svchost.exe is not being removed/fixed

[huntibilis]

I keep getting outgoing blocks from MBAM and if I scan svchost.exe is infected yet it wont fix/removed the problem no matter how many times I scan/remove/restart.

Requested DDS file

DDS.txt

Was just reading that you need to post it rather then link it sorry about that.

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514

Run by Admin at 15:38:26 on 2012-02-02

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7055.5248 [GMT -5:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\SysWOW64\svchost.exe -k Akamai

C:\Windows\SysWOW64\AsHookDevice.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\LTONHIS\Touch Manager\SKDaemon.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Users\Admin\AppData\Local\Akamai\netsession_win.exe

C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Users\Admin\AppData\Local\Akamai\netsession_win.exe

C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

-netsvcs

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.cfnews13.com/

uInternet Settings,ProxyOverride = 127.0.0.1:9421

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

uRun: [Akamai NetSession Interface] "C:\Users\Admin\AppData\Local\Akamai\netsession_win.exe"

uRun: [Google Update] "C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

mRun: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe

mRun: [ASUS VIBE] C:\Program Files (x86)\ASUS\ASUS VIBE\ASUS VIBE.exe /S

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB

DPF: {530F7E80-690F-438E-8A4F-E6CAECB4B6F3} - hxxp://taste.dvrdns.org/CMSPlugin.cab

DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab

DPF: {6F80BF27-CB16-4589-8C6A-DB422AAB2ED9} - hxxp://taste.dvrdns.org/vcredist_x86.exe

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} - hxxp://www.shockwave.com/content/feedingfrenzy/sis/SproutLauncher.cab

DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} - hxxp://zone.msn.com/bingame/cnma/default/cinematycoon.cab

DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.shockwave.com/content/bejeweled2/sis/popcaploader_v10.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 65.32.5.111 65.32.5.112

TCP: Interfaces\{B115E509-5C33-4517-9410-62410AF08CF7} : DhcpNameServer = 65.32.5.111 65.32.5.112

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

mRun-x64: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe

mRun-x64: [ASUS VIBE] C:\Program Files (x86)\ASUS\ASUS VIBE\ASUS VIBE.exe /S

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript

.

============= SERVICES / DRIVERS ===============

.

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]

R2 cpuz133;cpuz133;\??\C:\Windows\system32\drivers\cpuz133_x64.sys --> C:\Windows\system32\drivers\cpuz133_x64.sys [?]

R2 Device Handle Service;Device Handle Service;C:\Windows\SysWOW64\AsHookDevice.exe [2010-4-27 203392]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-2 652360]

R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-4-15 2280312]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-4-27 2314240]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2009-8-5 704864]

S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]

S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USB_RNDIS_VISTA;Westell WireSpeed Dual Connect Modem;C:\Windows\system32\DRIVERS\usb8023.sys --> C:\Windows\system32\DRIVERS\usb8023.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-02-02 20:07:41 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{ED6B67CF-16DB-4D88-8996-A0D395D9719F}\mpengine.dll

2012-02-02 20:01:53 20480 ------w- C:\Windows\svchost.exe

2012-01-30 20:11:38 -------- d-----w- C:\Users\Admin\AppData\Roaming\Unity

2012-01-25 06:09:52 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\DACE.tmp

2012-01-25 06:09:52 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\DABE.tmp

.

==================== Find3M ====================

.

2011-12-10 20:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-12-07 15:39:10 279096 ------w- C:\Windows\System32\MpSigStub.exe

2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys

2011-11-09 21:11:57 40445 ----a-w- C:\Program Files\uninstall.exe

2011-11-05 05:41:43 1188864 ----a-w- C:\Windows\System32\wininet.dll

2011-11-05 05:32:50 2048 ----a-w- C:\Windows\System32\tzres.dll

2011-11-05 04:35:00 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-11-05 04:26:03 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2011-11-05 03:32:47 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-11-05 02:48:51 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-10-22 11:06:32 68272 ----a-w- C:\Program Files\fraps64.dat

2011-10-22 11:06:32 231600 ----a-w- C:\Program Files\fraps32.dll

2011-10-22 11:06:32 185520 ----a-w- C:\Program Files\fraps64.dll

2011-10-22 11:06:30 2533040 ----a-w- C:\Program Files\fraps.exe

2011-10-22 11:04:34 140288 ----a-w- C:\Program Files\frapslcd.dll

2011-03-08 08:03:37 258352 ----a-w- C:\Program Files\unicows.dll

2011-03-08 08:03:10 372736 ----a-w- C:\Program Files\ijl15.dll

.

============= FINISH: 15:39:05.57 ===============

[huntibilis]

Today is my day off, I'm on ready and willing to get this fixed, you got me all day, please let me know if more info is needed so I can get started with a fix.

[Larusso]

Hy

my name is Daniel and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

• First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  
• Perform everything in the correct order. Sometimes one step requires the previous one.
  
• If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  
• Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  
• Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  
• If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  
• Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  
• My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.exe and save it to your desktop

• Execute TDSSKiller.exe by doubleclicking on it.
  
• Press Start Scan
  
• If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
  
• Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt
  

Please post the contents of that log in your next reply.

Please post in your next reply

TDSSKiller Log

[huntibilis]

13:56:22.0108 3180 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49

13:56:22.0389 3180 ============================================================

13:56:22.0389 3180 Current date / time: 2012/02/03 13:56:22.0389

13:56:22.0389 3180 SystemInfo:

13:56:22.0389 3180

13:56:22.0389 3180 OS Version: 6.1.7601 ServicePack: 1.0

13:56:22.0389 3180 Product type: Workstation

13:56:22.0389 3180 ComputerName: ADMIN-PC

13:56:22.0389 3180 UserName: Admin

13:56:22.0389 3180 Windows directory: C:\Windows

13:56:22.0389 3180 System windows directory: C:\Windows

13:56:22.0389 3180 Running under WOW64

13:56:22.0389 3180 Processor architecture: Intel x64

13:56:22.0389 3180 Number of processors: 4

13:56:22.0389 3180 Page size: 0x1000

13:56:22.0389 3180 Boot type: Normal boot

13:56:22.0389 3180 ============================================================

13:56:23.0060 3180 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

13:56:23.0076 3180 \Device\Harddisk0\DR0:

13:56:23.0076 3180 MBR used

13:56:23.0076 3180 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1C5E800, BlocksNum 0x2E935000

13:56:23.0076 3180 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x30593800, BlocksNum 0x44172800

13:56:23.0107 3180 Initialize success

13:56:23.0107 3180 ============================================================

13:56:25.0759 3116 ============================================================

13:56:25.0759 3116 Scan started

13:56:25.0759 3116 Mode: Manual;

13:56:25.0759 3116 ============================================================

13:56:27.0132 3116 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

13:56:27.0147 3116 1394ohci - ok

13:56:27.0288 3116 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

13:56:27.0288 3116 ACPI - ok

13:56:27.0366 3116 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

13:56:27.0366 3116 AcpiPmi - ok

13:56:27.0412 3116 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

13:56:27.0412 3116 adp94xx - ok

13:56:27.0428 3116 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

13:56:27.0444 3116 adpahci - ok

13:56:27.0459 3116 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

13:56:27.0459 3116 adpu320 - ok

13:56:27.0568 3116 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys

13:56:27.0568 3116 AFD - ok

13:56:27.0600 3116 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

13:56:27.0600 3116 agp440 - ok

13:56:27.0709 3116 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

13:56:27.0709 3116 aliide - ok

13:56:27.0740 3116 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

13:56:27.0740 3116 amdide - ok

13:56:27.0756 3116 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

13:56:27.0771 3116 AmdK8 - ok

13:56:27.0771 3116 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

13:56:27.0787 3116 AmdPPM - ok

13:56:27.0849 3116 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

13:56:27.0849 3116 amdsata - ok

13:56:27.0896 3116 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

13:56:27.0896 3116 amdsbs - ok

13:56:27.0927 3116 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

13:56:27.0927 3116 amdxata - ok

13:56:28.0021 3116 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

13:56:28.0021 3116 AppID - ok

13:56:28.0036 3116 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

13:56:28.0036 3116 arc - ok

13:56:28.0068 3116 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

13:56:28.0068 3116 arcsas - ok

13:56:28.0083 3116 AsIO - ok

13:56:28.0099 3116 AsUpIO - ok

13:56:28.0192 3116 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

13:56:28.0192 3116 AsyncMac - ok

13:56:28.0208 3116 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

13:56:28.0208 3116 atapi - ok

13:56:28.0270 3116 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

13:56:28.0270 3116 b06bdrv - ok

13:56:28.0364 3116 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

13:56:28.0364 3116 b57nd60a - ok

13:56:28.0395 3116 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

13:56:28.0395 3116 Beep - ok

13:56:28.0426 3116 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

13:56:28.0426 3116 blbdrive - ok

13:56:28.0473 3116 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

13:56:28.0473 3116 bowser - ok

13:56:28.0567 3116 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

13:56:28.0567 3116 BrFiltLo - ok

13:56:28.0598 3116 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

13:56:28.0598 3116 BrFiltUp - ok

13:56:28.0629 3116 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

13:56:28.0629 3116 Brserid - ok

13:56:28.0645 3116 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

13:56:28.0645 3116 BrSerWdm - ok

13:56:28.0723 3116 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

13:56:28.0723 3116 BrUsbMdm - ok

13:56:28.0754 3116 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

13:56:28.0754 3116 BrUsbSer - ok

13:56:28.0754 3116 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

13:56:28.0754 3116 BTHMODEM - ok

13:56:28.0785 3116 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

13:56:28.0785 3116 cdfs - ok

13:56:28.0832 3116 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

13:56:28.0848 3116 cdrom - ok

13:56:28.0894 3116 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

13:56:28.0894 3116 circlass - ok

13:56:28.0910 3116 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

13:56:28.0910 3116 CLFS - ok

13:56:28.0988 3116 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

13:56:28.0988 3116 CmBatt - ok

13:56:29.0019 3116 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

13:56:29.0019 3116 cmdide - ok

13:56:29.0066 3116 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

13:56:29.0066 3116 CNG - ok

13:56:29.0097 3116 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

13:56:29.0113 3116 Compbatt - ok

13:56:29.0128 3116 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

13:56:29.0128 3116 CompositeBus - ok

13:56:29.0222 3116 cpuz133 (95c88d25e211a4d52a82c53e5d93e634) C:\Windows\system32\drivers\cpuz133_x64.sys

13:56:29.0222 3116 cpuz133 - ok

13:56:29.0238 3116 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

13:56:29.0238 3116 crcdisk - ok

13:56:29.0347 3116 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

13:56:29.0347 3116 DfsC - ok

13:56:29.0378 3116 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

13:56:29.0378 3116 discache - ok

13:56:29.0425 3116 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

13:56:29.0425 3116 Disk - ok

13:56:29.0487 3116 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

13:56:29.0487 3116 drmkaud - ok

13:56:29.0534 3116 dump_wmimmc - ok

13:56:29.0596 3116 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

13:56:29.0596 3116 DXGKrnl - ok

13:56:29.0674 3116 EagleX64 - ok

13:56:29.0737 3116 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

13:56:29.0768 3116 ebdrv - ok

13:56:29.0862 3116 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

13:56:29.0862 3116 elxstor - ok

13:56:29.0908 3116 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

13:56:29.0908 3116 ErrDev - ok

13:56:29.0940 3116 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

13:56:29.0940 3116 exfat - ok

13:56:29.0971 3116 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

13:56:29.0971 3116 fastfat - ok

13:56:30.0064 3116 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

13:56:30.0064 3116 fdc - ok

13:56:30.0096 3116 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

13:56:30.0096 3116 FileInfo - ok

13:56:30.0127 3116 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

13:56:30.0127 3116 Filetrace - ok

13:56:30.0127 3116 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

13:56:30.0127 3116 flpydisk - ok

13:56:30.0158 3116 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

13:56:30.0174 3116 FltMgr - ok

13:56:30.0236 3116 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

13:56:30.0236 3116 FsDepends - ok

13:56:30.0267 3116 fssfltr (53dab1791917a72738539ad25c4eed7f) C:\Windows\system32\DRIVERS\fssfltr.sys

13:56:30.0267 3116 fssfltr - ok

13:56:30.0298 3116 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

13:56:30.0298 3116 Fs_Rec - ok

13:56:30.0330 3116 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

13:56:30.0345 3116 fvevol - ok

13:56:30.0408 3116 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

13:56:30.0423 3116 gagp30kx - ok

13:56:30.0439 3116 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

13:56:30.0439 3116 hcw85cir - ok

13:56:30.0486 3116 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

13:56:30.0486 3116 HdAudAddService - ok

13:56:30.0564 3116 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

13:56:30.0564 3116 HDAudBus - ok

13:56:30.0595 3116 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys

13:56:30.0595 3116 HECIx64 - ok

13:56:30.0626 3116 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

13:56:30.0626 3116 HidBatt - ok

13:56:30.0657 3116 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

13:56:30.0657 3116 HidBth - ok

13:56:30.0704 3116 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

13:56:30.0704 3116 HidIr - ok

13:56:30.0735 3116 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys

13:56:30.0735 3116 HidUsb - ok

13:56:30.0782 3116 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

13:56:30.0782 3116 HpSAMD - ok

13:56:30.0829 3116 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

13:56:30.0829 3116 HTTP - ok

13:56:30.0938 3116 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

13:56:30.0938 3116 hwpolicy - ok

13:56:30.0954 3116 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

13:56:30.0954 3116 i8042prt - ok

13:56:31.0032 3116 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

13:56:31.0032 3116 iaStorV - ok

13:56:31.0281 3116 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys

13:56:31.0437 3116 igfx - ok

13:56:31.0515 3116 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

13:56:31.0515 3116 iirsp - ok

13:56:31.0578 3116 IntcAzAudAddService (f04d22d7a49a1b2210dbadf0b803e870) C:\Windows\system32\drivers\RTKVHD64.sys

13:56:31.0578 3116 IntcAzAudAddService - ok

13:56:31.0687 3116 IntcDAud (49072edbc5c2f964917d1b585c90ed0a) C:\Windows\system32\DRIVERS\IntcDAud.sys

13:56:31.0687 3116 IntcDAud - ok

13:56:31.0718 3116 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

13:56:31.0718 3116 intelide - ok

13:56:31.0749 3116 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

13:56:31.0749 3116 intelppm - ok

13:56:31.0843 3116 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

13:56:31.0843 3116 IpFilterDriver - ok

13:56:31.0874 3116 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

13:56:31.0874 3116 IPMIDRV - ok

13:56:31.0921 3116 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

13:56:31.0921 3116 IPNAT - ok

13:56:31.0952 3116 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

13:56:31.0952 3116 IRENUM - ok

13:56:32.0014 3116 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

13:56:32.0014 3116 isapnp - ok

13:56:32.0061 3116 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

13:56:32.0061 3116 iScsiPrt - ok

13:56:32.0077 3116 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

13:56:32.0077 3116 kbdclass - ok

13:56:32.0108 3116 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

13:56:32.0108 3116 kbdhid - ok

13:56:32.0186 3116 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

13:56:32.0186 3116 KSecDD - ok

13:56:32.0217 3116 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

13:56:32.0217 3116 KSecPkg - ok

13:56:32.0248 3116 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

13:56:32.0248 3116 ksthunk - ok

13:56:32.0529 3116 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

13:56:32.0545 3116 lltdio - ok

13:56:32.0576 3116 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

13:56:32.0576 3116 LSI_FC - ok

13:56:32.0592 3116 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

13:56:32.0592 3116 LSI_SAS - ok

13:56:32.0607 3116 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

13:56:32.0607 3116 LSI_SAS2 - ok

13:56:32.0623 3116 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

13:56:32.0623 3116 LSI_SCSI - ok

13:56:32.0685 3116 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

13:56:32.0701 3116 luafv - ok

13:56:32.0716 3116 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys

13:56:32.0716 3116 MBAMProtector - ok

13:56:32.0748 3116 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

13:56:32.0748 3116 megasas - ok

13:56:32.0779 3116 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

13:56:32.0779 3116 MegaSR - ok

13:56:32.0841 3116 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

13:56:32.0841 3116 Modem - ok

13:56:32.0857 3116 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

13:56:32.0857 3116 monitor - ok

13:56:32.0872 3116 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys

13:56:32.0872 3116 mouclass - ok

13:56:32.0904 3116 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

13:56:32.0904 3116 mouhid - ok

13:56:32.0982 3116 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

13:56:32.0982 3116 mountmgr - ok

13:56:33.0013 3116 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

13:56:33.0013 3116 mpio - ok

13:56:33.0028 3116 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

13:56:33.0028 3116 mpsdrv - ok

13:56:33.0044 3116 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

13:56:33.0044 3116 MRxDAV - ok

13:56:33.0122 3116 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

13:56:33.0122 3116 mrxsmb - ok

13:56:33.0138 3116 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

13:56:33.0138 3116 mrxsmb10 - ok

13:56:33.0153 3116 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

13:56:33.0153 3116 mrxsmb20 - ok

13:56:33.0184 3116 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

13:56:33.0184 3116 msahci - ok

13:56:33.0247 3116 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

13:56:33.0247 3116 msdsm - ok

13:56:33.0278 3116 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

13:56:33.0278 3116 Msfs - ok

13:56:33.0294 3116 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

13:56:33.0294 3116 mshidkmdf - ok

13:56:33.0325 3116 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

13:56:33.0325 3116 msisadrv - ok

13:56:33.0387 3116 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

13:56:33.0387 3116 MSKSSRV - ok

13:56:33.0403 3116 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

13:56:33.0403 3116 MSPCLOCK - ok

13:56:33.0418 3116 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

13:56:33.0418 3116 MSPQM - ok

13:56:33.0450 3116 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

13:56:33.0450 3116 MsRPC - ok

13:56:33.0481 3116 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

13:56:33.0481 3116 mssmbios - ok

13:56:33.0543 3116 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

13:56:33.0543 3116 MSTEE - ok

13:56:33.0574 3116 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

13:56:33.0574 3116 MTConfig - ok

13:56:33.0606 3116 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys

13:56:33.0606 3116 MTsensor - ok

13:56:33.0621 3116 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

13:56:33.0621 3116 Mup - ok

13:56:33.0684 3116 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

13:56:33.0684 3116 NativeWifiP - ok

13:56:33.0730 3116 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

13:56:33.0730 3116 NDIS - ok

13:56:33.0762 3116 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

13:56:33.0762 3116 NdisCap - ok

13:56:33.0777 3116 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

13:56:33.0777 3116 NdisTapi - ok

13:56:33.0793 3116 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

13:56:33.0793 3116 Ndisuio - ok

13:56:33.0840 3116 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

13:56:33.0840 3116 NdisWan - ok

13:56:33.0871 3116 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

13:56:33.0871 3116 NDProxy - ok

13:56:33.0933 3116 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

13:56:33.0933 3116 NetBIOS - ok

13:56:33.0980 3116 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

13:56:33.0980 3116 NetBT - ok

13:56:34.0027 3116 netr28x (b72bb9496a126fcfc7fc5945ded9b411) C:\Windows\system32\DRIVERS\netr28x.sys

13:56:34.0027 3116 netr28x - ok

13:56:34.0074 3116 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

13:56:34.0074 3116 nfrd960 - ok

13:56:34.0120 3116 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

13:56:34.0120 3116 Npfs - ok

13:56:34.0167 3116 NPPTNT2 - ok

13:56:34.0198 3116 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

13:56:34.0198 3116 nsiproxy - ok

13:56:34.0245 3116 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

13:56:34.0261 3116 Ntfs - ok

13:56:34.0323 3116 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

13:56:34.0323 3116 Null - ok

13:56:34.0370 3116 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

13:56:34.0370 3116 nvraid - ok

13:56:34.0386 3116 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

13:56:34.0401 3116 nvstor - ok

13:56:34.0464 3116 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

13:56:34.0464 3116 nv_agp - ok

13:56:34.0495 3116 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

13:56:34.0495 3116 ohci1394 - ok

13:56:34.0588 3116 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

13:56:34.0588 3116 Parport - ok

13:56:34.0620 3116 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

13:56:34.0620 3116 partmgr - ok

13:56:34.0651 3116 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

13:56:34.0651 3116 pci - ok

13:56:34.0682 3116 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

13:56:34.0682 3116 pciide - ok

13:56:34.0744 3116 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

13:56:34.0744 3116 pcmcia - ok

13:56:34.0760 3116 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

13:56:34.0760 3116 pcw - ok

13:56:34.0791 3116 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

13:56:34.0807 3116 PEAUTH - ok

13:56:34.0900 3116 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

13:56:34.0900 3116 PptpMiniport - ok

13:56:34.0932 3116 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

13:56:34.0932 3116 Processor - ok

13:56:34.0978 3116 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

13:56:34.0978 3116 Psched - ok

13:56:35.0010 3116 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

13:56:35.0025 3116 ql2300 - ok

13:56:35.0072 3116 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

13:56:35.0072 3116 ql40xx - ok

13:56:35.0103 3116 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

13:56:35.0119 3116 QWAVEdrv - ok

13:56:35.0134 3116 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

13:56:35.0134 3116 RasAcd - ok

13:56:35.0150 3116 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

13:56:35.0150 3116 RasAgileVpn - ok

13:56:35.0181 3116 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

13:56:35.0181 3116 Rasl2tp - ok

13:56:35.0244 3116 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

13:56:35.0244 3116 RasPppoe - ok

13:56:35.0259 3116 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

13:56:35.0259 3116 RasSstp - ok

13:56:35.0306 3116 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

13:56:35.0306 3116 rdbss - ok

13:56:35.0322 3116 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

13:56:35.0322 3116 rdpbus - ok

13:56:35.0368 3116 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

13:56:35.0368 3116 RDPCDD - ok

13:56:35.0400 3116 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

13:56:35.0400 3116 RDPENCDD - ok

13:56:35.0446 3116 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

13:56:35.0446 3116 RDPREFMP - ok

13:56:35.0462 3116 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

13:56:35.0478 3116 RDPWD - ok

13:56:35.0493 3116 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

13:56:35.0493 3116 rdyboost - ok

13:56:35.0556 3116 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

13:56:35.0556 3116 rspndr - ok

13:56:35.0618 3116 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys

13:56:35.0618 3116 RTL8167 - ok

13:56:35.0649 3116 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

13:56:35.0649 3116 sbp2port - ok

13:56:35.0712 3116 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

13:56:35.0712 3116 scfilter - ok

13:56:35.0758 3116 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

13:56:35.0758 3116 secdrv - ok

13:56:35.0790 3116 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

13:56:35.0790 3116 Serenum - ok

13:56:35.0836 3116 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

13:56:35.0836 3116 Serial - ok

13:56:35.0868 3116 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

13:56:35.0868 3116 sermouse - ok

13:56:35.0899 3116 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

13:56:35.0899 3116 sffdisk - ok

13:56:35.0899 3116 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

13:56:35.0899 3116 sffp_mmc - ok

13:56:35.0914 3116 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

13:56:35.0914 3116 sffp_sd - ok

13:56:35.0961 3116 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

13:56:35.0961 3116 sfloppy - ok

13:56:35.0992 3116 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

13:56:35.0992 3116 SiSRaid2 - ok

13:56:36.0008 3116 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

13:56:36.0008 3116 SiSRaid4 - ok

13:56:36.0024 3116 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

13:56:36.0039 3116 Smb - ok

13:56:36.0086 3116 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

13:56:36.0086 3116 spldr - ok

13:56:36.0133 3116 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

13:56:36.0133 3116 srv - ok

13:56:36.0180 3116 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

13:56:36.0180 3116 srv2 - ok

13:56:36.0211 3116 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

13:56:36.0211 3116 srvnet - ok

13:56:36.0273 3116 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

13:56:36.0273 3116 stexstor - ok

13:56:36.0304 3116 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

13:56:36.0304 3116 swenum - ok

13:56:36.0382 3116 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

13:56:36.0398 3116 Tcpip - ok

13:56:36.0460 3116 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

13:56:36.0460 3116 TCPIP6 - ok

13:56:36.0476 3116 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

13:56:36.0476 3116 tcpipreg - ok

13:56:36.0523 3116 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

13:56:36.0523 3116 TDPIPE - ok

13:56:36.0523 3116 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

13:56:36.0538 3116 TDTCP - ok

13:56:36.0554 3116 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

13:56:36.0554 3116 tdx - ok

13:56:36.0632 3116 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

13:56:36.0632 3116 TermDD - ok

13:56:36.0679 3116 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

13:56:36.0679 3116 tssecsrv - ok

13:56:36.0726 3116 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

13:56:36.0726 3116 TsUsbFlt - ok

13:56:36.0804 3116 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

13:56:36.0804 3116 tunnel - ok

13:56:36.0835 3116 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

13:56:36.0835 3116 uagp35 - ok

13:56:36.0866 3116 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

13:56:36.0866 3116 udfs - ok

13:56:36.0944 3116 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

13:56:36.0944 3116 uliagpkx - ok

13:56:36.0960 3116 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

13:56:36.0960 3116 umbus - ok

13:56:36.0991 3116 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

13:56:36.0991 3116 UmPass - ok

13:56:37.0038 3116 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys

13:56:37.0038 3116 usbaudio - ok

13:56:37.0084 3116 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

13:56:37.0084 3116 usbccgp - ok

13:56:37.0131 3116 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

13:56:37.0131 3116 usbcir - ok

13:56:37.0162 3116 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

13:56:37.0162 3116 usbehci - ok

13:56:37.0194 3116 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

13:56:37.0194 3116 usbhub - ok

13:56:37.0256 3116 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys

13:56:37.0256 3116 usbohci - ok

13:56:37.0287 3116 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

13:56:37.0287 3116 usbprint - ok

13:56:37.0303 3116 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

13:56:37.0303 3116 USBSTOR - ok

13:56:37.0318 3116 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys

13:56:37.0318 3116 usbuhci - ok

13:56:37.0334 3116 USB_RNDIS_VISTA (d0fe8cb5f84303e73ff0754437fad3d1) C:\Windows\system32\DRIVERS\usb8023.sys

13:56:37.0334 3116 USB_RNDIS_VISTA - ok

13:56:37.0396 3116 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

13:56:37.0396 3116 vdrvroot - ok

13:56:37.0443 3116 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

13:56:37.0443 3116 vga - ok

13:56:37.0443 3116 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

13:56:37.0443 3116 VgaSave - ok

13:56:37.0459 3116 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

13:56:37.0474 3116 vhdmp - ok

13:56:37.0490 3116 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

13:56:37.0490 3116 viaide - ok

13:56:37.0552 3116 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

13:56:37.0552 3116 volmgr - ok

13:56:37.0693 3116 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

13:56:37.0724 3116 volmgrx - ok

13:56:37.0740 3116 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

13:56:37.0740 3116 volsnap - ok

13:56:37.0802 3116 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

13:56:37.0802 3116 vsmraid - ok

13:56:37.0849 3116 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

13:56:37.0849 3116 vwifibus - ok

13:56:37.0864 3116 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

13:56:37.0864 3116 vwififlt - ok

13:56:37.0896 3116 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

13:56:37.0896 3116 WacomPen - ok

13:56:37.0942 3116 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

13:56:37.0942 3116 WANARP - ok

13:56:37.0958 3116 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

13:56:37.0958 3116 Wanarpv6 - ok

13:56:37.0989 3116 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

13:56:37.0989 3116 Wd - ok

13:56:38.0020 3116 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

13:56:38.0020 3116 Wdf01000 - ok

13:56:38.0083 3116 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

13:56:38.0083 3116 WfpLwf - ok

13:56:38.0114 3116 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

13:56:38.0114 3116 WIMMount - ok

13:56:38.0208 3116 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

13:56:38.0208 3116 WinUsb - ok

13:56:38.0270 3116 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

13:56:38.0270 3116 WmiAcpi - ok

13:56:38.0301 3116 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

13:56:38.0301 3116 ws2ifsl - ok

13:56:38.0348 3116 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

13:56:38.0348 3116 WudfPf - ok

13:56:38.0410 3116 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

13:56:38.0410 3116 WUDFRd - ok

13:56:38.0457 3116 X6va003 - ok

13:56:38.0488 3116 MBR (0x1B8) (4bf077b4df3f4f5483a79d4ce511c7f3) \Device\Harddisk0\DR0

13:56:38.0504 3116 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

13:56:38.0504 3116 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)

13:56:38.0535 3116 Boot (0x1200) (981a1928fb23fc1e673f913c659cbc75) \Device\Harddisk0\DR0\Partition0

13:56:38.0535 3116 \Device\Harddisk0\DR0\Partition0 - ok

13:56:38.0551 3116 Boot (0x1200) (1b2113e8147b731e8356e034bd1547d9) \Device\Harddisk0\DR0\Partition1

13:56:38.0551 3116 \Device\Harddisk0\DR0\Partition1 - ok

13:56:38.0551 3116 ============================================================

13:56:38.0551 3116 Scan finished

13:56:38.0551 3116 ============================================================

13:56:38.0566 5076 Detected object count: 1

13:56:38.0566 5076 Actual detected object count: 1

13:56:57.0474 5076 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - skipped by user

13:56:57.0474 5076 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Skip

13:58:08.0797 1076 Deinitialize success

[Larusso]

Execute TDSSKiller.exe and press Start Scan.

• Ensure Cure is selected ( it should be by default )
  Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed
  
• Click Continue then click Reboot now.

Once complete, a log will be produced at the root drive which is typically C:\

For example, C:\TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txt.

Please post the contents of that log in your next reply.

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================

Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to this topic How to disable your security applications

====================================================

Double click on combofix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

*Note - if after running ComboFix you see a message similar to 'registry key marked for deletion..' rebooting the machine will resolve that.

Please post in your next reply

TDSSKiller Log

Combofix.txt

[huntibilis]

I had two TDSS logs this time, not sure if you need both but I will post them.

15:45:40.0578 0292 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49

15:45:40.0890 0292 ============================================================

15:45:40.0890 0292 Current date / time: 2012/02/03 15:45:40.0890

15:45:40.0890 0292 SystemInfo:

15:45:40.0890 0292

15:45:40.0890 0292 OS Version: 6.1.7601 ServicePack: 1.0

15:45:40.0890 0292 Product type: Workstation

15:45:40.0890 0292 ComputerName: ADMIN-PC

15:45:40.0890 0292 UserName: Admin

15:45:40.0890 0292 Windows directory: C:\Windows

15:45:40.0890 0292 System windows directory: C:\Windows

15:45:40.0890 0292 Running under WOW64

15:45:40.0890 0292 Processor architecture: Intel x64

15:45:40.0890 0292 Number of processors: 4

15:45:40.0890 0292 Page size: 0x1000

15:45:40.0890 0292 Boot type: Normal boot

15:45:40.0890 0292 ============================================================

15:45:41.0530 0292 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

15:45:41.0546 0292 \Device\Harddisk0\DR0:

15:45:41.0546 0292 MBR used

15:45:41.0546 0292 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1C5E800, BlocksNum 0x2E935000

15:45:41.0546 0292 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x30593800, BlocksNum 0x44172800

15:45:41.0592 0292 Initialize success

15:45:41.0592 0292 ============================================================

15:45:43.0792 4328 Deinitialize success

15:45:50.0737 4016 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49

15:45:51.0111 4016 ============================================================

15:45:51.0111 4016 Current date / time: 2012/02/03 15:45:51.0111

15:45:51.0111 4016 SystemInfo:

15:45:51.0111 4016

15:45:51.0111 4016 OS Version: 6.1.7601 ServicePack: 1.0

15:45:51.0111 4016 Product type: Workstation

15:45:51.0111 4016 ComputerName: ADMIN-PC

15:45:51.0111 4016 UserName: Admin

15:45:51.0111 4016 Windows directory: C:\Windows

15:45:51.0111 4016 System windows directory: C:\Windows

15:45:51.0111 4016 Running under WOW64

15:45:51.0111 4016 Processor architecture: Intel x64

15:45:51.0111 4016 Number of processors: 4

15:45:51.0111 4016 Page size: 0x1000

15:45:51.0111 4016 Boot type: Normal boot

15:45:51.0111 4016 ============================================================

15:45:51.0735 4016 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

15:45:51.0751 4016 \Device\Harddisk0\DR0:

15:45:51.0751 4016 MBR used

15:45:51.0751 4016 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1C5E800, BlocksNum 0x2E935000

15:45:51.0751 4016 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x30593800, BlocksNum 0x44172800

15:45:51.0798 4016 Initialize success

15:45:51.0798 4016 ============================================================

15:45:53.0935 4132 ============================================================

15:45:53.0935 4132 Scan started

15:45:53.0935 4132 Mode: Manual;

15:45:53.0935 4132 ============================================================

15:45:54.0777 4132 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

15:45:54.0777 4132 1394ohci - ok

15:45:54.0855 4132 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

15:45:54.0855 4132 ACPI - ok

15:45:54.0964 4132 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

15:45:54.0964 4132 AcpiPmi - ok

15:45:55.0074 4132 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

15:45:55.0074 4132 adp94xx - ok

15:45:55.0089 4132 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

15:45:55.0089 4132 adpahci - ok

15:45:55.0105 4132 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

15:45:55.0105 4132 adpu320 - ok

15:45:55.0136 4132 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys

15:45:55.0136 4132 AFD - ok

15:45:55.0214 4132 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

15:45:55.0214 4132 agp440 - ok

15:45:55.0276 4132 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

15:45:55.0276 4132 aliide - ok

15:45:55.0339 4132 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

15:45:55.0339 4132 amdide - ok

15:45:55.0370 4132 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

15:45:55.0370 4132 AmdK8 - ok

15:45:55.0386 4132 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

15:45:55.0386 4132 AmdPPM - ok

15:45:55.0432 4132 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

15:45:55.0432 4132 amdsata - ok

15:45:55.0479 4132 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

15:45:55.0479 4132 amdsbs - ok

15:45:55.0495 4132 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

15:45:55.0495 4132 amdxata - ok

15:45:55.0542 4132 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

15:45:55.0542 4132 AppID - ok

15:45:55.0573 4132 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

15:45:55.0573 4132 arc - ok

15:45:55.0620 4132 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

15:45:55.0620 4132 arcsas - ok

15:45:55.0620 4132 AsIO - ok

15:45:55.0651 4132 AsUpIO - ok

15:45:55.0698 4132 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

15:45:55.0698 4132 AsyncMac - ok

15:45:55.0729 4132 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

15:45:55.0729 4132 atapi - ok

15:45:55.0776 4132 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

15:45:55.0776 4132 b06bdrv - ok

15:45:55.0822 4132 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

15:45:55.0822 4132 b57nd60a - ok

15:45:55.0854 4132 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

15:45:55.0854 4132 Beep - ok

15:45:55.0900 4132 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

15:45:55.0900 4132 blbdrive - ok

15:45:55.0916 4132 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

15:45:55.0916 4132 bowser - ok

15:45:55.0963 4132 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

15:45:55.0963 4132 BrFiltLo - ok

15:45:55.0994 4132 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

15:45:55.0994 4132 BrFiltUp - ok

15:45:56.0010 4132 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

15:45:56.0010 4132 Brserid - ok

15:45:56.0041 4132 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

15:45:56.0041 4132 BrSerWdm - ok

15:45:56.0056 4132 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

15:45:56.0056 4132 BrUsbMdm - ok

15:45:56.0119 4132 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

15:45:56.0119 4132 BrUsbSer - ok

15:45:56.0134 4132 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

15:45:56.0134 4132 BTHMODEM - ok

15:45:56.0166 4132 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

15:45:56.0166 4132 cdfs - ok

15:45:56.0259 4132 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

15:45:56.0259 4132 cdrom - ok

15:45:56.0290 4132 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

15:45:56.0290 4132 circlass - ok

15:45:56.0322 4132 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

15:45:56.0322 4132 CLFS - ok

15:45:56.0400 4132 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

15:45:56.0400 4132 CmBatt - ok

15:45:56.0415 4132 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

15:45:56.0415 4132 cmdide - ok

15:45:56.0446 4132 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

15:45:56.0446 4132 CNG - ok

15:45:56.0478 4132 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

15:45:56.0478 4132 Compbatt - ok

15:45:56.0556 4132 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

15:45:56.0556 4132 CompositeBus - ok

15:45:56.0618 4132 cpuz133 (95c88d25e211a4d52a82c53e5d93e634) C:\Windows\system32\drivers\cpuz133_x64.sys

15:45:56.0618 4132 cpuz133 - ok

15:45:56.0649 4132 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

15:45:56.0649 4132 crcdisk - ok

15:45:56.0743 4132 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

15:45:56.0743 4132 DfsC - ok

15:45:56.0774 4132 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

15:45:56.0774 4132 discache - ok

15:45:56.0821 4132 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

15:45:56.0821 4132 Disk - ok

15:45:56.0883 4132 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

15:45:56.0883 4132 drmkaud - ok

15:45:56.0930 4132 dump_wmimmc - ok

15:45:56.0977 4132 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

15:45:56.0992 4132 DXGKrnl - ok

15:45:57.0008 4132 EagleX64 - ok

15:45:57.0070 4132 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

15:45:57.0086 4132 ebdrv - ok

15:45:57.0164 4132 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

15:45:57.0180 4132 elxstor - ok

15:45:57.0211 4132 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

15:45:57.0211 4132 ErrDev - ok

15:45:57.0258 4132 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

15:45:57.0258 4132 exfat - ok

15:45:57.0320 4132 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

15:45:57.0320 4132 fastfat - ok

15:45:57.0336 4132 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

15:45:57.0351 4132 fdc - ok

15:45:57.0367 4132 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

15:45:57.0367 4132 FileInfo - ok

15:45:57.0382 4132 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

15:45:57.0382 4132 Filetrace - ok

15:45:57.0445 4132 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

15:45:57.0445 4132 flpydisk - ok

15:45:57.0476 4132 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

15:45:57.0476 4132 FltMgr - ok

15:45:57.0492 4132 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

15:45:57.0492 4132 FsDepends - ok

15:45:57.0538 4132 fssfltr (53dab1791917a72738539ad25c4eed7f) C:\Windows\system32\DRIVERS\fssfltr.sys

15:45:57.0538 4132 fssfltr - ok

15:45:57.0601 4132 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

15:45:57.0601 4132 Fs_Rec - ok

15:45:57.0648 4132 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

15:45:57.0648 4132 fvevol - ok

15:45:57.0663 4132 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

15:45:57.0663 4132 gagp30kx - ok

15:45:57.0694 4132 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

15:45:57.0694 4132 hcw85cir - ok

15:45:57.0772 4132 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

15:45:57.0772 4132 HdAudAddService - ok

15:45:57.0788 4132 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

15:45:57.0788 4132 HDAudBus - ok

15:45:57.0835 4132 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys

15:45:57.0835 4132 HECIx64 - ok

15:45:57.0882 4132 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

15:45:57.0882 4132 HidBatt - ok

15:45:57.0897 4132 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

15:45:57.0897 4132 HidBth - ok

15:45:57.0928 4132 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

15:45:57.0928 4132 HidIr - ok

15:45:57.0960 4132 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys

15:45:57.0960 4132 HidUsb - ok

15:45:57.0991 4132 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

15:45:57.0991 4132 HpSAMD - ok

15:45:58.0100 4132 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

15:45:58.0100 4132 HTTP - ok

15:45:58.0131 4132 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

15:45:58.0131 4132 hwpolicy - ok

15:45:58.0147 4132 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

15:45:58.0147 4132 i8042prt - ok

15:45:58.0178 4132 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

15:45:58.0178 4132 iaStorV - ok

15:45:58.0396 4132 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys

15:45:58.0443 4132 igfx - ok

15:45:58.0506 4132 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

15:45:58.0506 4132 iirsp - ok

15:45:58.0552 4132 IntcAzAudAddService (f04d22d7a49a1b2210dbadf0b803e870) C:\Windows\system32\drivers\RTKVHD64.sys

15:45:58.0568 4132 IntcAzAudAddService - ok

15:45:58.0615 4132 IntcDAud (49072edbc5c2f964917d1b585c90ed0a) C:\Windows\system32\DRIVERS\IntcDAud.sys

15:45:58.0615 4132 IntcDAud - ok

15:45:58.0662 4132 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

15:45:58.0662 4132 intelide - ok

15:45:58.0693 4132 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

15:45:58.0693 4132 intelppm - ok

15:45:58.0724 4132 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

15:45:58.0724 4132 IpFilterDriver - ok

15:45:58.0802 4132 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

15:45:58.0802 4132 IPMIDRV - ok

15:45:58.0833 4132 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

15:45:58.0833 4132 IPNAT - ok

15:45:58.0864 4132 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

15:45:58.0864 4132 IRENUM - ok

15:45:58.0896 4132 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

15:45:58.0896 4132 isapnp - ok

15:45:58.0958 4132 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

15:45:58.0958 4132 iScsiPrt - ok

15:45:58.0974 4132 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

15:45:58.0974 4132 kbdclass - ok

15:45:59.0020 4132 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

15:45:59.0020 4132 kbdhid - ok

15:45:59.0052 4132 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

15:45:59.0052 4132 KSecDD - ok

15:45:59.0098 4132 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

15:45:59.0098 4132 KSecPkg - ok

15:45:59.0130 4132 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

15:45:59.0130 4132 ksthunk - ok

15:45:59.0161 4132 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

15:45:59.0161 4132 lltdio - ok

15:45:59.0223 4132 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

15:45:59.0223 4132 LSI_FC - ok

15:45:59.0270 4132 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

15:45:59.0270 4132 LSI_SAS - ok

15:45:59.0286 4132 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

15:45:59.0286 4132 LSI_SAS2 - ok

15:45:59.0317 4132 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

15:45:59.0317 4132 LSI_SCSI - ok

15:45:59.0364 4132 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

15:45:59.0364 4132 luafv - ok

15:45:59.0410 4132 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys

15:45:59.0410 4132 MBAMProtector - ok

15:45:59.0457 4132 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

15:45:59.0457 4132 megasas - ok

15:45:59.0504 4132 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

15:45:59.0504 4132 MegaSR - ok

15:45:59.0520 4132 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

15:45:59.0520 4132 Modem - ok

15:45:59.0551 4132 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

15:45:59.0551 4132 monitor - ok

15:45:59.0598 4132 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys

15:45:59.0598 4132 mouclass - ok

15:45:59.0644 4132 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

15:45:59.0644 4132 mouhid - ok

15:45:59.0676 4132 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

15:45:59.0676 4132 mountmgr - ok

15:45:59.0738 4132 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

15:45:59.0738 4132 mpio - ok

15:45:59.0769 4132 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

15:45:59.0769 4132 mpsdrv - ok

15:45:59.0800 4132 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

15:45:59.0816 4132 MRxDAV - ok

15:45:59.0847 4132 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

15:45:59.0847 4132 mrxsmb - ok

15:45:59.0878 4132 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

15:45:59.0878 4132 mrxsmb10 - ok

15:45:59.0925 4132 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

15:45:59.0925 4132 mrxsmb20 - ok

15:45:59.0972 4132 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

15:45:59.0972 4132 msahci - ok

15:46:00.0019 4132 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

15:46:00.0019 4132 msdsm - ok

15:46:00.0144 4132 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

15:46:00.0144 4132 Msfs - ok

15:46:00.0175 4132 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

15:46:00.0175 4132 mshidkmdf - ok

15:46:00.0191 4132 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

15:46:00.0191 4132 msisadrv - ok

15:46:00.0284 4132 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

15:46:00.0284 4132 MSKSSRV - ok

15:46:00.0300 4132 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

15:46:00.0300 4132 MSPCLOCK - ok

15:46:00.0315 4132 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

15:46:00.0315 4132 MSPQM - ok

15:46:00.0347 4132 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

15:46:00.0347 4132 MsRPC - ok

15:46:00.0409 4132 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

15:46:00.0409 4132 mssmbios - ok

15:46:00.0425 4132 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

15:46:00.0440 4132 MSTEE - ok

15:46:00.0456 4132 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

15:46:00.0456 4132 MTConfig - ok

15:46:00.0487 4132 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys

15:46:00.0487 4132 MTsensor - ok

15:46:00.0518 4132 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

15:46:00.0518 4132 Mup - ok

15:46:00.0549 4132 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

15:46:00.0549 4132 NativeWifiP - ok

15:46:00.0612 4132 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

15:46:00.0612 4132 NDIS - ok

15:46:00.0659 4132 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

15:46:00.0659 4132 NdisCap - ok

15:46:00.0690 4132 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

15:46:00.0690 4132 NdisTapi - ok

15:46:00.0721 4132 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

15:46:00.0721 4132 Ndisuio - ok

15:46:00.0768 4132 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

15:46:00.0768 4132 NdisWan - ok

15:46:00.0799 4132 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

15:46:00.0799 4132 NDProxy - ok

15:46:00.0877 4132 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

15:46:00.0877 4132 NetBIOS - ok

15:46:00.0924 4132 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

15:46:00.0924 4132 NetBT - ok

15:46:00.0971 4132 netr28x (b72bb9496a126fcfc7fc5945ded9b411) C:\Windows\system32\DRIVERS\netr28x.sys

15:46:00.0971 4132 netr28x - ok

15:46:01.0017 4132 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

15:46:01.0017 4132 nfrd960 - ok

15:46:01.0049 4132 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

15:46:01.0049 4132 Npfs - ok

15:46:01.0111 4132 NPPTNT2 - ok

15:46:01.0142 4132 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

15:46:01.0142 4132 nsiproxy - ok

15:46:01.0189 4132 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

15:46:01.0189 4132 Ntfs - ok

15:46:01.0220 4132 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

15:46:01.0220 4132 Null - ok

15:46:01.0283 4132 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

15:46:01.0283 4132 nvraid - ok

15:46:01.0314 4132 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

15:46:01.0314 4132 nvstor - ok

15:46:01.0345 4132 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

15:46:01.0345 4132 nv_agp - ok

15:46:01.0376 4132 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

15:46:01.0376 4132 ohci1394 - ok

15:46:01.0454 4132 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

15:46:01.0454 4132 Parport - ok

15:46:01.0485 4132 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

15:46:01.0485 4132 partmgr - ok

15:46:01.0517 4132 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

15:46:01.0517 4132 pci - ok

15:46:01.0548 4132 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

15:46:01.0548 4132 pciide - ok

15:46:01.0595 4132 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

15:46:01.0595 4132 pcmcia - ok

15:46:01.0626 4132 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

15:46:01.0626 4132 pcw - ok

15:46:01.0641 4132 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

15:46:01.0657 4132 PEAUTH - ok

15:46:01.0735 4132 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

15:46:01.0735 4132 PptpMiniport - ok

15:46:01.0766 4132 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

15:46:01.0766 4132 Processor - ok

15:46:01.0813 4132 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

15:46:01.0829 4132 Psched - ok

15:46:01.0875 4132 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

15:46:01.0891 4132 ql2300 - ok

15:46:01.0922 4132 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

15:46:01.0922 4132 ql40xx - ok

15:46:01.0953 4132 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

15:46:01.0953 4132 QWAVEdrv - ok

15:46:01.0985 4132 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

15:46:01.0985 4132 RasAcd - ok

15:46:02.0016 4132 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

15:46:02.0016 4132 RasAgileVpn - ok

15:46:02.0063 4132 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

15:46:02.0063 4132 Rasl2tp - ok

15:46:02.0094 4132 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

15:46:02.0094 4132 RasPppoe - ok

15:46:02.0109 4132 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

15:46:02.0109 4132 RasSstp - ok

15:46:02.0141 4132 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

15:46:02.0141 4132 rdbss - ok

15:46:02.0156 4132 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

15:46:02.0156 4132 rdpbus - ok

15:46:02.0219 4132 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

15:46:02.0219 4132 RDPCDD - ok

15:46:02.0281 4132 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

15:46:02.0281 4132 RDPENCDD - ok

15:46:02.0312 4132 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

15:46:02.0312 4132 RDPREFMP - ok

15:46:02.0343 4132 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

15:46:02.0343 4132 RDPWD - ok

15:46:02.0406 4132 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

15:46:02.0406 4132 rdyboost - ok

15:46:02.0453 4132 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

15:46:02.0453 4132 rspndr - ok

15:46:02.0484 4132 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys

15:46:02.0484 4132 RTL8167 - ok

15:46:02.0515 4132 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

15:46:02.0515 4132 sbp2port - ok

15:46:02.0546 4132 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

15:46:02.0546 4132 scfilter - ok

15:46:02.0609 4132 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

15:46:02.0609 4132 secdrv - ok

15:46:02.0640 4132 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

15:46:02.0640 4132 Serenum - ok

15:46:02.0671 4132 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

15:46:02.0671 4132 Serial - ok

15:46:02.0702 4132 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

15:46:02.0702 4132 sermouse - ok

15:46:02.0749 4132 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

15:46:02.0749 4132 sffdisk - ok

15:46:02.0765 4132 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

15:46:02.0780 4132 sffp_mmc - ok

15:46:02.0796 4132 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

15:46:02.0796 4132 sffp_sd - ok

15:46:02.0827 4132 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

15:46:02.0827 4132 sfloppy - ok

15:46:02.0874 4132 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

15:46:02.0874 4132 SiSRaid2 - ok

15:46:02.0905 4132 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

15:46:02.0905 4132 SiSRaid4 - ok

15:46:02.0936 4132 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

15:46:02.0936 4132 Smb - ok

15:46:02.0983 4132 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

15:46:02.0983 4132 spldr - ok

15:46:03.0014 4132 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

15:46:03.0030 4132 srv - ok

15:46:03.0077 4132 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

15:46:03.0077 4132 srv2 - ok

15:46:03.0092 4132 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

15:46:03.0092 4132 srvnet - ok

15:46:03.0139 4132 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

15:46:03.0139 4132 stexstor - ok

15:46:03.0186 4132 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

15:46:03.0186 4132 swenum - ok

15:46:03.0248 4132 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

15:46:03.0248 4132 Tcpip - ok

15:46:03.0311 4132 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

15:46:03.0311 4132 TCPIP6 - ok

15:46:03.0357 4132 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

15:46:03.0357 4132 tcpipreg - ok

15:46:03.0389 4132 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

15:46:03.0389 4132 TDPIPE - ok

15:46:03.0420 4132 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

15:46:03.0420 4132 TDTCP - ok

15:46:03.0482 4132 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

15:46:03.0482 4132 tdx - ok

15:46:03.0529 4132 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

15:46:03.0529 4132 TermDD - ok

15:46:03.0623 4132 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

15:46:03.0623 4132 tssecsrv - ok

15:46:03.0654 4132 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

15:46:03.0654 4132 TsUsbFlt - ok

15:46:03.0732 4132 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

15:46:03.0732 4132 tunnel - ok

15:46:03.0779 4132 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

15:46:03.0779 4132 uagp35 - ok

15:46:03.0810 4132 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

15:46:03.0810 4132 udfs - ok

15:46:03.0857 4132 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

15:46:03.0857 4132 uliagpkx - ok

15:46:03.0903 4132 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

15:46:03.0903 4132 umbus - ok

15:46:03.0935 4132 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

15:46:03.0935 4132 UmPass - ok

15:46:03.0997 4132 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys

15:46:03.0997 4132 usbaudio - ok

15:46:04.0044 4132 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

15:46:04.0044 4132 usbccgp - ok

15:46:04.0075 4132 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

15:46:04.0075 4132 usbcir - ok

15:46:04.0106 4132 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

15:46:04.0106 4132 usbehci - ok

15:46:04.0153 4132 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

15:46:04.0153 4132 usbhub - ok

15:46:04.0184 4132 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys

15:46:04.0184 4132 usbohci - ok

15:46:04.0200 4132 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

15:46:04.0215 4132 usbprint - ok

15:46:04.0247 4132 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

15:46:04.0247 4132 USBSTOR - ok

15:46:04.0293 4132 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys

15:46:04.0293 4132 usbuhci - ok

15:46:04.0356 4132 USB_RNDIS_VISTA (d0fe8cb5f84303e73ff0754437fad3d1) C:\Windows\system32\DRIVERS\usb8023.sys

15:46:04.0356 4132 USB_RNDIS_VISTA - ok

15:46:04.0387 4132 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

15:46:04.0403 4132 vdrvroot - ok

15:46:04.0434 4132 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

15:46:04.0434 4132 vga - ok

15:46:04.0465 4132 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

15:46:04.0465 4132 VgaSave - ok

15:46:04.0496 4132 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

15:46:04.0496 4132 vhdmp - ok

15:46:04.0512 4132 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

15:46:04.0512 4132 viaide - ok

15:46:04.0543 4132 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

15:46:04.0543 4132 volmgr - ok

15:46:04.0590 4132 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

15:46:04.0590 4132 volmgrx - ok

15:46:04.0621 4132 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

15:46:04.0637 4132 volsnap - ok

15:46:04.0668 4132 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

15:46:04.0668 4132 vsmraid - ok

15:46:04.0683 4132 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

15:46:04.0683 4132 vwifibus - ok

15:46:04.0730 4132 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

15:46:04.0730 4132 vwififlt - ok

15:46:04.0777 4132 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

15:46:04.0777 4132 WacomPen - ok

15:46:04.0824 4132 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

15:46:04.0824 4132 WANARP - ok

15:46:04.0824 4132 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

15:46:04.0824 4132 Wanarpv6 - ok

15:46:04.0871 4132 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

15:46:04.0886 4132 Wd - ok

15:46:04.0917 4132 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

15:46:04.0917 4132 Wdf01000 - ok

15:46:04.0964 4132 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

15:46:04.0964 4132 WfpLwf - ok

15:46:04.0980 4132 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

15:46:04.0980 4132 WIMMount - ok

15:46:05.0042 4132 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

15:46:05.0042 4132 WinUsb - ok

15:46:05.0073 4132 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

15:46:05.0073 4132 WmiAcpi - ok

15:46:05.0120 4132 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

15:46:05.0120 4132 ws2ifsl - ok

15:46:05.0214 4132 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

15:46:05.0229 4132 WudfPf - ok

15:46:05.0307 4132 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

15:46:05.0307 4132 WUDFRd - ok

15:46:05.0385 4132 X6va003 - ok

15:46:05.0401 4132 MBR (0x1B8) (4bf077b4df3f4f5483a79d4ce511c7f3) \Device\Harddisk0\DR0

15:46:05.0432 4132 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

15:46:05.0432 4132 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)

15:46:05.0463 4132 Boot (0x1200) (981a1928fb23fc1e673f913c659cbc75) \Device\Harddisk0\DR0\Partition0

15:46:05.0463 4132 \Device\Harddisk0\DR0\Partition0 - ok

15:46:05.0479 4132 Boot (0x1200) (1b2113e8147b731e8356e034bd1547d9) \Device\Harddisk0\DR0\Partition1

15:46:05.0479 4132 \Device\Harddisk0\DR0\Partition1 - ok

15:46:05.0479 4132 ============================================================

15:46:05.0479 4132 Scan finished

15:46:05.0479 4132 ============================================================

15:46:05.0495 5676 Detected object count: 1

15:46:05.0495 5676 Actual detected object count: 1

15:46:12.0452 5676 \Device\Harddisk0\DR0\# - copied to quarantine

15:46:12.0452 5676 \Device\Harddisk0\DR0 - copied to quarantine

15:46:12.0468 5676 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

15:46:12.0468 5676 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine

15:46:12.0468 5676 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine

15:46:12.0483 5676 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine

15:46:12.0499 5676 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine

15:46:12.0515 5676 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine

15:46:12.0515 5676 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine

15:46:12.0515 5676 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine

15:46:12.0515 5676 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine

15:46:12.0515 5676 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine

15:46:12.0577 5676 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot

15:46:12.0577 5676 \Device\Harddisk0\DR0 - ok

15:46:12.0577 5676 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

15:46:21.0500 3020 Deinitialize success

ComboFix 12-02-03.02 - Admin 02/03/2012 15:54:39.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7055.5765 [GMT -5:00]

Running from: c:\users\Admin\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\autorun.inf

c:\program files\Uninstall.exe

c:\users\Admin\AppData\Roaming\Local

c:\users\Admin\Favorites\Games.url

c:\windows\Downloaded Program Files\popcaploader.dll

c:\windows\Downloaded Program Files\popcaploader.inf

c:\windows\svchost.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-01-03 to 2012-02-03 )))))))))))))))))))))))))))))))

.

.

2012-02-03 20:58 . 2012-02-03 20:58 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-02-03 20:46 . 2012-02-03 20:46 -------- d-----w- C:\TDSSKiller_Quarantine

2012-02-03 18:49 . 2012-01-17 09:39 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{90F04104-A7C7-4E7B-86E8-E9B8A5C58A21}\mpengine.dll

2012-02-03 05:36 . 2012-02-03 05:36 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-02 20:14 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2012-02-02 20:14 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll

2012-02-02 20:14 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll

2012-02-02 20:14 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll

2012-02-02 20:07 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll

2012-02-02 20:07 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll

2012-01-30 20:11 . 2012-01-30 20:11 -------- d-----w- c:\users\Admin\AppData\Roaming\Unity

2012-01-28 00:00 . 2012-01-28 00:00 -------- d-----w- c:\windows\Sun

2012-01-25 06:09 . 2012-01-25 06:09 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\DACE.tmp

2012-01-25 06:09 . 2012-01-25 06:09 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\DABE.tmp

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-27 05:52 . 2010-09-19 00:25 279656 ------w- c:\windows\system32\MpSigStub.exe

2011-12-10 20:24 . 2010-09-19 01:01 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-24 04:52 . 2011-12-15 18:16 3145216 ----a-w- c:\windows\system32\win32k.sys

2011-10-22 11:06 . 2011-10-22 11:06 68272 ----a-w- c:\program files\fraps64.dat

2011-10-22 11:06 . 2011-10-22 11:06 231600 ----a-w- c:\program files\fraps32.dll

2011-10-22 11:06 . 2011-10-22 11:06 185520 ----a-w- c:\program files\fraps64.dll

2011-10-22 11:06 . 2011-10-22 11:06 2533040 ----a-w- c:\program files\fraps.exe

2011-10-22 11:04 . 2011-10-22 11:04 140288 ----a-w- c:\program files\frapslcd.dll

2011-03-08 08:03 . 2011-03-08 06:19 258352 ----a-w- c:\program files\unicows.dll

2011-03-08 08:03 . 2011-03-08 06:19 372736 ----a-w- c:\program files\ijl15.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Akamai NetSession Interface"="c:\users\Admin\AppData\Local\Akamai\netsession_win.exe" [2011-12-23 3334432]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"RunAIShell"="c:\program files (x86)\ASUS\AI Manager\AsShellApplication.exe" [2009-12-23 232064]

"ASUS VIBE"="c:\program files (x86)\ASUS\ASUS VIBE\ASUS VIBE.exe" [2010-03-02 102400]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer6"=wdmaud.drv

.

R3 dump_wmimmc;dump_wmimmc;c:\program files\Gpotato\Flyff\GameGuard\dump_wmimmc.sys [x]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 USB_RNDIS_VISTA;Westell WireSpeed Dual Connect Modem;c:\windows\system32\DRIVERS\usb8023.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 X6va003;X6va003;c:\users\Admin\AppData\Local\Temp\003F557.tmp [x]

S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x64.sys [x]

S2 Device Handle Service;Device Handle Service;c:\windows\SysWOW64\AsHookDevice.exe [2009-12-23 203392]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]

S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-15 2280312]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

Hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

Akamai REG_MULTI_SZ Akamai

.

Contents of the 'Scheduled Tasks' folder

.

2012-02-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3037155534-168446356-2890161075-1001Core.job

- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-11 15:19]

.

2012-02-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3037155534-168446356-2890161075-1001UA.job

- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-11 15:19]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-19 8067616]

"SKDaemon.exe"="c:\program files\LTONHIS\Touch Manager\SKDaemon.exe" [2009-06-16 318464]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.cfnews13.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = 127.0.0.1:9421

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 65.32.5.111 65.32.5.112

DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB

DPF: {530F7E80-690F-438E-8A4F-E6CAECB4B6F3} - hxxp://taste.dvrdns.org/CMSPlugin.cab

DPF: {6F80BF27-CB16-4589-8C6A-DB422AAB2ED9} - hxxp://taste.dvrdns.org/vcredist_x86.exe

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Toolbar-Locked - (no file)

AddRemove-Fraps - c:\program files\uninstall.exe

AddRemove-{FBBC4667-2521-4E78-B1BD-8706F774549B} - c:\programdata\{249B9E04-F0FC-434D-B0D8-12D3EDFF3B77}\Best Buy Software Installer Setup.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]

"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_e286960.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va003]

"ImagePath"="\??\c:\users\Admin\AppData\Local\Temp\003F557.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

c:\program files (x86)\ASUS\EPU-4 Engine\FourEngine.exe

.

**************************************************************************

.

Completion time: 2012-02-03 16:03:57 - machine was rebooted

ComboFix-quarantined-files.txt 2012-02-03 21:03

.

Pre-Run: 300,275,650,560 bytes free

Post-Run: 300,033,708,032 bytes free

.

- - End Of File - - BECA44AC22CFD8B88FF1EFD1BB3FFA31

[Larusso]

Hy there,

Did you change any parameters in TDSSKiller ?

How is your system behaving now ? Please note all open issues.

[huntibilis]

No I didnt change anything in TDSS, should I have? As far as I can tell the outgoing has stoped.

[Larusso]

No, you should not. Something in the log shows me that the default settings has been changed or the tool gets an update I did not notice.

Could you please re-run TDSSKiller and choose Skip on all detections. Please post this log here

[huntibilis]

Nothing was detected.

00:26:14.0488 2800 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49

00:26:15.0002 2800 ============================================================

00:26:15.0002 2800 Current date / time: 2012/02/04 00:26:15.0002

00:26:15.0002 2800 SystemInfo:

00:26:15.0002 2800

00:26:15.0002 2800 OS Version: 6.1.7601 ServicePack: 1.0

00:26:15.0002 2800 Product type: Workstation

00:26:15.0002 2800 ComputerName: ADMIN-PC

00:26:15.0002 2800 UserName: Admin

00:26:15.0002 2800 Windows directory: C:\Windows

00:26:15.0002 2800 System windows directory: C:\Windows

00:26:15.0002 2800 Running under WOW64

00:26:15.0002 2800 Processor architecture: Intel x64

00:26:15.0002 2800 Number of processors: 4

00:26:15.0002 2800 Page size: 0x1000

00:26:15.0002 2800 Boot type: Normal boot

00:26:15.0002 2800 ============================================================

00:26:15.0658 2800 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

00:26:15.0658 2800 \Device\Harddisk0\DR0:

00:26:15.0658 2800 MBR used

00:26:15.0658 2800 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1C5E800, BlocksNum 0x2E935000

00:26:15.0658 2800 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x30593800, BlocksNum 0x44172800

00:26:15.0704 2800 Initialize success

00:26:15.0704 2800 ============================================================

00:26:22.0490 3452 ============================================================

00:26:22.0490 3452 Scan started

00:26:22.0490 3452 Mode: Manual;

00:26:22.0490 3452 ============================================================

00:26:23.0520 3452 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

00:26:23.0536 3452 1394ohci - ok

00:26:23.0598 3452 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

00:26:23.0598 3452 ACPI - ok

00:26:23.0676 3452 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

00:26:23.0676 3452 AcpiPmi - ok

00:26:23.0707 3452 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

00:26:23.0707 3452 adp94xx - ok

00:26:23.0723 3452 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

00:26:23.0738 3452 adpahci - ok

00:26:23.0754 3452 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

00:26:23.0754 3452 adpu320 - ok

00:26:23.0832 3452 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys

00:26:23.0832 3452 AFD - ok

00:26:23.0863 3452 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

00:26:23.0863 3452 agp440 - ok

00:26:23.0957 3452 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

00:26:23.0957 3452 aliide - ok

00:26:23.0988 3452 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

00:26:23.0988 3452 amdide - ok

00:26:24.0019 3452 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

00:26:24.0019 3452 AmdK8 - ok

00:26:24.0035 3452 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

00:26:24.0035 3452 AmdPPM - ok

00:26:24.0097 3452 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

00:26:24.0097 3452 amdsata - ok

00:26:24.0113 3452 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

00:26:24.0113 3452 amdsbs - ok

00:26:24.0144 3452 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

00:26:24.0144 3452 amdxata - ok

00:26:24.0206 3452 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

00:26:24.0206 3452 AppID - ok

00:26:24.0253 3452 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

00:26:24.0253 3452 arc - ok

00:26:24.0269 3452 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

00:26:24.0284 3452 arcsas - ok

00:26:24.0284 3452 AsIO - ok

00:26:24.0316 3452 AsUpIO - ok

00:26:24.0362 3452 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

00:26:24.0362 3452 AsyncMac - ok

00:26:24.0394 3452 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

00:26:24.0394 3452 atapi - ok

00:26:24.0456 3452 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

00:26:24.0456 3452 b06bdrv - ok

00:26:24.0518 3452 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

00:26:24.0534 3452 b57nd60a - ok

00:26:24.0550 3452 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

00:26:24.0550 3452 Beep - ok

00:26:24.0581 3452 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

00:26:24.0581 3452 blbdrive - ok

00:26:24.0643 3452 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

00:26:24.0643 3452 bowser - ok

00:26:24.0674 3452 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

00:26:24.0690 3452 BrFiltLo - ok

00:26:24.0690 3452 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

00:26:24.0690 3452 BrFiltUp - ok

00:26:24.0752 3452 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys

00:26:24.0752 3452 BridgeMP - ok

00:26:24.0815 3452 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

00:26:24.0815 3452 Brserid - ok

00:26:24.0815 3452 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

00:26:24.0830 3452 BrSerWdm - ok

00:26:24.0830 3452 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

00:26:24.0830 3452 BrUsbMdm - ok

00:26:24.0877 3452 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

00:26:24.0877 3452 BrUsbSer - ok

00:26:24.0924 3452 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

00:26:24.0924 3452 BTHMODEM - ok

00:26:24.0940 3452 catchme - ok

00:26:24.0986 3452 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

00:26:24.0986 3452 cdfs - ok

00:26:25.0018 3452 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

00:26:25.0018 3452 cdrom - ok

00:26:25.0049 3452 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

00:26:25.0064 3452 circlass - ok

00:26:25.0080 3452 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

00:26:25.0080 3452 CLFS - ok

00:26:25.0158 3452 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

00:26:25.0158 3452 CmBatt - ok

00:26:25.0174 3452 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

00:26:25.0174 3452 cmdide - ok

00:26:25.0205 3452 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

00:26:25.0205 3452 CNG - ok

00:26:25.0236 3452 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

00:26:25.0236 3452 Compbatt - ok

00:26:25.0298 3452 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

00:26:25.0298 3452 CompositeBus - ok

00:26:25.0361 3452 cpuz133 (95c88d25e211a4d52a82c53e5d93e634) C:\Windows\system32\drivers\cpuz133_x64.sys

00:26:25.0361 3452 cpuz133 - ok

00:26:25.0392 3452 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

00:26:25.0392 3452 crcdisk - ok

00:26:25.0470 3452 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

00:26:25.0470 3452 DfsC - ok

00:26:25.0486 3452 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

00:26:25.0486 3452 discache - ok

00:26:25.0517 3452 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

00:26:25.0517 3452 Disk - ok

00:26:25.0564 3452 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

00:26:25.0564 3452 drmkaud - ok

00:26:25.0610 3452 dump_wmimmc - ok

00:26:25.0673 3452 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

00:26:25.0673 3452 DXGKrnl - ok

00:26:25.0720 3452 EagleX64 - ok

00:26:25.0782 3452 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

00:26:25.0798 3452 ebdrv - ok

00:26:25.0891 3452 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

00:26:25.0907 3452 elxstor - ok

00:26:25.0922 3452 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

00:26:25.0922 3452 ErrDev - ok

00:26:25.0954 3452 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

00:26:25.0954 3452 exfat - ok

00:26:26.0016 3452 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

00:26:26.0016 3452 fastfat - ok

00:26:26.0047 3452 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

00:26:26.0047 3452 fdc - ok

00:26:26.0063 3452 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

00:26:26.0063 3452 FileInfo - ok

00:26:26.0125 3452 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

00:26:26.0125 3452 Filetrace - ok

00:26:26.0141 3452 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

00:26:26.0141 3452 flpydisk - ok

00:26:26.0172 3452 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

00:26:26.0172 3452 FltMgr - ok

00:26:26.0188 3452 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

00:26:26.0188 3452 FsDepends - ok

00:26:26.0219 3452 fssfltr (53dab1791917a72738539ad25c4eed7f) C:\Windows\system32\DRIVERS\fssfltr.sys

00:26:26.0219 3452 fssfltr - ok

00:26:26.0297 3452 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

00:26:26.0297 3452 Fs_Rec - ok

00:26:26.0328 3452 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

00:26:26.0328 3452 fvevol - ok

00:26:26.0359 3452 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

00:26:26.0359 3452 gagp30kx - ok

00:26:26.0375 3452 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

00:26:26.0375 3452 hcw85cir - ok

00:26:26.0468 3452 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

00:26:26.0468 3452 HdAudAddService - ok

00:26:26.0484 3452 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

00:26:26.0484 3452 HDAudBus - ok

00:26:26.0515 3452 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys

00:26:26.0515 3452 HECIx64 - ok

00:26:26.0578 3452 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

00:26:26.0578 3452 HidBatt - ok

00:26:26.0593 3452 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

00:26:26.0593 3452 HidBth - ok

00:26:26.0609 3452 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

00:26:26.0609 3452 HidIr - ok

00:26:26.0640 3452 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys

00:26:26.0640 3452 HidUsb - ok

00:26:26.0718 3452 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

00:26:26.0718 3452 HpSAMD - ok

00:26:26.0749 3452 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

00:26:26.0765 3452 HTTP - ok

00:26:26.0780 3452 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

00:26:26.0780 3452 hwpolicy - ok

00:26:26.0796 3452 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

00:26:26.0796 3452 i8042prt - ok

00:26:26.0858 3452 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

00:26:26.0858 3452 iaStorV - ok

00:26:27.0046 3452 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys

00:26:27.0186 3452 igfx - ok

00:26:27.0233 3452 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

00:26:27.0233 3452 iirsp - ok

00:26:27.0280 3452 IntcAzAudAddService (f04d22d7a49a1b2210dbadf0b803e870) C:\Windows\system32\drivers\RTKVHD64.sys

00:26:27.0295 3452 IntcAzAudAddService - ok

00:26:27.0342 3452 IntcDAud (49072edbc5c2f964917d1b585c90ed0a) C:\Windows\system32\DRIVERS\IntcDAud.sys

00:26:27.0342 3452 IntcDAud - ok

00:26:27.0389 3452 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

00:26:27.0389 3452 intelide - ok

00:26:27.0420 3452 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

00:26:27.0420 3452 intelppm - ok

00:26:27.0498 3452 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

00:26:27.0498 3452 IpFilterDriver - ok

00:26:27.0529 3452 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

00:26:27.0529 3452 IPMIDRV - ok

00:26:27.0560 3452 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

00:26:27.0560 3452 IPNAT - ok

00:26:27.0607 3452 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

00:26:27.0607 3452 IRENUM - ok

00:26:27.0638 3452 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

00:26:27.0638 3452 isapnp - ok

00:26:27.0654 3452 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

00:26:27.0654 3452 iScsiPrt - ok

00:26:27.0670 3452 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

00:26:27.0670 3452 kbdclass - ok

00:26:27.0685 3452 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

00:26:27.0685 3452 kbdhid - ok

00:26:27.0779 3452 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

00:26:27.0779 3452 KSecDD - ok

00:26:27.0794 3452 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

00:26:27.0794 3452 KSecPkg - ok

00:26:27.0810 3452 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

00:26:27.0826 3452 ksthunk - ok

00:26:27.0872 3452 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

00:26:27.0872 3452 lltdio - ok

00:26:27.0935 3452 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

00:26:27.0935 3452 LSI_FC - ok

00:26:27.0950 3452 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

00:26:27.0950 3452 LSI_SAS - ok

00:26:27.0982 3452 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

00:26:27.0982 3452 LSI_SAS2 - ok

00:26:27.0997 3452 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

00:26:27.0997 3452 LSI_SCSI - ok

00:26:28.0013 3452 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

00:26:28.0013 3452 luafv - ok

00:26:28.0075 3452 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys

00:26:28.0075 3452 MBAMProtector - ok

00:26:28.0122 3452 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

00:26:28.0122 3452 megasas - ok

00:26:28.0153 3452 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

00:26:28.0153 3452 MegaSR - ok

00:26:28.0184 3452 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

00:26:28.0184 3452 Modem - ok

00:26:28.0231 3452 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

00:26:28.0231 3452 monitor - ok

00:26:28.0262 3452 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys

00:26:28.0262 3452 mouclass - ok

00:26:28.0294 3452 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

00:26:28.0294 3452 mouhid - ok

00:26:28.0340 3452 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

00:26:28.0340 3452 mountmgr - ok

00:26:28.0387 3452 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

00:26:28.0387 3452 mpio - ok

00:26:28.0403 3452 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

00:26:28.0403 3452 mpsdrv - ok

00:26:28.0450 3452 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

00:26:28.0450 3452 MRxDAV - ok

00:26:28.0481 3452 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

00:26:28.0481 3452 mrxsmb - ok

00:26:28.0590 3452 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

00:26:28.0590 3452 mrxsmb10 - ok

00:26:28.0606 3452 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

00:26:28.0606 3452 mrxsmb20 - ok

00:26:28.0653 3452 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

00:26:28.0653 3452 msahci - ok

00:26:28.0668 3452 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

00:26:28.0684 3452 msdsm - ok

00:26:28.0715 3452 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

00:26:28.0715 3452 Msfs - ok

00:26:28.0731 3452 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

00:26:28.0746 3452 mshidkmdf - ok

00:26:28.0777 3452 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

00:26:28.0777 3452 msisadrv - ok

00:26:28.0809 3452 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

00:26:28.0809 3452 MSKSSRV - ok

00:26:28.0840 3452 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

00:26:28.0840 3452 MSPCLOCK - ok

00:26:28.0855 3452 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

00:26:28.0855 3452 MSPQM - ok

00:26:28.0887 3452 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

00:26:28.0887 3452 MsRPC - ok

00:26:28.0933 3452 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

00:26:28.0933 3452 mssmbios - ok

00:26:28.0965 3452 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

00:26:28.0965 3452 MSTEE - ok

00:26:28.0996 3452 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

00:26:28.0996 3452 MTConfig - ok

00:26:29.0027 3452 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys

00:26:29.0027 3452 MTsensor - ok

00:26:29.0043 3452 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

00:26:29.0043 3452 Mup - ok

00:26:29.0089 3452 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

00:26:29.0105 3452 NativeWifiP - ok

00:26:29.0167 3452 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

00:26:29.0167 3452 NDIS - ok

00:26:29.0183 3452 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

00:26:29.0183 3452 NdisCap - ok

00:26:29.0214 3452 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

00:26:29.0230 3452 NdisTapi - ok

00:26:29.0245 3452 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

00:26:29.0245 3452 Ndisuio - ok

00:26:29.0277 3452 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

00:26:29.0277 3452 NdisWan - ok

00:26:29.0308 3452 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

00:26:29.0308 3452 NDProxy - ok

00:26:29.0370 3452 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

00:26:29.0370 3452 NetBIOS - ok

00:26:29.0417 3452 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

00:26:29.0433 3452 NetBT - ok

00:26:29.0511 3452 netr28x (b72bb9496a126fcfc7fc5945ded9b411) C:\Windows\system32\DRIVERS\netr28x.sys

00:26:29.0511 3452 netr28x - ok

00:26:29.0557 3452 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

00:26:29.0557 3452 nfrd960 - ok

00:26:29.0573 3452 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

00:26:29.0573 3452 Npfs - ok

00:26:29.0620 3452 NPPTNT2 - ok

00:26:29.0667 3452 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

00:26:29.0667 3452 nsiproxy - ok

00:26:29.0729 3452 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

00:26:29.0729 3452 Ntfs - ok

00:26:29.0760 3452 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

00:26:29.0760 3452 Null - ok

00:26:29.0807 3452 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

00:26:29.0807 3452 nvraid - ok

00:26:29.0823 3452 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

00:26:29.0823 3452 nvstor - ok

00:26:29.0854 3452 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

00:26:29.0854 3452 nv_agp - ok

00:26:29.0916 3452 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

00:26:29.0916 3452 ohci1394 - ok

00:26:29.0963 3452 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

00:26:29.0963 3452 Parport - ok

00:26:29.0979 3452 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

00:26:29.0979 3452 partmgr - ok

00:26:30.0010 3452 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

00:26:30.0010 3452 pci - ok

00:26:30.0057 3452 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

00:26:30.0057 3452 pciide - ok

00:26:30.0088 3452 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

00:26:30.0088 3452 pcmcia - ok

00:26:30.0119 3452 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

00:26:30.0119 3452 pcw - ok

00:26:30.0150 3452 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

00:26:30.0166 3452 PEAUTH - ok

00:26:30.0259 3452 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

00:26:30.0259 3452 PptpMiniport - ok

00:26:30.0291 3452 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

00:26:30.0291 3452 Processor - ok

00:26:30.0322 3452 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

00:26:30.0337 3452 Psched - ok

00:26:30.0369 3452 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

00:26:30.0384 3452 ql2300 - ok

00:26:30.0447 3452 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

00:26:30.0447 3452 ql40xx - ok

00:26:30.0462 3452 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

00:26:30.0462 3452 QWAVEdrv - ok

00:26:30.0478 3452 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

00:26:30.0478 3452 RasAcd - ok

00:26:30.0493 3452 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

00:26:30.0493 3452 RasAgileVpn - ok

00:26:30.0525 3452 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

00:26:30.0525 3452 Rasl2tp - ok

00:26:30.0603 3452 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

00:26:30.0603 3452 RasPppoe - ok

00:26:30.0618 3452 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

00:26:30.0618 3452 RasSstp - ok

00:26:30.0634 3452 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

00:26:30.0634 3452 rdbss - ok

00:26:30.0649 3452 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

00:26:30.0649 3452 rdpbus - ok

00:26:30.0681 3452 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

00:26:30.0681 3452 RDPCDD - ok

00:26:30.0727 3452 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

00:26:30.0727 3452 RDPENCDD - ok

00:26:30.0743 3452 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

00:26:30.0743 3452 RDPREFMP - ok

00:26:30.0774 3452 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

00:26:30.0774 3452 RDPWD - ok

00:26:30.0821 3452 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

00:26:30.0821 3452 rdyboost - ok

00:26:30.0883 3452 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

00:26:30.0883 3452 rspndr - ok

00:26:30.0930 3452 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys

00:26:30.0946 3452 RTL8167 - ok

00:26:30.0961 3452 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

00:26:30.0961 3452 sbp2port - ok

00:26:30.0977 3452 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

00:26:30.0977 3452 scfilter - ok

00:26:31.0039 3452 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

00:26:31.0039 3452 secdrv - ok

00:26:31.0071 3452 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

00:26:31.0071 3452 Serenum - ok

00:26:31.0102 3452 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

00:26:31.0102 3452 Serial - ok

00:26:31.0117 3452 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

00:26:31.0117 3452 sermouse - ok

00:26:31.0164 3452 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

00:26:31.0164 3452 sffdisk - ok

00:26:31.0195 3452 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

00:26:31.0195 3452 sffp_mmc - ok

00:26:31.0195 3452 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

00:26:31.0195 3452 sffp_sd - ok

00:26:31.0227 3452 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

00:26:31.0227 3452 sfloppy - ok

00:26:31.0273 3452 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

00:26:31.0289 3452 SiSRaid2 - ok

00:26:31.0305 3452 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

00:26:31.0305 3452 SiSRaid4 - ok

00:26:31.0320 3452 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

00:26:31.0320 3452 Smb - ok

00:26:31.0367 3452 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

00:26:31.0367 3452 spldr - ok

00:26:31.0414 3452 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

00:26:31.0414 3452 srv - ok

00:26:31.0461 3452 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

00:26:31.0461 3452 srv2 - ok

00:26:31.0476 3452 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

00:26:31.0476 3452 srvnet - ok

00:26:31.0539 3452 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

00:26:31.0539 3452 stexstor - ok

00:26:31.0570 3452 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

00:26:31.0585 3452 swenum - ok

00:26:31.0632 3452 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

00:26:31.0648 3452 Tcpip - ok

00:26:31.0695 3452 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

00:26:31.0710 3452 TCPIP6 - ok

00:26:31.0741 3452 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

00:26:31.0741 3452 tcpipreg - ok

00:26:31.0773 3452 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

00:26:31.0773 3452 TDPIPE - ok

00:26:31.0788 3452 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

00:26:31.0788 3452 TDTCP - ok

00:26:31.0804 3452 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

00:26:31.0804 3452 tdx - ok

00:26:31.0897 3452 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

00:26:31.0897 3452 TermDD - ok

00:26:31.0929 3452 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

00:26:31.0944 3452 tssecsrv - ok

00:26:31.0960 3452 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

00:26:31.0960 3452 TsUsbFlt - ok

00:26:32.0053 3452 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

00:26:32.0069 3452 tunnel - ok

00:26:32.0085 3452 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

00:26:32.0085 3452 uagp35 - ok

00:26:32.0116 3452 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

00:26:32.0116 3452 udfs - ok

00:26:32.0163 3452 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

00:26:32.0163 3452 uliagpkx - ok

00:26:32.0209 3452 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

00:26:32.0209 3452 umbus - ok

00:26:32.0241 3452 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

00:26:32.0241 3452 UmPass - ok

00:26:32.0287 3452 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys

00:26:32.0287 3452 usbaudio - ok

00:26:32.0334 3452 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

00:26:32.0334 3452 usbccgp - ok

00:26:32.0350 3452 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

00:26:32.0350 3452 usbcir - ok

00:26:32.0365 3452 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

00:26:32.0365 3452 usbehci - ok

00:26:32.0412 3452 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

00:26:32.0412 3452 usbhub - ok

00:26:32.0443 3452 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys

00:26:32.0443 3452 usbohci - ok

00:26:32.0490 3452 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

00:26:32.0490 3452 usbprint - ok

00:26:32.0506 3452 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

00:26:32.0506 3452 USBSTOR - ok

00:26:32.0521 3452 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys

00:26:32.0521 3452 usbuhci - ok

00:26:32.0568 3452 USB_RNDIS_VISTA (d0fe8cb5f84303e73ff0754437fad3d1) C:\Windows\system32\DRIVERS\usb8023.sys

00:26:32.0568 3452 USB_RNDIS_VISTA - ok

00:26:32.0615 3452 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

00:26:32.0615 3452 vdrvroot - ok

00:26:32.0631 3452 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

00:26:32.0631 3452 vga - ok

00:26:32.0631 3452 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

00:26:32.0646 3452 VgaSave - ok

00:26:32.0662 3452 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

00:26:32.0662 3452 vhdmp - ok

00:26:32.0693 3452 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

00:26:32.0693 3452 viaide - ok

00:26:32.0709 3452 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

00:26:32.0709 3452 volmgr - ok

00:26:32.0755 3452 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

00:26:32.0755 3452 volmgrx - ok

00:26:32.0771 3452 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

00:26:32.0787 3452 volsnap - ok

00:26:32.0818 3452 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

00:26:32.0818 3452 vsmraid - ok

00:26:32.0849 3452 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

00:26:32.0849 3452 vwifibus - ok

00:26:32.0896 3452 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

00:26:32.0896 3452 vwififlt - ok

00:26:32.0911 3452 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

00:26:32.0911 3452 WacomPen - ok

00:26:32.0958 3452 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

00:26:32.0958 3452 WANARP - ok

00:26:32.0958 3452 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

00:26:32.0958 3452 Wanarpv6 - ok

00:26:33.0036 3452 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

00:26:33.0036 3452 Wd - ok

00:26:33.0067 3452 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

00:26:33.0067 3452 Wdf01000 - ok

00:26:33.0099 3452 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

00:26:33.0099 3452 WfpLwf - ok

00:26:33.0130 3452 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

00:26:33.0130 3452 WIMMount - ok

00:26:33.0192 3452 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

00:26:33.0192 3452 WinUsb - ok

00:26:33.0208 3452 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

00:26:33.0208 3452 WmiAcpi - ok

00:26:33.0270 3452 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

00:26:33.0270 3452 ws2ifsl - ok

00:26:33.0301 3452 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

00:26:33.0301 3452 WudfPf - ok

00:26:33.0333 3452 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

00:26:33.0333 3452 WUDFRd - ok

00:26:33.0395 3452 X6va003 - ok

00:26:33.0426 3452 MBR (0x1B8) (4976d4a7a40b83fc7f06ee4bdd84eb9b) \Device\Harddisk0\DR0

00:26:33.0489 3452 \Device\Harddisk0\DR0 - ok

00:26:33.0489 3452 Boot (0x1200) (981a1928fb23fc1e673f913c659cbc75) \Device\Harddisk0\DR0\Partition0

00:26:33.0489 3452 \Device\Harddisk0\DR0\Partition0 - ok

00:26:33.0504 3452 Boot (0x1200) (1b2113e8147b731e8356e034bd1547d9) \Device\Harddisk0\DR0\Partition1

00:26:33.0504 3452 \Device\Harddisk0\DR0\Partition1 - ok

00:26:33.0504 3452 ============================================================

00:26:33.0504 3452 Scan finished

00:26:33.0504 3452 ============================================================

00:26:33.0520 3464 Detected object count: 0

00:26:33.0520 3464 Actual detected object count: 0

00:26:46.0764 2120 Deinitialize success

[Larusso]

Go here to run an online scanner from ESET.

• Note: You will need to use Internet explorer for this scan
• Turn off the real time scanner of any existing antivirus program while performing the online scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
• Click Start
• Wait for the scan to finish
• When the scan completes, push
  
• Push , and save the file to your desktop using a unique name.
  
• Push the Back button.
  
• Push Finish

Please post this logfile in your next reply

Please launch DDS

• When done, DDS will open two (2) logs:
  1. DDS.txt
  2. Attach.txt

  [*]Save both reports to your desktop and post both in your next reply

Please post in your next reply

ESET log

dds.txt

attach.txt

[huntibilis]

Here you go.

C:\ProgramData\Microsoft\Windows\DRM\DABE.tmp Win64/Olmarik.AD trojan

C:\ProgramData\Microsoft\Windows\DRM\DACE.tmp Win64/Olmarik.AD trojan

C:\TDSSKiller_Quarantine\03.02.2012_15.45.51\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AWO trojan

C:\TDSSKiller_Quarantine\03.02.2012_15.45.51\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan

C:\TDSSKiller_Quarantine\03.02.2012_15.45.51\mbr0000\tdlfs0000\tsk0002.dta Win32/Olmarik.AWO trojan

C:\TDSSKiller_Quarantine\03.02.2012_15.45.51\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AC trojan

C:\TDSSKiller_Quarantine\03.02.2012_15.45.51\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AWO trojan

C:\TDSSKiller_Quarantine\03.02.2012_15.45.51\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.X trojan

C:\Users\All Users\Microsoft\Windows\DRM\DABE.tmp Win64/Olmarik.AD trojan

C:\Users\All Users\Microsoft\Windows\DRM\DACE.tmp Win64/Olmarik.AD trojan

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514

Run by Admin at 1:40:49 on 2012-02-05

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7055.5275 [GMT -5:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\SysWOW64\svchost.exe -k Akamai

C:\Windows\SysWOW64\AsHookDevice.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\LTONHIS\Touch Manager\SKDaemon.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Users\Admin\AppData\Local\Akamai\netsession_win.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Users\Admin\AppData\Local\Akamai\netsession_win.exe

C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.cfnews13.com/

uInternet Settings,ProxyOverride = 127.0.0.1:9421

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

uRun: [Akamai NetSession Interface] "C:\Users\Admin\AppData\Local\Akamai\netsession_win.exe"

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

mRun: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe

mRun: [ASUS VIBE] C:\Program Files (x86)\ASUS\ASUS VIBE\ASUS VIBE.exe /S

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB

DPF: {530F7E80-690F-438E-8A4F-E6CAECB4B6F3} - hxxp://taste.dvrdns.org/CMSPlugin.cab

DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab

DPF: {6F80BF27-CB16-4589-8C6A-DB422AAB2ED9} - hxxp://taste.dvrdns.org/vcredist_x86.exe

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} - hxxp://www.shockwave.com/content/feedingfrenzy/sis/SproutLauncher.cab

DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} - hxxp://zone.msn.com/bingame/cnma/default/cinematycoon.cab

DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.shockwave.com/content/bejeweled2/sis/popcaploader_v10.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 65.32.5.111 65.32.5.112

TCP: Interfaces\{B115E509-5C33-4517-9410-62410AF08CF7} : DhcpNameServer = 65.32.5.111 65.32.5.112

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

mRun-x64: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe

mRun-x64: [ASUS VIBE] C:\Program Files (x86)\ASUS\ASUS VIBE\ASUS VIBE.exe /S

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

.

============= SERVICES / DRIVERS ===============

.

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]

R2 cpuz133;cpuz133;\??\C:\Windows\system32\drivers\cpuz133_x64.sys --> C:\Windows\system32\drivers\cpuz133_x64.sys [?]

R2 Device Handle Service;Device Handle Service;C:\Windows\SysWOW64\AsHookDevice.exe [2010-4-27 203392]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-2 652360]

R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-4-15 2280312]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-4-27 2314240]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2009-8-5 704864]

S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]

S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USB_RNDIS_VISTA;Westell WireSpeed Dual Connect Modem;C:\Windows\system32\DRIVERS\usb8023.sys --> C:\Windows\system32\DRIVERS\usb8023.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-02-05 06:05:53 -------- d-----w- C:\Program Files (x86)\ESET

2012-02-04 08:37:45 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{90F04104-A7C7-4E7B-86E8-E9B8A5C58A21}\offreg.dll

2012-02-03 21:06:49 -------- d-sh--w- C:\$RECYCLE.BIN

2012-02-03 20:53:02 98816 ----a-w- C:\Windows\sed.exe

2012-02-03 20:53:02 518144 ----a-w- C:\Windows\SWREG.exe

2012-02-03 20:53:02 256000 ----a-w- C:\Windows\PEV.exe

2012-02-03 20:53:02 208896 ----a-w- C:\Windows\MBR.exe

2012-02-03 20:46:12 -------- d-----w- C:\TDSSKiller_Quarantine

2012-02-03 18:49:15 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{90F04104-A7C7-4E7B-86E8-E9B8A5C58A21}\mpengine.dll

2012-02-03 05:36:32 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-02 20:14:16 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll

2012-02-02 20:14:16 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll

2012-02-02 20:14:15 366592 ----a-w- C:\Windows\System32\qdvd.dll

2012-02-02 20:14:15 1572864 ----a-w- C:\Windows\System32\quartz.dll

2012-02-02 20:07:04 1731920 ----a-w- C:\Windows\System32\ntdll.dll

2012-02-02 20:07:04 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll

2012-01-30 20:11:38 -------- d-----w- C:\Users\Admin\AppData\Roaming\Unity

2012-01-25 06:09:52 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\DACE.tmp

2012-01-25 06:09:52 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\DABE.tmp

.

==================== Find3M ====================

.

2012-01-27 05:52:58 279656 ------w- C:\Windows\System32\MpSigStub.exe

2011-12-10 20:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys

2011-11-19 14:58:00 77312 ----a-w- C:\Windows\System32\packager.dll

2011-11-19 14:01:00 67072 ----a-w- C:\Windows\SysWow64\packager.dll

2011-11-17 06:49:14 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2011-11-17 06:49:14 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2011-11-17 06:44:43 459232 ----a-w- C:\Windows\System32\drivers\cng.sys

2011-11-17 06:35:28 395776 ----a-w- C:\Windows\System32\webio.dll

2011-11-17 06:35:26 29184 ----a-w- C:\Windows\System32\sspisrv.dll

2011-11-17 06:35:26 136192 ----a-w- C:\Windows\System32\sspicli.dll

2011-11-17 06:35:25 340992 ----a-w- C:\Windows\System32\schannel.dll

2011-11-17 06:35:25 28160 ----a-w- C:\Windows\System32\secur32.dll

2011-11-17 06:35:19 1447936 ----a-w- C:\Windows\System32\lsasrv.dll

2011-11-17 06:33:55 31232 ----a-w- C:\Windows\System32\lsass.exe

2011-11-17 05:35:02 314880 ----a-w- C:\Windows\SysWow64\webio.dll

2011-11-17 05:34:52 224768 ----a-w- C:\Windows\SysWow64\schannel.dll

2011-11-17 05:34:52 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2011-11-17 05:28:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2011-10-22 11:06:32 68272 ----a-w- C:\Program Files\fraps64.dat

2011-10-22 11:06:32 231600 ----a-w- C:\Program Files\fraps32.dll

2011-10-22 11:06:32 185520 ----a-w- C:\Program Files\fraps64.dll

2011-10-22 11:06:30 2533040 ----a-w- C:\Program Files\fraps.exe

2011-10-22 11:04:34 140288 ----a-w- C:\Program Files\frapslcd.dll

2011-03-08 08:03:37 258352 ----a-w- C:\Program Files\unicows.dll

2011-03-08 08:03:10 372736 ----a-w- C:\Program Files\ijl15.dll

.

============= FINISH: 1:41:04.56 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 9/18/2010 8:10:08 PM

System Uptime: 2/5/2012 12:49:07 AM (1 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | CM5675

Processor: Intel® Core i5 CPU 650 @ 3.20GHz | LGA1156 | 3201/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 373 GiB total, 279.024 GiB free.

D: is FIXED (NTFS) - 545 GiB total, 544.619 GiB free.

E: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {36fc9e60-c465-11cf-8056-444553540000}

Description: Unknown Device

Device ID: USB\VID_0000&PID_0000\6&3AEBB249&0&4

Manufacturer: (Standard USB Host Controller)

Name: Unknown Device

PNP Device ID: USB\VID_0000&PID_0000\6&3AEBB249&0&4

Service:

.

Class GUID: {36fc9e60-c465-11cf-8056-444553540000}

Description: Unknown Device

Device ID: USB\VID_0000&PID_0000\6&3AEBB249&0&5

Manufacturer: (Standard USB Host Controller)

Name: Unknown Device

PNP Device ID: USB\VID_0000&PID_0000\6&3AEBB249&0&5

Service:

.

==== System Restore Points ===================

.

RP249: 2/2/2012 2:53:13 PM - Restore Operation

RP250: 2/2/2012 3:06:46 PM - Windows Update

RP251: 2/2/2012 11:21:20 PM - Removed Adobe Reader X (10.1.1).

RP252: 2/2/2012 11:22:24 PM - Removed Adobe Reader X (10.1.1).

RP253: 2/3/2012 2:26:52 AM - Windows Update

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

2007 Microsoft Office Suite Service Pack 2 (SP2)

Acrobat.com

Advertising Center

AI Manager

Akamai NetSession Interface

Akamai NetSession Interface Service

ASUS Backup Wizard

ASUS VIBE

ASUSUpdate

Bandisoft MPEG-1 Decoder

Big Fish Games: Game Manager

Curse Client

EPU-4 Engine

ESET Online Scanner v3

File Uploader

Fraps (remove only)

Google Talk Plugin

ImagXpress

Intel® Control Center

Intel® Graphics Media Accelerator Driver

Intel® Management Engine Components

Internet TV for Windows Media Center

Island Tribe 2

Java Auto Updater

Java 6 Update 22

Malwarebytes Anti-Malware version 1.60.1.1000

Microsoft .NET Framework 1.1

Microsoft Choice Guard

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Excel 2007 Help Actualización (KB963678)

Microsoft Office Excel MUI (Dutch) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Excel MUI (French) 2007

Microsoft Office Excel MUI (German) 2007

Microsoft Office Excel MUI (Spanish) 2007

Microsoft Office File Validation Add-In

Microsoft Office Home and Student 2007

Microsoft Office Live Add-in 1.3

Microsoft Office OneNote MUI (Dutch) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office OneNote MUI (French) 2007

Microsoft Office OneNote MUI (German) 2007

Microsoft Office OneNote MUI (Spanish) 2007

Microsoft Office Powerpoint 2007 Help Actualización (KB963669)

Microsoft Office PowerPoint MUI (Dutch) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint MUI (French) 2007

Microsoft Office PowerPoint MUI (German) 2007

Microsoft Office PowerPoint MUI (Spanish) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (Arabic) 2007

Microsoft Office Proof (Basque) 2007

Microsoft Office Proof (Catalan) 2007

Microsoft Office Proof (Dutch) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Galician) 2007

Microsoft Office Proof (German) 2007

Microsoft Office Proof (Italian) 2007

Microsoft Office Proof (Portuguese (Brazil)) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (Dutch) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing (French) 2007

Microsoft Office Proofing (German) 2007

Microsoft Office Proofing (Spanish) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Shared MUI (Dutch) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared MUI (French) 2007

Microsoft Office Shared MUI (German) 2007

Microsoft Office Shared MUI (Spanish) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word 2007 Help Actualización (KB963665)

Microsoft Office Word MUI (Dutch) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Office Word MUI (French) 2007

Microsoft Office Word MUI (German) 2007

Microsoft Office Word MUI (Spanish) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft Visual C++ 2005 Redistributable

Microsoft Works

Mise à jour Microsoft Office Excel 2007 Help (KB963678)

Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)

Mise à jour Microsoft Office Word 2007 Help (KB963665)

MSVCRT

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP3 Parser (KB973685)

Nero 9 Essentials

Nero BurnRights

Nero BurnRights Help

Nero ControlCenter

Nero CoverDesigner

Nero CoverDesigner Help

Nero DiscSpeed

Nero DiscSpeed Help

Nero DriveSpeed

Nero DriveSpeed Help

Nero Express Help

Nero InfoTool

Nero InfoTool Help

Nero Installer

Nero Online Upgrade

Nero StartSmart

Nero StartSmart Help

Nero StartSmart OEM

NeroExpress

neroxml

Netflix in Windows Media Center

Nikon Transfer

Pando Media Booster

Picture Control Utility

Realtek Ethernet Controller Driver For Windows Vista and Later

Realtek High Definition Audio Driver

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB2553089)

Security Update for 2007 Microsoft Office System (KB2553090)

Security Update for 2007 Microsoft Office System (KB2584063)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Spelling Dictionaries Support For Adobe Reader 9

TeamViewer 6

Unity Web Player

Update für Microsoft Office Excel 2007 Help (KB963678)

Update für Microsoft Office Powerpoint 2007 Help (KB963669)

Update für Microsoft Office Word 2007 Help (KB963665)

Update for 2007 Microsoft Office System (KB2284654)

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition

Update for Microsoft Office 2007 System (KB2539530)

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Update voor Microsoft Office Excel 2007 Help (KB963678)

Update voor Microsoft Office Powerpoint 2007 Help (KB963669)

Update voor Microsoft Office Word 2007 Help (KB963665)

Ventrilo Client

ViewNX

Windows Live Communications Platform

Windows Live Essentials

Windows Live Movie Maker

Windows Live Photo Gallery

Windows Live Sync

Windows Live Writer

World of Warcraft

Xfire (remove only)

.

==== Event Viewer Messages From Past Week ========

.

2/3/2012 3:58:48 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

2/3/2012 3:58:11 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

2/3/2012 3:52:48 PM, Error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

2/2/2012 3:01:43 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Akamai NetSession Interface service, but this action failed with the following error: An instance of the service is already running.

2/2/2012 1:26:31 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8a0007ff000, 0x0000000000000000, 0xfffff80002ece38e, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 020212-17472-01.

1/30/2012 12:11:06 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8a000ffa000, 0x0000000000000000, 0xfffff80002f2638e, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 013012-15990-01.

.

==== End Of File ===========================

[huntibilis]

So just after I finished posting the logs you asked for the computer freaked out on me. about 20 windows poped up all the same, and then one saying there was a issue with my hard drive that needed to be fixed before I used the computer again. I didnt click any thing forced a shutdown, rebooted and it still did the same thing with everything appearing to be gone/missing from the computer. I rebooted in safemode ran MBAM quick scan and attempted to remove what it found and reboot. It seems it was all quarantined. The windows did not come up this time but everything still seems to be gone! I have a black screen for a desktop and my trashbin/MBAM with all programs in the start menu seeming to be gone. I was only able to open IE using the MBAM online link to get the window to open. So if anyone even if it is not the person who was originaly helping me can do anything please do!

[huntibilis]

I just spoke with with a MBAM admin, and was told I should not have changed/scanned/fixed anything without your say so Daniel. So I just wanted to say im sorry if I messed anything up in advance, I freaked out when that all happened and am not used to having someone to help with issues. I jumped the gun, but am now waiting for your advice.

[Larusso]

Hy there,

Sorry to hear that you still have problems

Are you able to run in Normalmode now ?

Please re-run TDSSKiller. This time click on Change Parameters --> Check Detect TDLFS Filesystem and Verify driver digital signatures --> Click Start Scan.

Let it run uninterrupted.

When done, ensure Cure is selected.

If Cure is not an option, choose skip.

Please post the created Logfile in your next reply.

Please also post the MBAM Log from your last run where I can see the deleted detections. Looks like something hides itself from us.

[huntibilis]

Yes im running in normal mode, but every program on the computer seems to be missing besides MBAM, thank god because that is how i got IE to open using the link from that. here is what i call pull together from the empty shell i seem to be left with.

Malwarebytes Anti-Malware (PRO) 1.60.1.1000

www.malwarebytes.org

Database version: v2012.02.04.02

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)

Internet Explorer 8.0.7601.17514

Admin :: ADMIN-PC [administrator]

Protection: Disabled

2/5/2012 2:06:34 AM

mbam-log-2012-02-05 (02-06-34).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 186482

Time elapsed: 2 minute(s), 1 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|vkAHVCUBeFA.exe (Trojan.FakeAlert) -> Data: C:\ProgramData\vkAHVCUBeFA.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 2

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 0

(No malicious items detected)

Files Detected: 2

C:\ProgramData\vkAHVCUBeFA.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Users\Admin\AppData\Local\Temp\pb8ZG2raInFj03.exe.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

(end)

2012/02/05 01:01:24 -0500 ADMIN-PC Admin MESSAGE Starting protection

2012/02/05 01:01:26 -0500 ADMIN-PC Admin MESSAGE Protection started successfully

2012/02/05 01:01:29 -0500 ADMIN-PC Admin MESSAGE Starting IP protection

2012/02/05 01:01:29 -0500 ADMIN-PC Admin MESSAGE IP Protection started successfully

2012/02/05 01:01:37 -0500 ADMIN-PC Admin IP-BLOCK 194.54.81.86 (Type: outgoing, Port: 49166, Process: teamviewer_service.exe)

2012/02/05 01:01:37 -0500 ADMIN-PC Admin IP-BLOCK 194.54.81.86 (Type: outgoing, Port: 51703, Process: teamviewer_service.exe)

2012/02/05 01:01:37 -0500 ADMIN-PC Admin IP-BLOCK 194.54.81.86 (Type: outgoing, Port: 51708, Process: teamviewer_service.exe)

2012/02/05 01:01:37 -0500 ADMIN-PC Admin IP-BLOCK 194.54.81.86 (Type: outgoing, Port: 51713, Process: teamviewer_service.exe)

2012/02/05 01:01:45 -0500 ADMIN-PC Admin IP-BLOCK 194.54.81.86 (Type: outgoing, Port: 51731, Process: teamviewer_service.exe)

2012/02/05 01:01:45 -0500 ADMIN-PC Admin IP-BLOCK 194.54.81.86 (Type: outgoing, Port: 51749, Process: teamviewer_service.exe)

2012/02/05 01:01:45 -0500 ADMIN-PC Admin IP-BLOCK 194.54.81.86 (Type: outgoing, Port: 51759, Process: teamviewer_service.exe)

2012/02/05 01:01:45 -0500 ADMIN-PC Admin IP-BLOCK 194.54.81.86 (Type: outgoing, Port: 51760, Process: teamviewer_service.exe)

2012/02/05 01:01:45 -0500 ADMIN-PC Admin IP-BLOCK 194.54.81.86 (Type: outgoing, Port: 51761, Process: teamviewer_service.exe)

2012/02/05 01:50:03 -0500 ADMIN-PC Admin DETECTION C:\Users\Admin\AppData\Local\Temp\fylhenx.exe Trojan.FakeAlert ALLOW

2012/02/05 01:53:09 -0500 ADMIN-PC Admin DETECTION C:\ProgramData\vkAHVCUBeFA.exe Trojan.FakeAlert ALLOW

2012/02/05 01:53:28 -0500 ADMIN-PC Admin IP-BLOCK 31.44.184.49 (Type: outgoing, Port: 64145, Process: fylhenx.exe)

2012/02/05 01:53:29 -0500 ADMIN-PC Admin IP-BLOCK 31.44.184.49 (Type: outgoing, Port: 64146, Process: fylhenx.exe)

2012/02/05 02:12:33 -0500 ADMIN-PC Admin MESSAGE Starting protection

2012/02/05 02:12:34 -0500 ADMIN-PC Admin MESSAGE Protection started successfully

2012/02/05 02:12:37 -0500 ADMIN-PC Admin MESSAGE Starting IP protection

2012/02/05 02:12:38 -0500 ADMIN-PC Admin MESSAGE IP Protection started successfully

TDSS also seems to be gone so i went to your link and DL it again, but it wont show up in the start menu or on a search, also i wanted to save it to the desktop, but that didnt show up as a option. I had to choose to open it from the install since i could not find it or save it to the desktop, not sure if thats important.

06:25:56.0863 2892 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49

06:25:57.0160 2892 ============================================================

06:25:57.0160 2892 Current date / time: 2012/02/05 06:25:57.0160

06:25:57.0160 2892 SystemInfo:

06:25:57.0160 2892

06:25:57.0160 2892 OS Version: 6.1.7601 ServicePack: 1.0

06:25:57.0160 2892 Product type: Workstation

06:25:57.0160 2892 ComputerName: ADMIN-PC

06:25:57.0160 2892 UserName: Admin

06:25:57.0160 2892 Windows directory: C:\Windows

06:25:57.0160 2892 System windows directory: C:\Windows

06:25:57.0160 2892 Running under WOW64

06:25:57.0160 2892 Processor architecture: Intel x64

06:25:57.0160 2892 Number of processors: 4

06:25:57.0160 2892 Page size: 0x1000

06:25:57.0160 2892 Boot type: Normal boot

06:25:57.0160 2892 ============================================================

06:25:57.0784 2892 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

06:25:57.0784 2892 \Device\Harddisk0\DR0:

06:25:57.0784 2892 MBR used

06:25:57.0784 2892 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1C5E800, BlocksNum 0x2E935000

06:25:57.0784 2892 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x30593800, BlocksNum 0x44172800

06:25:57.0830 2892 Initialize success

06:25:57.0830 2892 ============================================================

07:39:10.0096 1472 ============================================================

07:39:10.0096 1472 Scan started

07:39:10.0096 1472 Mode: Manual; SigCheck; TDLFS;

07:39:10.0096 1472 ============================================================

07:39:10.0393 1472 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

07:39:10.0486 1472 1394ohci - ok

07:39:10.0564 1472 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

07:39:10.0564 1472 ACPI - ok

07:39:10.0627 1472 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

07:39:10.0673 1472 AcpiPmi - ok

07:39:10.0736 1472 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

07:39:10.0751 1472 adp94xx - ok

07:39:10.0798 1472 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

07:39:10.0814 1472 adpahci - ok

07:39:10.0829 1472 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

07:39:10.0829 1472 adpu320 - ok

07:39:10.0876 1472 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys

07:39:10.0923 1472 AFD - ok

07:39:10.0985 1472 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

07:39:11.0001 1472 agp440 - ok

07:39:11.0063 1472 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

07:39:11.0063 1472 aliide - ok

07:39:11.0126 1472 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

07:39:11.0141 1472 amdide - ok

07:39:11.0173 1472 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

07:39:11.0204 1472 AmdK8 - ok

07:39:11.0251 1472 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

07:39:11.0282 1472 AmdPPM - ok

07:39:11.0329 1472 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

07:39:11.0329 1472 amdsata - ok

07:39:11.0360 1472 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

07:39:11.0375 1472 amdsbs - ok

07:39:11.0422 1472 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

07:39:11.0422 1472 amdxata - ok

07:39:11.0453 1472 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

07:39:11.0563 1472 AppID - ok

07:39:11.0625 1472 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

07:39:11.0641 1472 arc - ok

07:39:11.0656 1472 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

07:39:11.0656 1472 arcsas - ok

07:39:11.0672 1472 AsIO - ok

07:39:11.0687 1472 AsUpIO - ok

07:39:11.0750 1472 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

07:39:11.0843 1472 AsyncMac - ok

07:39:11.0906 1472 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

07:39:11.0906 1472 atapi - ok

07:39:11.0968 1472 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

07:39:11.0984 1472 b06bdrv - ok

07:39:12.0046 1472 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

07:39:12.0077 1472 b57nd60a - ok

07:39:12.0109 1472 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

07:39:12.0155 1472 Beep - ok

07:39:12.0218 1472 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

07:39:12.0233 1472 blbdrive - ok

07:39:12.0280 1472 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

07:39:12.0311 1472 bowser - ok

07:39:12.0374 1472 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

07:39:12.0421 1472 BrFiltLo - ok

07:39:12.0421 1472 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

07:39:12.0452 1472 BrFiltUp - ok

07:39:12.0530 1472 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys

07:39:12.0577 1472 BridgeMP - ok

07:39:12.0608 1472 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

07:39:12.0623 1472 Brserid - ok

07:39:12.0639 1472 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

07:39:12.0670 1472 BrSerWdm - ok

07:39:12.0733 1472 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

07:39:12.0748 1472 BrUsbMdm - ok

07:39:12.0764 1472 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

07:39:12.0795 1472 BrUsbSer - ok

07:39:12.0811 1472 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

07:39:12.0811 1472 BTHMODEM - ok

07:39:12.0842 1472 catchme - ok

07:39:12.0889 1472 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

07:39:12.0935 1472 cdfs - ok

07:39:12.0967 1472 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

07:39:12.0998 1472 cdrom - ok

07:39:13.0076 1472 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

07:39:13.0091 1472 circlass - ok

07:39:13.0123 1472 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

07:39:13.0123 1472 CLFS - ok

07:39:13.0169 1472 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

07:39:13.0201 1472 CmBatt - ok

07:39:13.0263 1472 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

07:39:13.0263 1472 cmdide - ok

07:39:13.0294 1472 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

07:39:13.0310 1472 CNG - ok

07:39:13.0325 1472 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

07:39:13.0341 1472 Compbatt - ok

07:39:13.0419 1472 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

07:39:13.0450 1472 CompositeBus - ok

07:39:13.0528 1472 cpuz133 (95c88d25e211a4d52a82c53e5d93e634) C:\Windows\system32\drivers\cpuz133_x64.sys

07:39:13.0559 1472 cpuz133 - ok

07:39:13.0591 1472 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

07:39:13.0606 1472 crcdisk - ok

07:39:13.0684 1472 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

07:39:13.0715 1472 DfsC - ok

07:39:13.0778 1472 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

07:39:13.0809 1472 discache - ok

07:39:13.0871 1472 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

07:39:13.0871 1472 Disk - ok

07:39:13.0934 1472 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

07:39:13.0949 1472 drmkaud - ok

07:39:13.0981 1472 dump_wmimmc - ok

07:39:14.0027 1472 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

07:39:14.0043 1472 DXGKrnl - ok

07:39:14.0090 1472 EagleX64 - ok

07:39:14.0152 1472 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

07:39:14.0215 1472 ebdrv - ok

07:39:14.0308 1472 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

07:39:14.0324 1472 elxstor - ok

07:39:14.0339 1472 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

07:39:14.0371 1472 ErrDev - ok

07:39:14.0449 1472 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

07:39:14.0480 1472 exfat - ok

07:39:14.0511 1472 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

07:39:14.0558 1472 fastfat - ok

07:39:14.0620 1472 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

07:39:14.0651 1472 fdc - ok

07:39:14.0683 1472 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

07:39:14.0698 1472 FileInfo - ok

07:39:14.0698 1472 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

07:39:14.0745 1472 Filetrace - ok

07:39:14.0807 1472 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

07:39:14.0807 1472 flpydisk - ok

07:39:14.0839 1472 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

07:39:14.0854 1472 FltMgr - ok

07:39:14.0870 1472 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

07:39:14.0870 1472 FsDepends - ok

07:39:14.0901 1472 fssfltr (53dab1791917a72738539ad25c4eed7f) C:\Windows\system32\DRIVERS\fssfltr.sys

07:39:14.0917 1472 fssfltr - ok

07:39:14.0979 1472 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

07:39:14.0979 1472 Fs_Rec - ok

07:39:15.0010 1472 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

07:39:15.0010 1472 fvevol - ok

07:39:15.0041 1472 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

07:39:15.0057 1472 gagp30kx - ok

07:39:15.0073 1472 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

07:39:15.0088 1472 hcw85cir - ok

07:39:15.0197 1472 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

07:39:15.0213 1472 HdAudAddService - ok

07:39:15.0244 1472 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

07:39:15.0260 1472 HDAudBus - ok

07:39:15.0338 1472 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys

07:39:15.0338 1472 HECIx64 - ok

07:39:15.0353 1472 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

07:39:15.0353 1472 HidBatt - ok

07:39:15.0369 1472 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

07:39:15.0400 1472 HidBth - ok

07:39:15.0463 1472 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

07:39:15.0478 1472 HidIr - ok

07:39:15.0509 1472 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys

07:39:15.0525 1472 HidUsb - ok

07:39:15.0572 1472 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

07:39:15.0587 1472 HpSAMD - ok

07:39:15.0665 1472 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

07:39:15.0712 1472 HTTP - ok

07:39:15.0728 1472 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

07:39:15.0743 1472 hwpolicy - ok

07:39:15.0759 1472 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

07:39:15.0775 1472 i8042prt - ok

07:39:15.0821 1472 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

07:39:15.0837 1472 iaStorV - ok

07:39:16.0024 1472 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys

07:39:16.0243 1472 igfx - ok

07:39:16.0305 1472 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

07:39:16.0321 1472 iirsp - ok

07:39:16.0367 1472 IntcAzAudAddService (f04d22d7a49a1b2210dbadf0b803e870) C:\Windows\system32\drivers\RTKVHD64.sys

07:39:16.0399 1472 IntcAzAudAddService - ok

07:39:16.0414 1472 IntcDAud (49072edbc5c2f964917d1b585c90ed0a) C:\Windows\system32\DRIVERS\IntcDAud.sys

07:39:16.0445 1472 IntcDAud - ok

07:39:16.0508 1472 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

07:39:16.0508 1472 intelide - ok

07:39:16.0539 1472 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

07:39:16.0555 1472 intelppm - ok

07:39:16.0586 1472 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

07:39:16.0633 1472 IpFilterDriver - ok

07:39:16.0695 1472 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

07:39:16.0695 1472 IPMIDRV - ok

07:39:16.0726 1472 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

07:39:16.0757 1472 IPNAT - ok

07:39:16.0773 1472 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

07:39:16.0789 1472 IRENUM - ok

07:39:16.0820 1472 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

07:39:16.0820 1472 isapnp - ok

07:39:16.0882 1472 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

07:39:16.0882 1472 iScsiPrt - ok

07:39:16.0960 1472 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

07:39:16.0976 1472 kbdclass - ok

07:39:17.0054 1472 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

07:39:17.0085 1472 kbdhid - ok

07:39:17.0116 1472 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

07:39:17.0132 1472 KSecDD - ok

07:39:17.0163 1472 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

07:39:17.0179 1472 KSecPkg - ok

07:39:17.0210 1472 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

07:39:17.0257 1472 ksthunk - ok

07:39:17.0319 1472 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

07:39:17.0366 1472 lltdio - ok

07:39:17.0428 1472 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

07:39:17.0428 1472 LSI_FC - ok

07:39:17.0475 1472 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

07:39:17.0475 1472 LSI_SAS - ok

07:39:17.0491 1472 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

07:39:17.0506 1472 LSI_SAS2 - ok

07:39:17.0506 1472 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

07:39:17.0522 1472 LSI_SCSI - ok

07:39:17.0537 1472 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

07:39:17.0584 1472 luafv - ok

07:39:17.0647 1472 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys

07:39:17.0647 1472 MBAMProtector - ok

07:39:17.0693 1472 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

07:39:17.0709 1472 megasas - ok

07:39:17.0709 1472 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

07:39:17.0725 1472 MegaSR - ok

07:39:17.0740 1472 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

07:39:17.0771 1472 Modem - ok

07:39:17.0818 1472 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

07:39:17.0849 1472 monitor - ok

07:39:17.0896 1472 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys

07:39:17.0912 1472 mouclass - ok

07:39:17.0959 1472 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

07:39:17.0974 1472 mouhid - ok

07:39:18.0037 1472 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

07:39:18.0052 1472 mountmgr - ok

07:39:18.0068 1472 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

07:39:18.0068 1472 mpio - ok

07:39:18.0115 1472 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

07:39:18.0161 1472 mpsdrv - ok

07:39:18.0208 1472 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

07:39:18.0224 1472 MRxDAV - ok

07:39:18.0255 1472 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

07:39:18.0286 1472 mrxsmb - ok

07:39:18.0333 1472 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

07:39:18.0364 1472 mrxsmb10 - ok

07:39:18.0395 1472 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

07:39:18.0411 1472 mrxsmb20 - ok

07:39:18.0442 1472 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

07:39:18.0442 1472 msahci - ok

07:39:18.0489 1472 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

07:39:18.0505 1472 msdsm - ok

07:39:18.0536 1472 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

07:39:18.0567 1472 Msfs - ok

07:39:18.0583 1472 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

07:39:18.0629 1472 mshidkmdf - ok

07:39:18.0676 1472 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

07:39:18.0692 1472 msisadrv - ok

07:39:18.0723 1472 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

07:39:18.0770 1472 MSKSSRV - ok

07:39:18.0785 1472 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

07:39:18.0832 1472 MSPCLOCK - ok

07:39:18.0832 1472 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

07:39:18.0863 1472 MSPQM - ok

07:39:18.0926 1472 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

07:39:18.0926 1472 MsRPC - ok

07:39:18.0973 1472 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

07:39:18.0973 1472 mssmbios - ok

07:39:19.0004 1472 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

07:39:19.0035 1472 MSTEE - ok

07:39:19.0082 1472 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

07:39:19.0113 1472 MTConfig - ok

07:39:19.0160 1472 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys

07:39:19.0175 1472 MTsensor - ok

07:39:19.0191 1472 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

07:39:19.0191 1472 Mup - ok

07:39:19.0253 1472 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

07:39:19.0269 1472 NativeWifiP - ok

07:39:19.0347 1472 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

07:39:19.0363 1472 NDIS - ok

07:39:19.0409 1472 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

07:39:19.0441 1472 NdisCap - ok

07:39:19.0472 1472 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

07:39:19.0519 1472 NdisTapi - ok

07:39:19.0534 1472 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

07:39:19.0581 1472 Ndisuio - ok

07:39:19.0643 1472 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

07:39:19.0675 1472 NdisWan - ok

07:39:19.0721 1472 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

07:39:19.0753 1472 NDProxy - ok

07:39:19.0846 1472 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

07:39:19.0877 1472 NetBIOS - ok

07:39:19.0940 1472 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

07:39:19.0955 1472 NetBT - ok

07:39:20.0033 1472 netr28x (b72bb9496a126fcfc7fc5945ded9b411) C:\Windows\system32\DRIVERS\netr28x.sys

07:39:20.0049 1472 netr28x - ok

07:39:20.0096 1472 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

07:39:20.0096 1472 nfrd960 - ok

07:39:20.0143 1472 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

07:39:20.0174 1472 Npfs - ok

07:39:20.0236 1472 NPPTNT2 - ok

07:39:20.0252 1472 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

07:39:20.0299 1472 nsiproxy - ok

07:39:20.0361 1472 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

07:39:20.0392 1472 Ntfs - ok

07:39:20.0408 1472 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

07:39:20.0455 1472 Null - ok

07:39:20.0501 1472 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

07:39:20.0517 1472 nvraid - ok

07:39:20.0548 1472 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

07:39:20.0548 1472 nvstor - ok

07:39:20.0579 1472 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

07:39:20.0579 1472 nv_agp - ok

07:39:20.0611 1472 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

07:39:20.0642 1472 ohci1394 - ok

07:39:20.0735 1472 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

07:39:20.0751 1472 Parport - ok

07:39:20.0782 1472 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

07:39:20.0798 1472 partmgr - ok

07:39:20.0813 1472 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

07:39:20.0829 1472 pci - ok

07:39:20.0860 1472 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

07:39:20.0876 1472 pciide - ok

07:39:20.0891 1472 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

07:39:20.0907 1472 pcmcia - ok

07:39:20.0923 1472 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

07:39:20.0923 1472 pcw - ok

07:39:20.0938 1472 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

07:39:20.0985 1472 PEAUTH - ok

07:39:21.0094 1472 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

07:39:21.0141 1472 PptpMiniport - ok

07:39:21.0157 1472 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

07:39:21.0172 1472 Processor - ok

07:39:21.0219 1472 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

07:39:21.0266 1472 Psched - ok

07:39:21.0359 1472 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

07:39:21.0391 1472 ql2300 - ok

07:39:21.0422 1472 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

07:39:21.0422 1472 ql40xx - ok

07:39:21.0437 1472 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

07:39:21.0469 1472 QWAVEdrv - ok

07:39:21.0531 1472 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

07:39:21.0562 1472 RasAcd - ok

07:39:21.0578 1472 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

07:39:21.0625 1472 RasAgileVpn - ok

07:39:21.0656 1472 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

07:39:21.0703 1472 Rasl2tp - ok

07:39:21.0765 1472 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

07:39:21.0812 1472 RasPppoe - ok

07:39:21.0843 1472 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

07:39:21.0890 1472 RasSstp - ok

07:39:21.0905 1472 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

07:39:21.0952 1472 rdbss - ok

07:39:22.0015 1472 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

07:39:22.0046 1472 rdpbus - ok

07:39:22.0077 1472 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

07:39:22.0124 1472 RDPCDD - ok

07:39:22.0139 1472 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

07:39:22.0171 1472 RDPENCDD - ok

07:39:22.0233 1472 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

07:39:22.0264 1472 RDPREFMP - ok

07:39:22.0295 1472 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

07:39:22.0311 1472 RDPWD - ok

07:39:22.0358 1472 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

07:39:22.0373 1472 rdyboost - ok

07:39:22.0436 1472 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

07:39:22.0467 1472 rspndr - ok

07:39:22.0498 1472 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys

07:39:22.0498 1472 RTL8167 - ok

07:39:22.0529 1472 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

07:39:22.0529 1472 sbp2port - ok

07:39:22.0561 1472 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

07:39:22.0592 1472 scfilter - ok

07:39:22.0670 1472 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

07:39:22.0701 1472 secdrv - ok

07:39:22.0732 1472 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

07:39:22.0763 1472 Serenum - ok

07:39:22.0826 1472 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

07:39:22.0857 1472 Serial - ok

07:39:22.0888 1472 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

07:39:22.0904 1472 sermouse - ok

07:39:22.0935 1472 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

07:39:22.0951 1472 sffdisk - ok

07:39:22.0997 1472 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

07:39:23.0029 1472 sffp_mmc - ok

07:39:23.0044 1472 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

07:39:23.0060 1472 sffp_sd - ok

07:39:23.0075 1472 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

07:39:23.0091 1472 sfloppy - ok

07:39:23.0169 1472 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

07:39:23.0169 1472 SiSRaid2 - ok

07:39:23.0185 1472 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

07:39:23.0185 1472 SiSRaid4 - ok

07:39:23.0231 1472 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

07:39:23.0263 1472 Smb - ok

07:39:23.0325 1472 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

07:39:23.0341 1472 spldr - ok

07:39:23.0372 1472 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

07:39:23.0403 1472 srv - ok

07:39:23.0419 1472 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

07:39:23.0434 1472 srv2 - ok

07:39:23.0481 1472 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

07:39:23.0497 1472 srvnet - ok

07:39:23.0528 1472 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

07:39:23.0528 1472 stexstor - ok

07:39:23.0559 1472 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

07:39:23.0559 1472 swenum - ok

07:39:23.0621 1472 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

07:39:23.0653 1472 Tcpip - ok

07:39:23.0699 1472 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

07:39:23.0731 1472 TCPIP6 - ok

07:39:23.0762 1472 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

07:39:23.0793 1472 tcpipreg - ok

07:39:23.0809 1472 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

07:39:23.0840 1472 TDPIPE - ok

07:39:23.0855 1472 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

07:39:23.0902 1472 TDTCP - ok

07:39:23.0933 1472 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

07:39:23.0965 1472 tdx - ok

07:39:24.0058 1472 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

07:39:24.0074 1472 TermDD - ok

07:39:24.0089 1472 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

07:39:24.0136 1472 tssecsrv - ok

07:39:24.0167 1472 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

07:39:24.0183 1472 TsUsbFlt - ok

07:39:24.0261 1472 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

07:39:24.0292 1472 tunnel - ok

07:39:24.0323 1472 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

07:39:24.0323 1472 uagp35 - ok

07:39:24.0355 1472 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

07:39:24.0386 1472 udfs - ok

07:39:24.0448 1472 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

07:39:24.0464 1472 uliagpkx - ok

07:39:24.0479 1472 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

07:39:24.0495 1472 umbus - ok

07:39:24.0526 1472 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

07:39:24.0557 1472 UmPass - ok

07:39:24.0635 1472 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys

07:39:24.0651 1472 usbaudio - ok

07:39:24.0667 1472 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

07:39:24.0682 1472 usbccgp - ok

07:39:24.0713 1472 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

07:39:24.0729 1472 usbcir - ok

07:39:24.0791 1472 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

07:39:24.0823 1472 usbehci - ok

07:39:24.0854 1472 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

07:39:24.0869 1472 usbhub - ok

07:39:24.0947 1472 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys

07:39:24.0963 1472 usbohci - ok

07:39:24.0979 1472 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

07:39:25.0010 1472 usbprint - ok

07:39:25.0025 1472 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

07:39:25.0057 1472 USBSTOR - ok

07:39:25.0119 1472 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys

07:39:25.0150 1472 usbuhci - ok

07:39:25.0166 1472 USB_RNDIS_VISTA (d0fe8cb5f84303e73ff0754437fad3d1) C:\Windows\system32\DRIVERS\usb8023.sys

07:39:25.0213 1472 USB_RNDIS_VISTA - ok

07:39:25.0244 1472 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

07:39:25.0244 1472 vdrvroot - ok

07:39:25.0306 1472 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

07:39:25.0322 1472 vga - ok

07:39:25.0337 1472 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

07:39:25.0369 1472 VgaSave - ok

07:39:25.0462 1472 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

07:39:25.0462 1472 vhdmp - ok

07:39:25.0493 1472 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

07:39:25.0493 1472 viaide - ok

07:39:25.0525 1472 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

07:39:25.0525 1472 volmgr - ok

07:39:25.0556 1472 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

07:39:25.0571 1472 volmgrx - ok

07:39:25.0603 1472 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

07:39:25.0603 1472 volsnap - ok

07:39:25.0649 1472 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

07:39:25.0649 1472 vsmraid - ok

07:39:25.0681 1472 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

07:39:25.0712 1472 vwifibus - ok

07:39:25.0743 1472 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

07:39:25.0774 1472 vwififlt - ok

07:39:25.0805 1472 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

07:39:25.0821 1472 WacomPen - ok

07:39:25.0883 1472 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

07:39:25.0915 1472 WANARP - ok

07:39:25.0915 1472 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

07:39:25.0946 1472 Wanarpv6 - ok

07:39:25.0993 1472 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

07:39:25.0993 1472 Wd - ok

07:39:26.0024 1472 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

07:39:26.0039 1472 Wdf01000 - ok

07:39:26.0086 1472 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

07:39:26.0133 1472 WfpLwf - ok

07:39:26.0164 1472 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

07:39:26.0180 1472 WIMMount - ok

07:39:26.0227 1472 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

07:39:26.0242 1472 WinUsb - ok

07:39:26.0289 1472 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

07:39:26.0305 1472 WmiAcpi - ok

07:39:26.0367 1472 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

07:39:26.0398 1472 ws2ifsl - ok

07:39:26.0445 1472 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

07:39:26.0476 1472 WudfPf - ok

07:39:26.0507 1472 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

07:39:26.0539 1472 WUDFRd - ok

07:39:26.0601 1472 X6va003 - ok

07:39:26.0632 1472 MBR (0x1B8) (4976d4a7a40b83fc7f06ee4bdd84eb9b) \Device\Harddisk0\DR0

07:39:26.0741 1472 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

07:39:26.0741 1472 \Device\Harddisk0\DR0 - detected TDSS File System (1)

07:39:26.0741 1472 Boot (0x1200) (981a1928fb23fc1e673f913c659cbc75) \Device\Harddisk0\DR0\Partition0

07:39:26.0741 1472 \Device\Harddisk0\DR0\Partition0 - ok

07:39:26.0773 1472 Boot (0x1200) (1b2113e8147b731e8356e034bd1547d9) \Device\Harddisk0\DR0\Partition1

07:39:26.0773 1472 \Device\Harddisk0\DR0\Partition1 - ok

07:39:26.0773 1472 ============================================================

07:39:26.0773 1472 Scan finished

07:39:26.0773 1472 ============================================================

07:39:26.0773 3152 Detected object count: 1

07:39:26.0773 3152 Actual detected object count: 1

07:39:48.0722 3152 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

07:39:48.0722 3152 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

[Larusso]

Sounds odd but we will fix it.

Please download unhide by grinler.

Double click on the program to start the unhide process.

Once done a window will pop and let you know the tool has completed its job.

Please rerun TDSSK with the changed parameters. This time choose delete.

TDSSKiller will ask to reboot your system.If not, please manually reboot.

After the reboot run Combofix.exe immediately and follow the prompts and post the C:\Combofix.txt in your next reply

[huntibilis]

The system seems to have regained files but the computer as a whole is still not the same as before. Here is the log you asked for.

ComboFix 12-02-03.02 - Admin 02/06/2012 2:25.2.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7055.5700 [GMT -5:00]

Running from: c:\users\Admin\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Admin\unhide.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-01-06 to 2012-02-06 )))))))))))))))))))))))))))))))

.

.

2012-02-06 07:30 . 2012-02-06 07:30 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-02-05 11:18 . 2012-02-05 11:25 2059312 ----a-w- C:\tdsskiller.exe

2012-02-05 06:05 . 2012-02-05 06:05 -------- d-----w- c:\program files (x86)\ESET

2012-02-04 08:37 . 2012-02-05 09:20 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{90F04104-A7C7-4E7B-86E8-E9B8A5C58A21}\offreg.dll

2012-02-03 20:46 . 2012-02-06 07:19 -------- d-----w- C:\TDSSKiller_Quarantine

2012-02-03 18:49 . 2012-01-17 09:39 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{90F04104-A7C7-4E7B-86E8-E9B8A5C58A21}\mpengine.dll

2012-02-03 05:36 . 2012-02-03 05:36 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-02 20:14 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2012-02-02 20:14 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll

2012-02-02 20:14 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll

2012-02-02 20:14 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll

2012-02-02 20:07 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll

2012-02-02 20:07 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll

2012-01-30 20:11 . 2012-01-30 20:11 -------- d-----w- c:\users\Admin\AppData\Roaming\Unity

2012-01-28 00:00 . 2012-01-28 00:00 -------- d-----w- c:\windows\Sun

2012-01-25 06:09 . 2012-01-25 06:09 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\DACE.tmp

2012-01-25 06:09 . 2012-01-25 06:09 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\DABE.tmp

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-27 05:52 . 2010-09-19 00:25 279656 ------w- c:\windows\system32\MpSigStub.exe

2011-12-10 20:24 . 2010-09-19 01:01 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-24 04:52 . 2011-12-15 18:16 3145216 ----a-w- c:\windows\system32\win32k.sys

2011-10-22 11:06 . 2011-10-22 11:06 68272 ----a-w- c:\program files\fraps64.dat

2011-10-22 11:06 . 2011-10-22 11:06 231600 ----a-w- c:\program files\fraps32.dll

2011-10-22 11:06 . 2011-10-22 11:06 185520 ----a-w- c:\program files\fraps64.dll

2011-10-22 11:06 . 2011-10-22 11:06 2533040 ----a-w- c:\program files\fraps.exe

2011-10-22 11:04 . 2011-10-22 11:04 140288 ----a-w- c:\program files\frapslcd.dll

2011-03-08 08:03 . 2011-03-08 06:19 258352 ----a-w- c:\program files\unicows.dll

2011-03-08 08:03 . 2011-03-08 06:19 372736 ----a-w- c:\program files\ijl15.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-02-03_21.00.25 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-08-05 18:23 . 2012-02-06 07:22 48856 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-02-06 07:22 35776 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-09-19 00:31 . 2012-02-06 07:22 16508 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3037155534-168446356-2890161075-1001_UserData.bin

- 2010-09-19 02:04 . 2012-02-03 09:26 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-09-19 02:04 . 2012-02-06 07:24 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-09-19 02:04 . 2012-02-03 09:26 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2010-09-19 02:04 . 2012-02-06 07:24 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-02-06 07:24 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2012-02-03 09:26 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-09-19 00:30 . 2012-02-06 08:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-09-19 00:30 . 2012-02-03 20:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-09-19 00:30 . 2012-02-06 08:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2010-09-19 00:30 . 2012-02-03 20:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2012-02-04 02:30 . 2012-02-04 02:30 54784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\6c13d7fb161ed4d7da730a70375b07c9\System.Web.DynamicData.Design.ni.dll

+ 2012-02-04 02:22 . 2012-02-04 02:22 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\94787ab3efcc074396a60ff3d83edf78\System.Web.DynamicData.Design.ni.dll

+ 2010-10-13 01:55 . 2012-02-03 21:04 3450 c:\windows\system32\wdi\ERCQueuedResolutions.dat

- 2012-02-03 20:59 . 2012-02-03 20:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-02-06 07:31 . 2012-02-06 07:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-02-03 20:59 . 2012-02-03 20:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-02-06 07:31 . 2012-02-06 07:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-07-14 02:36 . 2012-02-03 20:51 633076 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-02-06 07:35 633076 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-02-06 07:35 110710 c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2012-02-03 20:51 110710 c:\windows\system32\perfc009.dat

- 2009-07-14 05:12 . 2012-01-28 23:33 245760 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2009-07-14 05:12 . 2012-02-06 07:24 245760 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

- 2009-07-14 05:01 . 2012-02-03 20:58 308040 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-02-06 07:30 308040 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2012-02-04 02:30 . 2012-02-04 02:30 187392 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Routing\f715b47c2f0440ea23a71f1076b0af2b\System.Web.Routing.ni.dll

+ 2012-02-04 02:30 . 2012-02-04 02:30 449024 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity\d258f45340e6e538a19a56d1165b750f\System.Web.Entity.ni.dll

+ 2012-02-04 02:30 . 2012-02-04 02:30 398848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity.D#\6f6d11e33e2f3f6bddd4c33809340a48\System.Web.Entity.Design.ni.dll

+ 2012-02-04 02:30 . 2012-02-04 02:30 753664 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\bca38e802e2b45f80f8fbde2b54ce0a2\System.Web.DynamicData.ni.dll

+ 2012-02-04 02:30 . 2012-02-04 02:30 204800 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Abstract#\0e411c30fc2caebb55813b8fa0689d42\System.Web.Abstractions.ni.dll

+ 2012-02-04 02:21 . 2012-02-04 02:21 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\ee9e8808e97e2219b4bea89279c2750d\WindowsLiveLocal.WriterPlugin.ni.dll

+ 2012-02-04 02:21 . 2012-02-04 02:21 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d121b6ec166e2af4c1b3f902bd380298\WindowsLive.Writer.HtmlParser.ni.dll

+ 2012-02-04 02:21 . 2012-02-04 02:21 594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\6208495fcebfbb463e91d7af8c160623\WindowsLive.Writer.HtmlEditor.ni.dll

+ 2012-02-04 02:21 . 2012-02-04 02:21 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\5ae7e69722d9d75f19bb9da14065d60d\WindowsLive.Writer.BlogClient.ni.dll

+ 2012-02-04 02:22 . 2012-02-04 02:22 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\8e576ae7d946a5440bddfdbe06818a8b\System.Web.Routing.ni.dll

+ 2012-02-04 02:22 . 2012-02-04 02:22 860160 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\5bd4f855a0b0386cb4baf093216ad2d3\System.Web.Extensions.Design.ni.dll

+ 2012-02-04 02:22 . 2012-02-04 02:22 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\8d56e2f2a05dbde707d87cb3bdf0dffc\System.Web.Entity.ni.dll

+ 2012-02-04 02:22 . 2012-02-04 02:22 301568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f560658d9ee6d2786cab976e775758d6\System.Web.Entity.Design.ni.dll

+ 2012-02-04 02:22 . 2012-02-04 02:22 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\e94f08faeb08a8ee9d51a3480083bd07\System.Web.DynamicData.ni.dll

+ 2012-02-04 02:22 . 2012-02-04 02:22 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\2dc7ec41005f6e6fe45e0cc0a20a12bc\System.Web.Abstractions.ni.dll

+ 2012-02-04 02:21 . 2012-02-04 02:21 763392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\e6fa2be533d9e540ccafe51980ae0103\System.Data.Entity.Design.ni.dll

+ 2012-02-04 02:30 . 2012-02-04 02:30 1818112 c:\windows\assembly\NativeImages_v2.0.50727_64\System.WorkflowServ#\455567dae39910d806447b77ee657a85\System.WorkflowServices.ni.dll

+ 2012-02-04 02:30 . 2012-02-04 02:30 3336704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Mobile\91ecefc70d74ed44e5139ea2929adbb8\System.Web.Mobile.ni.dll

+ 2012-02-04 02:30 . 2012-02-04 02:30 3044352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\71da5a6d09e12eb94be32935e4a8d5a2\System.Web.Extensions.ni.dll

+ 2012-02-04 02:30 . 2012-02-04 02:30 1155072 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\2bb91a2edcc92d2bb79007e7d2ddc2ae\System.Web.Extensions.Design.ni.dll

+ 2012-02-04 02:30 . 2012-02-04 02:30 2312704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel#\3a6ac85c04453976c0f3a7c6a64ec43a\System.ServiceModel.Web.ni.dll

+ 2012-02-04 02:22 . 2012-02-04 02:22 1444352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityModel\1f90d38a42906a776be313d9720e350d\System.IdentityModel.ni.dll

+ 2012-02-04 02:30 . 2012-02-04 02:30 2805760 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Services\1d2c369d8e2d6f95c99ca90aca273418\System.Data.Services.ni.dll

+ 2012-02-04 02:30 . 2012-02-04 02:30 1080320 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity.#\b7bd7d91dc9abd73f2506bb7a0292373\System.Data.Entity.Design.ni.dll

+ 2012-02-04 02:23 . 2012-02-04 02:23 7970304 c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\53fcf7f34708a9482d3e4059ce29608c\MIGUIControls.ni.dll

+ 2012-02-04 02:29 . 2012-02-04 02:29 2131968 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\486ff8cee09c8c63aa9c60ff4f5feafa\Microsoft.VisualBasic.ni.dll

+ 2012-02-04 02:29 . 2012-02-04 02:29 2176512 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\b68f19bf3f3d545547d2b680eb54a660\Microsoft.PowerShell.Commands.Utility.ni.dll

+ 2012-02-04 02:23 . 2012-02-04 02:23 8979456 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\7e81f50c34dec17b90bfebec5929853a\Microsoft.MediaCenter.UI.ni.dll

+ 2012-02-04 02:22 . 2012-02-04 02:22 1516544 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\65a892a923b49b062bd8fc97254940d3\Microsoft.MediaCenter.ni.dll

+ 2012-02-04 02:23 . 2012-02-04 02:23 1508864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\33fd1381f221898a53253303cb7e5380\Microsoft.MediaCenter.Bml.ni.dll

+ 2012-02-04 02:21 . 2012-02-04 02:21 2002432 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d0f5cda30f56427cc504834d4cb0b8b9\WindowsLive.Writer.CoreServices.ni.dll

+ 2012-02-04 02:21 . 2012-02-04 02:21 6394368 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c85df34f1db849bbe50ecf11d6bf4cad\WindowsLive.Writer.PostEditor.ni.dll

+ 2012-02-04 02:22 . 2012-02-04 02:22 1358336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\a612958eaf641f0ba83b0daae44cb7b1\System.WorkflowServices.ni.dll

+ 2012-02-04 02:22 . 2012-02-04 02:22 2209792 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\d957ec1fb12ff02282a7f73d6318b66b\System.Web.Mobile.ni.dll

+ 2012-02-04 02:22 . 2012-02-04 02:22 2404352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\a90f033a5a062ff29f7df8f9edc1a80c\System.Web.Extensions.ni.dll

+ 2012-02-04 02:22 . 2012-02-04 02:22 1707008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\828e31a37bfd9d432083be6307845630\System.ServiceModel.Web.ni.dll

+ 2012-02-04 02:21 . 2012-02-04 02:21 1083392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c0d9df88f2b37d14cf416281364c5b7f\System.IdentityModel.ni.dll

+ 2012-02-04 02:22 . 2012-02-04 02:22 2029568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\76e676a9b6387aad5544d61a4ac12a78\System.Data.Services.ni.dll

+ 2012-02-04 02:21 . 2012-02-04 02:21 6438912 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\20d18697deb8413c01119531c6b987ad\MIGUIControls.ni.dll

+ 2012-02-04 02:21 . 2012-02-04 02:21 1670144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\dd759df05fad8dc6d3404e8e02b40819\Microsoft.VisualBasic.ni.dll

+ 2012-02-04 02:21 . 2012-02-04 02:21 1681920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\695508ea67706e5f66208cabe5363099\Microsoft.PowerShell.Commands.Utility.ni.dll

+ 2012-02-04 02:21 . 2012-02-04 02:21 1009664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\5662462cfa995c71817791af93686db2\Microsoft.MediaCenter.ni.dll

+ 2012-02-04 02:21 . 2012-02-04 02:21 6499840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\4676e3f99469bd1120f8aed9cf37e4d2\Microsoft.MediaCenter.UI.ni.dll

+ 2012-02-04 02:22 . 2012-02-04 02:22 23913984 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel\4bf05a9a1aebde89033c40b9e51af495\System.ServiceModel.ni.dll

+ 2012-02-04 02:23 . 2012-02-04 02:23 25470976 c:\windows\assembly\NativeImages_v2.0.50727_64\ehshell\897b2e70eb1754bf8c557fadd93faf98\ehshell.ni.dll

+ 2012-02-04 02:21 . 2012-02-04 02:21 17478656 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\7bc7e33d4568a214f226cdb6a161a37a\System.ServiceModel.ni.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Akamai NetSession Interface"="c:\users\Admin\AppData\Local\Akamai\netsession_win.exe" [2011-12-23 3334432]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"RunAIShell"="c:\program files (x86)\ASUS\AI Manager\AsShellApplication.exe" [2009-12-23 232064]

"ASUS VIBE"="c:\program files (x86)\ASUS\ASUS VIBE\ASUS VIBE.exe" [2010-03-02 102400]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer6"=wdmaud.drv

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 dump_wmimmc;dump_wmimmc;c:\program files\Gpotato\Flyff\GameGuard\dump_wmimmc.sys [x]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 USB_RNDIS_VISTA;Westell WireSpeed Dual Connect Modem;c:\windows\system32\DRIVERS\usb8023.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 X6va003;X6va003;c:\users\Admin\AppData\Local\Temp\003F557.tmp [x]

S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]

S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x64.sys [x]

S2 Device Handle Service;Device Handle Service;c:\windows\SysWOW64\AsHookDevice.exe [2009-12-23 203392]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]

S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-15 2280312]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

Hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

Akamai REG_MULTI_SZ Akamai

.

Contents of the 'Scheduled Tasks' folder

.

2012-02-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3037155534-168446356-2890161075-1001Core.job

- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-11 15:19]

.

2012-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3037155534-168446356-2890161075-1001UA.job

- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-11 15:19]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-19 8067616]

"SKDaemon.exe"="c:\program files\LTONHIS\Touch Manager\SKDaemon.exe" [2009-06-16 318464]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.cfnews13.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = 127.0.0.1:9421

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 65.32.5.111 65.32.5.112

DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB

DPF: {530F7E80-690F-438E-8A4F-E6CAECB4B6F3} - hxxp://taste.dvrdns.org/CMSPlugin.cab

DPF: {6F80BF27-CB16-4589-8C6A-DB422AAB2ED9} - hxxp://taste.dvrdns.org/vcredist_x86.exe

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]

"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_e286960.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va003]

"ImagePath"="\??\c:\users\Admin\AppData\Local\Temp\003F557.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

c:\program files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe

c:\program files (x86)\ASUS\EPU-4 Engine\FourEngine.exe

.

**************************************************************************

.

Completion time: 2012-02-06 03:36:45 - machine was rebooted

ComboFix-quarantined-files.txt 2012-02-06 08:36

.

Pre-Run: 299,297,652,736 bytes free

Post-Run: 298,234,806,272 bytes free

.

- - End Of File - - 4960D29A61C677A2378C96FB515C266F

[Larusso]

Hy there,

but the computer as a whole is still not the same as before.

Could you give me a little bit more details ?

c:\users\Admin\unhide.exe

Did you save unhide.exe in this path ?

[huntibilis]

The more i looked, im starting to think its just settings that did not get restored. Everything seems to be there now the computer was just not back to how im used to it being such as my notifactions not being hidden, and full text names on programs that i pin. If there is anything i notice that is not just a simple settings change i will let you know asap.

As far as the unhide.exe, at the time i saved it, the computer was still rather empty (no desktop on my save options) i wanted to save it just to C:\unhide.exe but for some reason i was told i could not do that and the computer suggested the path C:\users\Admin\unhide.exe so i just went with it. Is that a issue?

[Larusso]

Is that a issue?

Nope, just wondering why CF deleted it.

Please update MBAM and perform a Full Scan and post the log here.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

• Download the latest version of Java Runtime Enviroment 6 Update 30 and save it to your desktop.
  
• Scroll down to where it says Java SE 6 Update 30
  
• Click the red Download JRE button on the right.
  
• Read the License Agreement then select Accept License Agreement
  
• Click on the link to download Windows x86 Offline and save the file to your desktop.
  
• Close any programs you may have running - especially your web browser.
  
• Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  
• Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  
• Click the Remove or Change/Remove button.
  
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
  
• Then from your desktop double-click on jre-6u30-windows-i586 to install the newest version.

After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)

• On the General tab, under Temporary Internet Files, click the Settings button.
  
• Next, click on the Delete Files button
  
• There are three options in the window to clear the cache - Make sure all are checked
  
• Click OK on Delete Temporary Files Window
  Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
• Click OK to leave the Temporary Files Window
• Click OK to leave the Java Control Panel.

Please launch DDS

• When done, DDS will open two (2) logs:
  1. DDS.txt
  2. Attach.txt

  [*]Save both reports to your desktop and post both in your next reply

Let us test the PC for the next 2 days and if you find any open issues, let me know. If all appears OK, please also let me know and we will take care about our tools and so on.

Please post in your next reply

MBAM Log

dds.txt

attach.txt

[huntibilis]

Everything seems to be doing fine the past two days. The only thing I see that is still differant is after the unhide.exe fix my curse client shortcut seems to be broken, says it is a ClickOnce Application Reference. Other then that seems ok to me

Here are the logs you wanted.

Malwarebytes Anti-Malware (PRO) 1.60.1.1000

www.malwarebytes.org

Database version: v2012.02.08.02

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

Admin :: ADMIN-PC [administrator]

Protection: Disabled

2/8/2012 8:41:35 AM

mbam-log-2012-02-08 (08-41-35).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 345816

Time elapsed: 28 minute(s), 53 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514

Run by Admin at 9:21:07 on 2012-02-08

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7055.5573 [GMT -5:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\SysWOW64\svchost.exe -k Akamai

C:\Windows\SysWOW64\AsHookDevice.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\System32\rundll32.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe

C:\Windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\LTONHIS\Touch Manager\SKDaemon.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Users\Admin\AppData\Local\Akamai\netsession_win.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe

C:\Users\Admin\AppData\Local\Akamai\netsession_win.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\msiexec.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\sppsvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.cfnews13.com/

uInternet Settings,ProxyOverride = 127.0.0.1:9421

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

uRun: [Akamai NetSession Interface] "C:\Users\Admin\AppData\Local\Akamai\netsession_win.exe"

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

mRun: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe

mRun: [ASUS VIBE] C:\Program Files (x86)\ASUS\ASUS VIBE\ASUS VIBE.exe /S

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB

DPF: {530F7E80-690F-438E-8A4F-E6CAECB4B6F3} - hxxp://taste.dvrdns.org/CMSPlugin.cab

DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab

DPF: {6F80BF27-CB16-4589-8C6A-DB422AAB2ED9} - hxxp://taste.dvrdns.org/vcredist_x86.exe

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} - hxxp://www.shockwave.com/content/feedingfrenzy/sis/SproutLauncher.cab

DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} - hxxp://zone.msn.com/bingame/cnma/default/cinematycoon.cab

DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.shockwave.com/content/bejeweled2/sis/popcaploader_v10.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 65.32.5.111 65.32.5.112

TCP: Interfaces\{B115E509-5C33-4517-9410-62410AF08CF7} : DhcpNameServer = 65.32.5.111 65.32.5.112

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

mRun-x64: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe

mRun-x64: [ASUS VIBE] C:\Program Files (x86)\ASUS\ASUS VIBE\ASUS VIBE.exe /S

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

.

============= SERVICES / DRIVERS ===============

.

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]

R2 cpuz133;cpuz133;\??\C:\Windows\system32\drivers\cpuz133_x64.sys --> C:\Windows\system32\drivers\cpuz133_x64.sys [?]

R2 Device Handle Service;Device Handle Service;C:\Windows\SysWOW64\AsHookDevice.exe [2010-4-27 203392]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-2 652360]

R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-4-15 2280312]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-4-27 2314240]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2009-8-5 704864]

S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]

S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USB_RNDIS_VISTA;Westell WireSpeed Dual Connect Modem;C:\Windows\system32\DRIVERS\usb8023.sys --> C:\Windows\system32\DRIVERS\usb8023.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-02-08 10:57:24 -------- d-----w- C:\Users\Admin\AppData\Roaming\Vast Studios

2012-02-08 08:49:59 -------- d-----w- C:\Users\Admin\AppData\Roaming\Happy Artist Studio

2012-02-07 22:56:41 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5D0C169F-BC53-4EB8-A8AB-B8FCF847E896}\mpengine.dll

2012-02-07 00:55:46 -------- d-----w- C:\ProgramData\SugarGames

2012-02-07 00:55:24 -------- d-----w- C:\Program Files (x86)\Wedding Salon

2012-02-07 00:53:58 -------- d-----w- C:\ProgramData\Sandlot Games

2012-02-06 21:42:11 -------- d-----w- C:\Users\Admin\AppData\Roaming\CupcakeCafe

2012-02-06 21:40:51 -------- d-----w- C:\Program Files (x86)\Jessica's Cupcake Cafe

2012-02-06 17:19:07 -------- d-----w- C:\ProgramData\Meridian93

2012-02-06 17:18:56 -------- d-----w- C:\Users\Admin\AppData\Roaming\Meridian93

2012-02-06 15:44:24 -------- d-----w- C:\Users\Admin\AppData\Roaming\SulusGames

2012-02-06 10:35:15 -------- d-----w- C:\Users\Admin\AppData\Roaming\Big Fish Games

2012-02-06 10:23:16 -------- d-----w- C:\Program Files (x86)\bfgclient

2012-02-06 08:34:51 -------- d-----w- C:\$RECYCLE.BIN

2012-02-05 11:18:52 2059312 ----a-w- C:\tdsskiller.exe

2012-02-05 06:05:53 -------- d-----w- C:\Program Files (x86)\ESET

2012-02-03 20:53:02 98816 ----a-w- C:\Windows\sed.exe

2012-02-03 20:53:02 518144 ----a-w- C:\Windows\SWREG.exe

2012-02-03 20:53:02 256000 ----a-w- C:\Windows\PEV.exe

2012-02-03 20:53:02 208896 ----a-w- C:\Windows\MBR.exe

2012-02-03 20:46:12 -------- d-----w- C:\TDSSKiller_Quarantine

2012-02-03 05:36:32 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-02 20:14:16 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll

2012-02-02 20:14:16 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll

2012-02-02 20:14:15 366592 ----a-w- C:\Windows\System32\qdvd.dll

2012-02-02 20:14:15 1572864 ----a-w- C:\Windows\System32\quartz.dll

2012-02-02 20:07:04 1731920 ----a-w- C:\Windows\System32\ntdll.dll

2012-02-02 20:07:04 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll

2012-01-30 20:11:38 -------- d-----w- C:\Users\Admin\AppData\Roaming\Unity

2012-01-25 06:09:52 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\DACE.tmp

2012-01-25 06:09:52 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\DABE.tmp

.

==================== Find3M ====================

.

2012-02-08 14:15:21 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-01-27 05:52:58 279656 ------w- C:\Windows\System32\MpSigStub.exe

2011-12-10 20:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys

2011-11-19 14:58:00 77312 ----a-w- C:\Windows\System32\packager.dll

2011-11-19 14:01:00 67072 ----a-w- C:\Windows\SysWow64\packager.dll

2011-11-17 06:49:14 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2011-11-17 06:49:14 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2011-11-17 06:44:43 459232 ----a-w- C:\Windows\System32\drivers\cng.sys

2011-11-17 06:35:28 395776 ----a-w- C:\Windows\System32\webio.dll

2011-11-17 06:35:26 29184 ----a-w- C:\Windows\System32\sspisrv.dll

2011-11-17 06:35:26 136192 ----a-w- C:\Windows\System32\sspicli.dll

2011-11-17 06:35:25 340992 ----a-w- C:\Windows\System32\schannel.dll

2011-11-17 06:35:25 28160 ----a-w- C:\Windows\System32\secur32.dll

2011-11-17 06:35:19 1447936 ----a-w- C:\Windows\System32\lsasrv.dll

2011-11-17 06:33:55 31232 ----a-w- C:\Windows\System32\lsass.exe

2011-11-17 05:35:02 314880 ----a-w- C:\Windows\SysWow64\webio.dll

2011-11-17 05:34:52 224768 ----a-w- C:\Windows\SysWow64\schannel.dll

2011-11-17 05:34:52 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2011-11-17 05:28:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2011-10-22 11:06:32 68272 ----a-w- C:\Program Files\fraps64.dat

2011-10-22 11:06:32 231600 ----a-w- C:\Program Files\fraps32.dll

2011-10-22 11:06:32 185520 ----a-w- C:\Program Files\fraps64.dll

2011-10-22 11:06:30 2533040 ----a-w- C:\Program Files\fraps.exe

2011-10-22 11:04:34 140288 ----a-w- C:\Program Files\frapslcd.dll

2011-03-08 08:03:37 258352 ----a-w- C:\Program Files\unicows.dll

2011-03-08 08:03:10 372736 ----a-w- C:\Program Files\ijl15.dll

.

============= FINISH: 9:21:37.49 ===============

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 9/18/2010 8:10:08 PM

System Uptime: 2/8/2012 9:12:59 AM (0 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | CM5675

Processor: Intel® Core i5 CPU 650 @ 3.20GHz | LGA1156 | 3201/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 373 GiB total, 278.283 GiB free.

D: is FIXED (NTFS) - 545 GiB total, 544.619 GiB free.

E: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {36fc9e60-c465-11cf-8056-444553540000}

Description: Unknown Device

Device ID: USB\VID_0000&PID_0000\6&3AEBB249&0&4

Manufacturer: (Standard USB Host Controller)

Name: Unknown Device

PNP Device ID: USB\VID_0000&PID_0000\6&3AEBB249&0&4

Service:

.

Class GUID: {36fc9e60-c465-11cf-8056-444553540000}

Description: Unknown Device

Device ID: USB\VID_0000&PID_0000\6&3AEBB249&0&5

Manufacturer: (Standard USB Host Controller)

Name: Unknown Device

PNP Device ID: USB\VID_0000&PID_0000\6&3AEBB249&0&5

Service:

.

==== System Restore Points ===================

.

RP251: 2/2/2012 11:21:20 PM - Removed Adobe Reader X (10.1.1).

RP252: 2/2/2012 11:22:24 PM - Removed Adobe Reader X (10.1.1).

RP253: 2/3/2012 2:26:52 AM - Windows Update

RP254: 2/6/2012 2:24:39 AM - ComboFix created restore point

RP255: 2/6/2012 9:37:48 AM - Installed DirectX

RP256: 2/7/2012 5:56:08 PM - Windows Update

RP257: 2/8/2012 8:46:28 AM - Removed Java 6 Update 22

RP258: 2/8/2012 9:14:55 AM - Installed Java 6 Update 30

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

2007 Microsoft Office Suite Service Pack 2 (SP2)

Acrobat.com

Advertising Center

AI Manager

Akamai NetSession Interface

Akamai NetSession Interface Service

ASUS Backup Wizard

ASUS VIBE

ASUSUpdate

Bandisoft MPEG-1 Decoder

Big Fish Games: Game Manager

Curse Client

EPU-4 Engine

ESET Online Scanner v3

File Uploader

Fraps (remove only)

Google Talk Plugin

ImagXpress

Intel® Control Center

Intel® Graphics Media Accelerator Driver

Intel® Management Engine Components

Internet TV for Windows Media Center

Java Auto Updater

Java 6 Update 30

Jessica's Cupcake Cafe

Malwarebytes Anti-Malware version 1.60.1.1000

Microsoft .NET Framework 1.1

Microsoft Choice Guard

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Excel 2007 Help Actualización (KB963678)

Microsoft Office Excel MUI (Dutch) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Excel MUI (French) 2007

Microsoft Office Excel MUI (German) 2007

Microsoft Office Excel MUI (Spanish) 2007

Microsoft Office File Validation Add-In

Microsoft Office Home and Student 2007

Microsoft Office Live Add-in 1.3

Microsoft Office OneNote MUI (Dutch) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office OneNote MUI (French) 2007

Microsoft Office OneNote MUI (German) 2007

Microsoft Office OneNote MUI (Spanish) 2007

Microsoft Office Powerpoint 2007 Help Actualización (KB963669)

Microsoft Office PowerPoint MUI (Dutch) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint MUI (French) 2007

Microsoft Office PowerPoint MUI (German) 2007

Microsoft Office PowerPoint MUI (Spanish) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (Arabic) 2007

Microsoft Office Proof (Basque) 2007

Microsoft Office Proof (Catalan) 2007

Microsoft Office Proof (Dutch) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Galician) 2007

Microsoft Office Proof (German) 2007

Microsoft Office Proof (Italian) 2007

Microsoft Office Proof (Portuguese (Brazil)) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (Dutch) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing (French) 2007

Microsoft Office Proofing (German) 2007

Microsoft Office Proofing (Spanish) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Shared MUI (Dutch) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared MUI (French) 2007

Microsoft Office Shared MUI (German) 2007

Microsoft Office Shared MUI (Spanish) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word 2007 Help Actualización (KB963665)

Microsoft Office Word MUI (Dutch) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Office Word MUI (French) 2007

Microsoft Office Word MUI (German) 2007

Microsoft Office Word MUI (Spanish) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft Visual C++ 2005 Redistributable

Microsoft Works

Mise à jour Microsoft Office Excel 2007 Help (KB963678)

Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)

Mise à jour Microsoft Office Word 2007 Help (KB963665)

MSVCRT

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP3 Parser (KB973685)

Nero 9 Essentials

Nero BurnRights

Nero BurnRights Help

Nero ControlCenter

Nero CoverDesigner

Nero CoverDesigner Help

Nero DiscSpeed

Nero DiscSpeed Help

Nero DriveSpeed

Nero DriveSpeed Help

Nero Express Help

Nero InfoTool

Nero InfoTool Help

Nero Installer

Nero Online Upgrade

Nero StartSmart

Nero StartSmart Help

Nero StartSmart OEM

NeroExpress

neroxml

Netflix in Windows Media Center

Nikon Transfer

Pando Media Booster

Picture Control Utility

Realtek Ethernet Controller Driver For Windows Vista and Later

Realtek High Definition Audio Driver

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB2553089)

Security Update for 2007 Microsoft Office System (KB2553090)

Security Update for 2007 Microsoft Office System (KB2584063)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Spelling Dictionaries Support For Adobe Reader 9

TeamViewer 6

Unity Web Player

Update für Microsoft Office Excel 2007 Help (KB963678)

Update für Microsoft Office Powerpoint 2007 Help (KB963669)

Update für Microsoft Office Word 2007 Help (KB963665)

Update for 2007 Microsoft Office System (KB2284654)

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition

Update for Microsoft Office 2007 System (KB2539530)

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Update voor Microsoft Office Excel 2007 Help (KB963678)

Update voor Microsoft Office Powerpoint 2007 Help (KB963669)

Update voor Microsoft Office Word 2007 Help (KB963665)

Ventrilo Client

ViewNX

Wedding Salon

Windows Live Communications Platform

Windows Live Essentials

Windows Live Movie Maker

Windows Live Photo Gallery

Windows Live Sync

Windows Live Writer

World of Warcraft

Xfire (remove only)

.

==== Event Viewer Messages From Past Week ========

.

2/6/2012 2:30:17 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

2/6/2012 2:29:55 AM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

2/6/2012 2:24:18 AM, Error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

2/5/2012 2:06:39 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

2/5/2012 2:04:40 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

2/5/2012 2:04:39 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

2/5/2012 2:04:39 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

2/5/2012 2:04:38 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2/5/2012 2:04:33 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

2/5/2012 2:04:25 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AsIO AsUpIO discache spldr Wanarpv6

2/2/2012 3:01:43 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Akamai NetSession Interface service, but this action failed with the following error: An instance of the service is already running.

2/2/2012 1:26:31 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8a0007ff000, 0x0000000000000000, 0xfffff80002ece38e, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 020212-17472-01.

.

==== End Of File ===========================

[Larusso]

Hopefully I understand your correct

client shortcut seems to be broken,

A problem to create a new shortcut ?

I see no evidence of an AntiVirus program on your system. This must be resolved. Connecting to the Internet without antivirus protection is a "Welcome" doormat for malware.

Here are a few very good free Antivirus products which are available:

• Avast!
• Microsoft Security Essentials

Select one of these, or another of your choice. Do not install more than one antivirus program because they will conflict with each other. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.

Install, update definitions, and run a full system scan with the Anti-Virus of your choice.

Unless you have any open issues, you are good to go. Please follow these last few steps

Please press the + R Key and Copy/Paste the following single-line command into the Run box and click OK

combofix /uninstall

This will uninstall ComboFix and delete ComboFix's quarantine folder. It will also implement some cleanup procedures, remove old System Restore Points which contain previous infections, and create a fresh, clean System Restore Point.

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Empty your Recycle Bin if it does not do so automatically.

Now that you appear to be free from malware lets help you stay that way!

It is vital that you keep your system up to date

• Please enable Automatic Updates to keep your system up to date.
  
• Windows Updates
  
  • Win XP: Start --> Control Panel and double- click on Automatic Updates.
    
  • Vista / 7: Start --> Control Panel --> System and Security --> Windows Updates

  [*] Software Updates

  Your installed Software also can have vulnerabilities that malware can use to infect your system.

  To keep your installed Software up to date I recommend File Hippo.

Anti Virus Software

• Make sure to have one Anti Virus programme installed and update it on a regular basis. It is useless with out of date definitions.

Additional Protection

• Malwarebytes Anti Malware
  The freeware Version is an on demand scanner which will check your system for malware. Update it once a week and run a Quick Scan. You can also buy a licence which offers more features.
  
• WinPatrol
  WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.

Safer Browsing

• Web of Trust ( WOT )
  This software helps you to stay away from sites that have malicious purposes.
  
• SpywareBlaster
  This software helps prevent the installation of ActiveX-based spyware
  
• MVPS Hosts file
  This Hosts File will restrict known ad sites from serving you unsolicited advertisements.

Use an alternate browser

Other browsers tend to be more secure than IE as they do not make use of active x objects. Active x objects can be used by spyware as an infection point on your computer.

• Opera
  
• Firefox

Note: If you use Firefox you may want to have a look on this Add Ons.

• AdblockPlus ( Blocks advertisments )
  
• NoScript ( Blocks Java, Flash and JavaScript )

Computer Maintenance

Clean out your temp files on a regular basis -I recommend TFC ( Temp File Cleaner ).

Thinking while surfing

There is no software which will protect your system from yourself.

I have included some security related articles that I advise you read through in your own time. These articles will give you tips and advice on preventing infection, and how to stay safe whilst browsing the internet.

• Staying Safe on the Internet ( by Glaswegian )
  
• Making Internet Explorer Safer.
  
• Think Prevention!

If you have any questions kindly ask.

Please respond to this thread one more time so we can mark this thread as resolved.

[huntibilis]

It seems I fixed the curse issue it was on there end not mine, and the only question I have is a sum up of what was wrong in the with the computer in the first place?

[Larusso]

You had a Rootkit on your system, which modifies the Master Boot Record, so it will be started very soon ( earlier than Windows itself )