Sizzle2686

Trojan Agent - svchost.exe

15 posts in this topic

Hi -

Malware recently found 2 Trojan Agents (both related to svchost.exe) while I was running a scan. It has prompted me to immediately restart for removal. However, after restarting the Trojan Agents are still there. I run AVG and it finds nothing.

I'm luckily able to use the internet and my laptop to what I believe it normal, but it has slowed down the speed of the laptop. Is there any way to remove these? I've attached the necessary files.

Attach.txt

DDS.txt

Share this post


Link to post
Share on other sites

Hello Sizzle2686 and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

You no longer have AVG, right? It is still in the list of installed applications, but there are still many remnants of it on your system.

Share this post


Link to post
Share on other sites

Hi -

Thank you for helping. AVG is still on my system. What I meant was that when I run a scan on AVG it doesn't find the Trojan that Malware has been finding.

Going forward I'll paste any logs into the reply.

Thanks

Share this post


Link to post
Share on other sites

Please uninstall it and post a new fresh DDS log files.

Share this post


Link to post
Share on other sites

AVG is finally uninstalled. New logs below.

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Sarah Sizzle at 14:19:35 on 2012-02-29

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2378 [GMT -5:00]

.

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\SysWOW64\ezSharedSvcHost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\rundll32.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Users\Sarah Sizzle\AppData\Local\Akamai\netsession_win.exe

C:\Windows\System32\StikyNot.exe

C:\Users\Sarah Sizzle\AppData\Local\Akamai\netsession_win.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

-netsvcs

C:\Windows\system32\conhost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10w_ActiveX.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskhost.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

uRun: [Akamai NetSession Interface] "C:\Users\Sarah Sizzle\AppData\Local\Akamai\netsession_win.exe"

uRun: [Google Update] "C:\Users\Sarah Sizzle\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"

mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe

mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Reader Library Launcher] C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: HideFastUserSwitching = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxps://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB

DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab

DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{CCDF0562-D131-49B9-B916-7B20657165A7} : DhcpNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{CCDF0562-D131-49B9-B916-7B20657165A7}\25F657475627131313630383 : DhcpNameServer = 68.87.75.198 68.87.64.150

TCP: Interfaces\{CCDF0562-D131-49B9-B916-7B20657165A7}\35168716E45647 : DhcpNameServer = 141.161.200.201 141.161.100.201

TCP: Interfaces\{CCDF0562-D131-49B9-B916-7B20657165A7}\7455F575966496F53556475707 : DhcpNameServer = 141.161.200.201 141.161.100.201

TCP: Interfaces\{CCDF0562-D131-49B9-B916-7B20657165A7}\7457563747E45647 : DhcpNameServer = 141.161.200.201 141.161.100.201

TCP: Interfaces\{CCDF0562-D131-49B9-B916-7B20657165A7}\C45736B697 : DhcpNameServer = 75.75.76.76 75.75.75.75

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"

mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

mRun-x64: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe

mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Reader Library Launcher] C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe

mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

.

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]

R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe [2011-5-14 514232]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

S4 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S4 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]

S4 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-17 682040]

S4 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]

S4 hpCMSrv;HP Connection Manager 4 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-9-13 1098296]

S4 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-9-1 227896]

S4 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-7-11 26680]

S4 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-12-30 13336]

S4 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-12-30 2372096]

S4 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]

S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-1-31 158856]

S4 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-12-30 2320920]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-02-29 19:10:20 -------- d-----w- C:\Users\Sarah Sizzle\AppData\Roaming\AVG2012

2012-02-29 16:23:51 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C04894C9-7949-4FCE-8A3C-735345B15928}\mpengine.dll

2012-02-28 18:05:13 20480 ----a-w- C:\Windows\svchost.exe

2012-02-28 17:43:35 -------- d-----w- C:\Program Files (x86)\HP

2012-02-20 01:07:10 -------- d-----w- C:\Users\Sarah Sizzle\AppData\Local\ID Vault

2012-02-20 01:04:39 -------- d-----w- C:\Users\Sarah Sizzle\AppData\Roaming\ID Vault

2012-02-20 01:04:12 -------- d-----w- C:\ProgramData\GID

2012-02-20 01:04:11 -------- d-----w- C:\Program Files (x86)\SFT

2012-02-20 01:03:58 -------- d-----w- C:\Program Files (x86)\Constant Guard Protection Suite

2012-02-20 01:03:26 -------- d-----w- C:\ProgramData\White Sky, Inc

2012-02-18 19:46:14 509952 ----a-w- C:\Windows\System32\ntshrui.dll

2012-02-18 19:46:14 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll

2012-02-18 19:46:13 515584 ----a-w- C:\Windows\System32\timedate.cpl

2012-02-18 19:46:13 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl

2012-02-18 19:46:12 3145728 ----a-w- C:\Windows\System32\win32k.sys

2012-02-18 19:46:11 498688 ----a-w- C:\Windows\System32\drivers\afd.sys

2012-02-18 19:46:07 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll

2012-02-18 19:46:07 634880 ----a-w- C:\Windows\System32\msvcrt.dll

2012-02-07 19:18:08 -------- d-----w- C:\Users\Sarah Sizzle\AppData\Local\{CE9CAC3C-CF4E-4D9C-962F-182CC6233439}

2012-02-07 19:17:58 -------- d-----w- C:\Users\Sarah Sizzle\AppData\Local\{F541CBBB-EC44-41BC-A388-1E1C4134AA6A}

2012-02-03 21:44:06 -------- d-----w- C:\Users\Sarah Sizzle\AppData\Local\Research In Motion

2012-02-03 21:44:04 -------- d-----w- C:\Users\Sarah Sizzle\AppData\Roaming\Research In Motion

2012-02-03 21:42:56 44032 ----a-w- C:\Windows\System32\drivers\RimSerial_AMD64.sys

2012-02-03 21:42:33 -------- d-----w- C:\ProgramData\Research In Motion

2012-02-03 21:42:18 -------- d-----w- C:\Program Files (x86)\Research In Motion

2012-02-03 21:42:18 -------- d-----w- C:\Program Files (x86)\Common Files\Research In Motion

2012-02-02 21:51:57 -------- d-----w- C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}

.

==================== Find3M ====================

.

2012-02-26 02:48:50 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-01-29 10:10:42 279656 ------w- C:\Windows\System32\MpSigStub.exe

2011-12-14 07:11:03 2308096 ----a-w- C:\Windows\System32\jscript9.dll

2011-12-14 07:04:30 1390080 ----a-w- C:\Windows\System32\wininet.dll

2011-12-14 07:03:38 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2011-12-14 06:57:28 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2011-12-14 03:04:54 1798656 ----a-w- C:\Windows\SysWow64\jscript9.dll

2011-12-14 02:57:18 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-12-14 02:56:58 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2011-12-14 02:50:04 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-12-10 20:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

.

============= FINISH: 14:22:20.50 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 8/14/2011 6:39:18 PM

System Uptime: 2/29/2012 2:14:19 PM (0 hours ago)

.

Motherboard: Hewlett-Packard | | 166A

Processor: Intel® Core i3 CPU M 370 @ 2.40GHz | CPU | 2399/1066mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 582 GiB total, 528.681 GiB free.

D: is FIXED (NTFS) - 14 GiB total, 1.551 GiB free.

E: is CDROM ()

F: is FIXED (FAT32) - 0 GiB total, 0.083 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP112: 2/18/2012 9:34:24 PM - Windows Update

RP113: 2/19/2012 8:25:26 PM - Windows Backup

RP114: 2/25/2012 9:47:55 PM - Installed Java 6 Update 31

RP115: 2/26/2012 10:11:04 PM - Removed Adobe Acrobat X Pro - English, Français, Deutsch.

RP116: 2/28/2012 12:43:02 PM - Installed HP Product Detection

RP117: 2/29/2012 11:21:21 AM - Removed AVG 2012

RP118: 2/29/2012 11:23:00 AM - Removed AVG 2012

RP119: 2/29/2012 11:23:29 AM - Windows Update

RP120: 2/29/2012 12:03:18 PM - avast! Free Antivirus Setup

RP121: 2/29/2012 2:16:46 PM - avast! Free Antivirus Setup

.

==== Installed Programs ======================

.

Adobe Flash Player 10 ActiveX

Adobe Reader X (10.1.2) MUI

Adobe Shockwave Player 11.5

Agatha Christie - Peril at End House

AIM 7

Akamai NetSession Interface

Apple Application Support

Apple Software Update

avast! Free Antivirus

Bejeweled 2 Deluxe

Bejeweled 3

BlackBerry Desktop Software 6.1

Blackhawk Striker 2

Blasterball 3

Blio

Bounce Symphony

Build-a-lot 2

Cake Mania

Chuzzle Deluxe

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Diner Dash 2 Restaurant Rescue

Dora's World Adventure

Download Updater (AOL LLC)

Energy Star Digital Logo

ESU for Microsoft Windows 7 SP1

Evernote v. 4.2.2

Farm Frenzy

FATE - The Traitor Soul

Google Chrome

Hewlett-Packard ACLM.NET v1.1.2.0

HP Connection Manager

HP Customer Experience Enhancements

HP Documentation

HP Games

HP MovieStore

HP On Screen Display

HP Power Manager

HP Product Detection

HP Quick Launch

HP Setup

HP Setup Manager

HP Software Framework

HP Support Assistant

IDT Audio

Intel® Control Center

Intel® Management Engine Components

Intel® Processor Graphics

Intel® Rapid Storage Technology

Java Auto Updater

Java 6 Update 31

Junk Mail filter update

Mah Jong Medley

Malwarebytes Anti-Malware version 1.60.1.1000

Mesh Runtime

Microsoft Office 2010

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft WSE 3.0 Runtime

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Mystery P.I. - Stolen in San Francisco

Namco All-Stars PAC-MAN

Penguins!

Plants vs. Zombies - Game of the Year

PlayReady PC Runtime x86

Poker Superstars III

Polar Bowler

Polar Golfer

PrimoPDF -- brought to you by Nitro PDF Software

QuickTime

Ralink RT5390 802.11b/g/n WiFi Adapter

Reader Library by Sony

Realtek Ethernet Controller Driver

Realtek PCIE Card Reader

Recovery Manager

RoxioNow Player

Secure Download Manager

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition

Skype™ 5.8

Slingo Supreme

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition

Update for Microsoft Outlook Social Connector (KB2583935)

Update Installer for WildTangent Games App

VC80CRTRedist - 8.0.50727.6195

Virtual Villagers 4 - The Tree of Life

Visual Studio 2008 x64 Redistributables

Wheel of Fortune 2

WildTangent Games App (HP Games)

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Zuma Deluxe

.

==== Event Viewer Messages From Past Week ========

.

2/28/2012 12:23:25 PM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

2/28/2012 12:13:30 PM, Error: Service Control Manager [7034] - The HP Auto service terminated unexpectedly. It has done this 1 time(s).

2/26/2012 2:05:34 PM, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

2/26/2012 2:05:34 PM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

2/26/2012 2:05:34 PM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

2/26/2012 2:05:34 PM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

2/26/2012 2:05:34 PM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

2/26/2012 2:05:34 PM, Error: Service Control Manager [7031] - The HomeGroup Listener service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

2/26/2012 2:05:34 PM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

2/26/2012 2:05:34 PM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

2/24/2012 7:05:09 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc000001d, 0xfffff8800121b519, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: .

2/24/2012 7:05:08 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1005] - Unable to produce a minidump file from the full dump file.

.

==== End Of File ===========================

Share this post


Link to post
Share on other sites

Step 1

Download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 2

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

In your next post, please include:

  • TDSSKiller log
  • ComboFix log

Share this post


Link to post
Share on other sites

I ran both programs and the logs are pasted below.

12:31:20.0355 1528 TDSS rootkit removing tool 2.7.18.0 Mar 2 2012 09:40:07

12:31:20.0652 1528 ============================================================

12:31:20.0652 1528 Current date / time: 2012/03/03 12:31:20.0652

12:31:20.0652 1528 SystemInfo:

12:31:20.0652 1528

12:31:20.0652 1528 OS Version: 6.1.7601 ServicePack: 1.0

12:31:20.0652 1528 Product type: Workstation

12:31:20.0652 1528 ComputerName: SARAHSIZZLE-HP

12:31:20.0652 1528 UserName: Sarah Sizzle

12:31:20.0652 1528 Windows directory: C:\Windows

12:31:20.0652 1528 System windows directory: C:\Windows

12:31:20.0652 1528 Running under WOW64

12:31:20.0652 1528 Processor architecture: Intel x64

12:31:20.0652 1528 Number of processors: 4

12:31:20.0652 1528 Page size: 0x1000

12:31:20.0652 1528 Boot type: Normal boot

12:31:20.0652 1528 ============================================================

12:31:21.0556 1528 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

12:31:21.0556 1528 \Device\Harddisk0\DR0:

12:31:21.0556 1528 MBR used

12:31:21.0556 1528 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800

12:31:21.0556 1528 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x48BF9800

12:31:21.0556 1528 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x48C5D800, BlocksNum 0x1BC6800

12:31:21.0556 1528 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x4A824000, BlocksNum 0x33AB0

12:31:21.0681 1528 Initialize success

12:31:21.0681 1528 ============================================================

ComboFix 12-03-02.01 - Sarah Sizzle 03/03/2012 12:09:30.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2746 [GMT -5:00]

Running from: c:\users\Sarah Sizzle\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Install.exe

c:\windows\svchost.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-02-03 to 2012-03-03 )))))))))))))))))))))))))))))))

.

.

2012-03-03 17:16 . 2012-03-03 17:16 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-03-03 17:00 . 2012-03-03 17:00 -------- d-----w- C:\TDSSKiller_Quarantine

2012-03-03 16:53 . 2012-02-20 06:05 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{833112DE-5159-4D39-A8AE-77D4512EF1B5}\mpengine.dll

2012-02-29 21:47 . 2012-02-29 21:47 -------- d-----w- c:\program files (x86)\Common Files\Telespree

2012-02-29 19:10 . 2012-02-29 19:10 -------- d-----w- c:\users\Sarah Sizzle\AppData\Roaming\AVG2012

2012-02-28 17:43 . 2012-02-28 17:43 -------- d-----w- c:\program files (x86)\HP

2012-02-26 15:26 . 2012-02-26 15:26 -------- d-----w- c:\windows\Sun

2012-02-26 02:49 . 2012-02-26 02:49 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-02-20 01:07 . 2012-02-20 01:07 -------- d-----w- c:\users\Sarah Sizzle\AppData\Local\ID Vault

2012-02-20 01:04 . 2012-02-20 01:04 -------- d-----w- c:\users\Sarah Sizzle\AppData\Roaming\ID Vault

2012-02-20 01:04 . 2012-02-20 01:04 -------- d-----w- c:\programdata\GID

2012-02-20 01:04 . 2012-02-20 01:04 -------- d-----w- c:\program files (x86)\SFT

2012-02-20 01:03 . 2012-02-28 17:29 -------- d-----w- c:\program files (x86)\Constant Guard Protection Suite

2012-02-20 01:03 . 2012-02-20 01:03 -------- d-----w- c:\programdata\White Sky, Inc

2012-02-18 19:46 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll

2012-02-18 19:46 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll

2012-02-18 19:46 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl

2012-02-18 19:46 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl

2012-02-18 19:46 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys

2012-02-18 19:46 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys

2012-02-18 19:46 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll

2012-02-18 19:46 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll

2012-02-14 18:58 . 2012-02-14 18:58 -------- d-----w- c:\program files (x86)\Common Files\Skype

2012-02-03 21:44 . 2012-02-03 21:44 -------- d-----w- c:\users\Sarah Sizzle\AppData\Local\Research In Motion

2012-02-03 21:44 . 2012-02-03 21:46 -------- d-----w- c:\users\Sarah Sizzle\AppData\Roaming\Research In Motion

2012-02-03 21:42 . 2011-07-20 19:58 44032 ----a-w- c:\windows\system32\drivers\RimSerial_AMD64.sys

2012-02-03 21:42 . 2012-02-03 21:42 -------- d-----w- c:\programdata\Research In Motion

2012-02-03 21:42 . 2012-02-03 21:42 -------- d-----w- c:\program files (x86)\Common Files\Research In Motion

2012-02-03 21:42 . 2012-02-03 21:42 -------- d-----w- c:\program files (x86)\Research In Motion

2012-02-02 21:51 . 2012-02-02 21:51 -------- d-----w- c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-26 02:48 . 2011-05-14 20:42 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-01-29 10:10 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe

2011-12-30 08:38 . 2011-12-30 08:38 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2011-12-30 08:38 . 2011-12-30 08:38 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2011-12-30 08:38 . 2011-12-30 08:38 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2011-12-30 08:38 . 2011-12-30 08:38 85504 ----a-w- c:\windows\system32\iesetup.dll

2011-12-30 08:38 . 2011-12-30 08:38 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2011-12-30 08:38 . 2011-12-30 08:38 76800 ----a-w- c:\windows\system32\tdc.ocx

2011-12-30 08:38 . 2011-12-30 08:38 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2011-12-30 08:38 . 2011-12-30 08:38 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2011-12-30 08:38 . 2011-12-30 08:38 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2011-12-30 08:38 . 2011-12-30 08:38 603648 ----a-w- c:\windows\system32\vbscript.dll

2011-12-30 08:38 . 2011-12-30 08:38 49664 ----a-w- c:\windows\system32\imgutil.dll

2011-12-30 08:38 . 2011-12-30 08:38 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2011-12-30 08:38 . 2011-12-30 08:38 48640 ----a-w- c:\windows\system32\mshtmler.dll

2011-12-30 08:38 . 2011-12-30 08:38 448512 ----a-w- c:\windows\system32\html.iec

2011-12-30 08:38 . 2011-12-30 08:38 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2011-12-30 08:38 . 2011-12-30 08:38 367104 ----a-w- c:\windows\SysWow64\html.iec

2011-12-30 08:38 . 2011-12-30 08:38 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2011-12-30 08:38 . 2011-12-30 08:38 30720 ----a-w- c:\windows\system32\licmgr10.dll

2011-12-30 08:38 . 2011-12-30 08:38 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2011-12-30 08:38 . 2011-12-30 08:38 222208 ----a-w- c:\windows\system32\msls31.dll

2011-12-30 08:38 . 2011-12-30 08:38 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2011-12-30 08:38 . 2011-12-30 08:38 165888 ----a-w- c:\windows\system32\iexpress.exe

2011-12-30 08:38 . 2011-12-30 08:38 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2011-12-30 08:38 . 2011-12-30 08:38 160256 ----a-w- c:\windows\system32\wextract.exe

2011-12-30 08:38 . 2011-12-30 08:38 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2011-12-30 08:38 . 2011-12-30 08:38 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2011-12-30 08:38 . 2011-12-30 08:38 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2011-12-30 08:38 . 2011-12-30 08:38 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2011-12-30 08:38 . 2011-12-30 08:38 12288 ----a-w- c:\windows\system32\mshta.exe

2011-12-30 08:38 . 2011-12-30 08:38 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2011-12-30 08:38 . 2011-12-30 08:38 114176 ----a-w- c:\windows\system32\admparse.dll

2011-12-30 08:38 . 2011-12-30 08:38 111616 ----a-w- c:\windows\system32\iesysprep.dll

2011-12-30 08:38 . 2011-12-30 08:38 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2011-12-30 08:38 . 2011-12-30 08:38 101888 ----a-w- c:\windows\SysWow64\admparse.dll

2011-12-10 20:24 . 2011-12-05 03:21 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"HideFastUserSwitching"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"EnableShellExecuteHooks"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]

R3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R4 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]

R4 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040]

R4 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]

R4 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-07-11 26680]

R4 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336]

R4 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-02-18 2372096]

R4 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]

R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856]

R4 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-07-23 2320920]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S1 aswSnx;aswSnx; [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]

S3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-02-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3972041120-1517518076-1995607898-1001Core.job

- c:\users\Sarah Sizzle\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-29 19:48]

.

2012-03-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3972041120-1517518076-1995607898-1001UA.job

- c:\users\Sarah Sizzle\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-29 19:48]

.

2012-03-02 c:\windows\Tasks\HPCeeScheduleForSarah Sizzle.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]

.

2012-02-03 c:\windows\Tasks\HPCeeScheduleForSARAHSIZZLE-HP$.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-07-04 11:43 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204

TCP: DhcpNameServer = 75.75.76.76 75.75.75.75

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\windows\SysWOW64\ezSharedSvcHost.exe

.

**************************************************************************

.

Completion time: 2012-03-03 12:24:57 - machine was rebooted

ComboFix-quarantined-files.txt 2012-03-03 17:24

.

Pre-Run: 571,734,020,096 bytes free

Post-Run: 573,583,298,560 bytes free

.

- - End Of File - - 8F2823C8F86158D8F9964E4579BFE2EC

Share this post


Link to post
Share on other sites

Your TDSSKiller log is cut. Please copy/paste the entire content from C:\TDSSKiller.txt

Share this post


Link to post
Share on other sites

I see two logs - here they are.

11:56:12.0935 4464 TDSS rootkit removing tool 2.7.18.0 Mar 2 2012 09:40:07

11:56:13.0284 4464 ============================================================

11:56:13.0284 4464 Current date / time: 2012/03/03 11:56:13.0284

11:56:13.0284 4464 SystemInfo:

11:56:13.0284 4464

11:56:13.0284 4464 OS Version: 6.1.7601 ServicePack: 1.0

11:56:13.0284 4464 Product type: Workstation

11:56:13.0285 4464 ComputerName: SARAHSIZZLE-HP

11:56:13.0285 4464 UserName: Sarah Sizzle

11:56:13.0285 4464 Windows directory: C:\Windows

11:56:13.0285 4464 System windows directory: C:\Windows

11:56:13.0285 4464 Running under WOW64

11:56:13.0285 4464 Processor architecture: Intel x64

11:56:13.0285 4464 Number of processors: 4

11:56:13.0285 4464 Page size: 0x1000

11:56:13.0285 4464 Boot type: Normal boot

11:56:13.0285 4464 ============================================================

11:56:13.0770 4464 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

11:56:13.0777 4464 \Device\Harddisk0\DR0:

11:56:13.0777 4464 MBR used

11:56:13.0777 4464 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800

11:56:13.0777 4464 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x48BF9800

11:56:13.0777 4464 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x48C5D800, BlocksNum 0x1BC6800

11:56:13.0777 4464 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x4A824000, BlocksNum 0x33AB0

11:56:13.0968 4464 Initialize success

11:56:13.0968 4464 ============================================================

11:56:33.0334 3336 ============================================================

11:56:33.0334 3336 Scan started

11:56:33.0334 3336 Mode: Manual; SigCheck; TDLFS;

11:56:33.0334 3336 ============================================================

11:56:43.0507 3336 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

11:56:43.0674 3336 1394ohci - ok

11:56:43.0912 3336 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

11:56:43.0935 3336 ACPI - ok

11:56:44.0228 3336 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

11:56:44.0344 3336 AcpiPmi - ok

11:56:44.0830 3336 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

11:56:44.0864 3336 adp94xx - ok

11:56:45.0223 3336 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

11:56:45.0259 3336 adpahci - ok

11:56:45.0493 3336 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

11:56:45.0509 3336 adpu320 - ok

11:56:45.0871 3336 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

11:56:46.0025 3336 AFD - ok

11:56:46.0504 3336 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

11:56:46.0515 3336 agp440 - ok

11:56:46.0849 3336 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

11:56:46.0864 3336 aliide - ok

11:56:47.0348 3336 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

11:56:47.0365 3336 amdide - ok

11:56:47.0962 3336 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

11:56:48.0068 3336 AmdK8 - ok

11:56:48.0318 3336 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys

11:56:48.0355 3336 AmdPPM - ok

11:56:48.0651 3336 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

11:56:48.0679 3336 amdsata - ok

11:56:49.0004 3336 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

11:56:49.0028 3336 amdsbs - ok

11:56:49.0143 3336 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

11:56:49.0154 3336 amdxata - ok

11:56:49.0555 3336 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

11:56:49.0663 3336 AppID - ok

11:56:50.0016 3336 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

11:56:50.0045 3336 arc - ok

11:56:50.0622 3336 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

11:56:50.0650 3336 arcsas - ok

11:56:50.0984 3336 aswMonFlt (b38061cdefb71361e0c7547ac60527e8) C:\Windows\system32\drivers\aswMonFlt.sys

11:56:51.0007 3336 aswMonFlt - ok

11:56:51.0718 3336 aswSnx (2b15499f68fad60ce69264a327e9b0f0) C:\Windows\system32\drivers\aswSnx.sys

11:56:51.0738 3336 aswSnx - ok

11:56:51.0897 3336 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

11:56:52.0035 3336 AsyncMac - ok

11:56:52.0270 3336 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

11:56:52.0287 3336 atapi - ok

11:56:52.0864 3336 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

11:56:52.0941 3336 b06bdrv - ok

11:56:53.0286 3336 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

11:56:53.0375 3336 b57nd60a - ok

11:56:53.0830 3336 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys

11:56:53.0940 3336 BCM43XX - ok

11:56:54.0353 3336 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

11:56:54.0432 3336 Beep - ok

11:56:54.0908 3336 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys

11:56:54.0950 3336 blbdrive - ok

11:56:55.0541 3336 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

11:56:55.0672 3336 bowser - ok

11:56:56.0097 3336 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

11:56:56.0166 3336 BrFiltLo - ok

11:56:56.0587 3336 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

11:56:56.0622 3336 BrFiltUp - ok

11:56:57.0010 3336 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

11:56:57.0144 3336 Brserid - ok

11:56:57.0453 3336 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

11:56:57.0501 3336 BrSerWdm - ok

11:56:57.0893 3336 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

11:56:58.0005 3336 BrUsbMdm - ok

11:56:58.0401 3336 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

11:56:58.0446 3336 BrUsbSer - ok

11:56:58.0840 3336 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys

11:56:58.0890 3336 BTHMODEM - ok

11:56:59.0394 3336 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

11:56:59.0464 3336 cdfs - ok

11:56:59.0763 3336 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

11:56:59.0794 3336 cdrom - ok

11:57:00.0231 3336 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys

11:57:00.0268 3336 circlass - ok

11:57:00.0475 3336 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

11:57:00.0510 3336 CLFS - ok

11:57:00.0803 3336 clwvd - ok

11:57:01.0251 3336 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys

11:57:01.0303 3336 CmBatt - ok

11:57:01.0665 3336 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

11:57:01.0676 3336 cmdide - ok

11:57:01.0881 3336 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

11:57:01.0905 3336 CNG - ok

11:57:02.0091 3336 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys

11:57:02.0103 3336 Compbatt - ok

11:57:02.0195 3336 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

11:57:02.0236 3336 CompositeBus - ok

11:57:02.0484 3336 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

11:57:02.0512 3336 crcdisk - ok

11:57:02.0693 3336 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

11:57:02.0762 3336 DfsC - ok

11:57:02.0978 3336 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

11:57:03.0054 3336 discache - ok

11:57:03.0366 3336 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

11:57:03.0412 3336 Disk - ok

11:57:03.0704 3336 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

11:57:03.0749 3336 drmkaud - ok

11:57:03.0921 3336 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

11:57:03.0947 3336 DXGKrnl - ok

11:57:04.0429 3336 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

11:57:04.0520 3336 ebdrv - ok

11:57:04.0766 3336 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

11:57:04.0804 3336 elxstor - ok

11:57:05.0011 3336 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

11:57:05.0069 3336 ErrDev - ok

11:57:05.0273 3336 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

11:57:05.0334 3336 exfat - ok

11:57:05.0748 3336 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

11:57:05.0873 3336 fastfat - ok

11:57:06.0166 3336 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys

11:57:06.0211 3336 fdc - ok

11:57:06.0405 3336 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

11:57:06.0422 3336 FileInfo - ok

11:57:06.0455 3336 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

11:57:06.0548 3336 Filetrace - ok

11:57:06.0620 3336 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys

11:57:06.0640 3336 flpydisk - ok

11:57:06.0759 3336 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

11:57:06.0777 3336 FltMgr - ok

11:57:06.0812 3336 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

11:57:06.0824 3336 FsDepends - ok

11:57:06.0843 3336 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

11:57:06.0854 3336 Fs_Rec - ok

11:57:06.0911 3336 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

11:57:06.0928 3336 fvevol - ok

11:57:07.0012 3336 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

11:57:07.0024 3336 gagp30kx - ok

11:57:07.0100 3336 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

11:57:07.0110 3336 GEARAspiWDM - ok

11:57:07.0319 3336 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

11:57:07.0374 3336 hcw85cir - ok

11:57:07.0741 3336 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

11:57:07.0787 3336 HdAudAddService - ok

11:57:07.0944 3336 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

11:57:08.0008 3336 HDAudBus - ok

11:57:08.0214 3336 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys

11:57:08.0222 3336 HECIx64 - ok

11:57:08.0517 3336 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys

11:57:08.0610 3336 HidBatt - ok

11:57:08.0836 3336 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys

11:57:08.0880 3336 HidBth - ok

11:57:09.0022 3336 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys

11:57:09.0066 3336 HidIr - ok

11:57:09.0302 3336 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

11:57:09.0337 3336 HidUsb - ok

11:57:09.0813 3336 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

11:57:09.0833 3336 HpSAMD - ok

11:57:10.0004 3336 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

11:57:10.0076 3336 HTTP - ok

11:57:10.0188 3336 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

11:57:10.0199 3336 hwpolicy - ok

11:57:10.0368 3336 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

11:57:10.0385 3336 i8042prt - ok

11:57:10.0570 3336 iaStor (d469b77687e12fe43e344806740b624d) C:\Windows\system32\DRIVERS\iaStor.sys

11:57:10.0588 3336 iaStor - ok

11:57:10.0900 3336 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

11:57:10.0933 3336 iaStorV - ok

11:57:13.0517 3336 igfx (33faa40b288002c89529dbd14f3ab72c) C:\Windows\system32\DRIVERS\igdkmd64.sys

11:57:14.0040 3336 igfx - ok

11:57:14.0498 3336 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

11:57:14.0535 3336 iirsp - ok

11:57:15.0000 3336 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys

11:57:15.0048 3336 Impcd - ok

11:57:15.0507 3336 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys

11:57:15.0566 3336 IntcDAud - ok

11:57:16.0030 3336 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

11:57:16.0188 3336 intelide - ok

11:57:16.0511 3336 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

11:57:16.0583 3336 intelppm - ok

11:57:17.0001 3336 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

11:57:17.0047 3336 IpFilterDriver - ok

11:57:17.0493 3336 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

11:57:17.0571 3336 IPMIDRV - ok

11:57:17.0835 3336 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

11:57:17.0935 3336 IPNAT - ok

11:57:18.0213 3336 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

11:57:18.0240 3336 IRENUM - ok

11:57:18.0502 3336 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

11:57:18.0533 3336 isapnp - ok

11:57:18.0841 3336 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

11:57:18.0868 3336 iScsiPrt - ok

11:57:18.0983 3336 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

11:57:18.0997 3336 kbdclass - ok

11:57:19.0461 3336 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

11:57:19.0514 3336 kbdhid - ok

11:57:19.0747 3336 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

11:57:19.0766 3336 KSecDD - ok

11:57:19.0793 3336 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

11:57:19.0809 3336 KSecPkg - ok

11:57:19.0877 3336 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

11:57:19.0937 3336 ksthunk - ok

11:57:20.0025 3336 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

11:57:20.0100 3336 lltdio - ok

11:57:20.0219 3336 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

11:57:20.0239 3336 LSI_FC - ok

11:57:20.0279 3336 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

11:57:20.0300 3336 LSI_SAS - ok

11:57:20.0351 3336 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

11:57:20.0365 3336 LSI_SAS2 - ok

11:57:20.0391 3336 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

11:57:20.0405 3336 LSI_SCSI - ok

11:57:20.0490 3336 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

11:57:20.0558 3336 luafv - ok

11:57:20.0788 3336 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

11:57:20.0806 3336 megasas - ok

11:57:20.0911 3336 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

11:57:20.0931 3336 MegaSR - ok

11:57:20.0984 3336 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

11:57:21.0069 3336 Modem - ok

11:57:21.0131 3336 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

11:57:21.0192 3336 monitor - ok

11:57:21.0244 3336 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

11:57:21.0256 3336 mouclass - ok

11:57:21.0319 3336 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

11:57:21.0377 3336 mouhid - ok

11:57:21.0430 3336 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

11:57:21.0442 3336 mountmgr - ok

11:57:21.0498 3336 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

11:57:21.0523 3336 mpio - ok

11:57:21.0553 3336 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

11:57:21.0652 3336 mpsdrv - ok

11:57:21.0678 3336 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

11:57:21.0712 3336 MRxDAV - ok

11:57:21.0733 3336 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

11:57:21.0812 3336 mrxsmb - ok

11:57:21.0858 3336 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

11:57:21.0879 3336 mrxsmb10 - ok

11:57:21.0913 3336 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

11:57:21.0945 3336 mrxsmb20 - ok

11:57:21.0977 3336 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

11:57:21.0992 3336 msahci - ok

11:57:22.0059 3336 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

11:57:22.0089 3336 msdsm - ok

11:57:22.0156 3336 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

11:57:22.0217 3336 Msfs - ok

11:57:22.0251 3336 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

11:57:22.0322 3336 mshidkmdf - ok

11:57:22.0483 3336 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

11:57:22.0496 3336 msisadrv - ok

11:57:22.0722 3336 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

11:57:22.0817 3336 MSKSSRV - ok

11:57:22.0864 3336 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

11:57:22.0941 3336 MSPCLOCK - ok

11:57:22.0966 3336 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

11:57:23.0042 3336 MSPQM - ok

11:57:23.0164 3336 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

11:57:23.0185 3336 MsRPC - ok

11:57:23.0250 3336 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

11:57:23.0264 3336 mssmbios - ok

11:57:23.0362 3336 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

11:57:23.0429 3336 MSTEE - ok

11:57:23.0635 3336 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys

11:57:23.0678 3336 MTConfig - ok

11:57:23.0892 3336 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

11:57:23.0903 3336 Mup - ok

11:57:24.0182 3336 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

11:57:24.0248 3336 NativeWifiP - ok

11:57:24.0462 3336 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys

11:57:24.0496 3336 NDIS - ok

11:57:24.0828 3336 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

11:57:24.0913 3336 NdisCap - ok

11:57:25.0181 3336 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

11:57:25.0268 3336 NdisTapi - ok

11:57:25.0612 3336 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

11:57:25.0674 3336 Ndisuio - ok

11:57:25.0974 3336 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

11:57:26.0099 3336 NdisWan - ok

11:57:26.0626 3336 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

11:57:26.0677 3336 NDProxy - ok

11:57:27.0028 3336 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

11:57:27.0130 3336 NetBIOS - ok

11:57:27.0573 3336 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

11:57:27.0624 3336 NetBT - ok

11:57:28.0562 3336 netr28x (a98071e3e1e5e503462cc9e0ded91a36) C:\Windows\system32\DRIVERS\netr28x.sys

11:57:28.0811 3336 netr28x - ok

11:57:29.0045 3336 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys

11:57:29.0067 3336 nfrd960 - ok

11:57:29.0373 3336 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

11:57:29.0441 3336 Npfs - ok

11:57:29.0624 3336 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

11:57:29.0693 3336 nsiproxy - ok

11:57:30.0612 3336 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

11:57:30.0716 3336 Ntfs - ok

11:57:31.0130 3336 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

11:57:31.0204 3336 Null - ok

11:57:31.0529 3336 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys

11:57:31.0578 3336 NVENETFD - ok

11:57:32.0258 3336 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

11:57:32.0286 3336 nvraid - ok

11:57:32.0663 3336 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

11:57:32.0731 3336 nvstor - ok

11:57:33.0043 3336 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

11:57:33.0095 3336 nv_agp - ok

11:57:33.0299 3336 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

11:57:33.0323 3336 ohci1394 - ok

11:57:33.0545 3336 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys

11:57:33.0566 3336 Parport - ok

11:57:33.0795 3336 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

11:57:33.0823 3336 partmgr - ok

11:57:34.0137 3336 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

11:57:34.0153 3336 pci - ok

11:57:34.0329 3336 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

11:57:34.0378 3336 pciide - ok

11:57:34.0620 3336 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys

11:57:34.0640 3336 pcmcia - ok

11:57:34.0831 3336 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

11:57:34.0846 3336 pcw - ok

11:57:35.0340 3336 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

11:57:35.0436 3336 PEAUTH - ok

11:57:35.0736 3336 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

11:57:35.0800 3336 PptpMiniport - ok

11:57:36.0188 3336 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys

11:57:36.0239 3336 Processor - ok

11:57:36.0464 3336 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

11:57:36.0617 3336 Psched - ok

11:57:37.0158 3336 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys

11:57:37.0225 3336 ql2300 - ok

11:57:37.0565 3336 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys

11:57:37.0591 3336 ql40xx - ok

11:57:38.0090 3336 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

11:57:38.0211 3336 QWAVEdrv - ok

11:57:38.0502 3336 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

11:57:38.0611 3336 RasAcd - ok

11:57:38.0763 3336 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

11:57:38.0834 3336 RasAgileVpn - ok

11:57:38.0873 3336 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

11:57:39.0006 3336 Rasl2tp - ok

11:57:39.0054 3336 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

11:57:39.0204 3336 RasPppoe - ok

11:57:39.0247 3336 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

11:57:39.0358 3336 RasSstp - ok

11:57:39.0462 3336 rcmirror (96597c96d5acf4a3ef0b24d396853879) C:\Windows\system32\DRIVERS\rcmirror.sys

11:57:39.0521 3336 rcmirror - ok

11:57:39.0569 3336 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

11:57:39.0669 3336 rdbss - ok

11:57:39.0966 3336 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys

11:57:40.0049 3336 rdpbus - ok

11:57:40.0163 3336 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

11:57:40.0254 3336 RDPCDD - ok

11:57:40.0306 3336 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

11:57:40.0408 3336 RDPENCDD - ok

11:57:40.0480 3336 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

11:57:40.0539 3336 RDPREFMP - ok

11:57:40.0571 3336 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

11:57:40.0637 3336 RDPWD - ok

11:57:40.0689 3336 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

11:57:40.0708 3336 rdyboost - ok

11:57:40.0780 3336 RimUsb (ad42432d22940b4215177be113e4919c) C:\Windows\system32\Drivers\RimUsb_AMD64.sys

11:57:40.0849 3336 RimUsb - ok

11:57:40.0939 3336 RimVSerPort (4aafffa67ac4dfa3d9985d78573887e2) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys

11:57:40.0982 3336 RimVSerPort - ok

11:57:41.0065 3336 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys

11:57:41.0145 3336 ROOTMODEM - ok

11:57:41.0461 3336 RSPCIESTOR (546d7f426776090b90ef5f195b6ae662) C:\Windows\system32\DRIVERS\RtsPStor.sys

11:57:41.0487 3336 RSPCIESTOR - ok

11:57:41.0561 3336 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

11:57:41.0655 3336 rspndr - ok

11:57:41.0799 3336 RTL8167 (9140db0911de035fed0a9a77a2d156ea) C:\Windows\system32\DRIVERS\Rt64win7.sys

11:57:41.0817 3336 RTL8167 - ok

11:57:42.0162 3336 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

11:57:42.0183 3336 sbp2port - ok

11:57:42.0470 3336 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

11:57:42.0531 3336 scfilter - ok

11:57:42.0771 3336 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys

11:57:42.0819 3336 sdbus - ok

11:57:42.0873 3336 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

11:57:42.0981 3336 secdrv - ok

11:57:43.0112 3336 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys

11:57:43.0151 3336 Serenum - ok

11:57:43.0197 3336 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys

11:57:43.0253 3336 Serial - ok

11:57:43.0319 3336 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys

11:57:43.0369 3336 sermouse - ok

11:57:43.0435 3336 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

11:57:43.0467 3336 sffdisk - ok

11:57:43.0527 3336 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

11:57:43.0565 3336 sffp_mmc - ok

11:57:43.0589 3336 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

11:57:43.0650 3336 sffp_sd - ok

11:57:43.0718 3336 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys

11:57:43.0759 3336 sfloppy - ok

11:57:43.0826 3336 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys

11:57:43.0843 3336 SiSRaid2 - ok

11:57:43.0879 3336 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys

11:57:43.0890 3336 SiSRaid4 - ok

11:57:44.0003 3336 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

11:57:44.0081 3336 Smb - ok

11:57:44.0424 3336 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

11:57:44.0434 3336 spldr - ok

11:57:44.0615 3336 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

11:57:44.0672 3336 srv - ok

11:57:44.0949 3336 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

11:57:44.0999 3336 srv2 - ok

11:57:45.0408 3336 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS

11:57:45.0428 3336 SrvHsfHDA - ok

11:57:45.0823 3336 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS

11:57:45.0901 3336 SrvHsfV92 - ok

11:57:46.0391 3336 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS

11:57:46.0422 3336 SrvHsfWinac - ok

11:57:46.0828 3336 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

11:57:46.0899 3336 srvnet - ok

11:57:47.0246 3336 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys

11:57:47.0266 3336 stexstor - ok

11:57:47.0714 3336 STHDA (ebc1a5e076a9be314d3d9e8ed19abb0a) C:\Windows\system32\DRIVERS\stwrt64.sys

11:57:47.0788 3336 STHDA - ok

11:57:48.0094 3336 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

11:57:48.0104 3336 swenum - ok

11:57:48.0421 3336 SynTP (c447977ed2a4ae9346fe3a0579a34d7c) C:\Windows\system32\DRIVERS\SynTP.sys

11:57:48.0458 3336 SynTP - ok

11:57:48.0924 3336 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

11:57:49.0002 3336 Tcpip - ok

11:57:49.0405 3336 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

11:57:49.0453 3336 TCPIP6 - ok

11:57:49.0706 3336 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

11:57:49.0799 3336 tcpipreg - ok

11:57:50.0245 3336 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

11:57:50.0423 3336 TDPIPE - ok

11:57:50.0677 3336 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

11:57:50.0760 3336 TDTCP - ok

11:57:50.0928 3336 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

11:57:50.0986 3336 tdx - ok

11:57:51.0352 3336 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

11:57:51.0364 3336 TermDD - ok

11:57:51.0575 3336 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

11:57:51.0660 3336 tssecsrv - ok

11:57:51.0782 3336 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

11:57:51.0946 3336 TsUsbFlt - ok

11:57:52.0089 3336 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys

11:57:52.0121 3336 TsUsbGD - ok

11:57:52.0383 3336 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

11:57:52.0461 3336 tunnel - ok

11:57:52.0678 3336 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys

11:57:52.0699 3336 uagp35 - ok

11:57:52.0925 3336 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

11:57:53.0024 3336 udfs - ok

11:57:53.0297 3336 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

11:57:53.0324 3336 uliagpkx - ok

11:57:53.0581 3336 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

11:57:53.0629 3336 umbus - ok

11:57:53.0886 3336 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys

11:57:53.0934 3336 UmPass - ok

11:57:54.0157 3336 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys

11:57:54.0209 3336 USBAAPL64 - ok

11:57:54.0491 3336 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

11:57:54.0553 3336 usbccgp - ok

11:57:54.0723 3336 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

11:57:54.0762 3336 usbcir - ok

11:57:54.0905 3336 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

11:57:54.0940 3336 usbehci - ok

11:57:55.0108 3336 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

11:57:55.0147 3336 usbhub - ok

11:57:55.0470 3336 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

11:57:55.0516 3336 usbohci - ok

11:57:55.0829 3336 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

11:57:55.0924 3336 usbprint - ok

11:57:56.0208 3336 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

11:57:56.0270 3336 usbscan - ok

11:57:56.0555 3336 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

11:57:56.0625 3336 USBSTOR - ok

11:57:56.0923 3336 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

11:57:56.0967 3336 usbuhci - ok

11:57:57.0371 3336 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys

11:57:57.0422 3336 usbvideo - ok

11:57:57.0718 3336 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

11:57:57.0734 3336 vdrvroot - ok

11:57:58.0072 3336 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

11:57:58.0092 3336 vga - ok

11:57:58.0289 3336 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

11:57:58.0374 3336 VgaSave - ok

11:57:58.0779 3336 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

11:57:58.0809 3336 vhdmp - ok

11:57:59.0155 3336 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

11:57:59.0178 3336 viaide - ok

11:57:59.0523 3336 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

11:57:59.0550 3336 volmgr - ok

11:57:59.0985 3336 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

11:58:00.0012 3336 volmgrx - ok

11:58:00.0509 3336 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

11:58:00.0543 3336 volsnap - ok

11:58:01.0094 3336 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys

11:58:01.0119 3336 vsmraid - ok

11:58:01.0276 3336 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

11:58:01.0769 3336 vwifibus - ok

11:58:02.0079 3336 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

11:58:02.0240 3336 vwififlt - ok

11:58:02.0412 3336 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys

11:58:02.0519 3336 WacomPen - ok

11:58:02.0638 3336 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

11:58:02.0743 3336 WANARP - ok

11:58:02.0804 3336 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

11:58:02.0851 3336 Wanarpv6 - ok

11:58:03.0189 3336 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys

11:58:03.0210 3336 Wd - ok

11:58:03.0668 3336 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

11:58:03.0722 3336 Wdf01000 - ok

11:58:04.0197 3336 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

11:58:04.0257 3336 WfpLwf - ok

11:58:04.0510 3336 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

11:58:04.0538 3336 WIMMount - ok

11:58:04.0729 3336 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

11:58:04.0804 3336 WinUsb - ok

11:58:04.0906 3336 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

11:58:04.0933 3336 WmiAcpi - ok

11:58:05.0006 3336 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

11:58:05.0054 3336 ws2ifsl - ok

11:58:05.0088 3336 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

11:58:05.0163 3336 WudfPf - ok

11:58:05.0199 3336 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

11:58:05.0262 3336 WUDFRd - ok

11:58:05.0342 3336 MBR (0x1B8) (c0dcf0ac171db02db8b0014c5d767cf1) \Device\Harddisk0\DR0

11:58:05.0374 3336 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

11:58:05.0374 3336 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)

11:58:06.0208 3336 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

11:58:06.0209 3336 \Device\Harddisk0\DR0 - detected TDSS File System (1)

11:58:06.0239 3336 Boot (0x1200) (54210647adf02a0077bc75ded00f20f6) \Device\Harddisk0\DR0\Partition0

11:58:06.0286 3336 \Device\Harddisk0\DR0\Partition0 - ok

11:58:06.0319 3336 Boot (0x1200) (93efbfab3221d70da6d144773cdf6145) \Device\Harddisk0\DR0\Partition1

11:58:06.0352 3336 \Device\Harddisk0\DR0\Partition1 - ok

11:58:06.0404 3336 Boot (0x1200) (e786f36715408bd1dbf015733bdd020d) \Device\Harddisk0\DR0\Partition2

11:58:06.0446 3336 \Device\Harddisk0\DR0\Partition2 - ok

11:58:06.0490 3336 Boot (0x1200) (73a43bb82e2c9f247a5d4d9b1a5b5446) \Device\Harddisk0\DR0\Partition3

11:58:06.0516 3336 \Device\Harddisk0\DR0\Partition3 - ok

11:58:06.0517 3336 ============================================================

11:58:06.0517 3336 Scan finished

11:58:06.0517 3336 ============================================================

11:58:06.0536 4684 Detected object count: 2

11:58:06.0536 4684 Actual detected object count: 2

11:58:20.0966 4684 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - skipped by user

11:58:20.0966 4684 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Skip

11:58:20.0969 4684 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

11:58:20.0969 4684 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

11:59:10.0085 2604 ============================================================

11:59:10.0085 2604 Scan started

11:59:10.0085 2604 Mode: Manual; SigCheck; TDLFS;

11:59:10.0085 2604 ============================================================

11:59:15.0787 2604 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

11:59:15.0823 2604 1394ohci - ok

11:59:16.0723 2604 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

11:59:16.0740 2604 ACPI - ok

11:59:17.0128 2604 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

11:59:17.0149 2604 AcpiPmi - ok

11:59:17.0729 2604 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

11:59:17.0747 2604 adp94xx - ok

11:59:18.0411 2604 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

11:59:18.0427 2604 adpahci - ok

11:59:18.0825 2604 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

11:59:18.0843 2604 adpu320 - ok

11:59:19.0509 2604 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

11:59:19.0531 2604 AFD - ok

11:59:20.0324 2604 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

11:59:20.0342 2604 agp440 - ok

11:59:20.0868 2604 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

11:59:20.0882 2604 aliide - ok

11:59:21.0511 2604 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

11:59:21.0521 2604 amdide - ok

11:59:21.0704 2604 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

11:59:21.0719 2604 AmdK8 - ok

11:59:21.0894 2604 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys

11:59:21.0916 2604 AmdPPM - ok

11:59:22.0360 2604 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

11:59:22.0373 2604 amdsata - ok

11:59:22.0469 2604 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

11:59:22.0482 2604 amdsbs - ok

11:59:22.0575 2604 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

11:59:22.0585 2604 amdxata - ok

11:59:22.0677 2604 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

11:59:22.0727 2604 AppID - ok

11:59:22.0771 2604 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

11:59:22.0788 2604 arc - ok

11:59:22.0856 2604 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

11:59:22.0872 2604 arcsas - ok

11:59:22.0908 2604 aswMonFlt (b38061cdefb71361e0c7547ac60527e8) C:\Windows\system32\drivers\aswMonFlt.sys

11:59:22.0923 2604 aswMonFlt - ok

11:59:22.0966 2604 aswSnx (2b15499f68fad60ce69264a327e9b0f0) C:\Windows\system32\drivers\aswSnx.sys

11:59:22.0988 2604 aswSnx - ok

11:59:23.0031 2604 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

11:59:23.0098 2604 AsyncMac - ok

11:59:23.0151 2604 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

11:59:23.0169 2604 atapi - ok

11:59:23.0222 2604 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

11:59:23.0245 2604 b06bdrv - ok

11:59:23.0273 2604 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

11:59:23.0300 2604 b57nd60a - ok

11:59:23.0601 2604 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys

11:59:23.0642 2604 BCM43XX - ok

11:59:23.0814 2604 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

11:59:23.0874 2604 Beep - ok

11:59:24.0070 2604 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys

11:59:24.0087 2604 blbdrive - ok

11:59:24.0192 2604 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

11:59:24.0208 2604 bowser - ok

11:59:24.0360 2604 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

11:59:24.0382 2604 BrFiltLo - ok

11:59:24.0528 2604 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

11:59:24.0546 2604 BrFiltUp - ok

11:59:24.0662 2604 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

11:59:24.0685 2604 Brserid - ok

11:59:24.0906 2604 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

11:59:24.0927 2604 BrSerWdm - ok

11:59:24.0980 2604 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

11:59:25.0000 2604 BrUsbMdm - ok

11:59:25.0021 2604 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

11:59:25.0040 2604 BrUsbSer - ok

11:59:25.0254 2604 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys

11:59:25.0285 2604 BTHMODEM - ok

11:59:25.0394 2604 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

11:59:25.0447 2604 cdfs - ok

11:59:25.0685 2604 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

11:59:25.0700 2604 cdrom - ok

11:59:25.0842 2604 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys

11:59:25.0881 2604 circlass - ok

11:59:26.0131 2604 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

11:59:26.0153 2604 CLFS - ok

11:59:26.0381 2604 clwvd - ok

11:59:26.0673 2604 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys

11:59:26.0691 2604 CmBatt - ok

11:59:26.0933 2604 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

11:59:26.0949 2604 cmdide - ok

11:59:27.0215 2604 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

11:59:27.0245 2604 CNG - ok

11:59:27.0503 2604 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys

11:59:27.0514 2604 Compbatt - ok

11:59:27.0951 2604 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

11:59:27.0967 2604 CompositeBus - ok

11:59:28.0240 2604 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

11:59:28.0250 2604 crcdisk - ok

11:59:28.0527 2604 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

11:59:28.0579 2604 DfsC - ok

11:59:28.0845 2604 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

11:59:28.0896 2604 discache - ok

11:59:29.0277 2604 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

11:59:29.0287 2604 Disk - ok

11:59:29.0578 2604 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

11:59:29.0598 2604 drmkaud - ok

11:59:30.0097 2604 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

11:59:30.0124 2604 DXGKrnl - ok

11:59:30.0984 2604 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

11:59:31.0034 2604 ebdrv - ok

11:59:31.0387 2604 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

11:59:31.0412 2604 elxstor - ok

11:59:31.0698 2604 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

11:59:31.0720 2604 ErrDev - ok

11:59:31.0949 2604 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

11:59:32.0001 2604 exfat - ok

11:59:32.0457 2604 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

11:59:32.0521 2604 fastfat - ok

11:59:32.0631 2604 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys

11:59:32.0648 2604 fdc - ok

11:59:32.0748 2604 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

11:59:32.0759 2604 FileInfo - ok

11:59:32.0787 2604 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

11:59:32.0841 2604 Filetrace - ok

11:59:33.0075 2604 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys

11:59:33.0099 2604 flpydisk - ok

11:59:33.0424 2604 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

11:59:33.0440 2604 FltMgr - ok

11:59:33.0721 2604 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

11:59:33.0733 2604 FsDepends - ok

11:59:34.0063 2604 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

11:59:34.0073 2604 Fs_Rec - ok

11:59:34.0498 2604 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

11:59:34.0519 2604 fvevol - ok

11:59:34.0787 2604 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

11:59:34.0805 2604 gagp30kx - ok

11:59:35.0120 2604 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

11:59:35.0129 2604 GEARAspiWDM - ok

11:59:35.0405 2604 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

11:59:35.0419 2604 hcw85cir - ok

11:59:35.0838 2604 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

11:59:35.0862 2604 HdAudAddService - ok

11:59:36.0828 2604 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

11:59:36.0857 2604 HDAudBus - ok

11:59:37.0065 2604 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys

11:59:37.0075 2604 HECIx64 - ok

11:59:37.0157 2604 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys

11:59:37.0171 2604 HidBatt - ok

11:59:37.0210 2604 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys

11:59:37.0230 2604 HidBth - ok

11:59:37.0264 2604 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys

11:59:37.0296 2604 HidIr - ok

11:59:37.0334 2604 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

11:59:37.0364 2604 HidUsb - ok

11:59:37.0454 2604 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

11:59:37.0472 2604 HpSAMD - ok

11:59:37.0511 2604 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

11:59:37.0586 2604 HTTP - ok

11:59:37.0630 2604 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

11:59:37.0645 2604 hwpolicy - ok

11:59:37.0667 2604 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

11:59:37.0698 2604 i8042prt - ok

11:59:37.0747 2604 iaStor (d469b77687e12fe43e344806740b624d) C:\Windows\system32\DRIVERS\iaStor.sys

11:59:37.0772 2604 iaStor - ok

11:59:37.0819 2604 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

11:59:37.0854 2604 iaStorV - ok

11:59:38.0117 2604 igfx (33faa40b288002c89529dbd14f3ab72c) C:\Windows\system32\DRIVERS\igdkmd64.sys

11:59:38.0400 2604 igfx - ok

11:59:38.0500 2604 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

11:59:38.0515 2604 iirsp - ok

11:59:38.0558 2604 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys

11:59:38.0579 2604 Impcd - ok

11:59:38.0622 2604 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys

11:59:38.0653 2604 IntcDAud - ok

11:59:38.0691 2604 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

11:59:38.0705 2604 intelide - ok

11:59:38.0739 2604 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

11:59:38.0783 2604 intelppm - ok

11:59:38.0807 2604 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

11:59:38.0873 2604 IpFilterDriver - ok

11:59:38.0912 2604 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

11:59:38.0932 2604 IPMIDRV - ok

11:59:38.0941 2604 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

11:59:39.0011 2604 IPNAT - ok

11:59:39.0033 2604 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

11:59:39.0088 2604 IRENUM - ok

11:59:39.0113 2604 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

11:59:39.0128 2604 isapnp - ok

11:59:39.0161 2604 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

11:59:39.0184 2604 iScsiPrt - ok

11:59:39.0215 2604 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

11:59:39.0232 2604 kbdclass - ok

11:59:39.0260 2604 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

11:59:39.0282 2604 kbdhid - ok

11:59:39.0314 2604 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

11:59:39.0330 2604 KSecDD - ok

11:59:39.0359 2604 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

11:59:39.0380 2604 KSecPkg - ok

11:59:39.0410 2604 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

11:59:39.0489 2604 ksthunk - ok

11:59:39.0525 2604 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

11:59:39.0585 2604 lltdio - ok

11:59:39.0630 2604 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

11:59:39.0646 2604 LSI_FC - ok

11:59:39.0667 2604 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

11:59:39.0683 2604 LSI_SAS - ok

11:59:39.0707 2604 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

11:59:39.0725 2604 LSI_SAS2 - ok

11:59:39.0747 2604 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

11:59:39.0762 2604 LSI_SCSI - ok

11:59:39.0779 2604 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

11:59:39.0845 2604 luafv - ok

11:59:40.0132 2604 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

11:59:40.0142 2604 megasas - ok

11:59:40.0588 2604 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

11:59:40.0604 2604 MegaSR - ok

11:59:40.0705 2604 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

11:59:40.0773 2604 Modem - ok

11:59:40.0853 2604 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

11:59:40.0879 2604 monitor - ok

11:59:40.0967 2604 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

11:59:40.0983 2604 mouclass - ok

11:59:41.0085 2604 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

11:59:41.0104 2604 mouhid - ok

11:59:41.0229 2604 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

11:59:41.0245 2604 mountmgr - ok

11:59:41.0375 2604 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

11:59:41.0393 2604 mpio - ok

11:59:41.0508 2604 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

11:59:41.0570 2604 mpsdrv - ok

11:59:41.0611 2604 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

11:59:41.0642 2604 MRxDAV - ok

11:59:41.0687 2604 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

11:59:41.0705 2604 mrxsmb - ok

11:59:41.0747 2604 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

11:59:41.0768 2604 mrxsmb10 - ok

11:59:41.0812 2604 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

11:59:41.0829 2604 mrxsmb20 - ok

11:59:41.0987 2604 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

11:59:42.0001 2604 msahci - ok

11:59:42.0101 2604 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

11:59:42.0116 2604 msdsm - ok

11:59:42.0221 2604 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

11:59:42.0279 2604 Msfs - ok

11:59:42.0372 2604 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

11:59:42.0441 2604 mshidkmdf - ok

11:59:42.0470 2604 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

11:59:42.0484 2604 msisadrv - ok

11:59:42.0522 2604 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

11:59:42.0577 2604 MSKSSRV - ok

11:59:42.0608 2604 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

11:59:42.0664 2604 MSPCLOCK - ok

11:59:42.0710 2604 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

11:59:42.0771 2604 MSPQM - ok

11:59:42.0797 2604 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

11:59:42.0818 2604 MsRPC - ok

11:59:42.0872 2604 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

11:59:42.0889 2604 mssmbios - ok

11:59:42.0917 2604 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

11:59:42.0982 2604 MSTEE - ok

11:59:43.0013 2604 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys

11:59:43.0033 2604 MTConfig - ok

11:59:43.0047 2604 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

11:59:43.0063 2604 Mup - ok

11:59:43.0104 2604 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

11:59:43.0140 2604 NativeWifiP - ok

11:59:43.0186 2604 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys

11:59:43.0222 2604 NDIS - ok

11:59:43.0250 2604 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

11:59:43.0308 2604 NdisCap - ok

11:59:43.0327 2604 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

11:59:43.0379 2604 NdisTapi - ok

11:59:43.0393 2604 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

11:59:43.0447 2604 Ndisuio - ok

11:59:43.0465 2604 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

11:59:43.0521 2604 NdisWan - ok

11:59:43.0541 2604 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

11:59:43.0604 2604 NDProxy - ok

11:59:43.0621 2604 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

11:59:43.0674 2604 NetBIOS - ok

11:59:43.0690 2604 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

11:59:43.0759 2604 NetBT - ok

11:59:43.0975 2604 netr28x (a98071e3e1e5e503462cc9e0ded91a36) C:\Windows\system32\DRIVERS\netr28x.sys

11:59:44.0013 2604 netr28x - ok

11:59:44.0141 2604 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys

11:59:44.0152 2604 nfrd960 - ok

11:59:44.0181 2604 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

11:59:44.0229 2604 Npfs - ok

11:59:44.0265 2604 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

11:59:44.0324 2604 nsiproxy - ok

11:59:44.0399 2604 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

11:59:44.0447 2604 Ntfs - ok

11:59:44.0541 2604 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

11:59:44.0599 2604 Null - ok

11:59:44.0625 2604 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys

11:59:44.0648 2604 NVENETFD - ok

11:59:44.0669 2604 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

11:59:44.0687 2604 nvraid - ok

11:59:44.0708 2604 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

11:59:44.0723 2604 nvstor - ok

11:59:44.0755 2604 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

11:59:44.0773 2604 nv_agp - ok

11:59:44.0800 2604 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

11:59:44.0820 2604 ohci1394 - ok

11:59:44.0869 2604 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys

11:59:44.0885 2604 Parport - ok

11:59:44.0919 2604 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

11:59:44.0933 2604 partmgr - ok

11:59:44.0973 2604 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

11:59:44.0988 2604 pci - ok

11:59:45.0009 2604 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

11:59:45.0022 2604 pciide - ok

11:59:45.0056 2604 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys

11:59:45.0076 2604 pcmcia - ok

11:59:45.0090 2604 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

11:59:45.0105 2604 pcw - ok

11:59:45.0133 2604 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

11:59:45.0194 2604 PEAUTH - ok

11:59:45.0273 2604 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

11:59:45.0322 2604 PptpMiniport - ok

11:59:45.0349 2604 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys

11:59:45.0370 2604 Processor - ok

11:59:45.0403 2604 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

11:59:45.0456 2604 Psched - ok

11:59:45.0509 2604 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys

11:59:45.0546 2604 ql2300 - ok

11:59:45.0580 2604 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys

11:59:45.0592 2604 ql40xx - ok

11:59:45.0629 2604 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

11:59:45.0651 2604 QWAVEdrv - ok

11:59:45.0666 2604 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

11:59:45.0714 2604 RasAcd - ok

11:59:45.0750 2604 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

11:59:45.0798 2604 RasAgileVpn - ok

11:59:46.0203 2604 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

11:59:46.0244 2604 Rasl2tp - ok

11:59:46.0351 2604 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

11:59:46.0396 2604 RasPppoe - ok

11:59:46.0489 2604 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

11:59:46.0536 2604 RasSstp - ok

11:59:46.0704 2604 rcmirror (96597c96d5acf4a3ef0b24d396853879) C:\Windows\system32\DRIVERS\rcmirror.sys

11:59:46.0716 2604 rcmirror - ok

11:59:46.0765 2604 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

11:59:46.0823 2604 rdbss - ok

11:59:46.0854 2604 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys

11:59:46.0875 2604 rdpbus - ok

11:59:46.0894 2604 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

11:59:46.0943 2604 RDPCDD - ok

11:59:46.0954 2604 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

11:59:47.0001 2604 RDPENCDD - ok

11:59:47.0024 2604 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

11:59:47.0071 2604 RDPREFMP - ok

11:59:47.0092 2604 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

11:59:47.0144 2604 RDPWD - ok

11:59:47.0165 2604 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

11:59:47.0183 2604 rdyboost - ok

11:59:47.0234 2604 RimUsb (ad42432d22940b4215177be113e4919c) C:\Windows\system32\Drivers\RimUsb_AMD64.sys

11:59:47.0246 2604 RimUsb - ok

11:59:47.0282 2604 RimVSerPort (4aafffa67ac4dfa3d9985d78573887e2) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys

11:59:47.0292 2604 RimVSerPort - ok

11:59:47.0320 2604 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys

11:59:47.0368 2604 ROOTMODEM - ok

11:59:47.0416 2604 RSPCIESTOR (546d7f426776090b90ef5f195b6ae662) C:\Windows\system32\DRIVERS\RtsPStor.sys

11:59:47.0430 2604 RSPCIESTOR - ok

11:59:47.0447 2604 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

11:59:47.0491 2604 rspndr - ok

11:59:47.0531 2604 RTL8167 (9140db0911de035fed0a9a77a2d156ea) C:\Windows\system32\DRIVERS\Rt64win7.sys

11:59:47.0554 2604 RTL8167 - ok

11:59:47.0585 2604 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

11:59:47.0602 2604 sbp2port - ok

11:59:47.0639 2604 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

11:59:47.0686 2604 scfilter - ok

11:59:47.0717 2604 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys

11:59:47.0745 2604 sdbus - ok

11:59:47.0774 2604 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

11:59:47.0835 2604 secdrv - ok

11:59:48.0212 2604 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys

11:59:48.0229 2604 Serenum - ok

11:59:48.0865 2604 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys

11:59:48.0883 2604 Serial - ok

11:59:48.0975 2604 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys

11:59:48.0989 2604 sermouse - ok

11:59:49.0102 2604 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

11:59:49.0123 2604 sffdisk - ok

11:59:49.0217 2604 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

11:59:49.0237 2604 sffp_mmc - ok

11:59:49.0289 2604 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

11:59:49.0310 2604 sffp_sd - ok

11:59:49.0363 2604 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys

11:59:49.0378 2604 sfloppy - ok

11:59:49.0414 2604 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys

11:59:49.0425 2604 SiSRaid2 - ok

11:59:49.0470 2604 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys

11:59:49.0483 2604 SiSRaid4 - ok

11:59:49.0524 2604 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

11:59:49.0582 2604 Smb - ok

11:59:49.0637 2604 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

11:59:49.0648 2604 spldr - ok

11:59:49.0698 2604 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

11:59:49.0718 2604 srv - ok

11:59:49.0764 2604 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

11:59:49.0791 2604 srv2 - ok

11:59:49.0883 2604 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS

11:59:49.0910 2604 SrvHsfHDA - ok

11:59:50.0046 2604 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS

11:59:50.0084 2604 SrvHsfV92 - ok

11:59:50.0191 2604 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS

11:59:50.0244 2604 SrvHsfWinac - ok

11:59:50.0365 2604 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

11:59:50.0416 2604 srvnet - ok

11:59:50.0528 2604 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys

11:59:50.0544 2604 stexstor - ok

11:59:50.0597 2604 STHDA (ebc1a5e076a9be314d3d9e8ed19abb0a) C:\Windows\system32\DRIVERS\stwrt64.sys

11:59:50.0626 2604 STHDA - ok

11:59:50.0678 2604 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

11:59:50.0689 2604 swenum - ok

11:59:50.0751 2604 SynTP (c447977ed2a4ae9346fe3a0579a34d7c) C:\Windows\system32\DRIVERS\SynTP.sys

11:59:50.0792 2604 SynTP - ok

11:59:50.0943 2604 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

11:59:50.0999 2604 Tcpip - ok

11:59:51.0131 2604 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

11:59:51.0193 2604 TCPIP6 - ok

11:59:51.0302 2604 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

11:59:51.0370 2604 tcpipreg - ok

11:59:51.0407 2604 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

11:59:51.0515 2604 TDPIPE - ok

11:59:51.0544 2604 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

11:59:51.0628 2604 TDTCP - ok

11:59:51.0659 2604 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

11:59:51.0743 2604 tdx - ok

11:59:51.0772 2604 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

11:59:51.0786 2604 TermDD - ok

11:59:51.0829 2604 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

11:59:51.0907 2604 tssecsrv - ok

11:59:51.0925 2604 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

11:59:51.0945 2604 TsUsbFlt - ok

11:59:51.0966 2604 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys

11:59:51.0992 2604 TsUsbGD - ok

11:59:52.0016 2604 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

11:59:52.0094 2604 tunnel - ok

11:59:52.0122 2604 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys

11:59:52.0140 2604 uagp35 - ok

11:59:52.0213 2604 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

11:59:52.0317 2604 udfs - ok

11:59:52.0374 2604 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

11:59:52.0390 2604 uliagpkx - ok

11:59:52.0416 2604 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

11:59:52.0443 2604 umbus - ok

11:59:52.0465 2604 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys

11:59:52.0529 2604 UmPass - ok

11:59:52.0581 2604 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys

11:59:52.0626 2604 USBAAPL64 - ok

11:59:52.0659 2604 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

11:59:52.0719 2604 usbccgp - ok

11:59:52.0747 2604 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

11:59:52.0774 2604 usbcir - ok

11:59:52.0797 2604 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

11:59:52.0851 2604 usbehci - ok

11:59:52.0926 2604 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

11:59:52.0961 2604 usbhub - ok

11:59:52.0995 2604 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

11:59:53.0022 2604 usbohci - ok

11:59:53.0054 2604 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

11:59:53.0092 2604 usbprint - ok

11:59:53.0123 2604 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

11:59:53.0146 2604 usbscan - ok

11:59:53.0181 2604 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

11:59:53.0202 2604 USBSTOR - ok

11:59:53.0232 2604 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

11:59:53.0270 2604 usbuhci - ok

11:59:53.0310 2604 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys

11:59:53.0342 2604 usbvideo - ok

11:59:53.0414 2604 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

11:59:53.0437 2604 vdrvroot - ok

11:59:53.0469 2604 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

11:59:53.0506 2604 vga - ok

11:59:53.0530 2604 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

11:59:53.0605 2604 VgaSave - ok

11:59:53.0642 2604 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

11:59:53.0670 2604 vhdmp - ok

11:59:53.0716 2604 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

11:59:53.0734 2604 viaide - ok

11:59:53.0776 2604 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

11:59:53.0796 2604 volmgr - ok

11:59:54.0116 2604 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

11:59:54.0140 2604 volmgrx - ok

11:59:54.0385 2604 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

11:59:54.0427 2604 volsnap - ok

11:59:54.0537 2604 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys

11:59:54.0555 2604 vsmraid - ok

11:59:54.0653 2604 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

11:59:54.0691 2604 vwifibus - ok

11:59:54.0790 2604 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

11:59:54.0818 2604 vwififlt - ok

11:59:54.0946 2604 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys

11:59:54.0970 2604 WacomPen - ok

11:59:55.0017 2604 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

11:59:55.0085 2604 WANARP - ok

11:59:55.0091 2604 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

11:59:55.0193 2604 Wanarpv6 - ok

11:59:55.0246 2604 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys

11:59:55.0261 2604 Wd - ok

11:59:55.0314 2604 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

11:59:55.0347 2604 Wdf01000 - ok

11:59:55.0444 2604 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

11:59:55.0515 2604 WfpLwf - ok

11:59:55.0557 2604 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

11:59:55.0572 2604 WIMMount - ok

11:59:55.0633 2604 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

11:59:55.0660 2604 WinUsb - ok

11:59:55.0710 2604 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

11:59:55.0729 2604 WmiAcpi - ok

11:59:55.0766 2604 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

11:59:55.0843 2604 ws2ifsl - ok

11:59:55.0959 2604 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

11:59:56.0017 2604 WudfPf - ok

11:59:56.0058 2604 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

11:59:56.0134 2604 WUDFRd - ok

11:59:56.0179 2604 MBR (0x1B8) (c0dcf0ac171db02db8b0014c5d767cf1) \Device\Harddisk0\DR0

11:59:56.0212 2604 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

11:59:56.0212 2604 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)

11:59:56.0261 2604 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

11:59:56.0261 2604 \Device\Harddisk0\DR0 - detected TDSS File System (1)

11:59:56.0299 2604 Boot (0x1200) (54210647adf02a0077bc75ded00f20f6) \Device\Harddisk0\DR0\Partition0

11:59:56.0300 2604 \Device\Harddisk0\DR0\Partition0 - ok

11:59:56.0313 2604 Boot (0x1200) (93efbfab3221d70da6d144773cdf6145) \Device\Harddisk0\DR0\Partition1

11:59:56.0314 2604 \Device\Harddisk0\DR0\Partition1 - ok

11:59:56.0343 2604 Boot (0x1200) (e786f36715408bd1dbf015733bdd020d) \Device\Harddisk0\DR0\Partition2

11:59:56.0344 2604 \Device\Harddisk0\DR0\Partition2 - ok

11:59:56.0379 2604 Boot (0x1200) (73a43bb82e2c9f247a5d4d9b1a5b5446) \Device\Harddisk0\DR0\Partition3

11:59:56.0380 2604 \Device\Harddisk0\DR0\Partition3 - ok

11:59:56.0385 2604 ============================================================

11:59:56.0385 2604 Scan finished

11:59:56.0385 2604 ============================================================

11:59:56.0428 4328 Detected object count: 2

11:59:56.0428 4328 Actual detected object count: 2

12:00:13.0996 4328 \Device\Harddisk0\DR0\# - copied to quarantine

12:00:13.0996 4328 \Device\Harddisk0\DR0 - copied to quarantine

12:00:14.0038 4328 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

12:00:14.0041 4328 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine

12:00:14.0056 4328 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine

12:00:14.0064 4328 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine

12:00:14.0066 4328 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine

12:00:14.0067 4328 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine

12:00:14.0069 4328 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine

12:00:14.0073 4328 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine

12:00:14.0076 4328 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine

12:00:14.0078 4328 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine

12:00:14.0104 4328 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot

12:00:14.0105 4328 \Device\Harddisk0\DR0 - ok

12:00:14.0423 4328 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

12:00:14.0423 4328 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

12:00:14.0423 4328 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

12:00:29.0397 4828 Deinitialize success

12:31:20.0355 1528 TDSS rootkit removing tool 2.7.18.0 Mar 2 2012 09:40:07

12:31:20.0652 1528 ============================================================

12:31:20.0652 1528 Current date / time: 2012/03/03 12:31:20.0652

12:31:20.0652 1528 SystemInfo:

12:31:20.0652 1528

12:31:20.0652 1528 OS Version: 6.1.7601 ServicePack: 1.0

12:31:20.0652 1528 Product type: Workstation

12:31:20.0652 1528 ComputerName: SARAHSIZZLE-HP

12:31:20.0652 1528 UserName: Sarah Sizzle

12:31:20.0652 1528 Windows directory: C:\Windows

12:31:20.0652 1528 System windows directory: C:\Windows

12:31:20.0652 1528 Running under WOW64

12:31:20.0652 1528 Processor architecture: Intel x64

12:31:20.0652 1528 Number of processors: 4

12:31:20.0652 1528 Page size: 0x1000

12:31:20.0652 1528 Boot type: Normal boot

12:31:20.0652 1528 ============================================================

12:31:21.0556 1528 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

12:31:21.0556 1528 \Device\Harddisk0\DR0:

12:31:21.0556 1528 MBR used

12:31:21.0556 1528 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800

12:31:21.0556 1528 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x48BF9800

12:31:21.0556 1528 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x48C5D800, BlocksNum 0x1BC6800

12:31:21.0556 1528 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x4A824000, BlocksNum 0x33AB0

12:31:21.0681 1528 Initialize success

12:31:21.0681 1528 ============================================================

12:31:36.0564 4060 Deinitialize success

Share this post


Link to post
Share on other sites

Very good! :)

Please locate and manually delete the following folder:

c:\users\Sarah Sizzle\AppData\Roaming\AVG2012

Next:

  • Launch Malwarebytes' Anti-Malware
  • Go to Update" tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Share this post


Link to post
Share on other sites

This time no items were detected! Does this mean the issue was with AVG and I shouldn't consider re-installing it?

THANK YOU so much for all of your help.

---

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.03.04.03

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Sarah Sizzle :: SARAHSIZZLE-HP [administrator]

3/4/2012 11:52:34 AM

mbam-log-2012-03-04 (11-52-34).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 191040

Time elapsed: 3 minute(s), 2 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Share this post


Link to post
Share on other sites
Does this mean the issue was with AVG and I shouldn't consider re-installing it?

Theoretically, the work of two antivirals together may also cause system instability, is also a danger of conflict between them, as a result of which it is possible to misses infection.

How are things running now?

Share this post


Link to post
Share on other sites

Ok, I understand. I was away yesterday but today I've been using it and the system seems to be running like it used to.

Thank you VERY much for your help. I'm glad everything could be fixed and I understand the issue with AVG now.

Share this post


Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.