another good option.

If you are interested, Firefox may be downloaded from here

Opera is available here: http://www.opera.com/download/

For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help. :)

Share this post


Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.