morrowc

Issue with svchost.exe causing memory leak and random background music! Help!

27 posts in this topic

Hello,

I'm posting this message after following the instructions from the "I'm infected - What do I do now?" page.

A week or so ago I began noticing that a certain file - svchost.exe - would gradually begin taking up more and more memory causing major slowdowns. I have been using task manager to try and manually "end the process," which works temporarily but the file just restarts a few minutes later. Lately I have been noticing random background music/radio broadcasts as well.

I found this site and downloaded the free MAM tool - everytime I run the scan (either quick/full or flash), the software tagsup 2-3 "svchost.exe" files as infected trojan files. I click remove or quarantine, reboot the computer but the problem continues - almost right away. So I downloaded and ran the DSS program, per the instructions for posting this topic. Here's a paste of the DDS.txt. THANK YOU in advance for all your help - it is greatly appreciated!!!!!

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514

Run by Morrow at 21:41:17 on 2012-08-26

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.2464 [GMT -5:00]

.

AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE

C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe

C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe

C:\Program Files (x86)\Norton Security Suite\Engine\6.0.0.145\ccSvcHst.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Norton Security Suite\Engine\6.0.0.145\ccSvcHst.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe

C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files (x86)\RAMRush\RAMRush.exe

C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Users\Morrow\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe

C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe

C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe

C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

C:\Program Files (x86)\Java\jre6\bin\jusched.exe

C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe

C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe

C:\Program Files\Alienware\Command Center\AlienFXHook64Mngr.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

-netsvcs

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe

C:\Users\Morrow\AppData\Local\DIRECTV Player\NDSPCShowServer.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://xfinity.comcast.net/?cid=cgps08232012

mSearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll

BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Security Suite\Engine\6.0.0.145\coIEPlg.dll

BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Security Suite\Engine\6.0.0.145\IPS\IPSBHO.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll

BHO: Constant Guard Protection Suite (COM): {b84cdbe7-1b46-494b-a188-01d4c52deb61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.1.730.1\NativeBHO.dll

BHO: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll

BHO: SSOIEAddonBHO Class: {da5bce70-d057-4d63-943d-5f3927ec59f1} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Security Suite\Engine\6.0.0.145\coIEPlg.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

uRun: [ftweak_RAMRush] C:\Program Files (x86)\RAMRush\RAMRush.exe

uRun: [DS3 Tool] C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe -mini

uRun: [PCShowServer] "C:\Users\Morrow\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe"

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start

mRun: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe

mRun: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe

mRun: [FAStartup]

mRun: [uCam_Menu] "c:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"

mRun: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [RemoteControl11] C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONSTA~1.LNK - C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STARDO~1.LNK - C:\Program Files (x86)\Stardock\MyColors\SDDelayedLaunch.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{73EC8447-D6E5-4A06-83B1-BD7E41AE19DD} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{73EC8447-D6E5-4A06-83B1-BD7E41AE19DD}\13637796C65697 : DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{73EC8447-D6E5-4A06-83B1-BD7E41AE19DD}\2456C6B696E6F5052756D2E4F5232373632343 : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{73EC8447-D6E5-4A06-83B1-BD7E41AE19DD}\2656C6B696E6E233465636 : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{73EC8447-D6E5-4A06-83B1-BD7E41AE19DD}\8497164747 : DhcpNameServer = 10.71.0.1 4.2.2.1

Notify: FastAccess - C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll

LSA: Notification Packages = scecli FAPassSync

mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll

BHO-X64: XFINITY Toolbar - No File

BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\6.0.0.145\coIEPlg.dll

BHO-X64: Norton Identity Protection - No File

BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\6.0.0.145\IPS\IPSBHO.DLL

BHO-X64: Norton Vulnerability Protection - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll

BHO-X64: Constant Guard Protection Suite (COM): {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.1.730.1\NativeBHO.dll

BHO-X64: Constant Guard Protection Suite (COM) - No File

BHO-X64: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll

BHO-X64: Updater For XFIN_PORTAL - No File

BHO-X64: SSOIEAddonBHO Class: {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll

BHO-X64: SSOIEAddonBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB-X64: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll

TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\6.0.0.145\coIEPlg.dll

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start

mRun-x64: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe

mRun-x64: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe

mRun-x64: [FAStartup]

mRun-x64: [uCam_Menu] "c:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"

mRun-x64: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [RemoteControl11] C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript

.

============= SERVICES / DRIVERS ===============

.

R0 EMSC;COMPAL Embedded System Control;C:\Windows\System32\drivers\EMSC.sys [2009-6-26 13680]

R0 stdflt;Disk Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdflt.sys --> C:\Windows\system32\DRIVERS\stdflt.sys [?]

R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0600000.091\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0600000.091\SYMDS64.SYS [?]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0600000.091\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0600000.091\SYMEFA64.SYS [?]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120803.001\BHDrvx64.sys [2012-8-3 1161376]

R1 ccSet_N360;Norton Security Suite Settings Manager;C:\Windows\system32\drivers\N360x64\0600000.091\ccSetx64.sys --> C:\Windows\system32\drivers\N360x64\0600000.091\ccSetx64.sys [?]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120824.001\IDSviA64.sys [2012-8-25 512672]

R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0600000.091\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0600000.091\Ironx64.SYS [?]

R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\drivers\N360x64\0600000.091\SYMNETS.SYS --> C:\Windows\system32\drivers\N360x64\0600000.091\SYMNETS.SYS [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/11/12 10:16:40];C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [2011-9-2 148976]

R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-10-18 98208]

R2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-11-12 83240]

R2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2011-11-12 75048]

R2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe [2011-11-12 292136]

R2 FAService;FAService;C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe [2010-4-4 2409800]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-10-18 13336]

R2 IDVaultSvc;CGPS Service;C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2012-8-3 66160]

R2 InstallFilterService;FF Install Filter Service;C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2010-10-18 60928]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-23 655944]

R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\6.0.0.145\ccSvcHst.exe [2012-8-23 138248]

R2 ntk_PowerDVD;ntk_PowerDVD;C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2011-11-12 75248]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-6-12 2253120]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]

R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Acceler.sys --> C:\Windows\system32\DRIVERS\Acceler.sys [?]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-24 138912]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

S0 johci;JMicron 1394 Filter Driver;C:\Windows\system32\DRIVERS\johci.sys --> C:\Windows\system32\DRIVERS\johci.sys [?]

S2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2010-5-21 14648]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-18 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-8-13 250056]

S3 CamdAudio;CamdAudio;C:\Windows\system32\drivers\CamdAudio.sys --> C:\Windows\system32\drivers\CamdAudio.sys [?]

S3 FACAP;facap, FastAccess Video Capture;C:\Windows\system32\DRIVERS\facap.sys --> C:\Windows\system32\DRIVERS\facap.sys [?]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-18 136176]

S3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]

S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys --> C:\Windows\system32\DRIVERS\LEqdUsb.Sys [?]

S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys --> C:\Windows\system32\DRIVERS\LHidEqd.Sys [?]

S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-08-26 13:46:09 20480 ------w- C:\Windows\svchost.exe

2012-08-24 04:04:12 -------- d-----w- C:\Users\Morrow\AppData\Roaming\Malwarebytes

2012-08-24 04:03:49 -------- d-----w- C:\ProgramData\Malwarebytes

2012-08-24 04:03:48 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-08-24 04:03:48 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-08-24 03:46:29 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS

2012-08-24 03:46:29 -------- d-----w- C:\Program Files\Symantec

2012-08-24 03:46:29 -------- d-----w- C:\Program Files\Common Files\Symantec Shared

2012-08-24 03:46:10 738936 ----a-r- C:\Windows\System32\drivers\N360x64\0600000.091\srtsp64.sys

2012-08-24 03:46:10 451192 ----a-r- C:\Windows\System32\drivers\N360x64\0600000.091\SymDS64.sys

2012-08-24 03:46:10 405624 ----a-r- C:\Windows\System32\drivers\N360x64\0600000.091\symnets.sys

2012-08-24 03:46:10 37496 ----a-r- C:\Windows\System32\drivers\N360x64\0600000.091\srtspx64.sys

2012-08-24 03:46:10 190072 ----a-r- C:\Windows\System32\drivers\N360x64\0600000.091\Ironx64.sys

2012-08-24 03:46:10 167048 ----a-r- C:\Windows\System32\drivers\N360x64\0600000.091\ccSetx64.sys

2012-08-24 03:46:10 1092728 ----a-r- C:\Windows\System32\drivers\N360x64\0600000.091\SymEFA64.sys

2012-08-24 03:45:59 -------- d-----w- C:\Windows\System32\drivers\N360x64\0600000.091

2012-08-24 03:45:59 -------- d-----w- C:\Windows\System32\drivers\N360x64

2012-08-24 03:45:57 -------- d-----w- C:\Program Files (x86)\Norton Security Suite

2012-08-24 03:45:31 -------- d-----w- C:\Program Files (x86)\NortonInstaller

2012-08-24 03:33:44 -------- d-----w- C:\ProgramData\IsolatedStorage

2012-08-24 03:33:43 -------- d-----w- C:\Users\Morrow\AppData\Local\ID Vault

2012-08-24 03:32:57 -------- d-----w- C:\Users\Morrow\AppData\Roaming\ID Vault

2012-08-24 03:32:06 -------- d-----w- C:\Program Files (x86)\xfin_portal

2012-08-24 03:31:52 -------- d-----w- C:\Program Files (x86)\Constant Guard Protection Suite

2012-08-24 03:31:38 -------- d-----w- C:\ProgramData\White Sky, Inc

2012-08-14 04:56:39 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-08-14 04:56:20 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-08-14 04:56:20 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-08-14 04:47:32 63120 ----a-r- C:\Users\Morrow\AppData\Roaming\Microsoft\Installer\{C199DEA2-657E-46C2-9FDB-7C1C068B6B35}\ARPPRODUCTICON.exe

2012-08-14 04:47:31 -------- d-----w- C:\Users\Morrow\AppData\Local\DIRECTV Player

2012-08-14 04:47:04 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-08-14 04:37:19 -------- d-----w- C:\Users\Morrow\AppData\Local\DIRECTV

2012-08-14 04:29:58 -------- d-----w- C:\Users\Morrow\AppData\Roaming\Nomad

2012-08-14 04:29:11 145256 ----a-r- C:\Users\Morrow\AppData\Roaming\Microsoft\Installer\{BA7E4D7B-24E6-46D0-809E-E77E92FC757F}\ARPPRODUCTICON.exe

2012-08-14 04:28:32 -------- d-----w- C:\Program Files (x86)\DIRECTV

2012-08-14 04:28:12 -------- d-----w- C:\Users\Morrow\AppData\Local\Downloaded Installations

2012-08-12 03:18:56 -------- d-----w- C:\Users\Morrow\AppData\Local\The Lord of the Rings Online

2012-08-12 02:37:32 -------- d-----w- C:\Users\Morrow\AppData\Local\Turbine

2012-08-11 22:36:00 -------- d-----w- C:\Users\Morrow\AppData\Local\ApplicationHistory

2012-08-11 22:34:05 -------- d-----w- C:\Windows\SysWow64\URTTEMP

2012-08-11 21:59:56 -------- d-----w- C:\Program Files (x86)\Turbine

2012-08-11 03:43:26 -------- d-----w- C:\Program Files (x86)\Pando Networks

2012-07-30 03:24:59 -------- d-----w- C:\Users\Morrow\AppData\Roaming\To the Moon - Freebird Games

.

==================== Find3M ====================

.

2012-08-15 22:28:34 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

.

============= FINISH: 21:43:55.62 ===============

Share this post


Link to post
Share on other sites

:welcome: I am The Dark Knight and will be assisting you. Please ask questions if anything is unclear. :)

Please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).

Please go here to see a list of programs that need to be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**

**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

Please include the C:\ComboFix.txt in your next reply for further review.

==========

Then, please download MBRCheck by a_d_13 to your Desktop from one of these locations:

http://ad13.geekstogo.com/MBRCheck.exe

http://download.blee...al/MBRCheck.exe

http://www.kernelmod...fo/MBRCheck.exe

Close all opened programs/ windows and double-click on MBRCheck.exe.

It will produce a log file saved automatically on your Desktop as "MBRCheck_[Date]_[Time].txt".

Press the "Enter" key to close the MBRCheck window and post the contents of the log file.

==========

In your reply please provide the following:

  • ComboFix.txt.
  • MBRCheck log.

How is your computer running now?

Share this post


Link to post
Share on other sites

TheDarkKnight,

Thank you for your reply. I downloaded combofix and ran it after disabling my antivirus software. After the screen said "stage_completed 50" I got the blue screen of death. I rebooted, tried again and got the same results. So I rebooted again, logged in using "safe mode" and the program completed. Below is the combofix.txt (not sure if it matters that it was run while in safe mode).

I also downloaded and ran mbrcheck and I've pasted the log below underneath the combofix.txt. When I last rebooted and started MAM, I almost immediately got another notice that a svchost.exe needed to be quarantined...

Thanks again for your help!

Combofix:

ComboFix 12-08-25.04 - Morrow 08/27/2012 22:35:42.3.2 - x64 NETWORK

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.3507 [GMT -5:00]

Running from: c:\users\Morrow\Desktop\ComboFix.exe

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\data

c:\data\cmdline.cfg

C:\install.exe

c:\users\Morrow\Favorites\Games.url

c:\windows\svchost.exe

c:\windows\SysWow64\drivers\hwinterface.sys

c:\windows\SysWow64\tmp1D50.tmp

c:\windows\SysWow64\tmp2A09.tmp

c:\windows\SysWow64\tmp2A1A.tmp

c:\windows\SysWow64\tmp5059.tmp

c:\windows\SysWow64\tmp5089.tmp

c:\windows\SysWow64\tmpA1EA.tmp

c:\windows\SysWow64\tmpA1FB.tmp

c:\windows\SysWow64\tmpE2C8.tmp

c:\windows\SysWow64\URTTemp

c:\windows\SysWow64\URTTemp\regtlib.exe

c:\windows\wt

c:\windows\wt\wtupdates\dmmp\3.0.2.000\files\controlPanel\index.html

c:\windows\wt\wtupdates\dmmp\3.0.2.000\files\update_info\data.wts

c:\windows\wt\wtupdates\dmmp\3.0.2.000\files\wtdmmp.dll

c:\windows\wt\wtupdates\dmmp\3.0.2.000\files\wtdmmpi.jar

c:\windows\wt\wtupdates\dmmp\3.0.2.000\files\wtdmmpv.dll

c:\windows\wt\wtupdates\dmmp\3.0.2.000\install\dmmp.cdanfo

c:\windows\wt\wtupdates\dmmp\3.0.2.000\install\DMMP_Uninstall.cdas

c:\windows\wt\wtupdates\DRM\3.2.0.19\files\controlPanel\index.html

c:\windows\wt\wtupdates\DRM\3.2.0.19\files\DRM0302.dll

c:\windows\wt\wtupdates\DRM\3.2.0.19\files\DRM0302Java.jar

c:\windows\wt\wtupdates\DRM\3.2.0.19\files\jDRM0302.dll

c:\windows\wt\wtupdates\DRM\3.2.0.19\files\rDRM0302.dll

c:\windows\wt\wtupdates\DRM\3.2.0.19\files\wt.sto

c:\windows\wt\wtupdates\DRM\3.2.0.19\install\DRM0302.cdanfo

c:\windows\wt\wtupdates\DRM\3.2.0.19\install\DRM0302_Uninstall.cdas

c:\windows\wt\wtupdates\Webd\4.1.1\files\actorobject.dll

c:\windows\wt\wtupdates\Webd\4.1.1\files\controlPanel\index.html

c:\windows\wt\wtupdates\Webd\4.1.1\files\dx5drv.dll

c:\windows\wt\wtupdates\Webd\4.1.1\files\dx7drv.dll

c:\windows\wt\wtupdates\Webd\4.1.1\files\jdriver.dll

c:\windows\wt\wtupdates\Webd\4.1.1\files\legacy\data.wts

c:\windows\wt\wtupdates\Webd\4.1.1\files\legacy\webdriver.dll

c:\windows\wt\wtupdates\Webd\4.1.1\files\legacy\wt3d.dll

c:\windows\wt\wtupdates\Webd\4.1.1\files\npWTHost.dll

c:\windows\wt\wtupdates\Webd\4.1.1\files\nsIWTHostPlugin.xpt

c:\windows\wt\wtupdates\Webd\4.1.1\files\ObjectBundle.dll

c:\windows\wt\wtupdates\Webd\4.1.1\files\rdriver.dll

c:\windows\wt\wtupdates\Webd\4.1.1\files\Sound.dll

c:\windows\wt\wtupdates\Webd\4.1.1\files\update_info\data.wts

c:\windows\wt\wtupdates\Webd\4.1.1\files\wdcaps.ded

c:\windows\wt\wtupdates\Webd\4.1.1\files\wdengine.dll

c:\windows\wt\wtupdates\Webd\4.1.1\files\Webd331.cdanfo

c:\windows\wt\wtupdates\Webd\4.1.1\files\Webd331_fileList.cdas

c:\windows\wt\wtupdates\Webd\4.1.1\files\Webd331_Uninstall.cdas

c:\windows\wt\wtupdates\Webd\4.1.1\files\webdriver.dll

c:\windows\wt\wtupdates\Webd\4.1.1\files\wildtangent.jar

c:\windows\wt\wtupdates\Webd\4.1.1\files\wt3d.ini

c:\windows\wt\wtupdates\Webd\4.1.1\files\WTHost.exe

c:\windows\wt\wtupdates\Webd\4.1.1\files\WTHostCtl.dll

c:\windows\wt\wtupdates\Webd\4.1.1\files\wtmulti.dll

c:\windows\wt\wtupdates\Webd\4.1.1\files\wtmulti.jar

c:\windows\wt\wtupdates\Webd\4.1.1\files\wtvh.dll

c:\windows\wt\wtupdates\Webd\4.1.1\files\wtwmplug.ax

c:\windows\wt\wtupdates\Webd\4.1.1\files\wtwmplug.ini

c:\windows\wt\wtupdates\Webd\4.1.1\install\Webd4_1_1.cdanfo

c:\windows\wt\wtupdates\Webd\4.1.1\install\Webd4_1_1_Uninstall.cdas

c:\windows\wt\wtupdates\WireControl\1.0.0.63\files\controlpanel\index.html

c:\windows\wt\wtupdates\WireControl\1.0.0.63\files\install\WireControl.cdanfo

c:\windows\wt\wtupdates\WireControl\1.0.0.63\files\install\WireControl_Uninstall.cdas

c:\windows\wt\wtupdates\WireControl\1.0.0.63\files\WireControl.dll

.

.

((((((((((((((((((((((((( Files Created from 2012-07-28 to 2012-08-28 )))))))))))))))))))))))))))))))

.

.

2012-08-28 03:47 . 2012-08-28 03:47 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-08-28 03:47 . 2012-08-28 03:47 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-28 02:50 . 2009-07-14 01:14 20480 ----a-w- c:\windows\svchost.exe

2012-08-24 04:04 . 2012-08-24 04:04 -------- d-----w- c:\users\Morrow\AppData\Roaming\Malwarebytes

2012-08-24 04:03 . 2012-08-24 04:03 -------- d-----w- c:\programdata\Malwarebytes

2012-08-24 04:03 . 2012-08-24 04:03 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-08-24 04:03 . 2012-07-03 18:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-24 03:33 . 2012-08-24 03:33 -------- d-----w- c:\programdata\IsolatedStorage

2012-08-24 03:33 . 2012-08-24 03:48 -------- d-----w- c:\users\Morrow\AppData\Local\ID Vault

2012-08-24 03:32 . 2012-08-28 03:16 -------- d-----w- c:\users\Morrow\AppData\Roaming\ID Vault

2012-08-24 03:32 . 2012-08-24 03:32 -------- d-----w- c:\program files (x86)\xfin_portal

2012-08-24 03:31 . 2012-08-25 15:37 -------- d-----w- c:\program files (x86)\Constant Guard Protection Suite

2012-08-24 03:31 . 2012-08-24 03:31 -------- d-----w- c:\programdata\White Sky, Inc

2012-08-14 04:56 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-08-14 04:56 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-08-14 04:56 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-08-14 04:56 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-08-14 04:56 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-08-14 04:56 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-08-14 04:47 . 2012-08-14 04:47 63120 ----a-r- c:\users\Morrow\AppData\Roaming\Microsoft\Installer\{C199DEA2-657E-46C2-9FDB-7C1C068B6B35}\ARPPRODUCTICON.exe

2012-08-14 04:47 . 2012-08-14 04:47 -------- d-----w- c:\users\Morrow\AppData\Local\DIRECTV Player

2012-08-14 04:47 . 2012-08-15 22:28 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-08-14 04:47 . 2012-08-14 04:47 -------- d-----w- c:\windows\system32\Macromed

2012-08-14 04:37 . 2012-08-14 04:37 -------- d-----w- c:\users\Morrow\AppData\Local\DIRECTV

2012-08-14 04:29 . 2012-08-14 04:30 -------- d-----w- c:\users\Morrow\AppData\Roaming\Nomad

2012-08-14 04:29 . 2012-08-14 04:29 -------- d-----w- c:\users\Morrow\AppData\Roaming\InstallShield Installation Information

2012-08-14 04:29 . 2012-08-14 04:29 145256 ----a-r- c:\users\Morrow\AppData\Roaming\Microsoft\Installer\{BA7E4D7B-24E6-46D0-809E-E77E92FC757F}\ARPPRODUCTICON.exe

2012-08-14 04:28 . 2012-08-14 04:28 -------- d-----w- c:\program files (x86)\DIRECTV

2012-08-14 04:28 . 2012-08-14 04:28 -------- d-----w- c:\users\Morrow\AppData\Local\Downloaded Installations

2012-08-12 03:18 . 2012-08-12 03:18 -------- d-----w- c:\users\Morrow\AppData\Local\The Lord of the Rings Online

2012-08-12 02:37 . 2012-08-12 02:43 -------- d-----w- c:\users\Morrow\AppData\Local\Turbine

2012-08-11 22:36 . 2012-08-12 04:05 -------- d-----w- c:\users\Morrow\AppData\Local\ApplicationHistory

2012-08-11 21:59 . 2012-08-11 21:59 -------- d-----w- c:\program files (x86)\Turbine

2012-08-11 03:43 . 2012-08-11 03:43 -------- d-----w- c:\program files (x86)\Pando Networks

2012-07-30 03:24 . 2012-07-30 04:12 -------- d-----w- c:\users\Morrow\AppData\Roaming\To the Moon - Freebird Games

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-15 22:28 . 2011-10-28 02:35 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-31 04:04 . 2012-07-05 02:24 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BE1194C6-A320-4CD0-87F9-AD021E6D2182}\mpengine.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-01-18 39408]

"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-08-07 1353080]

"ftweak_RAMRush"="c:\program files (x86)\RAMRush\RAMRush.exe" [2009-09-17 670720]

"DS3 Tool"="c:\program files\MotioninJoy\ds3\DS3_Tool.exe" [2010-10-02 92672]

"PCShowServer"="c:\users\Morrow\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe" [2012-07-19 524976]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]

"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]

"AlienwareOn-ScreenDisplay"="c:\program files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe" [2010-04-23 1361264]

"FATrayAlert"="c:\program files\Alienware\Command Center\AlienSense\FATrayMon.exe" [2010-04-04 95560]

"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]

"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]

"SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe" [2011-04-20 136600]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"RemoteControl11"="c:\program files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe" [2011-09-14 230696]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Constant Guard.lnk - c:\program files (x86)\Constant Guard Protection Suite\IDVault.exe [2012-8-3 6530160]

Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

Stardock MyColors.lnk - c:\program files (x86)\Stardock\MyColors\SDDelayedLaunch.exe [2009-12-15 11520]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

IconPackager.lnk - c:\program files (x86)\Stardock\MyColors\IconPackager.exe [2009-12-16 1387688]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]

2010-04-04 18:43 144712 ----a-w- c:\program files\Alienware\Command Center\AlienSense\FALogNot.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli FAPassSync

.

R0 johci;JMicron 1394 Filter Driver;c:\windows\system32\DRIVERS\johci.sys [2009-11-10 20392]

R1 SSHDRV65;SSHDRV65;c:\windows\system32\drivers\SSHDRV65.sys [x]

R2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe [2010-05-21 14648]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-18 136176]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]

R3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [x]

R3 CamdAudio;CamdAudio;c:\windows\system32\drivers\CamdAudio.sys [2011-04-01 34040]

R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [2008-09-25 238848]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-18 136176]

R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-09-30 144496]

R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2010-08-24 74320]

R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2010-08-24 13392]

R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2010-10-21 97552]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-12-15 51712]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-23 1255736]

S0 EMSC;COMPAL Embedded System Control;c:\windows\system32\DRIVERS\EMSC.SYS [2009-06-26 16752]

S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys [2010-01-05 19504]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/11/12 10:16];c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [2011-09-02 18:08 148976]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2010-04-19 98208]

S2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-08-24 83240]

S2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2011-09-02 75048]

S2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe [2011-09-02 292136]

S2 FAService;FAService;c:\program files\Alienware\Command Center\AlienSense\FAService.exe [2010-04-04 2409800]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]

S2 IDVaultSvc;CGPS Service;c:\program files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2012-08-03 66160]

S2 InstallFilterService;FF Install Filter Service;c:\program files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2010-02-10 60928]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]

S2 ntk_PowerDVD;ntk_PowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2011-08-24 75248]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]

S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [2010-02-10 25648]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2009-12-29 67072]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-07-07 174184]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-28 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 22:28]

.

2012-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-18 19:58]

.

2012-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-18 19:58]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-19 10144288]

"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2009-12-17 5470208]

"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe" [2010-02-24 2883584]

"AlienFX Controller"="c:\program files\Alienware\Command Center\AlienwareAlienFXController.exe" [2010-05-21 63304]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://xfinity.comcast.net/?cid=cgps08232012

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.1.1

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKLM-Run-FAStartup - (no file)

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

Toolbar-Locked - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

HKLM-Run-(Default) - (no file)

AddRemove-{173F2B02-2AAA-414F-A2D8-44870BB98F7A} - c:\program files (x86)\InstallShield Installation Information\{173F2B02-2AAA-414F-A2D8-44870BB98F7A}\setup.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]

"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\users\Morrow\AppData\Local\DIRECTV Player\NDSPCShowServer.exe

c:\program files\Alienware\Command Center\AlienSense\FATrayAlert.exe

c:\\.\globalroot\systemroot\svchost.exe

c:\program files\Alienware\Command Center\AlienFXHook32Mngr.exe

.

**************************************************************************

.

Completion time: 2012-08-27 23:00:45 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-28 04:00

.

Pre-Run: 48,160,583,680 bytes free

Post-Run: 48,053,350,400 bytes free

.

- - End Of File - - ECAEE339E37E11CED935F8ED082CFD8D

MBRCHECKLOG:

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows 7 Home Premium Edition

Windows Information: Service Pack 1 (build 7601), 64-bit

Base Board Manufacturer: Alienware

BIOS Manufacturer: Alienware

System Manufacturer: Alienware

System Product Name: M11x

Logical Drives Mask: 0x0000000c

Kernel Drivers (total 200):

0x03050000 \SystemRoot\system32\ntoskrnl.exe

0x03007000 \SystemRoot\system32\hal.dll

0x00BA0000 \SystemRoot\system32\kdcom.dll

0x00CF1000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

0x00D40000 \SystemRoot\system32\PSHED.dll

0x00D54000 \SystemRoot\system32\CLFS.SYS

0x00C00000 \SystemRoot\system32\CI.dll

0x00EB6000 \SystemRoot\system32\drivers\Wdf01000.sys

0x00F5A000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x00F69000 \SystemRoot\system32\drivers\ACPI.sys

0x00FC0000 \SystemRoot\system32\drivers\WMILIB.SYS

0x00FC9000 \SystemRoot\system32\drivers\msisadrv.sys

0x00E00000 \SystemRoot\system32\drivers\pci.sys

0x00E33000 \SystemRoot\system32\drivers\vdrvroot.sys

0x00E40000 \SystemRoot\System32\drivers\partmgr.sys

0x00E55000 \SystemRoot\system32\DRIVERS\compbatt.sys

0x00E5E000 \SystemRoot\system32\DRIVERS\BATTC.SYS

0x00E6A000 \SystemRoot\system32\drivers\volmgr.sys

0x010F5000 \SystemRoot\System32\drivers\volmgrx.sys

0x01151000 \SystemRoot\System32\drivers\mountmgr.sys

0x01227000 \SystemRoot\system32\DRIVERS\iaStor.sys

0x01431000 \SystemRoot\system32\drivers\atapi.sys

0x0143A000 \SystemRoot\system32\drivers\ataport.SYS

0x01464000 \SystemRoot\system32\drivers\msahci.sys

0x0146F000 \SystemRoot\system32\drivers\PCIIDEX.SYS

0x0147F000 \SystemRoot\system32\drivers\amdxata.sys

0x0148A000 \SystemRoot\system32\drivers\fltmgr.sys

0x014D6000 \SystemRoot\system32\drivers\fileinfo.sys

0x01618000 \SystemRoot\System32\Drivers\Ntfs.sys

0x014EA000 \SystemRoot\System32\Drivers\msrpc.sys

0x017BB000 \SystemRoot\System32\Drivers\ksecdd.sys

0x01548000 \SystemRoot\System32\Drivers\cng.sys

0x017D6000 \SystemRoot\System32\drivers\pcw.sys

0x017E7000 \SystemRoot\System32\Drivers\Fs_Rec.sys

0x01000000 \SystemRoot\system32\drivers\ndis.sys

0x0116B000 \SystemRoot\system32\drivers\NETIO.SYS

0x015BA000 \SystemRoot\System32\Drivers\ksecpkg.sys

0x018CD000 \SystemRoot\System32\drivers\tcpip.sys

0x01AD1000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x01B1B000 \SystemRoot\system32\drivers\volsnap.sys

0x01B67000 \SystemRoot\system32\DRIVERS\stdflt.sys

0x01B6F000 \SystemRoot\System32\Drivers\spldr.sys

0x01B77000 \SystemRoot\System32\drivers\rdyboost.sys

0x01BB1000 \SystemRoot\System32\Drivers\mup.sys

0x01BCC000 \SystemRoot\System32\drivers\hwpolicy.sys

0x01800000 \SystemRoot\System32\DRIVERS\fvevol.sys

0x0183A000 \SystemRoot\system32\DRIVERS\EMSC.SYS

0x01844000 \SystemRoot\system32\DRIVERS\disk.sys

0x0185A000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS

0x03EB7000 \SystemRoot\System32\Drivers\Null.SYS

0x03EC0000 \SystemRoot\System32\Drivers\Beep.SYS

0x03EC7000 \SystemRoot\System32\drivers\vga.sys

0x03ED5000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x03EFA000 \SystemRoot\System32\drivers\watchdog.sys

0x03F0A000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x03F13000 \SystemRoot\system32\drivers\rdpencdd.sys

0x03F1C000 \SystemRoot\system32\drivers\rdprefmp.sys

0x03F25000 \SystemRoot\System32\Drivers\Msfs.SYS

0x03F30000 \SystemRoot\System32\Drivers\Npfs.SYS

0x03F41000 \SystemRoot\system32\DRIVERS\tdx.sys

0x03F63000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x03F70000 \SystemRoot\System32\DRIVERS\netbt.sys

0x02E20000 \SystemRoot\system32\drivers\afd.sys

0x02EA9000 \SystemRoot\system32\drivers\ws2ifsl.sys

0x02EB4000 \SystemRoot\system32\DRIVERS\wfplwf.sys

0x02EBD000 \SystemRoot\system32\DRIVERS\pacer.sys

0x02EE3000 \SystemRoot\system32\DRIVERS\vwififlt.sys

0x02EF9000 \SystemRoot\system32\DRIVERS\netbios.sys

0x02F08000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x02F23000 \SystemRoot\system32\drivers\termdd.sys

0x02F37000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x02F88000 \SystemRoot\system32\drivers\nsiproxy.sys

0x02F94000 \SystemRoot\system32\drivers\mssmbios.sys

0x02F9F000 \SystemRoot\System32\Drivers\ElbyCDIO.sys

0x02FAA000 \SystemRoot\System32\drivers\discache.sys

0x02FB9000 \SystemRoot\System32\Drivers\dfsc.sys

0x02FD7000 \SystemRoot\system32\DRIVERS\blbdrive.sys

0x03FB5000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x0F23F000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys

0x0FEB6000 \SystemRoot\System32\Drivers\nvBridge.kmd

0x0FEBB000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x0FFAF000 \SystemRoot\System32\drivers\dxgmms1.sys

0x0F200000 \SystemRoot\system32\drivers\HDAudBus.sys

0x0F224000 \SystemRoot\system32\DRIVERS\usbuhci.sys

0x03C00000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0x02FE8000 \SystemRoot\system32\DRIVERS\usbehci.sys

0x02E00000 \SystemRoot\system32\DRIVERS\L1C62x64.sys

0x042C2000 \SystemRoot\system32\DRIVERS\bcmwl664.sys

0x045B0000 \SystemRoot\system32\DRIVERS\vwifibus.sys

0x04227000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS

0x04256000 \SystemRoot\system32\DRIVERS\CmBatt.sys

0x0425B000 \SystemRoot\system32\drivers\i8042prt.sys

0x04279000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0x040F6000 \SystemRoot\system32\DRIVERS\SynTP.sys

0x04146000 \SystemRoot\system32\DRIVERS\USBD.SYS

0x04148000 \SystemRoot\system32\DRIVERS\mouclass.sys

0x04157000 \SystemRoot\system32\DRIVERS\Acceler.sys

0x04166000 \SystemRoot\system32\drivers\wmiacpi.sys

0x0416F000 \SystemRoot\system32\DRIVERS\intelppm.sys

0x04185000 \SystemRoot\system32\drivers\CompositeBus.sys

0x04195000 \SystemRoot\system32\DRIVERS\AgileVpn.sys

0x041AB000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x041CF000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x04000000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x0402F000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x0404A000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x0406B000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x04085000 \SystemRoot\system32\DRIVERS\VClone.sys

0x04094000 \SystemRoot\system32\drivers\swenum.sys

0x04096000 \SystemRoot\system32\drivers\ks.sys

0x040D9000 \SystemRoot\system32\drivers\umbus.sys

0x04A38000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x04A92000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x04AA7000 \SystemRoot\system32\drivers\nvhda64v.sys

0x04AD4000 \SystemRoot\system32\drivers\portcls.sys

0x04B11000 \SystemRoot\system32\drivers\drmk.sys

0x04B33000 \SystemRoot\system32\drivers\ksthunk.sys

0x0583E000 \SystemRoot\system32\drivers\RTKVHD64.sys

0x05A78000 \SystemRoot\system32\DRIVERS\cdrom.sys

0x00000000 \SystemRoot\System32\win32k.sys

0x05AA2000 \SystemRoot\System32\drivers\Dxapi.sys

0x05AAE000 \SystemRoot\System32\Drivers\crashdmp.sys

0x03C56000 \SystemRoot\System32\Drivers\dump_iaStor.sys

0x05ABC000 \SystemRoot\System32\Drivers\dump_dumpfve.sys

0x05ACF000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0x05AEC000 \SystemRoot\System32\Drivers\usbvideo.sys

0x05B1A000 \SystemRoot\system32\DRIVERS\hidusb.sys

0x05B28000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0x05B41000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0x05B4A000 \SystemRoot\system32\DRIVERS\kbdhid.sys

0x05B58000 \SystemRoot\system32\DRIVERS\mouhid.sys

0x05B65000 \SystemRoot\system32\DRIVERS\monitor.sys

0x005D0000 \SystemRoot\System32\TSDDD.dll

0x006D0000 \SystemRoot\System32\cdd.dll

0x00950000 \SystemRoot\System32\ATMFD.DLL

0x05B73000 \SystemRoot\system32\drivers\luafv.sys

0x05B96000 \SystemRoot\system32\drivers\WudfPf.sys

0x05BB7000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x04B39000 \SystemRoot\system32\DRIVERS\nwifi.sys

0x05BCC000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0x05BDF000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x05C48000 \SystemRoot\system32\drivers\HTTP.sys

0x05D11000 \SystemRoot\system32\DRIVERS\bowser.sys

0x05D79000 \SystemRoot\System32\drivers\mpsdrv.sys

0x05D91000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0x04B8C000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0x05DC0000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0x03E60000 \SystemRoot\system32\DRIVERS\atksgt.sys

0x05DE4000 \SystemRoot\system32\DRIVERS\lirsgt.sys

0x05C00000 \??\C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys

0x06EAB000 \SystemRoot\system32\drivers\peauth.sys

0x06F51000 \SystemRoot\System32\Drivers\secdrv.SYS

0x06F5C000 \SystemRoot\System32\DRIVERS\srvnet.sys

0x06F8D000 \SystemRoot\System32\drivers\tcpipreg.sys

0x06F9F000 \??\C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl

0x06E00000 \SystemRoot\System32\DRIVERS\srv2.sys

0x07613000 \SystemRoot\System32\DRIVERS\srv.sys

0x076AB000 \SystemRoot\system32\drivers\BCM42RLY.sys

0x076B4000 \??\C:\Windows\system32\drivers\mbam.sys

0x0772F000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS

0x77A10000 \Windows\System32\ntdll.dll

0x47FE0000 \Windows\System32\smss.exe

0xFFD30000 \Windows\System32\apisetschema.dll

0xFF560000 \Windows\System32\autochk.exe

0xFFBF0000 \Windows\System32\rpcrt4.dll

0xFFB50000 \Windows\System32\clbcatq.dll

0x77BE0000 \Windows\System32\normaliz.dll

0xFFA70000 \Windows\System32\advapi32.dll

0xFFA50000 \Windows\System32\sechost.dll

0xFFA40000 \Windows\System32\nsi.dll

0x77BD0000 \Windows\System32\psapi.dll

0xFF9F0000 \Windows\System32\ws2_32.dll

0xFF790000 \Windows\System32\iertutil.dll

0xFF610000 \Windows\System32\urlmon.dll

0xFF540000 \Windows\System32\usp10.dll

0xFF4A0000 \Windows\System32\msvcrt.dll

0xFF370000 \Windows\System32\wininet.dll

0xFF310000 \Windows\System32\Wldap32.dll

0x778F0000 \Windows\System32\kernel32.dll

0xFF130000 \Windows\System32\setupapi.dll

0xFF120000 \Windows\System32\lpk.dll

0xFF100000 \Windows\System32\imagehlp.dll

0xFF090000 \Windows\System32\gdi32.dll

0xFF010000 \Windows\System32\shlwapi.dll

0xFEE00000 \Windows\System32\ole32.dll

0x777F0000 \Windows\System32\user32.dll

0xFED20000 \Windows\System32\oleaut32.dll

0xFEC10000 \Windows\System32\msctf.dll

0xFEB70000 \Windows\System32\comdlg32.dll

0xFEB40000 \Windows\System32\imm32.dll

0xFDDB0000 \Windows\System32\shell32.dll

0xFDD30000 \Windows\System32\difxapi.dll

0xFDC90000 \Windows\System32\comctl32.dll

0xFDC70000 \Windows\System32\devobj.dll

0xFDC30000 \Windows\System32\cfgmgr32.dll

0xFDBC0000 \Windows\System32\KernelBase.dll

0xFDA50000 \Windows\System32\crypt32.dll

0xFDA10000 \Windows\System32\wintrust.dll

0xFDA00000 \Windows\System32\msasn1.dll

0x75A60000 \Windows\SysWOW64\normaliz.dll

Processes (total 80):

0 System Idle Process

4 System

276 C:\Windows\System32\smss.exe

496 csrss.exe

560 csrss.exe

568 C:\Windows\System32\wininit.exe

644 C:\Windows\System32\winlogon.exe

692 C:\Windows\System32\services.exe

700 C:\Windows\System32\lsass.exe

712 C:\Windows\System32\lsm.exe

880 C:\Windows\System32\svchost.exe

952 C:\Windows\System32\nvvsvc.exe

988 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

296 C:\Windows\System32\svchost.exe

304 C:\Windows\System32\svchost.exe

812 C:\Windows\System32\svchost.exe

1032 C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe

1092 C:\Windows\System32\svchost.exe

1204 C:\Windows\System32\svchost.exe

1240 C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

1252 C:\Windows\System32\nvvsvc.exe

1544 C:\Windows\System32\svchost.exe

1960 C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE

1968 C:\Windows\System32\wlanext.exe

1980 C:\Windows\System32\conhost.exe

1104 C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE

1612 C:\Windows\System32\spoolsv.exe

1700 C:\Windows\System32\svchost.exe

1832 C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

2160 C:\Windows\System32\taskhost.exe

2264 C:\Windows\System32\dwm.exe

2320 C:\Windows\explorer.exe

2384 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

2392 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

2404 C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE

2412 C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe

2420 C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe

2436 C:\Program Files\Logitech\SetPointP\SetPoint.exe

2468 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

2488 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

2372 C:\Program Files (x86)\RAMRush\RAMRush.exe

2108 C:\Users\Morrow\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe

2080 C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe

2792 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

2824 C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

2932 C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe

2960 C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe

3064 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

3056 C:\Program Files (x86)\Java\jre6\bin\jusched.exe

1056 C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe

2476 C:\Users\Morrow\AppData\Local\DIRECTV Player\NDSPCShowServer.exe

1308 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

2556 C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe

2688 C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe

564 C:\Windows\System32\conhost.exe

2708 C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe

3172 C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe

3344 C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe

3492 C:\Windows\System32\svchost.exe

3620 C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe

4068 C:\Windows\System32\svchost.exe

3392 C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe

3604 WmiPrvSE.exe

4624 C:\Windows\svchost.exe

4696 C:\Windows\System32\conhost.exe

4936 C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe

4948 C:\Program Files\Alienware\Command Center\AlienFXHook64Mngr.exe

4968 C:\Windows\System32\conhost.exe

4976 C:\Windows\System32\conhost.exe

3924 C:\Windows\System32\SearchIndexer.exe

4584 C:\Windows\System32\UI0Detect.exe

4908 C:\Program Files\Windows Media Player\wmpnetwk.exe

5144 C:\Windows\System32\svchost.exe

5988 C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

2012 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

5620 C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

1460 C:\Windows\System32\SearchProtocolHost.exe

5860 C:\Windows\System32\SearchFilterHost.exe

5716 C:\Users\Morrow\Desktop\MBRCheck.exe

2888 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000004`a1800000 (NTFS)

PhysicalDrive0 Model Number: ST9160314AS, Rev: D005DEM1

Size Device Name MBR Status

--------------------------------------------

149 GB \\.\PhysicalDrive0 MBR Code Faked!

SHA1: 006DAC41B85DE862D5301245E653DB2869A80603

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Options:

[1] Dump the MBR of a physical disk to file.

[2] Restore the MBR of a physical disk with a standard boot code.

[3] Exit.

Enter your choice:

Share this post


Link to post
Share on other sites

Hello morrowc. :)

Your log seems to show a Whistler-bootkit infection.

Please print out these instructions or copy them to a Notepad file for an easier reading and run MBRCheck.

  • At "Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit"; type Y and hit the "Enter".
  • At "Options:
    [1] Dump the MBR of a physical disk to file.
    [2] Restore the MBR of a physical disk with a standard boot code.
    [3] Exit.
    Enter your choice"; type 2 and hit "Enter".
  • At "Enter the physical disk number to fix (0-99, -1 to cancel):" Enter 0 for drive C:
  • At "Available MBR codes:
    [ 0] Default (Windows XP)
    [ 1] Windows XP
    [ 2] Windows Server 2003
    [ 3] Windows Vista
    [ 4] Windows 2008
    [ 5] Windows 7
    [-1] Cancel
    Please select the MBR code to write to this drive"; type 5 and hit "Enter".
  • At "Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue:"; type YES and hit "Enter".
    You will receive a "Successfully wrote new MBR code!" message.
  • At "Done! Press ENTER to exit..."; press the "Enter" key and reboot your computer.

  • Please re-run MBRCheck.
  • It will produce a log file saved automatically on your Desktop as "MBRCheck_[Date]_[Time].txt".
  • Press the "Enter" key to close the MBRCheck window and post the contents of the log file in your reply.

How is your computer running now? Are the warnings gone?

Share this post


Link to post
Share on other sites

Hello,

I ran the MBRCheck as noted above, rebooted and re-ran the program. I've pasted the results below. Unfortunately I'm still having the same issues...after a few minutes MAM will pop-up an alert saying "Successfully blocked access to a potentially malicious website; process: svchost.exe." Then the radio/ads/music starts in the background again... Any other ideas? Again, I really appreciate your help!

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows 7 Home Premium Edition

Windows Information: Service Pack 1 (build 7601), 64-bit

Base Board Manufacturer: Alienware

BIOS Manufacturer: Alienware

System Manufacturer: Alienware

System Product Name: M11x

Logical Drives Mask: 0x0000000c

Kernel Drivers (total 202):

0x0305B000 \SystemRoot\system32\ntoskrnl.exe

0x03012000 \SystemRoot\system32\hal.dll

0x00BC6000 \SystemRoot\system32\kdcom.dll

0x00C85000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

0x00CD4000 \SystemRoot\system32\PSHED.dll

0x00CE8000 \SystemRoot\system32\CLFS.SYS

0x00EAB000 \SystemRoot\system32\CI.dll

0x00E00000 \SystemRoot\system32\drivers\Wdf01000.sys

0x00F6B000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x00F7A000 \SystemRoot\system32\drivers\ACPI.sys

0x00FD1000 \SystemRoot\system32\drivers\WMILIB.SYS

0x00FDA000 \SystemRoot\system32\drivers\msisadrv.sys

0x00D46000 \SystemRoot\system32\drivers\pci.sys

0x00FE4000 \SystemRoot\system32\drivers\vdrvroot.sys

0x00D79000 \SystemRoot\System32\drivers\partmgr.sys

0x00FF1000 \SystemRoot\system32\DRIVERS\compbatt.sys

0x00D8E000 \SystemRoot\system32\DRIVERS\BATTC.SYS

0x00D9A000 \SystemRoot\system32\drivers\volmgr.sys

0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys

0x00C5C000 \SystemRoot\System32\drivers\mountmgr.sys

0x0104E000 \SystemRoot\system32\DRIVERS\iaStor.sys

0x01258000 \SystemRoot\system32\drivers\atapi.sys

0x01261000 \SystemRoot\system32\drivers\ataport.SYS

0x0128B000 \SystemRoot\system32\drivers\msahci.sys

0x01296000 \SystemRoot\system32\drivers\PCIIDEX.SYS

0x012A6000 \SystemRoot\system32\drivers\amdxata.sys

0x012B1000 \SystemRoot\system32\drivers\fltmgr.sys

0x012FD000 \SystemRoot\system32\drivers\fileinfo.sys

0x0143E000 \SystemRoot\System32\Drivers\Ntfs.sys

0x01311000 \SystemRoot\System32\Drivers\msrpc.sys

0x015E1000 \SystemRoot\System32\Drivers\ksecdd.sys

0x0136F000 \SystemRoot\System32\Drivers\cng.sys

0x01400000 \SystemRoot\System32\drivers\pcw.sys

0x01411000 \SystemRoot\System32\Drivers\Fs_Rec.sys

0x01672000 \SystemRoot\system32\drivers\ndis.sys

0x01765000 \SystemRoot\system32\drivers\NETIO.SYS

0x017C5000 \SystemRoot\System32\Drivers\ksecpkg.sys

0x018A7000 \SystemRoot\System32\drivers\tcpip.sys

0x01AAB000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x01AF5000 \SystemRoot\system32\drivers\volsnap.sys

0x01B41000 \SystemRoot\system32\DRIVERS\stdflt.sys

0x01B49000 \SystemRoot\System32\Drivers\spldr.sys

0x01B51000 \SystemRoot\System32\drivers\rdyboost.sys

0x01B8B000 \SystemRoot\System32\Drivers\mup.sys

0x01B9D000 \SystemRoot\system32\DRIVERS\johci.sys

0x01BA6000 \SystemRoot\System32\drivers\hwpolicy.sys

0x01BAF000 \SystemRoot\System32\DRIVERS\fvevol.sys

0x01BE9000 \SystemRoot\system32\DRIVERS\EMSC.SYS

0x01800000 \SystemRoot\system32\DRIVERS\disk.sys

0x01816000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS

0x03F3D000 \SystemRoot\System32\Drivers\Null.SYS

0x03F46000 \SystemRoot\System32\Drivers\Beep.SYS

0x03F4D000 \SystemRoot\System32\drivers\vga.sys

0x03F5B000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x03F80000 \SystemRoot\System32\drivers\watchdog.sys

0x03F90000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x03F99000 \SystemRoot\system32\drivers\rdpencdd.sys

0x03FA2000 \SystemRoot\system32\drivers\rdprefmp.sys

0x03FAB000 \SystemRoot\System32\Drivers\Msfs.SYS

0x03FB6000 \SystemRoot\System32\Drivers\Npfs.SYS

0x03FC7000 \SystemRoot\system32\DRIVERS\tdx.sys

0x03FE9000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x03C00000 \SystemRoot\System32\DRIVERS\netbt.sys

0x03C45000 \SystemRoot\system32\drivers\afd.sys

0x03CCE000 \SystemRoot\system32\drivers\ws2ifsl.sys

0x03CD9000 \SystemRoot\system32\DRIVERS\wfplwf.sys

0x03F13000 \SystemRoot\system32\DRIVERS\pacer.sys

0x01854000 \SystemRoot\system32\DRIVERS\vwififlt.sys

0x03CE2000 \SystemRoot\system32\DRIVERS\netbios.sys

0x0186A000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x01885000 \SystemRoot\system32\drivers\termdd.sys

0x01600000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x01899000 \SystemRoot\system32\drivers\nsiproxy.sys

0x01BF3000 \SystemRoot\system32\drivers\mssmbios.sys

0x01651000 \SystemRoot\System32\Drivers\ElbyCDIO.sys

0x0165C000 \SystemRoot\System32\drivers\discache.sys

0x0141B000 \SystemRoot\System32\Drivers\dfsc.sys

0x013E1000 \SystemRoot\system32\DRIVERS\blbdrive.sys

0x01000000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x0F24C000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys

0x0FEC3000 \SystemRoot\System32\Drivers\nvBridge.kmd

0x0FEC8000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x0F200000 \SystemRoot\System32\drivers\dxgmms1.sys

0x0FFBC000 \SystemRoot\system32\drivers\HDAudBus.sys

0x0FFE0000 \SystemRoot\system32\DRIVERS\usbuhci.sys

0x02E53000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0x02EA9000 \SystemRoot\system32\DRIVERS\usbehci.sys

0x02EBA000 \SystemRoot\system32\DRIVERS\L1C62x64.sys

0x042D8000 \SystemRoot\system32\DRIVERS\bcmwl664.sys

0x045C6000 \SystemRoot\system32\DRIVERS\vwifibus.sys

0x045D3000 \SystemRoot\system32\drivers\ohci1394.sys

0x045E5000 \SystemRoot\system32\drivers\1394BUS.SYS

0x04200000 \SystemRoot\system32\DRIVERS\jmcr.sys

0x04227000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS

0x04256000 \SystemRoot\system32\DRIVERS\CmBatt.sys

0x0425B000 \SystemRoot\system32\drivers\i8042prt.sys

0x04279000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0x04288000 \SystemRoot\system32\DRIVERS\SynTP.sys

0x045FD000 \SystemRoot\system32\DRIVERS\USBD.SYS

0x02ECF000 \SystemRoot\system32\DRIVERS\mouclass.sys

0x02EDE000 \SystemRoot\system32\DRIVERS\Acceler.sys

0x02EED000 \SystemRoot\system32\drivers\wmiacpi.sys

0x02EF6000 \SystemRoot\system32\DRIVERS\intelppm.sys

0x02F0C000 \SystemRoot\system32\drivers\CompositeBus.sys

0x02F1C000 \SystemRoot\system32\DRIVERS\AgileVpn.sys

0x02F32000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x02F56000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x02F62000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x02F91000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x02FAC000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x02FCD000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x02FE7000 \SystemRoot\system32\DRIVERS\VClone.sys

0x02FF6000 \SystemRoot\system32\drivers\swenum.sys

0x02E00000 \SystemRoot\system32\drivers\ks.sys

0x0FFED000 \SystemRoot\system32\drivers\umbus.sys

0x046CC000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x04726000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x0473B000 \SystemRoot\system32\drivers\nvhda64v.sys

0x04768000 \SystemRoot\system32\drivers\portcls.sys

0x047A5000 \SystemRoot\system32\drivers\drmk.sys

0x047C7000 \SystemRoot\system32\drivers\ksthunk.sys

0x058EA000 \SystemRoot\system32\drivers\RTKVHD64.sys

0x05B24000 \SystemRoot\system32\DRIVERS\cdrom.sys

0x000D0000 \SystemRoot\System32\win32k.sys

0x05B4E000 \SystemRoot\System32\drivers\Dxapi.sys

0x05B5A000 \SystemRoot\System32\Drivers\crashdmp.sys

0x03CF1000 \SystemRoot\System32\Drivers\dump_iaStor.sys

0x05B68000 \SystemRoot\System32\Drivers\dump_dumpfve.sys

0x05B7B000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0x05B98000 \SystemRoot\System32\Drivers\usbvideo.sys

0x05BC6000 \SystemRoot\system32\DRIVERS\hidusb.sys

0x05BD4000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0x05BED000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0x05800000 \SystemRoot\system32\DRIVERS\kbdhid.sys

0x0580E000 \SystemRoot\system32\DRIVERS\mouhid.sys

0x0581B000 \SystemRoot\system32\DRIVERS\monitor.sys

0x004B0000 \SystemRoot\System32\TSDDD.dll

0x00740000 \SystemRoot\System32\cdd.dll

0x00870000 \SystemRoot\System32\ATMFD.DLL

0x05829000 \SystemRoot\system32\drivers\luafv.sys

0x0584C000 \SystemRoot\system32\drivers\WudfPf.sys

0x0586D000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x05882000 \SystemRoot\system32\DRIVERS\nwifi.sys

0x058D5000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0x047CD000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x04600000 \SystemRoot\system32\drivers\HTTP.sys

0x01026000 \SystemRoot\system32\DRIVERS\bowser.sys

0x03EFB000 \SystemRoot\System32\drivers\mpsdrv.sys

0x05CE6000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0x05D13000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0x05D61000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0x05D85000 \SystemRoot\system32\DRIVERS\atksgt.sys

0x05DD4000 \SystemRoot\system32\DRIVERS\lirsgt.sys

0x05C00000 \??\C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys

0x05C23000 \SystemRoot\system32\drivers\peauth.sys

0x05CC9000 \SystemRoot\System32\Drivers\secdrv.SYS

0x0703D000 \SystemRoot\System32\DRIVERS\srvnet.sys

0x0706E000 \SystemRoot\System32\drivers\tcpipreg.sys

0x07080000 \??\C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl

0x070AD000 \SystemRoot\System32\DRIVERS\srv2.sys

0x07116000 \SystemRoot\System32\DRIVERS\srv.sys

0x071AE000 \SystemRoot\system32\drivers\BCM42RLY.sys

0x77530000 \Windows\System32\ntdll.dll

0x47F60000 \Windows\System32\smss.exe

0xFF850000 \Windows\System32\apisetschema.dll

0xFF7D0000 \Windows\System32\autochk.exe

0x77700000 \Windows\System32\psapi.dll

0xFF730000 \Windows\System32\msctf.dll

0xFF710000 \Windows\System32\imagehlp.dll

0xFF670000 \Windows\System32\msvcrt.dll

0xFF590000 \Windows\System32\advapi32.dll

0xFF580000 \Windows\System32\nsi.dll

0xFF4E0000 \Windows\System32\clbcatq.dll

0xFF3B0000 \Windows\System32\wininet.dll

0xFF330000 \Windows\System32\shlwapi.dll

0xFF2C0000 \Windows\System32\gdi32.dll

0xFF240000 \Windows\System32\difxapi.dll

0xFEFE0000 \Windows\System32\iertutil.dll

0xFEE60000 \Windows\System32\urlmon.dll

0xFEE30000 \Windows\System32\imm32.dll

0x77430000 \Windows\System32\user32.dll

0x77310000 \Windows\System32\kernel32.dll

0xFEC20000 \Windows\System32\ole32.dll

0xFEC00000 \Windows\System32\sechost.dll

0xFDE70000 \Windows\System32\shell32.dll

0xFDC90000 \Windows\System32\setupapi.dll

0xFDC30000 \Windows\System32\Wldap32.dll

0xFDBE0000 \Windows\System32\ws2_32.dll

0x776F0000 \Windows\System32\normaliz.dll

0xFDB00000 \Windows\System32\oleaut32.dll

0xFDA30000 \Windows\System32\usp10.dll

0xFD900000 \Windows\System32\rpcrt4.dll

0xFD8F0000 \Windows\System32\lpk.dll

0xFD850000 \Windows\System32\comdlg32.dll

0xFD7E0000 \Windows\System32\KernelBase.dll

0xFD7A0000 \Windows\System32\cfgmgr32.dll

0xFD630000 \Windows\System32\crypt32.dll

0xFD5F0000 \Windows\System32\wintrust.dll

0xFD5D0000 \Windows\System32\devobj.dll

0xFD530000 \Windows\System32\comctl32.dll

0xFD520000 \Windows\System32\msasn1.dll

0x75370000 \Windows\SysWOW64\normaliz.dll

Processes (total 87):

0 System Idle Process

4 System

276 C:\Windows\System32\smss.exe

496 csrss.exe

560 csrss.exe

568 C:\Windows\System32\wininit.exe

636 C:\Windows\System32\winlogon.exe

696 C:\Windows\System32\services.exe

704 C:\Windows\System32\lsass.exe

712 C:\Windows\System32\lsm.exe

888 C:\Windows\System32\svchost.exe

960 C:\Windows\System32\nvvsvc.exe

996 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

292 C:\Windows\System32\svchost.exe

768 C:\Windows\System32\svchost.exe

604 C:\Windows\System32\svchost.exe

1028 C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe

1080 C:\Windows\System32\svchost.exe

1136 C:\Windows\System32\audiodg.exe

1196 C:\Windows\System32\svchost.exe

1240 C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

1252 C:\Windows\System32\nvvsvc.exe

1484 C:\Windows\System32\svchost.exe

1940 C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE

1948 C:\Windows\System32\wlanext.exe

1956 C:\Windows\System32\conhost.exe

2040 C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE

1468 C:\Windows\System32\spoolsv.exe

1740 C:\Windows\System32\svchost.exe

1432 C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

1844 C:\Windows\System32\taskhost.exe

2056 C:\Windows\System32\taskeng.exe

2104 C:\Windows\System32\dwm.exe

2188 C:\Windows\explorer.exe

2568 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

2576 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

2584 C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE

2596 C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe

2608 C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe

2616 C:\Program Files\Logitech\SetPointP\SetPoint.exe

2648 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

2696 C:\Program Files (x86)\RAMRush\RAMRush.exe

2796 C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe

2864 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

3016 C:\Users\Morrow\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe

2404 C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe

1692 C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

1768 C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe

2536 C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe

2728 C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe

2832 C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

2848 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

2764 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

2744 C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe

3040 C:\Program Files (x86)\Java\jre6\bin\jusched.exe

1672 C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe

2484 C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

2312 C:\Users\Morrow\AppData\Local\DIRECTV Player\NDSPCShowServer.exe

2276 C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe

2720 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

2340 C:\Windows\System32\conhost.exe

3356 C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe

3388 C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe

3472 C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe

3564 C:\Windows\System32\svchost.exe

3608 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

4028 C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe

3436 C:\Windows\System32\svchost.exe

1456 C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe

3628 WmiPrvSE.exe

324 WmiPrvSE.exe

4576 C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe

4584 C:\Program Files\Alienware\Command Center\AlienFXHook64Mngr.exe

4596 C:\Windows\System32\conhost.exe

4620 C:\Windows\System32\conhost.exe

4792 C:\Windows\System32\SearchIndexer.exe

4904 C:\Windows\System32\UI0Detect.exe

4572 C:\Windows\System32\svchost.exe

4776 C:\Program Files\Windows Media Player\wmpnetwk.exe

4556 svchost.exe

2164 conhost.exe

5428 C:\Windows\System32\SearchProtocolHost.exe

5480 C:\Windows\System32\SearchFilterHost.exe

5708 C:\Windows\System32\svchost.exe

5932 <unknown>

5092 C:\Users\Morrow\Desktop\MBRCheck.exe

4532 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000004`a1800000 (NTFS)

PhysicalDrive0 Model Number: ST9160314AS, Rev: D005DEM1

Size Device Name MBR Status

--------------------------------------------

149 GB \\.\PhysicalDrive0 MBR Code Faked!

SHA1: 006DAC41B85DE862D5301245E653DB2869A80603

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Share this post


Link to post
Share on other sites

Hey morrowc. :)

Please run the following tool.

  • Please download MBRScan and save it to your Desktop.
  • Doubleclick on MBRScan.exe and click the Report button. (Vista and Windows 7 Users, right click on MBRScan and then click on Run as administrator).
  • Please don't use the computer while the scan is running. The computer may not respond until the scan is done. Please be patient and don't force a restart of the computer.
  • When the scan is finished, a log file will appear.
  • Save that log file to your Desktop and post its content in your next reply.

After running MBRScan please do the following to get a dump:

  • Please re-run MBRScan.
  • Click Dump.
  • Once you have selected your MBR code, please click Dump Selected MBR (if there are multiple codes please do this for each of them).

In your reply please provide the contents of the MBRScan log and the Dump. :)

Share this post


Link to post
Share on other sites

Hello,

Here is the MBRScan report:


MBRScan v1.1.1

OS : Windows 7 Service Pack 1 (64 bit)
PROCESSOR : Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
BOOT : Normal Boot
DATE : 2012/08/29 (ISO 8601) at 21:21:12
________________________________________________________________________________

DISK : Device\Harddisk0\DR0 __ST916031 4AS (D005)
BUS_TYPE : (0x03) P-ATA
USE_PIO : NO
MAX_TRANSFER : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

Device\Harddisk0\DR0 149.1 Go [Fixed] ==> Possible TDL4 MBR Code

MBR_MD5 : D56692ABF9ED1D7656443C115AE4981B
MBR_SHA1 : 5CC1C43A58E8B96791D3D55B3499BC9DB720F810

Device\Harddisk0\Partition1 109.8 Mo 0xDE Dell Utility
Device\Harddisk0\Partition2 18.42 Go 0x07 NTFS / HPFS __ BOOTABLE __
Device\Harddisk0\Partition3 130.5 Go 0x07 NTFS / HPFS
________________________________________________________________________________

############################### Additional scan ################################

DRIVER : C:\Windows\system32\hal.dll => Invisible on the disk
ADDRESS : 0x03012000
SIZE : 292.0 Ko

DRIVER : C:\Windows\system32\kdcom.dll => Invisible on the disk
ADDRESS : 0x00BC6000
SIZE : 12.0 Ko

DRIVER : C:\Windows\system32\mcupdate_GenuineIntel.dll => Invisible on the disk
ADDRESS : 0x00C85000
SIZE : 316.0 Ko

DRIVER : C:\Windows\system32\CLFS.SYS => Invisible on the disk
ADDRESS : 0x00CE8000
SIZE : 376.0 Ko

DRIVER : C:\Windows\system32\CI.dll => Invisible on the disk
ADDRESS : 0x00EAB000
SIZE : 768.0 Ko

DRIVER : C:\Windows\system32\drivers\Wdf01000.sys => Invisible on the disk
ADDRESS : 0x00E00000
SIZE : 656.0 Ko

DRIVER : C:\Windows\system32\drivers\WDFLDR.SYS => Invisible on the disk
ADDRESS : 0x00F6B000
SIZE : 60.0 Ko

DRIVER : C:\Windows\system32\drivers\ACPI.sys => Invisible on the disk
ADDRESS : 0x00F7A000
SIZE : 348.0 Ko

DRIVER : C:\Windows\system32\drivers\WMILIB.SYS => Invisible on the disk
ADDRESS : 0x00FD1000
SIZE : 36.0 Ko

DRIVER : C:\Windows\system32\drivers\msisadrv.sys => Invisible on the disk
ADDRESS : 0x00FDA000
SIZE : 40.0 Ko

DRIVER : C:\Windows\system32\drivers\pci.sys => Invisible on the disk
ADDRESS : 0x00D46000
SIZE : 204.0 Ko

DRIVER : C:\Windows\system32\drivers\vdrvroot.sys => Invisible on the disk
ADDRESS : 0x00FE4000
SIZE : 52.0 Ko

DRIVER : C:\Windows\System32\drivers\partmgr.sys => Invisible on the disk
ADDRESS : 0x00D79000
SIZE : 84.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\compbatt.sys => Invisible on the disk
ADDRESS : 0x00FF1000
SIZE : 36.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\BATTC.SYS => Invisible on the disk
ADDRESS : 0x00D8E000
SIZE : 48.0 Ko

DRIVER : C:\Windows\system32\drivers\volmgr.sys => Invisible on the disk
ADDRESS : 0x00D9A000
SIZE : 84.0 Ko

DRIVER : C:\Windows\System32\drivers\volmgrx.sys => Invisible on the disk
ADDRESS : 0x00C00000
SIZE : 368.0 Ko

DRIVER : C:\Windows\System32\drivers\mountmgr.sys => Invisible on the disk
ADDRESS : 0x00C5C000
SIZE : 104.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\iaStor.sys => Invisible on the disk
ADDRESS : 0x0104E000
SIZE : 2.04 Mo

DRIVER : C:\Windows\system32\drivers\atapi.sys => Invisible on the disk
ADDRESS : 0x01258000
SIZE : 36.0 Ko

DRIVER : C:\Windows\system32\drivers\ataport.SYS => Invisible on the disk
ADDRESS : 0x01261000
SIZE : 168.0 Ko

DRIVER : C:\Windows\system32\drivers\msahci.sys => Invisible on the disk
ADDRESS : 0x0128B000
SIZE : 44.0 Ko

DRIVER : C:\Windows\system32\drivers\PCIIDEX.SYS => Invisible on the disk
ADDRESS : 0x01296000
SIZE : 64.0 Ko

DRIVER : C:\Windows\system32\drivers\amdxata.sys => Invisible on the disk
ADDRESS : 0x012A6000
SIZE : 44.0 Ko

DRIVER : C:\Windows\system32\drivers\fltmgr.sys => Invisible on the disk
ADDRESS : 0x012B1000
SIZE : 304.0 Ko

DRIVER : C:\Windows\system32\drivers\fileinfo.sys => Invisible on the disk
ADDRESS : 0x012FD000
SIZE : 80.0 Ko

DRIVER : C:\Windows\System32\Drivers\Ntfs.sys => Invisible on the disk
ADDRESS : 0x0143E000
SIZE : 1.64 Mo

DRIVER : C:\Windows\System32\Drivers\msrpc.sys => Invisible on the disk
ADDRESS : 0x01311000
SIZE : 376.0 Ko

DRIVER : C:\Windows\System32\Drivers\ksecdd.sys => Invisible on the disk
ADDRESS : 0x015E1000
SIZE : 108.0 Ko

DRIVER : C:\Windows\System32\Drivers\cng.sys => Invisible on the disk
ADDRESS : 0x0136F000
SIZE : 456.0 Ko

DRIVER : C:\Windows\System32\drivers\pcw.sys => Invisible on the disk
ADDRESS : 0x01400000
SIZE : 68.0 Ko

DRIVER : C:\Windows\System32\Drivers\Fs_Rec.sys => Invisible on the disk
ADDRESS : 0x01411000
SIZE : 40.0 Ko

DRIVER : C:\Windows\system32\drivers\ndis.sys => Invisible on the disk
ADDRESS : 0x01672000
SIZE : 972.0 Ko

DRIVER : C:\Windows\system32\drivers\NETIO.SYS => Invisible on the disk
ADDRESS : 0x01765000
SIZE : 384.0 Ko

DRIVER : C:\Windows\System32\Drivers\ksecpkg.sys => Invisible on the disk
ADDRESS : 0x017C5000
SIZE : 172.0 Ko

DRIVER : C:\Windows\System32\drivers\tcpip.sys => Invisible on the disk
ADDRESS : 0x018A7000
SIZE : 2.02 Mo

DRIVER : C:\Windows\System32\drivers\fwpkclnt.sys => Invisible on the disk
ADDRESS : 0x01AAB000
SIZE : 296.0 Ko

DRIVER : C:\Windows\system32\drivers\volsnap.sys => Invisible on the disk
ADDRESS : 0x01AF5000
SIZE : 304.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\stdflt.sys => Invisible on the disk
ADDRESS : 0x01B41000
SIZE : 32.0 Ko

DRIVER : C:\Windows\System32\Drivers\spldr.sys => Invisible on the disk
ADDRESS : 0x01B49000
SIZE : 32.0 Ko

DRIVER : C:\Windows\System32\drivers\rdyboost.sys => Invisible on the disk
ADDRESS : 0x01B51000
SIZE : 232.0 Ko

DRIVER : C:\Windows\System32\Drivers\mup.sys => Invisible on the disk
ADDRESS : 0x01B8B000
SIZE : 72.0 Ko

DRIVER : C:\Windows\System32\drivers\hwpolicy.sys => Invisible on the disk
ADDRESS : 0x01BA6000
SIZE : 36.0 Ko

DRIVER : C:\Windows\System32\DRIVERS\fvevol.sys => Invisible on the disk
ADDRESS : 0x01BAF000
SIZE : 232.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\disk.sys => Invisible on the disk
ADDRESS : 0x01800000
SIZE : 88.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\CLASSPNP.SYS => Invisible on the disk
ADDRESS : 0x01816000
SIZE : 192.0 Ko

DRIVER : C:\Windows\System32\Drivers\Null.SYS => Invisible on the disk
ADDRESS : 0x03F3D000
SIZE : 36.0 Ko

DRIVER : C:\Windows\System32\Drivers\Beep.SYS => Invisible on the disk
ADDRESS : 0x03F46000
SIZE : 28.0 Ko

DRIVER : C:\Windows\System32\drivers\vga.sys => Invisible on the disk
ADDRESS : 0x03F4D000
SIZE : 56.0 Ko

DRIVER : C:\Windows\System32\drivers\VIDEOPRT.SYS => Invisible on the disk
ADDRESS : 0x03F5B000
SIZE : 148.0 Ko

DRIVER : C:\Windows\System32\drivers\watchdog.sys => Invisible on the disk
ADDRESS : 0x03F80000
SIZE : 64.0 Ko

DRIVER : C:\Windows\System32\DRIVERS\RDPCDD.sys => Invisible on the disk
ADDRESS : 0x03F90000
SIZE : 36.0 Ko

DRIVER : C:\Windows\system32\drivers\rdpencdd.sys => Invisible on the disk
ADDRESS : 0x03F99000
SIZE : 36.0 Ko

DRIVER : C:\Windows\system32\drivers\rdprefmp.sys => Invisible on the disk
ADDRESS : 0x03FA2000
SIZE : 36.0 Ko

DRIVER : C:\Windows\System32\Drivers\Msfs.SYS => Invisible on the disk
ADDRESS : 0x03FAB000
SIZE : 44.0 Ko

DRIVER : C:\Windows\System32\Drivers\Npfs.SYS => Invisible on the disk
ADDRESS : 0x03FB6000
SIZE : 68.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\tdx.sys => Invisible on the disk
ADDRESS : 0x03FC7000
SIZE : 136.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\TDI.SYS => Invisible on the disk
ADDRESS : 0x03FE9000
SIZE : 52.0 Ko

DRIVER : C:\Windows\System32\DRIVERS\netbt.sys => Invisible on the disk
ADDRESS : 0x03C00000
SIZE : 276.0 Ko

DRIVER : C:\Windows\system32\drivers\afd.sys => Invisible on the disk
ADDRESS : 0x03C45000
SIZE : 548.0 Ko

DRIVER : C:\Windows\system32\drivers\ws2ifsl.sys => Invisible on the disk
ADDRESS : 0x03CCE000
SIZE : 44.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\wfplwf.sys => Invisible on the disk
ADDRESS : 0x03CD9000
SIZE : 36.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\pacer.sys => Invisible on the disk
ADDRESS : 0x03F13000
SIZE : 152.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\vwififlt.sys => Invisible on the disk
ADDRESS : 0x01854000
SIZE : 88.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\netbios.sys => Invisible on the disk
ADDRESS : 0x03CE2000
SIZE : 60.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\wanarp.sys => Invisible on the disk
ADDRESS : 0x0186A000
SIZE : 108.0 Ko

DRIVER : C:\Windows\system32\drivers\termdd.sys => Invisible on the disk
ADDRESS : 0x01885000
SIZE : 80.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\rdbss.sys => Invisible on the disk
ADDRESS : 0x01600000
SIZE : 324.0 Ko

DRIVER : C:\Windows\system32\drivers\nsiproxy.sys => Invisible on the disk
ADDRESS : 0x01899000
SIZE : 48.0 Ko

DRIVER : C:\Windows\system32\drivers\mssmbios.sys => Invisible on the disk
ADDRESS : 0x01BF3000
SIZE : 44.0 Ko

DRIVER : C:\Windows\System32\Drivers\ElbyCDIO.sys => Invisible on the disk
ADDRESS : 0x01651000
SIZE : 44.0 Ko

DRIVER : C:\Windows\System32\drivers\discache.sys => Invisible on the disk
ADDRESS : 0x0165C000
SIZE : 60.0 Ko

DRIVER : C:\Windows\System32\Drivers\dfsc.sys => Invisible on the disk
ADDRESS : 0x0141B000
SIZE : 120.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\blbdrive.sys => Invisible on the disk
ADDRESS : 0x013E1000
SIZE : 68.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\tunnel.sys => Invisible on the disk
ADDRESS : 0x01000000
SIZE : 152.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\nvlddmkm.sys => Invisible on the disk
ADDRESS : 0x0F24C000
SIZE : 12.46 Mo

DRIVER : C:\Windows\System32\Drivers\nvBridge.kmd => Invisible on the disk
ADDRESS : 0x0FEC3000
SIZE : 20.0 Ko

DRIVER : C:\Windows\System32\drivers\dxgkrnl.sys => Invisible on the disk
ADDRESS : 0x0FEC8000
SIZE : 976.0 Ko

DRIVER : C:\Windows\System32\drivers\dxgmms1.sys => Invisible on the disk
ADDRESS : 0x0F200000
SIZE : 280.0 Ko

DRIVER : C:\Windows\system32\drivers\HDAudBus.sys => Invisible on the disk
ADDRESS : 0x0FFBC000
SIZE : 144.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\usbuhci.sys => Invisible on the disk
ADDRESS : 0x0FFE0000
SIZE : 52.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\USBPORT.SYS => Invisible on the disk
ADDRESS : 0x02E53000
SIZE : 344.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\usbehci.sys => Invisible on the disk
ADDRESS : 0x02EA9000
SIZE : 68.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\L1C62x64.sys => Invisible on the disk
ADDRESS : 0x02EBA000
SIZE : 84.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\bcmwl664.sys => Invisible on the disk
ADDRESS : 0x042D8000
SIZE : 2.93 Mo

DRIVER : C:\Windows\system32\DRIVERS\vwifibus.sys => Invisible on the disk
ADDRESS : 0x045C6000
SIZE : 52.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\SCSIPORT.SYS => Invisible on the disk
ADDRESS : 0x04227000
SIZE : 188.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\CmBatt.sys => Invisible on the disk
ADDRESS : 0x04256000
SIZE : 20.0 Ko

DRIVER : C:\Windows\system32\drivers\i8042prt.sys => Invisible on the disk
ADDRESS : 0x0425B000
SIZE : 120.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\kbdclass.sys => Invisible on the disk
ADDRESS : 0x04279000
SIZE : 60.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\SynTP.sys => Invisible on the disk
ADDRESS : 0x04288000
SIZE : 320.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\USBD.SYS => Invisible on the disk
ADDRESS : 0x045FD000
SIZE : 8.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\mouclass.sys => Invisible on the disk
ADDRESS : 0x02ECF000
SIZE : 60.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\Acceler.sys => Invisible on the disk
ADDRESS : 0x02EDE000
SIZE : 60.0 Ko

DRIVER : C:\Windows\system32\drivers\wmiacpi.sys => Invisible on the disk
ADDRESS : 0x02EED000
SIZE : 36.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\intelppm.sys => Invisible on the disk
ADDRESS : 0x02EF6000
SIZE : 88.0 Ko

DRIVER : C:\Windows\system32\drivers\CompositeBus.sys => Invisible on the disk
ADDRESS : 0x02F0C000
SIZE : 64.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\AgileVpn.sys => Invisible on the disk
ADDRESS : 0x02F1C000
SIZE : 88.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\rasl2tp.sys => Invisible on the disk
ADDRESS : 0x02F32000
SIZE : 144.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\ndistapi.sys => Invisible on the disk
ADDRESS : 0x02F56000
SIZE : 48.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\ndiswan.sys => Invisible on the disk
ADDRESS : 0x02F62000
SIZE : 188.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\raspppoe.sys => Invisible on the disk
ADDRESS : 0x02F91000
SIZE : 108.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\raspptp.sys => Invisible on the disk
ADDRESS : 0x02FAC000
SIZE : 132.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\rassstp.sys => Invisible on the disk
ADDRESS : 0x02FCD000
SIZE : 104.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\VClone.sys => Invisible on the disk
ADDRESS : 0x02FE7000
SIZE : 60.0 Ko

DRIVER : C:\Windows\system32\drivers\swenum.sys => Invisible on the disk
ADDRESS : 0x02FF6000
SIZE : 8.0 Ko

DRIVER : C:\Windows\system32\drivers\ks.sys => Invisible on the disk
ADDRESS : 0x02E00000
SIZE : 268.0 Ko

DRIVER : C:\Windows\system32\drivers\umbus.sys => Invisible on the disk
ADDRESS : 0x0FFED000
SIZE : 72.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\usbhub.sys => Invisible on the disk
ADDRESS : 0x046CC000
SIZE : 360.0 Ko

DRIVER : C:\Windows\System32\Drivers\NDProxy.SYS => Invisible on the disk
ADDRESS : 0x04726000
SIZE : 84.0 Ko

DRIVER : C:\Windows\system32\drivers\portcls.sys => Invisible on the disk
ADDRESS : 0x04768000
SIZE : 244.0 Ko

DRIVER : C:\Windows\system32\drivers\drmk.sys => Invisible on the disk
ADDRESS : 0x047A5000
SIZE : 136.0 Ko

DRIVER : C:\Windows\system32\drivers\ksthunk.sys => Invisible on the disk
ADDRESS : 0x047C7000
SIZE : 24.0 Ko

DRIVER : C:\Windows\system32\drivers\RTKVHD64.sys => Invisible on the disk
ADDRESS : 0x058EA000
SIZE : 2.23 Mo

DRIVER : C:\Windows\system32\DRIVERS\cdrom.sys => Invisible on the disk
ADDRESS : 0x05B24000
SIZE : 168.0 Ko

DRIVER : C:\Windows\System32\win32k.sys => Invisible on the disk
ADDRESS : 0x000D0000
SIZE : 3.08 Mo

DRIVER : C:\Windows\System32\drivers\Dxapi.sys => Invisible on the disk
ADDRESS : 0x05B4E000
SIZE : 48.0 Ko

DRIVER : C:\Windows\System32\Drivers\crashdmp.sys => Invisible on the disk
ADDRESS : 0x05B5A000
SIZE : 56.0 Ko

DRIVER : C:\Windows\System32\Drivers\dump_iaStor.sys => Invisible on the disk
ADDRESS : 0x03CF1000
SIZE : 2.04 Mo

DRIVER : C:\Windows\System32\Drivers\dump_dumpfve.sys => Invisible on the disk
ADDRESS : 0x05B68000
SIZE : 76.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\usbccgp.sys => Invisible on the disk
ADDRESS : 0x05B7B000
SIZE : 116.0 Ko

DRIVER : C:\Windows\System32\Drivers\usbvideo.sys => Invisible on the disk
ADDRESS : 0x05B98000
SIZE : 184.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\hidusb.sys => Invisible on the disk
ADDRESS : 0x05BC6000
SIZE : 56.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\HIDCLASS.SYS => Invisible on the disk
ADDRESS : 0x05BD4000
SIZE : 100.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\HIDPARSE.SYS => Invisible on the disk
ADDRESS : 0x05BED000
SIZE : 36.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\kbdhid.sys => Invisible on the disk
ADDRESS : 0x05800000
SIZE : 56.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\mouhid.sys => Invisible on the disk
ADDRESS : 0x0580E000
SIZE : 52.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\monitor.sys => Invisible on the disk
ADDRESS : 0x0581B000
SIZE : 56.0 Ko

DRIVER : C:\Windows\System32\TSDDD.dll => Invisible on the disk
ADDRESS : 0x004B0000
SIZE : 40.0 Ko

DRIVER : C:\Windows\System32\cdd.dll => Invisible on the disk
ADDRESS : 0x00740000
SIZE : 156.0 Ko

DRIVER : C:\Windows\system32\drivers\luafv.sys => Invisible on the disk
ADDRESS : 0x05829000
SIZE : 140.0 Ko

DRIVER : C:\Windows\system32\drivers\WudfPf.sys => Invisible on the disk
ADDRESS : 0x0584C000
SIZE : 132.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\lltdio.sys => Invisible on the disk
ADDRESS : 0x0586D000
SIZE : 84.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\nwifi.sys => Invisible on the disk
ADDRESS : 0x05882000
SIZE : 332.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\ndisuio.sys => Invisible on the disk
ADDRESS : 0x058D5000
SIZE : 76.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\rspndr.sys => Invisible on the disk
ADDRESS : 0x047CD000
SIZE : 96.0 Ko

DRIVER : C:\Windows\system32\drivers\HTTP.sys => Invisible on the disk
ADDRESS : 0x04600000
SIZE : 804.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\bowser.sys => Invisible on the disk
ADDRESS : 0x01026000
SIZE : 120.0 Ko

DRIVER : C:\Windows\System32\drivers\mpsdrv.sys => Invisible on the disk
ADDRESS : 0x03EFB000
SIZE : 96.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\mrxsmb.sys => Invisible on the disk
ADDRESS : 0x05CE6000
SIZE : 180.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\mrxsmb10.sys => Invisible on the disk
ADDRESS : 0x05D13000
SIZE : 312.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\mrxsmb20.sys => Invisible on the disk
ADDRESS : 0x05D61000
SIZE : 144.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\atksgt.sys => Invisible on the disk
ADDRESS : 0x05D85000
SIZE : 316.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\lirsgt.sys => Invisible on the disk
ADDRESS : 0x05DD4000
SIZE : 52.0 Ko

DRIVER : C:\Windows\system32\drivers\peauth.sys => Invisible on the disk
ADDRESS : 0x05C23000
SIZE : 664.0 Ko

DRIVER : C:\Windows\System32\Drivers\secdrv.SYS => Invisible on the disk
ADDRESS : 0x05CC9000
SIZE : 44.0 Ko

DRIVER : C:\Windows\System32\DRIVERS\srvnet.sys => Invisible on the disk
ADDRESS : 0x0703D000
SIZE : 196.0 Ko

DRIVER : C:\Windows\System32\drivers\tcpipreg.sys => Invisible on the disk
ADDRESS : 0x0706E000
SIZE : 72.0 Ko

DRIVER : C:\Windows\System32\DRIVERS\srv2.sys => Invisible on the disk
ADDRESS : 0x070AD000
SIZE : 420.0 Ko

DRIVER : C:\Windows\System32\DRIVERS\srv.sys => Invisible on the disk
ADDRESS : 0x07116000
SIZE : 608.0 Ko

DRIVER : C:\Windows\system32\drivers\BCM42RLY.sys => Invisible on the disk
ADDRESS : 0x071AE000
SIZE : 36.0 Ko

DRIVER : C:\Windows\system32\drivers\mbam.sys => Invisible on the disk
ADDRESS : 0x071B7000
SIZE : 40.0 Ko

DRIVER : C:\Windows\system32\drivers\ohci1394.sys => Invisible on the disk
ADDRESS : 0x071C1000
SIZE : 72.0 Ko

DRIVER : C:\Windows\system32\drivers\1394BUS.SYS => Invisible on the disk
ADDRESS : 0x071D3000
SIZE : 96.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\johci.sys => Invisible on the disk
ADDRESS : 0x071EB000
SIZE : 36.0 Ko

DRIVER : C:\Windows\system32\DRIVERS\jmcr.sys => Invisible on the disk
ADDRESS : 0x07000000
SIZE : 156.0 Ko

DRIVER : C:\Windows\System32\Drivers\fastfat.SYS => Invisible on the disk
ADDRESS : 0x00DAF000
SIZE : 216.0 Ko

DRIVER : C:\Windows\System32\smss.exe => Invisible on the disk
ADDRESS : 0x47F60000
SIZE : 128.0 Ko

BCD EmsSettings {0CE4991B-E6B3-4B16-B23C-5E0D9250E5D9} => BcdOSLoaderBoolean_WinPEMode (26000022)

SystemStartOptions : NOEXECUTE=OPTIN

________________________________________________________________________________

_____FAKED \Device\Harddisk0\DR0

0x00000000 31 C0 8E D0 BC 00 7C 8E C0 8E D8 FC FB 60 B9 DC 1À.м.|.À.Øüû`¹ü
0x00000010 00 BD 1A 7C D2 4E 00 45 E2 FA 88 B0 50 FA 83 17 .½.|ÒN.Eâú.°Pú..
0x00000020 C4 80 01 0D 4C 08 C1 70 81 74 B6 E3 1F 0C F6 3E Ä...L.Áp.t¶ã..ö>
0x00000030 87 00 66 89 03 CC A3 08 5F 96 84 F5 DB F8 CD 89 ..f..Ì£._..õûØÍ.
0x00000040 EF 3E C7 CD 14 00 E8 39 00 CC B8 22 40 FF 36 B5 ï>ÇÍ..è9.̸"@.6µ
0x00000050 1F E0 13 FF A3 2C 00 5F CA AF B8 70 A4 FA F3 52 .À..£,._ʯ¸p¤úóR
0x00000060 68 E4 D7 2C 03 EA ED B0 BA 00 00 00 00 C0 C6 03 hÄ×,.ÊÍ°º....ÀÆ.
0x00000070 85 AF 00 36 18 30 7D 00 B1 C0 51 EB 40 8D 06 8B .¯.6.0}.±ÀQë@...
0x00000080 5F 20 E0 7C 18 36 7D E3 81 23 D7 29 F5 CC FF 1B _ À|.6}ã.#×)õÌ..
0x00000090 81 AF 66 7C 18 3A 7D 33 FF C6 A0 EB 99 1F 06 90 .¯f|.:}3.Æ.ë....
0x000000A0 5F CC 04 33 A4 0C 1D BE 99 70 E1 09 F5 00 B4 21 _Ì.3¤..¾.pÁ.õ.´!
0x000000B0 AF A2 D7 54 58 28 7D E6 C4 2C 3C 33 C4 81 E8 56 ¯¢×TX(}ÆÄ,<3Ä.èV
0x000000C0 FF 30 E3 29 F5 A6 44 3A 43 CC FF 70 18 FA 66 C1 .0ã)õ¦D:CÌ.p.úfÁ
0x000000D0 87 41 D7 00 AF CB 89 E6 EE 02 00 F5 AC FA 56 AB .A×.¯ë.Æî..õ¬úV«
0x000000E0 FC D4 F5 F2 16 93 74 04 E0 D8 02 4C A7 96 75 77 üÔõÒ..t.ÀØ.L§.uw
0x000000F0 F0 0E 86 63 91 00 F9 02 01 72 2C 66 68 07 BB 00 Ð..c..ù..r,fh.».
0x00000100 00 66 68 00 02 00 00 66 68 08 00 00 00 66 53 66 .fh....fh....fSf
0x00000110 53 66 55 66 68 00 00 00 00 66 68 00 7C 00 00 66 SfUfh....fh.|..f
0x00000120 61 68 00 00 07 CD 1A 5A 32 F6 EA 00 7C 00 00 CD ah...Í.Z2öÊ.|..Í
0x00000130 18 A0 B7 07 EB 08 A0 B6 07 EB 03 A0 B5 07 32 E4 ..·.ë..¶.ë..µ.2Ä
0x00000140 05 00 07 8B F0 AC 3C 00 74 09 BB 07 00 B4 0E CD ....Ь<.t.»..´.Í
0x00000150 10 EB F2 F4 EB FD 2B C9 E4 64 EB 00 24 02 E0 F8 .ëÒÔëý+ÉÄdë.$.ÀØ
0x00000160 24 02 C3 49 6E 76 61 6C 69 64 20 70 61 72 74 69 $.ãInvalid parti
0x00000170 74 69 6F 6E 20 74 61 62 6C 65 00 45 72 72 6F 72 tion table.Error
0x00000180 20 6C 6F 61 64 69 6E 67 20 6F 70 65 72 61 74 69 loading operati
0x00000190 6E 67 20 73 79 73 74 65 6D 00 4D 69 73 73 69 6E ng system.Missin
0x000001A0 67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74 g operating syst
0x000001B0 65 6D 00 00 00 63 7B 9A 00 00 00 10 00 00 00 01 em...c{.........
0x000001C0 01 00 DE FE 3F 0D 3F 00 00 00 4F 6E 03 00 80 05 ..ÞÞ?.?...On....
0x000001D0 38 0E 07 FE FF FF 00 70 03 00 00 50 4D 02 00 FE 8..Þ...p...PM..Þ
0x000001E0 FF FF 07 FE FF FF 00 C0 50 02 00 D0 50 10 00 00 ...Þ...ÀP..ÐP...
0x000001F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA ..............Uª

__ORIGINAL \Device\Harddisk0\DR0

0x00000000 33 C0 8E D0 BC 00 7C 8E C0 8E D8 BE 00 7C BF 00 3À.м.|.À.ؾ.|¿.
0x00000010 06 B9 00 02 FC F3 A4 50 68 1C 06 CB FB B9 04 00 .¹..üó¤Ph..ëû¹..
0x00000020 BD BE 07 80 7E 00 00 7C 0B 0F 85 0E 01 83 C5 10 ½¾..~..|......Å.
0x00000030 E2 F1 CD 18 88 56 00 55 C6 46 11 05 C6 46 10 00 âñÍ..V.UÆF..ÆF..
0x00000040 B4 41 BB AA 55 CD 13 5D 72 0F 81 FB 55 AA 75 09 ´A»ªUÍ.]r..ûUªu.
0x00000050 F7 C1 01 00 74 03 FE 46 10 66 60 80 7E 10 00 74 ÷Á..t.ÞF.f`.~..t
0x00000060 26 66 68 00 00 00 00 66 FF 76 08 68 00 00 68 00 &fh....f.v.h..h.
0x00000070 7C 68 01 00 68 10 00 B4 42 8A 56 00 8B F4 CD 13 |h..h..´B.V..ÔÍ.
0x00000080 9F 83 C4 10 9E EB 14 B8 01 02 BB 00 7C 8A 56 00 ..Ä..ë.¸..».|.V.
0x00000090 8A 76 01 8A 4E 02 8A 6E 03 CD 13 66 61 73 1C FE .v..N..n.Í.fas.Þ
0x000000A0 4E 11 75 0C 80 7E 00 80 0F 84 8A 00 B2 80 EB 84 N.u..~......².ë.
0x000000B0 55 32 E4 8A 56 00 CD 13 5D EB 9E 81 3E FE 7D 55 U2Ä.V.Í.]ë..>Þ}U
0x000000C0 AA 75 6E FF 76 00 E8 8D 00 75 17 FA B0 D1 E6 64 ªun.v.è..u.ú°ñÆd
0x000000D0 E8 83 00 B0 DF E6 60 E8 7C 00 B0 FF E6 64 E8 75 è..°ßÆ`è|.°.Ædèu
0x000000E0 00 FB B8 00 BB CD 1A 66 23 C0 75 3B 66 81 FB 54 .û¸.»Í.f#Àu;f.ûT
0x000000F0 43 50 41 75 32 81 F9 02 01 72 2C 66 68 07 BB 00 CPAu2.ù..r,fh.».
0x00000100 00 66 68 00 02 00 00 66 68 08 00 00 00 66 53 66 .fh....fh....fSf
0x00000110 53 66 55 66 68 00 00 00 00 66 68 00 7C 00 00 66 SfUfh....fh.|..f
0x00000120 61 68 00 00 07 CD 1A 5A 32 F6 EA 00 7C 00 00 CD ah...Í.Z2öÊ.|..Í
0x00000130 18 A0 B7 07 EB 08 A0 B6 07 EB 03 A0 B5 07 32 E4 ..·.ë..¶.ë..µ.2Ä
0x00000140 05 00 07 8B F0 AC 3C 00 74 09 BB 07 00 B4 0E CD ....Ь<.t.»..´.Í
0x00000150 10 EB F2 F4 EB FD 2B C9 E4 64 EB 00 24 02 E0 F8 .ëÒÔëý+ÉÄdë.$.ÀØ
0x00000160 24 02 C3 49 6E 76 61 6C 69 64 20 70 61 72 74 69 $.ãInvalid parti
0x00000170 74 69 6F 6E 20 74 61 62 6C 65 00 45 72 72 6F 72 tion table.Error
0x00000180 20 6C 6F 61 64 69 6E 67 20 6F 70 65 72 61 74 69 loading operati
0x00000190 6E 67 20 73 79 73 74 65 6D 00 4D 69 73 73 69 6E ng system.Missin
0x000001A0 67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74 g operating syst
0x000001B0 65 6D 00 00 00 63 7B 9A 00 00 00 10 00 00 00 01 em...c{.........
0x000001C0 01 00 DE FE 3F 0D 3F 00 00 00 4F 6E 03 00 80 05 ..ÞÞ?.?...On....
0x000001D0 38 0E 07 FE FF FF 00 70 03 00 00 50 4D 02 00 FE 8..Þ...p...PM..Þ
0x000001E0 FF FF 07 FE FF FF 00 C0 50 02 00 D0 50 10 00 00 ...Þ...ÀP..ÐP...
0x000001F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA ..............Uª

I ran the program again and pressed "dump," then "dump selected MBR." I can't find an associated log file though - just a few files with .mbr extensions, like "Dump_Hdd0_DR0.mbr." Did you want to view those files?

Share this post


Link to post
Share on other sites

I see that other people have attached files to their posts, but I don't see any options to attach files in my replies.... is there something I'm missing? (sorry for the stupid question)

Share this post


Link to post
Share on other sites

Alright, figured out how to upload files, but it won't let me upload .mbr files....

Share this post


Link to post
Share on other sites

Hello morrowc. :)

It seems MBRScan may have fixed the infection but to be sure:

Please re-run MBRCheck and post the log in your reply.

Then, please download to your Desktop:

  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure. Instead, choose SKIP, then click on Continue tdsskiller2.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue tdsskiller3.png
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.

==========

Please include in your reply:

  • MBRCheck log.
  • TDSSKiller log.

Share this post


Link to post
Share on other sites

Hey morrowc. :)

Please post the content of the logs, as malware writers would like nothing more than to infect the computers of helpers, such as myself.

Thanks! :)

Share this post


Link to post
Share on other sites

Sorry! Here's the MBRCheck log:

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows 7 Home Premium Edition

Windows Information: Service Pack 1 (build 7601), 64-bit

Base Board Manufacturer: Alienware

BIOS Manufacturer: Alienware

System Manufacturer: Alienware

System Product Name: M11x

Logical Drives Mask: 0x0000000c

Kernel Drivers (total 207):

0x0305B000 \SystemRoot\system32\ntoskrnl.exe

0x03012000 \SystemRoot\system32\hal.dll

0x00BC6000 \SystemRoot\system32\kdcom.dll

0x00C85000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

0x00CD4000 \SystemRoot\system32\PSHED.dll

0x00CE8000 \SystemRoot\system32\CLFS.SYS

0x00EAB000 \SystemRoot\system32\CI.dll

0x00E00000 \SystemRoot\system32\drivers\Wdf01000.sys

0x00F6B000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x00F7A000 \SystemRoot\system32\drivers\ACPI.sys

0x00FD1000 \SystemRoot\system32\drivers\WMILIB.SYS

0x00FDA000 \SystemRoot\system32\drivers\msisadrv.sys

0x00D46000 \SystemRoot\system32\drivers\pci.sys

0x00FE4000 \SystemRoot\system32\drivers\vdrvroot.sys

0x00D79000 \SystemRoot\System32\drivers\partmgr.sys

0x00FF1000 \SystemRoot\system32\DRIVERS\compbatt.sys

0x00D8E000 \SystemRoot\system32\DRIVERS\BATTC.SYS

0x00D9A000 \SystemRoot\system32\drivers\volmgr.sys

0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys

0x00C5C000 \SystemRoot\System32\drivers\mountmgr.sys

0x0104E000 \SystemRoot\system32\DRIVERS\iaStor.sys

0x01258000 \SystemRoot\system32\drivers\atapi.sys

0x01261000 \SystemRoot\system32\drivers\ataport.SYS

0x0128B000 \SystemRoot\system32\drivers\msahci.sys

0x01296000 \SystemRoot\system32\drivers\PCIIDEX.SYS

0x012A6000 \SystemRoot\system32\drivers\amdxata.sys

0x012B1000 \SystemRoot\system32\drivers\fltmgr.sys

0x012FD000 \SystemRoot\system32\drivers\fileinfo.sys

0x0143E000 \SystemRoot\System32\Drivers\Ntfs.sys

0x01311000 \SystemRoot\System32\Drivers\msrpc.sys

0x015E1000 \SystemRoot\System32\Drivers\ksecdd.sys

0x0136F000 \SystemRoot\System32\Drivers\cng.sys

0x01400000 \SystemRoot\System32\drivers\pcw.sys

0x01411000 \SystemRoot\System32\Drivers\Fs_Rec.sys

0x01672000 \SystemRoot\system32\drivers\ndis.sys

0x01765000 \SystemRoot\system32\drivers\NETIO.SYS

0x017C5000 \SystemRoot\System32\Drivers\ksecpkg.sys

0x018A7000 \SystemRoot\System32\drivers\tcpip.sys

0x01AAB000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x01AF5000 \SystemRoot\system32\drivers\volsnap.sys

0x01B41000 \SystemRoot\system32\DRIVERS\stdflt.sys

0x01B49000 \SystemRoot\System32\Drivers\spldr.sys

0x01B51000 \SystemRoot\System32\drivers\rdyboost.sys

0x01B8B000 \SystemRoot\System32\Drivers\mup.sys

0x01BA6000 \SystemRoot\System32\drivers\hwpolicy.sys

0x01BAF000 \SystemRoot\System32\DRIVERS\fvevol.sys

0x01BE9000 \SystemRoot\system32\DRIVERS\EMSC.SYS

0x01800000 \SystemRoot\system32\DRIVERS\disk.sys

0x01816000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS

0x03F3D000 \SystemRoot\System32\Drivers\Null.SYS

0x03F46000 \SystemRoot\System32\Drivers\Beep.SYS

0x03F4D000 \SystemRoot\System32\drivers\vga.sys

0x03F5B000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x03F80000 \SystemRoot\System32\drivers\watchdog.sys

0x03F90000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x03F99000 \SystemRoot\system32\drivers\rdpencdd.sys

0x03FA2000 \SystemRoot\system32\drivers\rdprefmp.sys

0x03FAB000 \SystemRoot\System32\Drivers\Msfs.SYS

0x03FB6000 \SystemRoot\System32\Drivers\Npfs.SYS

0x03FC7000 \SystemRoot\system32\DRIVERS\tdx.sys

0x03FE9000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x03C00000 \SystemRoot\System32\DRIVERS\netbt.sys

0x03C45000 \SystemRoot\system32\drivers\afd.sys

0x03CCE000 \SystemRoot\system32\drivers\ws2ifsl.sys

0x03CD9000 \SystemRoot\system32\DRIVERS\wfplwf.sys

0x03F13000 \SystemRoot\system32\DRIVERS\pacer.sys

0x01854000 \SystemRoot\system32\DRIVERS\vwififlt.sys

0x03CE2000 \SystemRoot\system32\DRIVERS\netbios.sys

0x0186A000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x01885000 \SystemRoot\system32\drivers\termdd.sys

0x01600000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x01899000 \SystemRoot\system32\drivers\nsiproxy.sys

0x01BF3000 \SystemRoot\system32\drivers\mssmbios.sys

0x01651000 \SystemRoot\System32\Drivers\ElbyCDIO.sys

0x0165C000 \SystemRoot\System32\drivers\discache.sys

0x0141B000 \SystemRoot\System32\Drivers\dfsc.sys

0x013E1000 \SystemRoot\system32\DRIVERS\blbdrive.sys

0x01000000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x0F24C000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys

0x0FEC3000 \SystemRoot\System32\Drivers\nvBridge.kmd

0x0FEC8000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x0F200000 \SystemRoot\System32\drivers\dxgmms1.sys

0x0FFBC000 \SystemRoot\system32\drivers\HDAudBus.sys

0x0FFE0000 \SystemRoot\system32\DRIVERS\usbuhci.sys

0x02E53000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0x02EA9000 \SystemRoot\system32\DRIVERS\usbehci.sys

0x02EBA000 \SystemRoot\system32\DRIVERS\L1C62x64.sys

0x042D8000 \SystemRoot\system32\DRIVERS\bcmwl664.sys

0x045C6000 \SystemRoot\system32\DRIVERS\vwifibus.sys

0x04227000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS

0x04256000 \SystemRoot\system32\DRIVERS\CmBatt.sys

0x0425B000 \SystemRoot\system32\drivers\i8042prt.sys

0x04279000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0x04288000 \SystemRoot\system32\DRIVERS\SynTP.sys

0x045FD000 \SystemRoot\system32\DRIVERS\USBD.SYS

0x02ECF000 \SystemRoot\system32\DRIVERS\mouclass.sys

0x02EDE000 \SystemRoot\system32\DRIVERS\Acceler.sys

0x02EED000 \SystemRoot\system32\drivers\wmiacpi.sys

0x02EF6000 \SystemRoot\system32\DRIVERS\intelppm.sys

0x02F0C000 \SystemRoot\system32\drivers\CompositeBus.sys

0x02F1C000 \SystemRoot\system32\DRIVERS\AgileVpn.sys

0x02F32000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x02F56000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x02F62000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x02F91000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x02FAC000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x02FCD000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x02FE7000 \SystemRoot\system32\DRIVERS\VClone.sys

0x02FF6000 \SystemRoot\system32\drivers\swenum.sys

0x02E00000 \SystemRoot\system32\drivers\ks.sys

0x0FFED000 \SystemRoot\system32\drivers\umbus.sys

0x046CC000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x04726000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x04768000 \SystemRoot\system32\drivers\portcls.sys

0x047A5000 \SystemRoot\system32\drivers\drmk.sys

0x047C7000 \SystemRoot\system32\drivers\ksthunk.sys

0x058EA000 \SystemRoot\system32\drivers\RTKVHD64.sys

0x05B24000 \SystemRoot\system32\DRIVERS\cdrom.sys

0x000D0000 \SystemRoot\System32\win32k.sys

0x05B4E000 \SystemRoot\System32\drivers\Dxapi.sys

0x05B5A000 \SystemRoot\System32\Drivers\crashdmp.sys

0x03CF1000 \SystemRoot\System32\Drivers\dump_iaStor.sys

0x05B68000 \SystemRoot\System32\Drivers\dump_dumpfve.sys

0x05B7B000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0x05B98000 \SystemRoot\System32\Drivers\usbvideo.sys

0x05BC6000 \SystemRoot\system32\DRIVERS\hidusb.sys

0x05BD4000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0x05BED000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0x05800000 \SystemRoot\system32\DRIVERS\kbdhid.sys

0x0580E000 \SystemRoot\system32\DRIVERS\mouhid.sys

0x0581B000 \SystemRoot\system32\DRIVERS\monitor.sys

0x004B0000 \SystemRoot\System32\TSDDD.dll

0x00740000 \SystemRoot\System32\cdd.dll

0x00870000 \SystemRoot\System32\ATMFD.DLL

0x05829000 \SystemRoot\system32\drivers\luafv.sys

0x0584C000 \SystemRoot\system32\drivers\WudfPf.sys

0x0586D000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x05882000 \SystemRoot\system32\DRIVERS\nwifi.sys

0x058D5000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0x047CD000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x04600000 \SystemRoot\system32\drivers\HTTP.sys

0x01026000 \SystemRoot\system32\DRIVERS\bowser.sys

0x03EFB000 \SystemRoot\System32\drivers\mpsdrv.sys

0x05CE6000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0x05D13000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0x05D61000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0x05D85000 \SystemRoot\system32\DRIVERS\atksgt.sys

0x05DD4000 \SystemRoot\system32\DRIVERS\lirsgt.sys

0x05C00000 \??\C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys

0x05C23000 \SystemRoot\system32\drivers\peauth.sys

0x05CC9000 \SystemRoot\System32\Drivers\secdrv.SYS

0x0703D000 \SystemRoot\System32\DRIVERS\srvnet.sys

0x0706E000 \SystemRoot\System32\drivers\tcpipreg.sys

0x07080000 \??\C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl

0x070AD000 \SystemRoot\System32\DRIVERS\srv2.sys

0x07116000 \SystemRoot\System32\DRIVERS\srv.sys

0x071AE000 \SystemRoot\system32\drivers\BCM42RLY.sys

0x071B7000 \??\C:\Windows\system32\drivers\mbam.sys

0x00DAF000 \SystemRoot\System32\Drivers\fastfat.SYS

0x071C1000 \SystemRoot\system32\drivers\ohci1394.sys

0x071D3000 \SystemRoot\system32\drivers\1394BUS.SYS

0x071EB000 \SystemRoot\system32\DRIVERS\johci.sys

0x07000000 \SystemRoot\system32\DRIVERS\jmcr.sys

0x07027000 \SystemRoot\system32\drivers\MSPQM.sys

0x09A2C000 \SystemRoot\system32\DRIVERS\facap.sys

0x09A65000 \SystemRoot\system32\DRIVERS\STREAM.SYS

0x09A76000 \SystemRoot\system32\drivers\MSPCLOCK.sys

0x77530000 \Windows\System32\ntdll.dll

0x47F60000 \Windows\System32\smss.exe

0xFF850000 \Windows\System32\apisetschema.dll

0xFF7D0000 \Windows\System32\autochk.exe

0x77700000 \Windows\System32\psapi.dll

0xFF730000 \Windows\System32\msctf.dll

0xFF710000 \Windows\System32\imagehlp.dll

0xFF670000 \Windows\System32\msvcrt.dll

0xFF590000 \Windows\System32\advapi32.dll

0xFF580000 \Windows\System32\nsi.dll

0xFF4E0000 \Windows\System32\clbcatq.dll

0xFF3B0000 \Windows\System32\wininet.dll

0xFF330000 \Windows\System32\shlwapi.dll

0xFF2C0000 \Windows\System32\gdi32.dll

0xFF240000 \Windows\System32\difxapi.dll

0xFEFE0000 \Windows\System32\iertutil.dll

0xFEE60000 \Windows\System32\urlmon.dll

0xFEE30000 \Windows\System32\imm32.dll

0x77430000 \Windows\System32\user32.dll

0x77310000 \Windows\System32\kernel32.dll

0xFEC20000 \Windows\System32\ole32.dll

0xFEC00000 \Windows\System32\sechost.dll

0xFDE70000 \Windows\System32\shell32.dll

0xFDC90000 \Windows\System32\setupapi.dll

0xFDC30000 \Windows\System32\Wldap32.dll

0xFDBE0000 \Windows\System32\ws2_32.dll

0x776F0000 \Windows\System32\normaliz.dll

0xFDB00000 \Windows\System32\oleaut32.dll

0xFDA30000 \Windows\System32\usp10.dll

0xFD900000 \Windows\System32\rpcrt4.dll

0xFD8F0000 \Windows\System32\lpk.dll

0xFD850000 \Windows\System32\comdlg32.dll

0xFD7E0000 \Windows\System32\KernelBase.dll

0xFD7A0000 \Windows\System32\cfgmgr32.dll

0xFD630000 \Windows\System32\crypt32.dll

0xFD5F0000 \Windows\System32\wintrust.dll

0xFD5D0000 \Windows\System32\devobj.dll

0xFD530000 \Windows\System32\comctl32.dll

0xFD520000 \Windows\System32\msasn1.dll

0x75370000 \Windows\SysWOW64\normaliz.dll

Processes (total 103):

0 System Idle Process

4 System

276 C:\Windows\System32\smss.exe

496 csrss.exe

560 csrss.exe

568 C:\Windows\System32\wininit.exe

636 C:\Windows\System32\winlogon.exe

696 C:\Windows\System32\services.exe

704 C:\Windows\System32\lsass.exe

712 C:\Windows\System32\lsm.exe

888 C:\Windows\System32\svchost.exe

960 C:\Windows\System32\nvvsvc.exe

996 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

292 C:\Windows\System32\svchost.exe

768 C:\Windows\System32\svchost.exe

604 C:\Windows\System32\svchost.exe

1028 C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe

1080 C:\Windows\System32\svchost.exe

1196 C:\Windows\System32\svchost.exe

1240 C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

1252 C:\Windows\System32\nvvsvc.exe

1484 C:\Windows\System32\svchost.exe

1940 C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE

1948 C:\Windows\System32\wlanext.exe

1956 C:\Windows\System32\conhost.exe

2040 C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE

1468 C:\Windows\System32\spoolsv.exe

1740 C:\Windows\System32\svchost.exe

1432 C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

1844 C:\Windows\System32\taskhost.exe

2104 C:\Windows\System32\dwm.exe

2188 C:\Windows\explorer.exe

2568 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

2576 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

2584 C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE

2596 C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe

2608 C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe

2616 C:\Program Files\Logitech\SetPointP\SetPoint.exe

2648 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

2696 C:\Program Files (x86)\RAMRush\RAMRush.exe

2796 C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe

2864 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

3016 C:\Users\Morrow\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe

2404 C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe

1692 C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

1768 C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe

2536 C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe

2728 C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe

2832 C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

2848 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

2764 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

2744 C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe

3040 C:\Program Files (x86)\Java\jre6\bin\jusched.exe

2484 C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

2276 C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe

2720 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

3356 C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe

3388 C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe

3564 C:\Windows\System32\svchost.exe

3608 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

4028 C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe

3436 C:\Windows\System32\svchost.exe

1456 C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe

324 WmiPrvSE.exe

4576 C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe

4584 C:\Program Files\Alienware\Command Center\AlienFXHook64Mngr.exe

4596 C:\Windows\System32\conhost.exe

4620 C:\Windows\System32\conhost.exe

4792 C:\Windows\System32\SearchIndexer.exe

4776 C:\Program Files\Windows Media Player\wmpnetwk.exe

5708 C:\Windows\System32\svchost.exe

1324 C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

5904 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

4004 C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

6596 mbampt.exe

4480 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbampt.exe

6388 mbampt.exe

1512 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbampt.exe

7760 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

6036 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

1580 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

980 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

4900 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbampt.exe

6356 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

6708 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

7420 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

5524 C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe

8184 C:\Users\Morrow\AppData\Local\DIRECTV Player\NDSPCShowServer.exe

3548 C:\Windows\System32\SearchProtocolHost.exe

6936 C:\Windows\System32\conhost.exe

5588 C:\Windows\System32\taskeng.exe

5788 C:\Windows\System32\SearchFilterHost.exe

3628 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbampt.exe

4476 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbampt.exe

5380 C:\Windows\System32\audiodg.exe

7340 C:\Users\Morrow\Desktop\MBRCheck.exe

7684 C:\Windows\System32\conhost.exe

7496 <unknown>

3816 <unknown>

8124 <unknown>

5272 <unknown>

5044 <unknown>

3600 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000004`a1800000 (NTFS)

PhysicalDrive0 Model Number: ST9160314AS, Rev: D005DEM1

Size Device Name MBR Status

--------------------------------------------

149 GB \\.\PhysicalDrive0 MBR Code Faked!

SHA1: 006DAC41B85DE862D5301245E653DB2869A80603

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

And here's the TDSSKiller log:

:19.0317 8080 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48

21:03:19.0675 8080 ============================================================

21:03:19.0675 8080 Current date / time: 2012/08/30 21:03:19.0675

21:03:19.0675 8080 SystemInfo:

21:03:19.0675 8080

21:03:19.0675 8080 OS Version: 6.1.7601 ServicePack: 1.0

21:03:19.0675 8080 Product type: Workstation

21:03:19.0675 8080 ComputerName: M11X

21:03:19.0675 8080 UserName: Morrow

21:03:19.0675 8080 Windows directory: C:\Windows

21:03:19.0675 8080 System windows directory: C:\Windows

21:03:19.0675 8080 Running under WOW64

21:03:19.0675 8080 Processor architecture: Intel x64

21:03:19.0675 8080 Number of processors: 2

21:03:19.0675 8080 Page size: 0x1000

21:03:19.0675 8080 Boot type: Normal boot

21:03:19.0675 8080 ============================================================

21:03:20.0346 8080 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

21:03:20.0362 8080 ============================================================

21:03:20.0362 8080 \Device\Harddisk0\DR0:

21:03:20.0362 8080 MBR partitions:

21:03:20.0362 8080 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x37000, BlocksNum 0x24D5000

21:03:20.0362 8080 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x250C000, BlocksNum 0x1050D000

21:03:20.0362 8080 ============================================================

21:03:20.0393 8080 C: <-> \Device\Harddisk0\DR0\Partition2

21:03:20.0393 8080 ============================================================

21:03:20.0393 8080 Initialize success

21:03:20.0393 8080 ============================================================

21:03:26.0820 7636 ============================================================

21:03:26.0820 7636 Scan started

21:03:26.0820 7636 Mode: Manual;

21:03:26.0820 7636 ============================================================

21:03:28.0333 7636 ================ Scan system memory ========================

21:03:28.0333 7636 System memory - ok

21:03:28.0333 7636 ================ Scan services =============================

21:03:28.0801 7636 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

21:03:28.0801 7636 1394ohci - ok

21:03:28.0864 7636 [ D82BA16D731F1BEAD682E58E45454F29 ] Acceler C:\Windows\system32\DRIVERS\Acceler.sys

21:03:28.0864 7636 Acceler - ok

21:03:28.0911 7636 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

21:03:28.0911 7636 ACPI - ok

21:03:28.0957 7636 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

21:03:28.0957 7636 AcpiPmi - ok

21:03:29.0160 7636 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

21:03:29.0160 7636 AdobeFlashPlayerUpdateSvc - ok

21:03:29.0207 7636 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

21:03:29.0207 7636 adp94xx - ok

21:03:29.0254 7636 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

21:03:29.0254 7636 adpahci - ok

21:03:29.0269 7636 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

21:03:29.0285 7636 adpu320 - ok

21:03:29.0316 7636 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

21:03:29.0316 7636 AeLookupSvc - ok

21:03:29.0425 7636 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

21:03:29.0441 7636 AERTFilters - ok

21:03:29.0503 7636 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

21:03:29.0519 7636 AFD - ok

21:03:29.0566 7636 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

21:03:29.0566 7636 agp440 - ok

21:03:29.0597 7636 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

21:03:29.0597 7636 ALG - ok

21:03:29.0691 7636 [ A99E57669390F265D25288C8BA042D78 ] AlienFusionService C:\Program Files\Alienware\Command Center\AlienFusionService.exe

21:03:29.0691 7636 AlienFusionService - ok

21:03:29.0753 7636 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

21:03:29.0753 7636 aliide - ok

21:03:29.0769 7636 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

21:03:29.0769 7636 amdide - ok

21:03:29.0800 7636 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

21:03:29.0800 7636 AmdK8 - ok

21:03:29.0815 7636 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

21:03:29.0815 7636 AmdPPM - ok

21:03:29.0862 7636 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

21:03:29.0862 7636 amdsata - ok

21:03:29.0878 7636 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

21:03:29.0878 7636 amdsbs - ok

21:03:29.0909 7636 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

21:03:29.0909 7636 amdxata - ok

21:03:29.0971 7636 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

21:03:29.0987 7636 AppID - ok

21:03:30.0049 7636 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

21:03:30.0049 7636 AppIDSvc - ok

21:03:30.0096 7636 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll

21:03:30.0096 7636 Appinfo - ok

21:03:30.0221 7636 [ 5AA788D5A2C6737BB9C45933985BC1B8 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

21:03:30.0221 7636 Apple Mobile Device - ok

21:03:30.0252 7636 appliandMP - ok

21:03:30.0315 7636 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys

21:03:30.0330 7636 arc - ok

21:03:30.0330 7636 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

21:03:30.0346 7636 arcsas - ok

21:03:30.0424 7636 aspnet_state - ok

21:03:30.0439 7636 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

21:03:30.0455 7636 AsyncMac - ok

21:03:30.0486 7636 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

21:03:30.0502 7636 atapi - ok

21:03:30.0549 7636 [ FC0E8778C000291CAF60EB88C011E931 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys

21:03:30.0564 7636 atksgt - ok

21:03:30.0627 7636 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

21:03:30.0642 7636 AudioEndpointBuilder - ok

21:03:30.0673 7636 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

21:03:30.0689 7636 AudioSrv - ok

21:03:30.0767 7636 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

21:03:30.0767 7636 AxInstSV - ok

21:03:30.0814 7636 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys

21:03:30.0814 7636 b06bdrv - ok

21:03:30.0861 7636 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

21:03:30.0876 7636 b57nd60a - ok

21:03:30.0907 7636 [ 5C0F919666954885D7760DFFE4B29A25 ] BCM42RLY C:\Windows\system32\drivers\BCM42RLY.sys

21:03:30.0907 7636 BCM42RLY - ok

21:03:31.0001 7636 [ BAB887A2B2786310A966881F074F4A99 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys

21:03:31.0095 7636 BCM43XX - ok

21:03:31.0141 7636 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

21:03:31.0141 7636 BDESVC - ok

21:03:31.0173 7636 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

21:03:31.0173 7636 Beep - ok

21:03:31.0297 7636 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

21:03:31.0297 7636 BFE - ok

21:03:31.0360 7636 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll

21:03:31.0531 7636 BITS - ok

21:03:31.0594 7636 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

21:03:31.0594 7636 blbdrive - ok

21:03:31.0641 7636 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

21:03:31.0641 7636 bowser - ok

21:03:31.0672 7636 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

21:03:31.0672 7636 BrFiltLo - ok

21:03:31.0687 7636 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

21:03:31.0687 7636 BrFiltUp - ok

21:03:31.0734 7636 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys

21:03:31.0734 7636 BridgeMP - ok

21:03:31.0781 7636 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll

21:03:31.0781 7636 Browser - ok

21:03:31.0812 7636 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

21:03:31.0812 7636 Brserid - ok

21:03:31.0828 7636 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

21:03:31.0828 7636 BrSerWdm - ok

21:03:31.0859 7636 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

21:03:31.0859 7636 BrUsbMdm - ok

21:03:31.0875 7636 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

21:03:31.0875 7636 BrUsbSer - ok

21:03:31.0906 7636 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

21:03:31.0906 7636 BTHMODEM - ok

21:03:31.0937 7636 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

21:03:31.0937 7636 bthserv - ok

21:03:31.0984 7636 [ 17BB17AF3420B1F82308082299710630 ] CamdAudio C:\Windows\system32\drivers\CamdAudio.sys

21:03:31.0984 7636 CamdAudio - ok

21:03:32.0015 7636 catchme - ok

21:03:32.0046 7636 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

21:03:32.0046 7636 cdfs - ok

21:03:32.0109 7636 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

21:03:32.0109 7636 cdrom - ok

21:03:32.0155 7636 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

21:03:32.0155 7636 CertPropSvc - ok

21:03:32.0187 7636 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys

21:03:32.0187 7636 circlass - ok

21:03:32.0218 7636 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

21:03:32.0233 7636 CLFS - ok

21:03:32.0343 7636 [ DB26C2BA2AC0AB6BE1CFA59F61CE22DA ] CLHNServiceForPowerDVD C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe

21:03:32.0343 7636 CLHNServiceForPowerDVD - ok

21:03:32.0374 7636 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

21:03:32.0389 7636 clr_optimization_v2.0.50727_32 - ok

21:03:32.0452 7636 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

21:03:32.0452 7636 clr_optimization_v2.0.50727_64 - ok

21:03:32.0561 7636 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

21:03:32.0748 7636 clr_optimization_v4.0.30319_32 - ok

21:03:32.0842 7636 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

21:03:32.0935 7636 clr_optimization_v4.0.30319_64 - ok

21:03:32.0998 7636 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

21:03:32.0998 7636 CmBatt - ok

21:03:33.0013 7636 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

21:03:33.0013 7636 cmdide - ok

21:03:33.0060 7636 [ C4943B6C962E4B82197542447AD599F4 ] CNG C:\Windows\system32\Drivers\cng.sys

21:03:33.0060 7636 CNG - ok

21:03:33.0076 7636 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

21:03:33.0076 7636 Compbatt - ok

21:03:33.0123 7636 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

21:03:33.0123 7636 CompositeBus - ok

21:03:33.0138 7636 COMSysApp - ok

21:03:33.0154 7636 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

21:03:33.0154 7636 crcdisk - ok

21:03:33.0216 7636 [ 15597883FBE9B056F276ADA3AD87D9AF ] CryptSvc C:\Windows\system32\cryptsvc.dll

21:03:33.0216 7636 CryptSvc - ok

21:03:33.0279 7636 [ E27D60E5A51EEDF9A57F5B69A9A6457D ] CyberLink PowerDVD 11.0 Monitor Service C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe

21:03:33.0279 7636 CyberLink PowerDVD 11.0 Monitor Service - ok

21:03:33.0388 7636 [ 857943A77B06AC056771A3B12CD318DD ] CyberLink PowerDVD 11.0 Service C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe

21:03:33.0404 7636 CyberLink PowerDVD 11.0 Service - ok

21:03:33.0450 7636 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

21:03:33.0466 7636 DcomLaunch - ok

21:03:33.0513 7636 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

21:03:33.0528 7636 defragsvc - ok

21:03:33.0560 7636 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

21:03:33.0575 7636 DfsC - ok

21:03:33.0638 7636 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

21:03:33.0653 7636 Dhcp - ok

21:03:33.0684 7636 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

21:03:33.0684 7636 discache - ok

21:03:33.0716 7636 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys

21:03:33.0716 7636 Disk - ok

21:03:33.0762 7636 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

21:03:33.0762 7636 Dnscache - ok

21:03:33.0794 7636 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

21:03:33.0809 7636 dot3svc - ok

21:03:33.0840 7636 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

21:03:33.0840 7636 DPS - ok

21:03:33.0872 7636 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

21:03:33.0872 7636 drmkaud - ok

21:03:33.0981 7636 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

21:03:34.0012 7636 DXGKrnl - ok

21:03:34.0059 7636 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

21:03:34.0059 7636 EapHost - ok

21:03:34.0355 7636 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys

21:03:34.0464 7636 ebdrv - ok

21:03:34.0511 7636 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

21:03:34.0511 7636 EFS - ok

21:03:34.0605 7636 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

21:03:34.0620 7636 ehRecvr - ok

21:03:34.0652 7636 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

21:03:34.0667 7636 ehSched - ok

21:03:34.0698 7636 [ 9A47AC3DFCF81D30922CDAAF1C2D579F ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys

21:03:34.0698 7636 ElbyCDIO - ok

21:03:34.0761 7636 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

21:03:34.0761 7636 elxstor - ok

21:03:34.0808 7636 [ E47D9D7E6E53892FC97282482F4AE307 ] EMSC C:\Windows\system32\DRIVERS\EMSC.SYS

21:03:34.0808 7636 EMSC - ok

21:03:34.0854 7636 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

21:03:34.0854 7636 ErrDev - ok

21:03:34.0948 7636 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

21:03:34.0979 7636 EventSystem - ok

21:03:34.0995 7636 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

21:03:34.0995 7636 exfat - ok

21:03:35.0042 7636 [ 2C1D443E14F376E8331F52F135DCA9EF ] FACAP C:\Windows\system32\DRIVERS\facap.sys

21:03:35.0057 7636 FACAP - ok

21:03:35.0182 7636 [ 53E30A6E86AA93C0FFC0BC0439E3E636 ] FAService C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe

21:03:35.0260 7636 FAService - ok

21:03:35.0291 7636 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

21:03:35.0291 7636 fastfat - ok

21:03:35.0354 7636 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

21:03:35.0385 7636 Fax - ok

21:03:35.0400 7636 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys

21:03:35.0400 7636 fdc - ok

21:03:35.0432 7636 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

21:03:35.0432 7636 fdPHost - ok

21:03:35.0447 7636 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

21:03:35.0447 7636 FDResPub - ok

21:03:35.0478 7636 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

21:03:35.0478 7636 FileInfo - ok

21:03:35.0494 7636 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

21:03:35.0494 7636 Filetrace - ok

21:03:35.0510 7636 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

21:03:35.0525 7636 flpydisk - ok

21:03:35.0650 7636 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

21:03:35.0681 7636 FltMgr - ok

21:03:35.0744 7636 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll

21:03:35.0775 7636 FontCache - ok

21:03:35.0822 7636 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

21:03:35.0822 7636 FontCache3.0.0.0 - ok

21:03:35.0868 7636 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

21:03:35.0868 7636 FsDepends - ok

21:03:35.0915 7636 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

21:03:35.0915 7636 Fs_Rec - ok

21:03:36.0009 7636 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

21:03:36.0009 7636 fvevol - ok

21:03:36.0087 7636 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

21:03:36.0087 7636 gagp30kx - ok

21:03:36.0149 7636 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

21:03:36.0165 7636 gpsvc - ok

21:03:36.0290 7636 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

21:03:36.0290 7636 gupdate - ok

21:03:36.0321 7636 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

21:03:36.0321 7636 gupdatem - ok

21:03:36.0352 7636 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

21:03:36.0352 7636 gusvc - ok

21:03:36.0383 7636 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

21:03:36.0399 7636 hcw85cir - ok

21:03:36.0430 7636 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys

21:03:36.0430 7636 HDAudBus - ok

21:03:36.0446 7636 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

21:03:36.0446 7636 HidBatt - ok

21:03:36.0461 7636 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

21:03:36.0461 7636 HidBth - ok

21:03:36.0477 7636 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

21:03:36.0477 7636 HidIr - ok

21:03:36.0524 7636 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll

21:03:36.0524 7636 hidserv - ok

21:03:36.0539 7636 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

21:03:36.0555 7636 HidUsb - ok

21:03:36.0586 7636 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

21:03:36.0586 7636 hkmsvc - ok

21:03:36.0633 7636 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

21:03:36.0633 7636 HomeGroupListener - ok

21:03:36.0680 7636 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

21:03:36.0680 7636 HomeGroupProvider - ok

21:03:36.0726 7636 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

21:03:36.0726 7636 HpSAMD - ok

21:03:36.0851 7636 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

21:03:36.0867 7636 HTTP - ok

21:03:36.0898 7636 hwinterface - ok

21:03:36.0945 7636 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

21:03:36.0945 7636 hwpolicy - ok

21:03:36.0976 7636 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys

21:03:36.0976 7636 i8042prt - ok

21:03:37.0023 7636 [ ABBF174CB394F5C437410A788B7E404A ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys

21:03:37.0023 7636 iaStor - ok

21:03:37.0085 7636 [ 31A0E93CDF29007D6C6FFFB632F375ED ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

21:03:37.0085 7636 IAStorDataMgrSvc - ok

21:03:37.0116 7636 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

21:03:37.0132 7636 iaStorV - ok

21:03:37.0179 7636 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

21:03:37.0179 7636 IDriverT - ok

21:03:37.0257 7636 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

21:03:37.0288 7636 idsvc - ok

21:03:37.0460 7636 [ 70B0763C05C18B6FA18B18631A74ECDE ] IDVaultSvc C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe

21:03:37.0460 7636 IDVaultSvc - ok

21:03:37.0756 7636 [ C6238C6ABD6AC99F5D152DA4E9439A3D ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys

21:03:38.0037 7636 igfx - ok

21:03:38.0099 7636 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

21:03:38.0099 7636 iirsp - ok

21:03:38.0162 7636 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

21:03:38.0208 7636 IKEEXT - ok

21:03:38.0240 7636 [ 57AE484D280AEBD405F65166363E98DC ] InstallFilterService C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe

21:03:38.0240 7636 InstallFilterService - ok

21:03:38.0380 7636 [ 0ADF714079AE174A39D69036143E4C50 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys

21:03:38.0442 7636 IntcAzAudAddService - ok

21:03:38.0489 7636 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

21:03:38.0489 7636 intelide - ok

21:03:38.0520 7636 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

21:03:38.0536 7636 intelppm - ok

21:03:38.0614 7636 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

21:03:38.0614 7636 IPBusEnum - ok

21:03:38.0661 7636 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

21:03:38.0661 7636 IpFilterDriver - ok

21:03:38.0770 7636 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

21:03:38.0786 7636 iphlpsvc - ok

21:03:38.0817 7636 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

21:03:38.0832 7636 IPMIDRV - ok

21:03:38.0848 7636 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

21:03:38.0848 7636 IPNAT - ok

21:03:38.0879 7636 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

21:03:38.0879 7636 IRENUM - ok

21:03:38.0895 7636 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

21:03:38.0895 7636 isapnp - ok

21:03:38.0926 7636 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

21:03:38.0926 7636 iScsiPrt - ok

21:03:38.0957 7636 [ 5BD76F820656AEAA2DCE66EED8DA84B9 ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys

21:03:38.0957 7636 JMCR - ok

21:03:38.0988 7636 [ E662CB468A1CFF3A57E120A212FADD57 ] johci C:\Windows\system32\DRIVERS\johci.sys

21:03:38.0988 7636 johci - ok

21:03:39.0035 7636 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

21:03:39.0035 7636 kbdclass - ok

21:03:39.0098 7636 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

21:03:39.0098 7636 kbdhid - ok

21:03:39.0113 7636 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

21:03:39.0113 7636 KeyIso - ok

21:03:39.0160 7636 [ DA1E991A61CFDD755A589E206B97644B ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

21:03:39.0160 7636 KSecDD - ok

21:03:39.0207 7636 [ 7E33198D956943A4F11A5474C1E9106F ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

21:03:39.0207 7636 KSecPkg - ok

21:03:39.0254 7636 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

21:03:39.0254 7636 ksthunk - ok

21:03:39.0300 7636 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

21:03:39.0300 7636 KtmRm - ok

21:03:39.0332 7636 [ 9C46A5421DE9D116C47155317CABB522 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys

21:03:39.0347 7636 L1C - ok

21:03:39.0410 7636 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll

21:03:39.0410 7636 LanmanServer - ok

21:03:39.0456 7636 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

21:03:39.0456 7636 LanmanWorkstation - ok

21:03:39.0706 7636 [ 4ADC135F525D38A498F83B089228CC2D ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe

21:03:39.0706 7636 LBTServ - ok

21:03:39.0737 7636 [ 00BA093A3F316D43A4C3E098A96AE912 ] LEqdUsb C:\Windows\system32\DRIVERS\LEqdUsb.Sys

21:03:39.0737 7636 LEqdUsb - ok

21:03:39.0784 7636 [ 3067CFAD2BAA4A208130CD0AFB130BC9 ] LHidEqd C:\Windows\system32\DRIVERS\LHidEqd.Sys

21:03:39.0784 7636 LHidEqd - ok

21:03:39.0800 7636 [ 24E09882BA51B9830AE029888A3AAF18 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys

21:03:39.0815 7636 LHidFilt - ok

21:03:39.0846 7636 [ 156AB2E56DC3CA0B582E3362E07CDED7 ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys

21:03:39.0846 7636 lirsgt - ok

21:03:39.0893 7636 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

21:03:39.0893 7636 lltdio - ok

21:03:39.0924 7636 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

21:03:39.0924 7636 lltdsvc - ok

21:03:39.0940 7636 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

21:03:39.0956 7636 lmhosts - ok

21:03:39.0971 7636 [ 2F94325D8C10E2B715F3D753C2422AAC ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys

21:03:39.0971 7636 LMouFilt - ok

21:03:40.0002 7636 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

21:03:40.0002 7636 LSI_FC - ok

21:03:40.0018 7636 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

21:03:40.0018 7636 LSI_SAS - ok

21:03:40.0049 7636 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

21:03:40.0049 7636 LSI_SAS2 - ok

21:03:40.0049 7636 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

21:03:40.0049 7636 LSI_SCSI - ok

21:03:40.0080 7636 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

21:03:40.0080 7636 luafv - ok

21:03:40.0143 7636 [ DC8490812A3B72811AE534F423B4C206 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys

21:03:40.0158 7636 MBAMProtector - ok

21:03:40.0268 7636 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

21:03:40.0330 7636 MBAMService - ok

21:03:40.0377 7636 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

21:03:40.0377 7636 Mcx2Svc - ok

21:03:40.0408 7636 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

21:03:40.0408 7636 megasas - ok

21:03:40.0439 7636 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

21:03:40.0439 7636 MegaSR - ok

21:03:40.0470 7636 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

21:03:40.0486 7636 MMCSS - ok

21:03:40.0486 7636 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

21:03:40.0502 7636 Modem - ok

21:03:40.0517 7636 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

21:03:40.0517 7636 monitor - ok

21:03:40.0580 7636 [ 16F9F464DA6E02A020BCE626C56A1797 ] MotioninJoyXFilter C:\Windows\system32\DRIVERS\MijXfilt.sys

21:03:40.0580 7636 MotioninJoyXFilter - ok

21:03:40.0595 7636 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

21:03:40.0611 7636 mouclass - ok

21:03:40.0626 7636 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

21:03:40.0626 7636 mouhid - ok

21:03:40.0658 7636 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

21:03:40.0673 7636 mountmgr - ok

21:03:40.0704 7636 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

21:03:40.0720 7636 mpio - ok

21:03:40.0736 7636 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

21:03:40.0736 7636 mpsdrv - ok

21:03:40.0814 7636 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

21:03:40.0829 7636 MpsSvc - ok

21:03:40.0876 7636 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

21:03:40.0892 7636 MRxDAV - ok

21:03:40.0923 7636 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

21:03:40.0938 7636 mrxsmb - ok

21:03:40.0970 7636 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

21:03:40.0970 7636 mrxsmb10 - ok

21:03:41.0001 7636 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

21:03:41.0001 7636 mrxsmb20 - ok

21:03:41.0048 7636 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

21:03:41.0048 7636 msahci - ok

21:03:41.0063 7636 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

21:03:41.0079 7636 msdsm - ok

21:03:41.0094 7636 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

21:03:41.0094 7636 MSDTC - ok

21:03:41.0141 7636 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

21:03:41.0141 7636 Msfs - ok

21:03:41.0157 7636 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

21:03:41.0157 7636 mshidkmdf - ok

21:03:41.0172 7636 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

21:03:41.0172 7636 msisadrv - ok

21:03:41.0188 7636 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

21:03:41.0204 7636 MSiSCSI - ok

21:03:41.0204 7636 msiserver - ok

21:03:41.0219 7636 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

21:03:41.0235 7636 MSKSSRV - ok

21:03:41.0250 7636 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

21:03:41.0250 7636 MSPCLOCK - ok

21:03:41.0266 7636 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

21:03:41.0266 7636 MSPQM - ok

21:03:41.0297 7636 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

21:03:41.0313 7636 MsRPC - ok

21:03:41.0344 7636 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys

21:03:41.0344 7636 mssmbios - ok

21:03:41.0360 7636 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

21:03:41.0360 7636 MSTEE - ok

21:03:41.0360 7636 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

21:03:41.0360 7636 MTConfig - ok

21:03:41.0391 7636 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

21:03:41.0391 7636 Mup - ok

21:03:41.0438 7636 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

21:03:41.0453 7636 napagent - ok

21:03:41.0484 7636 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

21:03:41.0484 7636 NativeWifiP - ok

21:03:41.0516 7636 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys

21:03:41.0562 7636 NDIS - ok

21:03:41.0578 7636 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

21:03:41.0578 7636 NdisCap - ok

21:03:41.0609 7636 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

21:03:41.0609 7636 NdisTapi - ok

21:03:41.0656 7636 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

21:03:41.0656 7636 Ndisuio - ok

21:03:41.0687 7636 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

21:03:41.0703 7636 NdisWan - ok

21:03:41.0734 7636 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

21:03:41.0734 7636 NDProxy - ok

21:03:41.0781 7636 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

21:03:41.0781 7636 NetBIOS - ok

21:03:41.0828 7636 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

21:03:41.0843 7636 NetBT - ok

21:03:41.0859 7636 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

21:03:41.0859 7636 Netlogon - ok

21:03:41.0906 7636 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

21:03:41.0906 7636 Netman - ok

21:03:41.0968 7636 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

21:03:41.0999 7636 NetMsmqActivator - ok

21:03:42.0030 7636 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

21:03:42.0030 7636 NetPipeActivator - ok

21:03:42.0077 7636 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

21:03:42.0077 7636 netprofm - ok

21:03:42.0093 7636 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

21:03:42.0093 7636 NetTcpActivator - ok

21:03:42.0093 7636 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

21:03:42.0108 7636 NetTcpPortSharing - ok

21:03:42.0155 7636 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

21:03:42.0155 7636 nfrd960 - ok

21:03:42.0202 7636 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll

21:03:42.0218 7636 NlaSvc - ok

21:03:42.0218 7636 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

21:03:42.0218 7636 Npfs - ok

21:03:42.0249 7636 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

21:03:42.0249 7636 nsi - ok

21:03:42.0264 7636 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

21:03:42.0264 7636 nsiproxy - ok

21:03:42.0545 7636 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

21:03:42.0592 7636 Ntfs - ok

21:03:42.0654 7636 [ 7420B2E1F65642129B6E23BD42F752AA ] ntk_PowerDVD C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys

21:03:42.0654 7636 ntk_PowerDVD - ok

21:03:42.0686 7636 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

21:03:42.0686 7636 Null - ok

21:03:42.0732 7636 [ 10204955027011E08A9DC27737A48A54 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys

21:03:42.0732 7636 NVHDA - ok

21:03:43.0091 7636 [ B15258B1F45F9571758AC6BB2F043B01 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys

21:03:43.0403 7636 nvlddmkm - ok

21:03:43.0481 7636 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

21:03:43.0481 7636 nvraid - ok

21:03:43.0544 7636 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

21:03:43.0544 7636 nvstor - ok

21:03:43.0622 7636 [ 2D7092FEC9BD2ACA199673BBA2BA9277 ] nvsvc C:\Windows\system32\nvvsvc.exe

21:03:43.0700 7636 nvsvc - ok

21:03:43.0840 7636 [ 7E22DE30E222BFDFCEC7E77032BAF3CD ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

21:03:43.0902 7636 nvUpdatusService - ok

21:03:43.0965 7636 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

21:03:43.0965 7636 nv_agp - ok

21:03:43.0996 7636 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

21:03:43.0996 7636 ohci1394 - ok

21:03:44.0136 7636 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

21:03:44.0136 7636 ose - ok

21:03:44.0168 7636 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

21:03:44.0183 7636 p2pimsvc - ok

21:03:44.0199 7636 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

21:03:44.0214 7636 p2psvc - ok

21:03:44.0246 7636 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys

21:03:44.0246 7636 Parport - ok

21:03:44.0277 7636 [ 871EADAC56B0A4C6512BBE32753CCF79 ] partmgr C:\Windows\system32\drivers\partmgr.sys

21:03:44.0277 7636 partmgr - ok

21:03:44.0292 7636 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

21:03:44.0308 7636 PcaSvc - ok

21:03:44.0339 7636 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

21:03:44.0355 7636 pci - ok

21:03:44.0370 7636 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

21:03:44.0370 7636 pciide - ok

21:03:44.0386 7636 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

21:03:44.0386 7636 pcmcia - ok

21:03:44.0402 7636 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

21:03:44.0417 7636 pcw - ok

21:03:44.0433 7636 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

21:03:44.0448 7636 PEAUTH - ok

21:03:44.0558 7636 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

21:03:44.0558 7636 PerfHost - ok

21:03:44.0636 7636 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

21:03:44.0682 7636 pla - ok

21:03:44.0745 7636 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

21:03:44.0760 7636 PlugPlay - ok

21:03:44.0776 7636 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

21:03:44.0776 7636 PNRPAutoReg - ok

21:03:44.0807 7636 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

21:03:44.0807 7636 PNRPsvc - ok

21:03:44.0838 7636 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

21:03:44.0854 7636 PolicyAgent - ok

21:03:44.0885 7636 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

21:03:44.0885 7636 Power - ok

21:03:44.0948 7636 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

21:03:44.0948 7636 PptpMiniport - ok

21:03:44.0963 7636 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys

21:03:44.0963 7636 Processor - ok

21:03:44.0979 7636 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll

21:03:44.0994 7636 ProfSvc - ok

21:03:45.0010 7636 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

21:03:45.0010 7636 ProtectedStorage - ok

21:03:45.0057 7636 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

21:03:45.0057 7636 Psched - ok

21:03:45.0119 7636 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

21:03:45.0228 7636 ql2300 - ok

21:03:45.0260 7636 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

21:03:45.0260 7636 ql40xx - ok

21:03:45.0306 7636 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

21:03:45.0306 7636 QWAVE - ok

21:03:45.0322 7636 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

21:03:45.0322 7636 QWAVEdrv - ok

21:03:45.0338 7636 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

21:03:45.0338 7636 RasAcd - ok

21:03:45.0369 7636 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

21:03:45.0369 7636 RasAgileVpn - ok

21:03:45.0384 7636 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

21:03:45.0384 7636 RasAuto - ok

21:03:45.0431 7636 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

21:03:45.0431 7636 Rasl2tp - ok

21:03:45.0478 7636 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

21:03:45.0478 7636 RasMan - ok

21:03:45.0494 7636 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

21:03:45.0509 7636 RasPppoe - ok

21:03:45.0525 7636 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

21:03:45.0525 7636 RasSstp - ok

21:03:45.0572 7636 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

21:03:45.0572 7636 rdbss - ok

21:03:45.0587 7636 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

21:03:45.0587 7636 rdpbus - ok

21:03:45.0618 7636 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

21:03:45.0618 7636 RDPCDD - ok

21:03:45.0634 7636 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

21:03:45.0634 7636 RDPENCDD - ok

21:03:45.0665 7636 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

21:03:45.0665 7636 RDPREFMP - ok

21:03:45.0712 7636 [ 6D76E6433574B058ADCB0C50DF834492 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

21:03:45.0712 7636 RDPWD - ok

21:03:45.0759 7636 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

21:03:45.0759 7636 rdyboost - ok

21:03:45.0790 7636 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

21:03:45.0790 7636 RemoteAccess - ok

21:03:45.0821 7636 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

21:03:45.0821 7636 RemoteRegistry - ok

21:03:45.0837 7636 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

21:03:45.0837 7636 RpcEptMapper - ok

21:03:45.0868 7636 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

21:03:45.0868 7636 RpcLocator - ok

21:03:45.0930 7636 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

21:03:45.0930 7636 RpcSs - ok

21:03:45.0962 7636 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

21:03:45.0962 7636 rspndr - ok

21:03:45.0977 7636 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

21:03:45.0977 7636 SamSs - ok

21:03:46.0008 7636 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

21:03:46.0008 7636 sbp2port - ok

21:03:46.0040 7636 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

21:03:46.0055 7636 SCardSvr - ok

21:03:46.0086 7636 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

21:03:46.0086 7636 scfilter - ok

21:03:46.0274 7636 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

21:03:46.0305 7636 Schedule - ok

21:03:46.0352 7636 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

21:03:46.0352 7636 SCPolicySvc - ok

21:03:46.0398 7636 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

21:03:46.0398 7636 SDRSVC - ok

21:03:46.0430 7636 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

21:03:46.0430 7636 secdrv - ok

21:03:46.0445 7636 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

21:03:46.0445 7636 seclogon - ok

21:03:46.0476 7636 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll

21:03:46.0492 7636 SENS - ok

21:03:46.0508 7636 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

21:03:46.0508 7636 SensrSvc - ok

21:03:46.0539 7636 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

21:03:46.0539 7636 Serenum - ok

21:03:46.0554 7636 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys

21:03:46.0554 7636 Serial - ok

21:03:46.0601 7636 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

21:03:46.0601 7636 sermouse - ok

21:03:46.0648 7636 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

21:03:46.0648 7636 SessionEnv - ok

21:03:46.0679 7636 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

21:03:46.0679 7636 sffdisk - ok

21:03:46.0695 7636 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

21:03:46.0695 7636 sffp_mmc - ok

21:03:46.0710 7636 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

21:03:46.0710 7636 sffp_sd - ok

21:03:46.0726 7636 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

21:03:46.0742 7636 sfloppy - ok

21:03:46.0788 7636 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

21:03:46.0788 7636 SharedAccess - ok

21:03:46.0820 7636 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

21:03:46.0835 7636 ShellHWDetection - ok

21:03:46.0851 7636 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

21:03:46.0851 7636 SiSRaid2 - ok

21:03:46.0866 7636 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

21:03:46.0866 7636 SiSRaid4 - ok

21:03:46.0898 7636 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

21:03:46.0898 7636 Smb - ok

21:03:47.0007 7636 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

21:03:47.0022 7636 SNMPTRAP - ok

21:03:47.0022 7636 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

21:03:47.0038 7636 spldr - ok

21:03:47.0069 7636 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe

21:03:47.0085 7636 Spooler - ok

21:03:47.0210 7636 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

21:03:47.0303 7636 sppsvc - ok

21:03:47.0334 7636 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

21:03:47.0350 7636 sppuinotify - ok

21:03:47.0397 7636 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

21:03:47.0397 7636 srv - ok

21:03:47.0459 7636 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

21:03:47.0459 7636 srv2 - ok

21:03:47.0475 7636 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

21:03:47.0490 7636 srvnet - ok

21:03:47.0522 7636 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

21:03:47.0537 7636 SSDPSRV - ok

21:03:47.0584 7636 SSHDRV65 - ok

21:03:47.0600 7636 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

21:03:47.0615 7636 SstpSvc - ok

21:03:47.0646 7636 [ 3D69F5F3BEB8AA28D7F46F5548B8D6D7 ] stdflt C:\Windows\system32\DRIVERS\stdflt.sys

21:03:47.0646 7636 stdflt - ok

21:03:47.0662 7636 Steam Client Service - ok

21:03:47.0756 7636 [ 9E1222C417291BC836210743624A8E5E ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

21:03:47.0771 7636 Stereo Service - ok

21:03:47.0787 7636 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

21:03:47.0802 7636 stexstor - ok

21:03:47.0849 7636 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

21:03:47.0849 7636 stisvc - ok

21:03:47.0896 7636 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys

21:03:47.0896 7636 swenum - ok

21:03:47.0958 7636 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

21:03:47.0990 7636 swprv - ok

21:03:48.0021 7636 [ BE2B928DE9AF2848289DB7A54C7E2398 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys

21:03:48.0021 7636 SynTP - ok

21:03:48.0099 7636 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

21:03:48.0177 7636 SysMain - ok

21:03:48.0224 7636 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

21:03:48.0224 7636 TabletInputService - ok

21:03:48.0270 7636 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

21:03:48.0270 7636 TapiSrv - ok

21:03:48.0302 7636 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

21:03:48.0302 7636 TBS - ok

21:03:48.0395 7636 [ FC62769E7BFF2896035AEED399108162 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

21:03:48.0520 7636 Tcpip - ok

21:03:48.0582 7636 [ FC62769E7BFF2896035AEED399108162 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

21:03:48.0598 7636 TCPIP6 - ok

21:03:48.0629 7636 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

21:03:48.0629 7636 tcpipreg - ok

21:03:48.0660 7636 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

21:03:48.0660 7636 TDPIPE - ok

21:03:48.0692 7636 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

21:03:48.0692 7636 TDTCP - ok

21:03:48.0738 7636 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

21:03:48.0738 7636 tdx - ok

21:03:48.0770 7636 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys

21:03:48.0785 7636 TermDD - ok

21:03:48.0910 7636 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

21:03:48.0941 7636 TermService - ok

21:03:48.0972 7636 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

21:03:48.0972 7636 Themes - ok

21:03:49.0019 7636 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

21:03:49.0019 7636 THREADORDER - ok

21:03:49.0035 7636 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

21:03:49.0050 7636 TrkWks - ok

21:03:49.0113 7636 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

21:03:49.0113 7636 TrustedInstaller - ok

21:03:49.0160 7636 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

21:03:49.0175 7636 tssecsrv - ok

21:03:49.0206 7636 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

21:03:49.0206 7636 TsUsbFlt - ok

21:03:49.0269 7636 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

21:03:49.0269 7636 tunnel - ok

21:03:49.0284 7636 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

21:03:49.0300 7636 uagp35 - ok

21:03:49.0331 7636 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

21:03:49.0331 7636 udfs - ok

21:03:49.0378 7636 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

21:03:49.0378 7636 UI0Detect - ok

21:03:49.0409 7636 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

21:03:49.0409 7636 uliagpkx - ok

21:03:49.0456 7636 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys

21:03:49.0487 7636 umbus - ok

21:03:49.0503 7636 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

21:03:49.0503 7636 UmPass - ok

21:03:49.0534 7636 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

21:03:49.0534 7636 upnphost - ok

21:03:49.0596 7636 [ F724B03C3DFAACF08D17D38BF3333583 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys

21:03:49.0596 7636 USBAAPL64 - ok

21:03:49.0612 7636 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

21:03:49.0628 7636 usbccgp - ok

21:03:49.0721 7636 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

21:03:49.0721 7636 usbcir - ok

21:03:49.0737 7636 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

21:03:49.0737 7636 usbehci - ok

21:03:49.0784 7636 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

21:03:49.0784 7636 usbhub - ok

21:03:49.0799 7636 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys

21:03:49.0799 7636 usbohci - ok

21:03:49.0846 7636 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

21:03:49.0846 7636 usbprint - ok

21:03:49.0877 7636 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

21:03:49.0877 7636 usbscan - ok

21:03:49.0893 7636 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

21:03:49.0893 7636 USBSTOR - ok

21:03:49.0908 7636 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys

21:03:49.0908 7636 usbuhci - ok

21:03:49.0955 7636 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys

21:03:49.0955 7636 usbvideo - ok

21:03:50.0049 7636 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

21:03:50.0049 7636 UxSms - ok

21:03:50.0064 7636 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

21:03:50.0064 7636 VaultSvc - ok

21:03:50.0111 7636 [ 84BB306B7863883018D7F3EB0C453BD5 ] VClone C:\Windows\system32\DRIVERS\VClone.sys

21:03:50.0127 7636 VClone - ok

21:03:50.0142 7636 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

21:03:50.0158 7636 vdrvroot - ok

21:03:50.0205 7636 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

21:03:50.0220 7636 vds - ok

21:03:50.0252 7636 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

21:03:50.0252 7636 vga - ok

21:03:50.0267 7636 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

21:03:50.0267 7636 VgaSave - ok

21:03:50.0283 7636 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

21:03:50.0298 7636 vhdmp - ok

21:03:50.0314 7636 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

21:03:50.0314 7636 viaide - ok

21:03:50.0330 7636 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

21:03:50.0330 7636 volmgr - ok

21:03:50.0376 7636 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

21:03:50.0376 7636 volmgrx - ok

21:03:50.0408 7636 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

21:03:50.0408 7636 volsnap - ok

21:03:50.0439 7636 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

21:03:50.0454 7636 vsmraid - ok

21:03:50.0517 7636 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

21:03:50.0564 7636 VSS - ok

21:03:50.0610 7636 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

21:03:50.0610 7636 vwifibus - ok

21:03:50.0626 7636 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

21:03:50.0626 7636 vwififlt - ok

21:03:50.0673 7636 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

21:03:50.0673 7636 W32Time - ok

21:03:50.0704 7636 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

21:03:50.0704 7636 WacomPen - ok

21:03:50.0751 7636 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

21:03:50.0766 7636 WANARP - ok

21:03:50.0766 7636 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

21:03:50.0766 7636 Wanarpv6 - ok

21:03:50.0844 7636 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

21:03:50.0876 7636 WatAdminSvc - ok

21:03:50.0938 7636 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

21:03:51.0016 7636 wbengine - ok

21:03:51.0047 7636 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

21:03:51.0063 7636 WbioSrvc - ok

21:03:51.0094 7636 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

21:03:51.0110 7636 wcncsvc - ok

21:03:51.0125 7636 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

21:03:51.0125 7636 WcsPlugInService - ok

21:03:51.0156 7636 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys

21:03:51.0156 7636 Wd - ok

21:03:51.0188 7636 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

21:03:51.0203 7636 Wdf01000 - ok

21:03:51.0219 7636 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

21:03:51.0219 7636 WdiServiceHost - ok

21:03:51.0219 7636 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

21:03:51.0219 7636 WdiSystemHost - ok

21:03:51.0266 7636 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

21:03:51.0266 7636 WebClient - ok

21:03:51.0312 7636 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

21:03:51.0312 7636 Wecsvc - ok

21:03:51.0328 7636 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

21:03:51.0344 7636 wercplsupport - ok

21:03:51.0375 7636 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

21:03:51.0375 7636 WerSvc - ok

21:03:51.0422 7636 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

21:03:51.0422 7636 WfpLwf - ok

21:03:51.0437 7636 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

21:03:51.0437 7636 WIMMount - ok

21:03:51.0468 7636 WinDefend - ok

21:03:51.0562 7636 [ 8258726D076C8FFF994F468712DDFBAB ] WindowBlinds C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe

21:03:51.0562 7636 WindowBlinds - ok

21:03:51.0578 7636 WinHttpAutoProxySvc - ok

21:03:51.0640 7636 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

21:03:51.0640 7636 Winmgmt - ok

21:03:51.0718 7636 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

21:03:51.0780 7636 WinRM - ok

21:03:51.0827 7636 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

21:03:51.0827 7636 WinUsb - ok

21:03:51.0890 7636 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

21:03:51.0921 7636 Wlansvc - ok

21:03:51.0983 7636 [ A96D6C0613DCF84F2D07FAEB75663072 ] wltrysvc C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE

21:03:51.0983 7636 wltrysvc - ok

21:03:51.0999 7636 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

21:03:51.0999 7636 WmiAcpi - ok

21:03:52.0030 7636 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

21:03:52.0046 7636 wmiApSrv - ok

21:03:52.0061 7636 WMPNetworkSvc - ok

21:03:52.0092 7636 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

21:03:52.0108 7636 WPCSvc - ok

21:03:52.0139 7636 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

21:03:52.0139 7636 WPDBusEnum - ok

21:03:52.0170 7636 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

21:03:52.0170 7636 ws2ifsl - ok

21:03:52.0186 7636 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll

21:03:52.0186 7636 wscsvc - ok

21:03:52.0202 7636 WSearch - ok

21:03:52.0295 7636 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

21:03:52.0373 7636 wuauserv - ok

21:03:52.0404 7636 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

21:03:52.0404 7636 WudfPf - ok

21:03:52.0467 7636 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

21:03:52.0467 7636 WUDFRd - ok

21:03:52.0514 7636 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

21:03:52.0514 7636 wudfsvc - ok

21:03:52.0545 7636 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

21:03:52.0545 7636 WwanSvc - ok

21:03:52.0607 7636 [ 9176C0822FAA649E45121875BE32F5D2 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys

21:03:52.0607 7636 xusb21 - ok

21:03:52.0732 7636 [ 1870A74EE2901CA09FFBFE79A5EE0E94 ] {329F96B6-DF1E-4328-BFDA-39EA953C1312} C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl

21:03:52.0732 7636 {329F96B6-DF1E-4328-BFDA-39EA953C1312} - ok

21:03:52.0748 7636 ================ Scan global ===============================

21:03:52.0794 7636 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

21:03:52.0841 7636 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll

21:03:52.0841 7636 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll

21:03:52.0872 7636 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

21:03:52.0904 7636 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

21:03:52.0904 7636 [Global] - ok

21:03:52.0904 7636 ================ Scan MBR ==================================

21:03:52.0919 7636 [ C0DCF0AC171DB02DB8B0014C5D767CF1 ] \Device\Harddisk0\DR0

21:03:52.0919 7636 Suspicious mbr (Forged): \Device\Harddisk0\DR0

21:03:52.0982 7636 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

21:03:52.0982 7636 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)

21:03:52.0982 7636 ================ Scan VBR ==================================

21:03:52.0997 7636 [ 5806C202976ADC39B3C413B6547AA2C6 ] \Device\Harddisk0\DR0\Partition1

21:03:52.0997 7636 \Device\Harddisk0\DR0\Partition1 - ok

21:03:53.0013 7636 [ 4D55015D9359D71A23786EB6C9A45EFF ] \Device\Harddisk0\DR0\Partition2

21:03:53.0013 7636 \Device\Harddisk0\DR0\Partition2 - ok

21:03:53.0013 7636 ============================================================

21:03:53.0013 7636 Scan finished

21:03:53.0013 7636 ============================================================

21:03:53.0028 7504 Detected object count: 1

21:03:53.0028 7504 Actual detected object count: 1

21:04:07.0536 7504 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - skipped by user

21:04:07.0536 7504 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Skip

Share this post


Link to post
Share on other sites

Hey morrowc. :)

All good. :)

Please re-run TDSSKiller.

  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure. Click on Continue tdsskiller2.png
  • If a suspicious file is detected, the default action will be Skip. Click on Continue tdsskiller3.png
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.

After running TDSSKiller, please re-run MBRCheck and post the new log in your reply.

===========

I would like to see the logs from TDSSKiller and MBRCheck in your reply please, along with a description of any current computer issues.

Share this post


Link to post
Share on other sites

Hello,

I think you did it! The only odd thing - maybe this is normal - but when I rebooted after running the TDSSKiller program I got a pop-up asking if I wanted to run a .exe file. It had a long random-looking file name and was made by "Kapersky Labs" or something like that. I hit cancel and windows booted no problems. Other that this, everything seems to be running great!

Here's the TDSSKiller log:

22:21:07.0665 4300 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48

22:21:07.0956 4300 ============================================================

22:21:07.0956 4300 Current date / time: 2012/08/30 22:21:07.0956

22:21:07.0956 4300 SystemInfo:

22:21:07.0956 4300

22:21:07.0956 4300 OS Version: 6.1.7601 ServicePack: 1.0

22:21:07.0956 4300 Product type: Workstation

22:21:07.0956 4300 ComputerName: M11X

22:21:07.0956 4300 UserName: Morrow

22:21:07.0956 4300 Windows directory: C:\Windows

22:21:07.0956 4300 System windows directory: C:\Windows

22:21:07.0956 4300 Running under WOW64

22:21:07.0956 4300 Processor architecture: Intel x64

22:21:07.0956 4300 Number of processors: 2

22:21:07.0956 4300 Page size: 0x1000

22:21:07.0956 4300 Boot type: Normal boot

22:21:07.0956 4300 ============================================================

22:21:08.0572 4300 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

22:21:08.0579 4300 ============================================================

22:21:08.0579 4300 \Device\Harddisk0\DR0:

22:21:08.0579 4300 MBR partitions:

22:21:08.0579 4300 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x37000, BlocksNum 0x24D5000

22:21:08.0579 4300 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x250C000, BlocksNum 0x1050D000

22:21:08.0579 4300 ============================================================

22:21:08.0613 4300 C: <-> \Device\Harddisk0\DR0\Partition2

22:21:08.0613 4300 ============================================================

22:21:08.0613 4300 Initialize success

22:21:08.0613 4300 ============================================================

22:21:10.0268 1100 ============================================================

22:21:10.0268 1100 Scan started

22:21:10.0268 1100 Mode: Manual;

22:21:10.0268 1100 ============================================================

22:21:10.0740 1100 ================ Scan system memory ========================

22:21:10.0740 1100 System memory - ok

22:21:10.0741 1100 ================ Scan services =============================

22:21:10.0978 1100 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

22:21:10.0980 1100 1394ohci - ok

22:21:11.0029 1100 [ D82BA16D731F1BEAD682E58E45454F29 ] Acceler C:\Windows\system32\DRIVERS\Acceler.sys

22:21:11.0029 1100 Acceler - ok

22:21:11.0141 1100 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

22:21:11.0144 1100 ACPI - ok

22:21:11.0198 1100 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

22:21:11.0198 1100 AcpiPmi - ok

22:21:11.0367 1100 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

22:21:11.0370 1100 AdobeFlashPlayerUpdateSvc - ok

22:21:11.0431 1100 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

22:21:11.0435 1100 adp94xx - ok

22:21:11.0462 1100 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

22:21:11.0465 1100 adpahci - ok

22:21:11.0487 1100 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

22:21:11.0489 1100 adpu320 - ok

22:21:11.0528 1100 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

22:21:11.0528 1100 AeLookupSvc - ok

22:21:11.0591 1100 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

22:21:11.0592 1100 AERTFilters - ok

22:21:11.0654 1100 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

22:21:11.0658 1100 AFD - ok

22:21:11.0709 1100 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

22:21:11.0710 1100 agp440 - ok

22:21:11.0746 1100 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

22:21:11.0747 1100 ALG - ok

22:21:11.0845 1100 [ A99E57669390F265D25288C8BA042D78 ] AlienFusionService C:\Program Files\Alienware\Command Center\AlienFusionService.exe

22:21:11.0846 1100 AlienFusionService - ok

22:21:11.0879 1100 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

22:21:11.0880 1100 aliide - ok

22:21:11.0900 1100 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

22:21:11.0901 1100 amdide - ok

22:21:11.0956 1100 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

22:21:11.0957 1100 AmdK8 - ok

22:21:11.0983 1100 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

22:21:11.0984 1100 AmdPPM - ok

22:21:12.0029 1100 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

22:21:12.0031 1100 amdsata - ok

22:21:12.0070 1100 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

22:21:12.0071 1100 amdsbs - ok

22:21:12.0127 1100 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

22:21:12.0128 1100 amdxata - ok

22:21:12.0200 1100 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

22:21:12.0200 1100 AppID - ok

22:21:12.0234 1100 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

22:21:12.0235 1100 AppIDSvc - ok

22:21:12.0294 1100 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll

22:21:12.0295 1100 Appinfo - ok

22:21:12.0429 1100 [ 5AA788D5A2C6737BB9C45933985BC1B8 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

22:21:12.0430 1100 Apple Mobile Device - ok

22:21:12.0511 1100 appliandMP - ok

22:21:12.0567 1100 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys

22:21:12.0568 1100 arc - ok

22:21:12.0577 1100 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

22:21:12.0578 1100 arcsas - ok

22:21:12.0671 1100 aspnet_state - ok

22:21:12.0694 1100 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

22:21:12.0695 1100 AsyncMac - ok

22:21:12.0762 1100 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

22:21:12.0762 1100 atapi - ok

22:21:12.0815 1100 [ FC0E8778C000291CAF60EB88C011E931 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys

22:21:12.0818 1100 atksgt - ok

22:21:12.0896 1100 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

22:21:12.0901 1100 AudioEndpointBuilder - ok

22:21:12.0929 1100 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

22:21:12.0934 1100 AudioSrv - ok

22:21:13.0003 1100 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

22:21:13.0004 1100 AxInstSV - ok

22:21:13.0071 1100 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys

22:21:13.0075 1100 b06bdrv - ok

22:21:13.0147 1100 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

22:21:13.0150 1100 b57nd60a - ok

22:21:13.0181 1100 [ 5C0F919666954885D7760DFFE4B29A25 ] BCM42RLY C:\Windows\system32\drivers\BCM42RLY.sys

22:21:13.0182 1100 BCM42RLY - ok

22:21:13.0290 1100 [ BAB887A2B2786310A966881F074F4A99 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys

22:21:13.0312 1100 BCM43XX - ok

22:21:13.0370 1100 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

22:21:13.0371 1100 BDESVC - ok

22:21:13.0413 1100 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

22:21:13.0413 1100 Beep - ok

22:21:13.0484 1100 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

22:21:13.0490 1100 BFE - ok

22:21:13.0548 1100 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll

22:21:13.0555 1100 BITS - ok

22:21:13.0593 1100 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

22:21:13.0594 1100 blbdrive - ok

22:21:13.0648 1100 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

22:21:13.0649 1100 bowser - ok

22:21:13.0667 1100 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

22:21:13.0667 1100 BrFiltLo - ok

22:21:13.0676 1100 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

22:21:13.0676 1100 BrFiltUp - ok

22:21:13.0731 1100 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys

22:21:13.0732 1100 BridgeMP - ok

22:21:13.0776 1100 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll

22:21:13.0777 1100 Browser - ok

22:21:13.0812 1100 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

22:21:13.0814 1100 Brserid - ok

22:21:13.0834 1100 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

22:21:13.0835 1100 BrSerWdm - ok

22:21:13.0843 1100 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

22:21:13.0844 1100 BrUsbMdm - ok

22:21:13.0871 1100 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

22:21:13.0871 1100 BrUsbSer - ok

22:21:13.0882 1100 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

22:21:13.0883 1100 BTHMODEM - ok

22:21:13.0967 1100 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

22:21:13.0968 1100 bthserv - ok

22:21:14.0061 1100 [ 17BB17AF3420B1F82308082299710630 ] CamdAudio C:\Windows\system32\drivers\CamdAudio.sys

22:21:14.0061 1100 CamdAudio - ok

22:21:14.0097 1100 catchme - ok

22:21:14.0135 1100 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

22:21:14.0136 1100 cdfs - ok

22:21:14.0198 1100 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

22:21:14.0199 1100 cdrom - ok

22:21:14.0244 1100 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

22:21:14.0245 1100 CertPropSvc - ok

22:21:14.0277 1100 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys

22:21:14.0278 1100 circlass - ok

22:21:14.0338 1100 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

22:21:14.0341 1100 CLFS - ok

22:21:14.0443 1100 [ DB26C2BA2AC0AB6BE1CFA59F61CE22DA ] CLHNServiceForPowerDVD C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe

22:21:14.0444 1100 CLHNServiceForPowerDVD - ok

22:21:14.0483 1100 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

22:21:14.0484 1100 clr_optimization_v2.0.50727_32 - ok

22:21:14.0544 1100 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

22:21:14.0545 1100 clr_optimization_v2.0.50727_64 - ok

22:21:14.0653 1100 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

22:21:14.0655 1100 clr_optimization_v4.0.30319_32 - ok

22:21:14.0696 1100 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

22:21:14.0698 1100 clr_optimization_v4.0.30319_64 - ok

22:21:14.0743 1100 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

22:21:14.0744 1100 CmBatt - ok

22:21:14.0753 1100 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

22:21:14.0753 1100 cmdide - ok

22:21:14.0808 1100 [ C4943B6C962E4B82197542447AD599F4 ] CNG C:\Windows\system32\Drivers\cng.sys

22:21:14.0812 1100 CNG - ok

22:21:14.0830 1100 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

22:21:14.0831 1100 Compbatt - ok

22:21:14.0885 1100 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

22:21:14.0886 1100 CompositeBus - ok

22:21:14.0896 1100 COMSysApp - ok

22:21:14.0909 1100 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

22:21:14.0909 1100 crcdisk - ok

22:21:14.0961 1100 [ 15597883FBE9B056F276ADA3AD87D9AF ] CryptSvc C:\Windows\system32\cryptsvc.dll

22:21:14.0963 1100 CryptSvc - ok

22:21:15.0044 1100 [ E27D60E5A51EEDF9A57F5B69A9A6457D ] CyberLink PowerDVD 11.0 Monitor Service C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe

22:21:15.0045 1100 CyberLink PowerDVD 11.0 Monitor Service - ok

22:21:15.0081 1100 [ 857943A77B06AC056771A3B12CD318DD ] CyberLink PowerDVD 11.0 Service C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe

22:21:15.0084 1100 CyberLink PowerDVD 11.0 Service - ok

22:21:15.0153 1100 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

22:21:15.0158 1100 DcomLaunch - ok

22:21:15.0191 1100 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

22:21:15.0194 1100 defragsvc - ok

22:21:15.0228 1100 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

22:21:15.0229 1100 DfsC - ok

22:21:15.0284 1100 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

22:21:15.0287 1100 Dhcp - ok

22:21:15.0322 1100 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

22:21:15.0323 1100 discache - ok

22:21:15.0362 1100 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys

22:21:15.0363 1100 Disk - ok

22:21:15.0409 1100 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

22:21:15.0411 1100 Dnscache - ok

22:21:15.0531 1100 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

22:21:15.0533 1100 dot3svc - ok

22:21:15.0570 1100 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

22:21:15.0572 1100 DPS - ok

22:21:15.0615 1100 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

22:21:15.0615 1100 drmkaud - ok

22:21:15.0670 1100 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

22:21:15.0677 1100 DXGKrnl - ok

22:21:15.0725 1100 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

22:21:15.0726 1100 EapHost - ok

22:21:15.0825 1100 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys

22:21:15.0849 1100 ebdrv - ok

22:21:15.0904 1100 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

22:21:15.0906 1100 EFS - ok

22:21:16.0008 1100 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

22:21:16.0015 1100 ehRecvr - ok

22:21:16.0045 1100 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

22:21:16.0047 1100 ehSched - ok

22:21:16.0091 1100 [ 9A47AC3DFCF81D30922CDAAF1C2D579F ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys

22:21:16.0092 1100 ElbyCDIO - ok

22:21:16.0145 1100 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

22:21:16.0149 1100 elxstor - ok

22:21:16.0178 1100 [ E47D9D7E6E53892FC97282482F4AE307 ] EMSC C:\Windows\system32\DRIVERS\EMSC.SYS

22:21:16.0179 1100 EMSC - ok

22:21:16.0218 1100 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

22:21:16.0219 1100 ErrDev - ok

22:21:16.0354 1100 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

22:21:16.0357 1100 EventSystem - ok

22:21:16.0398 1100 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

22:21:16.0399 1100 exfat - ok

22:21:16.0448 1100 [ 2C1D443E14F376E8331F52F135DCA9EF ] FACAP C:\Windows\system32\DRIVERS\facap.sys

22:21:16.0450 1100 FACAP - ok

22:21:16.0581 1100 [ 53E30A6E86AA93C0FFC0BC0439E3E636 ] FAService C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe

22:21:16.0598 1100 FAService - ok

22:21:16.0638 1100 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

22:21:16.0640 1100 fastfat - ok

22:21:16.0690 1100 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

22:21:16.0696 1100 Fax - ok

22:21:16.0716 1100 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys

22:21:16.0716 1100 fdc - ok

22:21:16.0742 1100 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

22:21:16.0743 1100 fdPHost - ok

22:21:16.0763 1100 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

22:21:16.0765 1100 FDResPub - ok

22:21:16.0794 1100 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

22:21:16.0794 1100 FileInfo - ok

22:21:16.0864 1100 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

22:21:16.0865 1100 Filetrace - ok

22:21:16.0882 1100 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

22:21:16.0883 1100 flpydisk - ok

22:21:16.0940 1100 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

22:21:16.0942 1100 FltMgr - ok

22:21:16.0997 1100 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll

22:21:17.0006 1100 FontCache - ok

22:21:17.0061 1100 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

22:21:17.0062 1100 FontCache3.0.0.0 - ok

22:21:17.0099 1100 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

22:21:17.0099 1100 FsDepends - ok

22:21:17.0145 1100 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

22:21:17.0146 1100 Fs_Rec - ok

22:21:17.0202 1100 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

22:21:17.0204 1100 fvevol - ok

22:21:17.0234 1100 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

22:21:17.0235 1100 gagp30kx - ok

22:21:17.0389 1100 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

22:21:17.0396 1100 gpsvc - ok

22:21:17.0509 1100 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

22:21:17.0511 1100 gupdate - ok

22:21:17.0543 1100 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

22:21:17.0545 1100 gupdatem - ok

22:21:17.0583 1100 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

22:21:17.0585 1100 gusvc - ok

22:21:17.0614 1100 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

22:21:17.0614 1100 hcw85cir - ok

22:21:17.0656 1100 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys

22:21:17.0657 1100 HDAudBus - ok

22:21:17.0663 1100 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

22:21:17.0664 1100 HidBatt - ok

22:21:17.0675 1100 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

22:21:17.0677 1100 HidBth - ok

22:21:17.0692 1100 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

22:21:17.0692 1100 HidIr - ok

22:21:17.0718 1100 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll

22:21:17.0719 1100 hidserv - ok

22:21:17.0782 1100 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

22:21:17.0783 1100 HidUsb - ok

22:21:17.0820 1100 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

22:21:17.0822 1100 hkmsvc - ok

22:21:17.0941 1100 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

22:21:17.0944 1100 HomeGroupListener - ok

22:21:17.0982 1100 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

22:21:17.0985 1100 HomeGroupProvider - ok

22:21:18.0029 1100 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

22:21:18.0030 1100 HpSAMD - ok

22:21:18.0089 1100 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

22:21:18.0095 1100 HTTP - ok

22:21:18.0124 1100 hwinterface - ok

22:21:18.0173 1100 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

22:21:18.0174 1100 hwpolicy - ok

22:21:18.0224 1100 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys

22:21:18.0225 1100 i8042prt - ok

22:21:18.0268 1100 [ ABBF174CB394F5C437410A788B7E404A ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys

22:21:18.0272 1100 iaStor - ok

22:21:18.0337 1100 [ 31A0E93CDF29007D6C6FFFB632F375ED ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

22:21:18.0338 1100 IAStorDataMgrSvc - ok

22:21:18.0374 1100 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

22:21:18.0378 1100 iaStorV - ok

22:21:18.0450 1100 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

22:21:18.0451 1100 IDriverT - ok

22:21:18.0521 1100 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

22:21:18.0528 1100 idsvc - ok

22:21:18.0709 1100 [ 70B0763C05C18B6FA18B18631A74ECDE ] IDVaultSvc C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe

22:21:18.0710 1100 IDVaultSvc - ok

22:21:19.0088 1100 [ C6238C6ABD6AC99F5D152DA4E9439A3D ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys

22:21:19.0167 1100 igfx - ok

22:21:19.0217 1100 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

22:21:19.0218 1100 iirsp - ok

22:21:19.0282 1100 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

22:21:19.0289 1100 IKEEXT - ok

22:21:19.0335 1100 [ 57AE484D280AEBD405F65166363E98DC ] InstallFilterService C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe

22:21:19.0336 1100 InstallFilterService - ok

22:21:19.0415 1100 [ 0ADF714079AE174A39D69036143E4C50 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys

22:21:19.0433 1100 IntcAzAudAddService - ok

22:21:19.0473 1100 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

22:21:19.0473 1100 intelide - ok

22:21:19.0509 1100 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

22:21:19.0510 1100 intelppm - ok

22:21:19.0538 1100 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

22:21:19.0540 1100 IPBusEnum - ok

22:21:19.0571 1100 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

22:21:19.0572 1100 IpFilterDriver - ok

22:21:19.0632 1100 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

22:21:19.0637 1100 iphlpsvc - ok

22:21:19.0672 1100 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

22:21:19.0673 1100 IPMIDRV - ok

22:21:19.0701 1100 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

22:21:19.0702 1100 IPNAT - ok

22:21:19.0727 1100 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

22:21:19.0727 1100 IRENUM - ok

22:21:19.0744 1100 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

22:21:19.0744 1100 isapnp - ok

22:21:19.0790 1100 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

22:21:19.0792 1100 iScsiPrt - ok

22:21:19.0821 1100 [ 5BD76F820656AEAA2DCE66EED8DA84B9 ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys

22:21:19.0822 1100 JMCR - ok

22:21:19.0851 1100 [ E662CB468A1CFF3A57E120A212FADD57 ] johci C:\Windows\system32\DRIVERS\johci.sys

22:21:19.0852 1100 johci - ok

22:21:19.0877 1100 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

22:21:19.0878 1100 kbdclass - ok

22:21:19.0938 1100 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

22:21:19.0939 1100 kbdhid - ok

22:21:19.0976 1100 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

22:21:19.0978 1100 KeyIso - ok

22:21:20.0019 1100 [ DA1E991A61CFDD755A589E206B97644B ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

22:21:20.0020 1100 KSecDD - ok

22:21:20.0067 1100 [ 7E33198D956943A4F11A5474C1E9106F ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

22:21:20.0068 1100 KSecPkg - ok

22:21:20.0110 1100 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

22:21:20.0110 1100 ksthunk - ok

22:21:20.0214 1100 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

22:21:20.0218 1100 KtmRm - ok

22:21:20.0255 1100 [ 9C46A5421DE9D116C47155317CABB522 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys

22:21:20.0256 1100 L1C - ok

22:21:20.0312 1100 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll

22:21:20.0316 1100 LanmanServer - ok

22:21:20.0362 1100 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

22:21:20.0365 1100 LanmanWorkstation - ok

22:21:20.0488 1100 [ 4ADC135F525D38A498F83B089228CC2D ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe

22:21:20.0490 1100 LBTServ - ok

22:21:20.0539 1100 [ 00BA093A3F316D43A4C3E098A96AE912 ] LEqdUsb C:\Windows\system32\DRIVERS\LEqdUsb.Sys

22:21:20.0540 1100 LEqdUsb - ok

22:21:20.0587 1100 [ 3067CFAD2BAA4A208130CD0AFB130BC9 ] LHidEqd C:\Windows\system32\DRIVERS\LHidEqd.Sys

22:21:20.0588 1100 LHidEqd - ok

22:21:20.0612 1100 [ 24E09882BA51B9830AE029888A3AAF18 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys

22:21:20.0613 1100 LHidFilt - ok

22:21:20.0656 1100 [ 156AB2E56DC3CA0B582E3362E07CDED7 ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys

22:21:20.0656 1100 lirsgt - ok

22:21:20.0692 1100 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

22:21:20.0693 1100 lltdio - ok

22:21:20.0726 1100 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

22:21:20.0730 1100 lltdsvc - ok

22:21:20.0740 1100 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

22:21:20.0741 1100 lmhosts - ok

22:21:20.0759 1100 [ 2F94325D8C10E2B715F3D753C2422AAC ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys

22:21:20.0760 1100 LMouFilt - ok

22:21:20.0795 1100 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

22:21:20.0797 1100 LSI_FC - ok

22:21:20.0816 1100 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

22:21:20.0818 1100 LSI_SAS - ok

22:21:20.0836 1100 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

22:21:20.0837 1100 LSI_SAS2 - ok

22:21:20.0849 1100 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

22:21:20.0850 1100 LSI_SCSI - ok

22:21:20.0920 1100 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

22:21:20.0921 1100 luafv - ok

22:21:21.0110 1100 [ DC8490812A3B72811AE534F423B4C206 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys

22:21:21.0110 1100 MBAMProtector - ok

22:21:21.0307 1100 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

22:21:21.0312 1100 MBAMService - ok

22:21:21.0360 1100 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

22:21:21.0362 1100 Mcx2Svc - ok

22:21:21.0387 1100 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

22:21:21.0388 1100 megasas - ok

22:21:21.0415 1100 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

22:21:21.0417 1100 MegaSR - ok

22:21:21.0470 1100 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

22:21:21.0472 1100 MMCSS - ok

22:21:21.0481 1100 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

22:21:21.0481 1100 Modem - ok

22:21:21.0505 1100 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

22:21:21.0506 1100 monitor - ok

22:21:21.0579 1100 [ 16F9F464DA6E02A020BCE626C56A1797 ] MotioninJoyXFilter C:\Windows\system32\DRIVERS\MijXfilt.sys

22:21:21.0580 1100 MotioninJoyXFilter - ok

22:21:21.0606 1100 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

22:21:21.0606 1100 mouclass - ok

22:21:21.0635 1100 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

22:21:21.0636 1100 mouhid - ok

22:21:21.0690 1100 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

22:21:21.0691 1100 mountmgr - ok

22:21:21.0735 1100 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

22:21:21.0737 1100 mpio - ok

22:21:21.0758 1100 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

22:21:21.0760 1100 mpsdrv - ok

22:21:21.0816 1100 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

22:21:21.0823 1100 MpsSvc - ok

22:21:21.0851 1100 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

22:21:21.0852 1100 MRxDAV - ok

22:21:21.0887 1100 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

22:21:21.0889 1100 mrxsmb - ok

22:21:21.0927 1100 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

22:21:21.0929 1100 mrxsmb10 - ok

22:21:21.0962 1100 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

22:21:21.0964 1100 mrxsmb20 - ok

22:21:22.0003 1100 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

22:21:22.0004 1100 msahci - ok

22:21:22.0060 1100 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

22:21:22.0062 1100 msdsm - ok

22:21:22.0089 1100 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

22:21:22.0091 1100 MSDTC - ok

22:21:22.0136 1100 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

22:21:22.0137 1100 Msfs - ok

22:21:22.0154 1100 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

22:21:22.0155 1100 mshidkmdf - ok

22:21:22.0189 1100 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

22:21:22.0190 1100 msisadrv - ok

22:21:22.0225 1100 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

22:21:22.0227 1100 MSiSCSI - ok

22:21:22.0232 1100 msiserver - ok

22:21:22.0296 1100 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

22:21:22.0297 1100 MSKSSRV - ok

22:21:22.0315 1100 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

22:21:22.0315 1100 MSPCLOCK - ok

22:21:22.0331 1100 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

22:21:22.0332 1100 MSPQM - ok

22:21:22.0368 1100 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

22:21:22.0371 1100 MsRPC - ok

22:21:22.0415 1100 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys

22:21:22.0416 1100 mssmbios - ok

22:21:22.0444 1100 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

22:21:22.0445 1100 MSTEE - ok

22:21:22.0456 1100 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

22:21:22.0457 1100 MTConfig - ok

22:21:22.0471 1100 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

22:21:22.0472 1100 Mup - ok

22:21:22.0530 1100 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

22:21:22.0535 1100 napagent - ok

22:21:22.0582 1100 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

22:21:22.0584 1100 NativeWifiP - ok

22:21:22.0692 1100 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys

22:21:22.0699 1100 NDIS - ok

22:21:22.0728 1100 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

22:21:22.0729 1100 NdisCap - ok

22:21:22.0749 1100 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

22:21:22.0750 1100 NdisTapi - ok

22:21:22.0796 1100 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

22:21:22.0797 1100 Ndisuio - ok

22:21:22.0841 1100 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

22:21:22.0843 1100 NdisWan - ok

22:21:22.0886 1100 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

22:21:22.0887 1100 NDProxy - ok

22:21:22.0932 1100 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

22:21:22.0933 1100 NetBIOS - ok

22:21:22.0977 1100 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

22:21:22.0980 1100 NetBT - ok

22:21:23.0013 1100 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

22:21:23.0015 1100 Netlogon - ok

22:21:23.0127 1100 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

22:21:23.0131 1100 Netman - ok

22:21:23.0190 1100 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

22:21:23.0192 1100 NetMsmqActivator - ok

22:21:23.0233 1100 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

22:21:23.0234 1100 NetPipeActivator - ok

22:21:23.0261 1100 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

22:21:23.0266 1100 netprofm - ok

22:21:23.0311 1100 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

22:21:23.0313 1100 NetTcpActivator - ok

22:21:23.0320 1100 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

22:21:23.0322 1100 NetTcpPortSharing - ok

22:21:23.0372 1100 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

22:21:23.0373 1100 nfrd960 - ok

22:21:23.0416 1100 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll

22:21:23.0419 1100 NlaSvc - ok

22:21:23.0435 1100 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

22:21:23.0436 1100 Npfs - ok

22:21:23.0458 1100 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

22:21:23.0460 1100 nsi - ok

22:21:23.0474 1100 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

22:21:23.0475 1100 nsiproxy - ok

22:21:23.0552 1100 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

22:21:23.0564 1100 Ntfs - ok

22:21:23.0646 1100 [ 7420B2E1F65642129B6E23BD42F752AA ] ntk_PowerDVD C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys

22:21:23.0648 1100 ntk_PowerDVD - ok

22:21:23.0681 1100 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

22:21:23.0681 1100 Null - ok

22:21:23.0716 1100 [ 10204955027011E08A9DC27737A48A54 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys

22:21:23.0718 1100 NVHDA - ok

22:21:24.0037 1100 [ B15258B1F45F9571758AC6BB2F043B01 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys

22:21:24.0136 1100 nvlddmkm - ok

22:21:24.0207 1100 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

22:21:24.0208 1100 nvraid - ok

22:21:24.0224 1100 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

22:21:24.0225 1100 nvstor - ok

22:21:24.0313 1100 [ 2D7092FEC9BD2ACA199673BBA2BA9277 ] nvsvc C:\Windows\system32\nvvsvc.exe

22:21:24.0328 1100 nvsvc - ok

22:21:24.0614 1100 [ 7E22DE30E222BFDFCEC7E77032BAF3CD ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

22:21:24.0630 1100 nvUpdatusService - ok

22:21:24.0675 1100 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

22:21:24.0677 1100 nv_agp - ok

22:21:24.0713 1100 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

22:21:24.0714 1100 ohci1394 - ok

22:21:24.0811 1100 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

22:21:24.0812 1100 ose - ok

22:21:24.0845 1100 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

22:21:24.0849 1100 p2pimsvc - ok

22:21:24.0877 1100 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

22:21:24.0881 1100 p2psvc - ok

22:21:24.0916 1100 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys

22:21:24.0917 1100 Parport - ok

22:21:24.0952 1100 [ 871EADAC56B0A4C6512BBE32753CCF79 ] partmgr C:\Windows\system32\drivers\partmgr.sys

22:21:24.0953 1100 partmgr - ok

22:21:24.0971 1100 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

22:21:24.0975 1100 PcaSvc - ok

22:21:25.0016 1100 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

22:21:25.0018 1100 pci - ok

22:21:25.0038 1100 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

22:21:25.0038 1100 pciide - ok

22:21:25.0070 1100 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

22:21:25.0072 1100 pcmcia - ok

22:21:25.0091 1100 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

22:21:25.0092 1100 pcw - ok

22:21:25.0140 1100 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

22:21:25.0145 1100 PEAUTH - ok

22:21:25.0251 1100 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

22:21:25.0253 1100 PerfHost - ok

22:21:25.0336 1100 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

22:21:25.0347 1100 pla - ok

22:21:25.0431 1100 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

22:21:25.0436 1100 PlugPlay - ok

22:21:25.0464 1100 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

22:21:25.0466 1100 PNRPAutoReg - ok

22:21:25.0482 1100 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

22:21:25.0486 1100 PNRPsvc - ok

22:21:25.0533 1100 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

22:21:25.0537 1100 PolicyAgent - ok

22:21:25.0666 1100 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

22:21:25.0670 1100 Power - ok

22:21:25.0718 1100 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

22:21:25.0720 1100 PptpMiniport - ok

22:21:25.0727 1100 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys

22:21:25.0728 1100 Processor - ok

22:21:25.0743 1100 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll

22:21:25.0746 1100 ProfSvc - ok

22:21:25.0765 1100 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

22:21:25.0767 1100 ProtectedStorage - ok

22:21:25.0813 1100 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

22:21:25.0814 1100 Psched - ok

22:21:25.0874 1100 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

22:21:25.0885 1100 ql2300 - ok

22:21:25.0899 1100 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

22:21:25.0901 1100 ql40xx - ok

22:21:25.0940 1100 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

22:21:25.0943 1100 QWAVE - ok

22:21:25.0955 1100 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

22:21:25.0956 1100 QWAVEdrv - ok

22:21:25.0972 1100 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

22:21:25.0972 1100 RasAcd - ok

22:21:26.0012 1100 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

22:21:26.0013 1100 RasAgileVpn - ok

22:21:26.0027 1100 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

22:21:26.0030 1100 RasAuto - ok

22:21:26.0068 1100 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

22:21:26.0070 1100 Rasl2tp - ok

22:21:26.0118 1100 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

22:21:26.0123 1100 RasMan - ok

22:21:26.0163 1100 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

22:21:26.0164 1100 RasPppoe - ok

22:21:26.0174 1100 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

22:21:26.0175 1100 RasSstp - ok

22:21:26.0218 1100 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

22:21:26.0220 1100 rdbss - ok

22:21:26.0230 1100 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

22:21:26.0231 1100 rdpbus - ok

22:21:26.0242 1100 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

22:21:26.0243 1100 RDPCDD - ok

22:21:26.0268 1100 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

22:21:26.0269 1100 RDPENCDD - ok

22:21:26.0290 1100 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

22:21:26.0290 1100 RDPREFMP - ok

22:21:26.0334 1100 [ 6D76E6433574B058ADCB0C50DF834492 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

22:21:26.0336 1100 RDPWD - ok

22:21:26.0386 1100 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

22:21:26.0388 1100 rdyboost - ok

22:21:26.0413 1100 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

22:21:26.0415 1100 RemoteAccess - ok

22:21:26.0503 1100 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

22:21:26.0506 1100 RemoteRegistry - ok

22:21:26.0525 1100 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

22:21:26.0527 1100 RpcEptMapper - ok

22:21:26.0546 1100 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

22:21:26.0547 1100 RpcLocator - ok

22:21:26.0598 1100 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

22:21:26.0604 1100 RpcSs - ok

22:21:26.0641 1100 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

22:21:26.0642 1100 rspndr - ok

22:21:26.0656 1100 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

22:21:26.0658 1100 SamSs - ok

22:21:26.0704 1100 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

22:21:26.0705 1100 sbp2port - ok

22:21:26.0738 1100 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

22:21:26.0741 1100 SCardSvr - ok

22:21:26.0780 1100 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

22:21:26.0781 1100 scfilter - ok

22:21:26.0845 1100 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

22:21:26.0854 1100 Schedule - ok

22:21:26.0900 1100 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

22:21:26.0901 1100 SCPolicySvc - ok

22:21:26.0945 1100 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

22:21:26.0947 1100 SDRSVC - ok

22:21:26.0988 1100 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

22:21:26.0988 1100 secdrv - ok

22:21:27.0066 1100 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

22:21:27.0068 1100 seclogon - ok

22:21:27.0100 1100 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll

22:21:27.0103 1100 SENS - ok

22:21:27.0121 1100 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

22:21:27.0124 1100 SensrSvc - ok

22:21:27.0137 1100 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

22:21:27.0138 1100 Serenum - ok

22:21:27.0176 1100 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys

22:21:27.0177 1100 Serial - ok

22:21:27.0214 1100 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

22:21:27.0214 1100 sermouse - ok

22:21:27.0261 1100 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

22:21:27.0264 1100 SessionEnv - ok

22:21:27.0302 1100 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

22:21:27.0303 1100 sffdisk - ok

22:21:27.0319 1100 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

22:21:27.0320 1100 sffp_mmc - ok

22:21:27.0331 1100 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

22:21:27.0332 1100 sffp_sd - ok

22:21:27.0351 1100 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

22:21:27.0351 1100 sfloppy - ok

22:21:27.0400 1100 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

22:21:27.0403 1100 SharedAccess - ok

22:21:27.0508 1100 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

22:21:27.0512 1100 ShellHWDetection - ok

22:21:27.0536 1100 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

22:21:27.0537 1100 SiSRaid2 - ok

22:21:27.0549 1100 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

22:21:27.0550 1100 SiSRaid4 - ok

22:21:27.0578 1100 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

22:21:27.0580 1100 Smb - ok

22:21:27.0632 1100 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

22:21:27.0634 1100 SNMPTRAP - ok

22:21:27.0647 1100 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

22:21:27.0648 1100 spldr - ok

22:21:27.0686 1100 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe

22:21:27.0692 1100 Spooler - ok

22:21:27.0801 1100 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

22:21:27.0833 1100 sppsvc - ok

22:21:27.0862 1100 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

22:21:27.0864 1100 sppuinotify - ok

22:21:27.0912 1100 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

22:21:27.0915 1100 srv - ok

22:21:28.0019 1100 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

22:21:28.0022 1100 srv2 - ok

22:21:28.0045 1100 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

22:21:28.0046 1100 srvnet - ok

22:21:28.0085 1100 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

22:21:28.0088 1100 SSDPSRV - ok

22:21:28.0148 1100 SSHDRV65 - ok

22:21:28.0180 1100 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

22:21:28.0183 1100 SstpSvc - ok

22:21:28.0203 1100 [ 3D69F5F3BEB8AA28D7F46F5548B8D6D7 ] stdflt C:\Windows\system32\DRIVERS\stdflt.sys

22:21:28.0204 1100 stdflt - ok

22:21:28.0224 1100 Steam Client Service - ok

22:21:28.0324 1100 [ 9E1222C417291BC836210743624A8E5E ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

22:21:28.0327 1100 Stereo Service - ok

22:21:28.0357 1100 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

22:21:28.0358 1100 stexstor - ok

22:21:28.0409 1100 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

22:21:28.0415 1100 stisvc - ok

22:21:28.0458 1100 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys

22:21:28.0459 1100 swenum - ok

22:21:28.0514 1100 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

22:21:28.0519 1100 swprv - ok

22:21:28.0562 1100 [ BE2B928DE9AF2848289DB7A54C7E2398 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys

22:21:28.0564 1100 SynTP - ok

22:21:28.0647 1100 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

22:21:28.0661 1100 SysMain - ok

22:21:28.0720 1100 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

22:21:28.0723 1100 TabletInputService - ok

22:21:28.0745 1100 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

22:21:28.0749 1100 TapiSrv - ok

22:21:28.0774 1100 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

22:21:28.0776 1100 TBS - ok

22:21:28.0866 1100 [ FC62769E7BFF2896035AEED399108162 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

22:21:28.0880 1100 Tcpip - ok

22:21:28.0954 1100 [ FC62769E7BFF2896035AEED399108162 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

22:21:28.0968 1100 TCPIP6 - ok

22:21:29.0003 1100 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

22:21:29.0004 1100 tcpipreg - ok

22:21:29.0045 1100 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

22:21:29.0045 1100 TDPIPE - ok

22:21:29.0076 1100 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

22:21:29.0077 1100 TDTCP - ok

22:21:29.0121 1100 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

22:21:29.0123 1100 tdx - ok

22:21:29.0158 1100 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys

22:21:29.0159 1100 TermDD - ok

22:21:29.0271 1100 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

22:21:29.0277 1100 TermService - ok

22:21:29.0319 1100 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

22:21:29.0321 1100 Themes - ok

22:21:29.0350 1100 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

22:21:29.0352 1100 THREADORDER - ok

22:21:29.0364 1100 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

22:21:29.0367 1100 TrkWks - ok

22:21:29.0432 1100 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

22:21:29.0433 1100 TrustedInstaller - ok

22:21:29.0476 1100 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

22:21:29.0477 1100 tssecsrv - ok

22:21:29.0514 1100 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

22:21:29.0515 1100 TsUsbFlt - ok

22:21:29.0573 1100 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

22:21:29.0574 1100 tunnel - ok

22:21:29.0601 1100 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

22:21:29.0602 1100 uagp35 - ok

22:21:29.0641 1100 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

22:21:29.0644 1100 udfs - ok

22:21:29.0683 1100 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

22:21:29.0685 1100 UI0Detect - ok

22:21:29.0714 1100 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

22:21:29.0715 1100 uliagpkx - ok

22:21:29.0761 1100 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys

22:21:29.0762 1100 umbus - ok

22:21:29.0781 1100 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

22:21:29.0781 1100 UmPass - ok

22:21:29.0810 1100 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

22:21:29.0814 1100 upnphost - ok

22:21:29.0863 1100 [ F724B03C3DFAACF08D17D38BF3333583 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys

22:21:29.0864 1100 USBAAPL64 - ok

22:21:29.0906 1100 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

22:21:29.0907 1100 usbccgp - ok

22:21:29.0950 1100 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

22:21:29.0952 1100 usbcir - ok

22:21:29.0972 1100 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

22:21:29.0973 1100 usbehci - ok

22:21:30.0010 1100 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

22:21:30.0013 1100 usbhub - ok

22:21:30.0034 1100 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys

22:21:30.0035 1100 usbohci - ok

22:21:30.0072 1100 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

22:21:30.0073 1100 usbprint - ok

22:21:30.0109 1100 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

22:21:30.0110 1100 usbscan - ok

22:21:30.0127 1100 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

22:21:30.0128 1100 USBSTOR - ok

22:21:30.0170 1100 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys

22:21:30.0171 1100 usbuhci - ok

22:21:30.0234 1100 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys

22:21:30.0235 1100 usbvideo - ok

22:21:30.0270 1100 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

22:21:30.0272 1100 UxSms - ok

22:21:30.0288 1100 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

22:21:30.0289 1100 VaultSvc - ok

22:21:30.0374 1100 [ 84BB306B7863883018D7F3EB0C453BD5 ] VClone C:\Windows\system32\DRIVERS\VClone.sys

22:21:30.0375 1100 VClone - ok

22:21:30.0471 1100 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

22:21:30.0472 1100 vdrvroot - ok

22:21:30.0527 1100 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

22:21:30.0533 1100 vds - ok

22:21:30.0559 1100 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

22:21:30.0560 1100 vga - ok

22:21:30.0578 1100 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

22:21:30.0579 1100 VgaSave - ok

22:21:30.0621 1100 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

22:21:30.0622 1100 vhdmp - ok

22:21:30.0652 1100 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

22:21:30.0653 1100 viaide - ok

22:21:30.0662 1100 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

22:21:30.0663 1100 volmgr - ok

22:21:30.0708 1100 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

22:21:30.0711 1100 volmgrx - ok

22:21:30.0757 1100 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

22:21:30.0760 1100 volsnap - ok

22:21:30.0790 1100 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

22:21:30.0792 1100 vsmraid - ok

22:21:30.0864 1100 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

22:21:30.0877 1100 VSS - ok

22:21:30.0932 1100 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

22:21:30.0933 1100 vwifibus - ok

22:21:30.0950 1100 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

22:21:30.0951 1100 vwififlt - ok

22:21:31.0003 1100 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

22:21:31.0008 1100 W32Time - ok

22:21:31.0031 1100 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

22:21:31.0031 1100 WacomPen - ok

22:21:31.0089 1100 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

22:21:31.0090 1100 WANARP - ok

22:21:31.0095 1100 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

22:21:31.0096 1100 Wanarpv6 - ok

22:21:31.0271 1100 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

22:21:31.0280 1100 WatAdminSvc - ok

22:21:31.0353 1100 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

22:21:31.0366 1100 wbengine - ok

22:21:31.0417 1100 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

22:21:31.0420 1100 WbioSrvc - ok

22:21:31.0465 1100 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

22:21:31.0470 1100 wcncsvc - ok

22:21:31.0483 1100 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

22:21:31.0485 1100 WcsPlugInService - ok

22:21:31.0515 1100 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys

22:21:31.0516 1100 Wd - ok

22:21:31.0598 1100 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

22:21:31.0603 1100 Wdf01000 - ok

22:21:31.0622 1100 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

22:21:31.0626 1100 WdiServiceHost - ok

22:21:31.0632 1100 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

22:21:31.0636 1100 WdiSystemHost - ok

22:21:31.0697 1100 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

22:21:31.0700 1100 WebClient - ok

22:21:31.0720 1100 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

22:21:31.0724 1100 Wecsvc - ok

22:21:31.0742 1100 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

22:21:31.0745 1100 wercplsupport - ok

22:21:31.0779 1100 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

22:21:31.0782 1100 WerSvc - ok

22:21:31.0827 1100 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

22:21:31.0827 1100 WfpLwf - ok

22:21:31.0840 1100 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

22:21:31.0840 1100 WIMMount - ok

22:21:31.0873 1100 WinDefend - ok

22:21:31.0966 1100 [ 8258726D076C8FFF994F468712DDFBAB ] WindowBlinds C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe

22:21:31.0968 1100 WindowBlinds - ok

22:21:31.0978 1100 WinHttpAutoProxySvc - ok

22:21:32.0055 1100 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

22:21:32.0057 1100 Winmgmt - ok

22:21:32.0138 1100 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

22:21:32.0154 1100 WinRM - ok

22:21:32.0205 1100 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

22:21:32.0206 1100 WinUsb - ok

22:21:32.0283 1100 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

22:21:32.0291 1100 Wlansvc - ok

22:21:32.0335 1100 [ A96D6C0613DCF84F2D07FAEB75663072 ] wltrysvc C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE

22:21:32.0335 1100 wltrysvc - ok

22:21:32.0398 1100 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

22:21:32.0399 1100 WmiAcpi - ok

22:21:32.0434 1100 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

22:21:32.0436 1100 wmiApSrv - ok

22:21:32.0451 1100 WMPNetworkSvc - ok

22:21:32.0479 1100 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

22:21:32.0481 1100 WPCSvc - ok

22:21:32.0517 1100 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

22:21:32.0520 1100 WPDBusEnum - ok

22:21:32.0546 1100 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

22:21:32.0546 1100 ws2ifsl - ok

22:21:32.0565 1100 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll

22:21:32.0568 1100 wscsvc - ok

22:21:32.0573 1100 WSearch - ok

22:21:32.0677 1100 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

22:21:32.0696 1100 wuauserv - ok

22:21:32.0736 1100 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

22:21:32.0738 1100 WudfPf - ok

22:21:32.0846 1100 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

22:21:32.0848 1100 WUDFRd - ok

22:21:32.0894 1100 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

22:21:32.0897 1100 wudfsvc - ok

22:21:32.0925 1100 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

22:21:32.0929 1100 WwanSvc - ok

22:21:32.0989 1100 [ 9176C0822FAA649E45121875BE32F5D2 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys

22:21:32.0990 1100 xusb21 - ok

22:21:33.0122 1100 [ 1870A74EE2901CA09FFBFE79A5EE0E94 ] {329F96B6-DF1E-4328-BFDA-39EA953C1312} C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl

22:21:33.0123 1100 {329F96B6-DF1E-4328-BFDA-39EA953C1312} - ok

22:21:33.0132 1100 ================ Scan global ===============================

22:21:33.0159 1100 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

22:21:33.0202 1100 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll

22:21:33.0212 1100 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll

22:21:33.0231 1100 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

22:21:33.0254 1100 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

22:21:33.0258 1100 [Global] - ok

22:21:33.0258 1100 ================ Scan MBR ==================================

22:21:33.0279 1100 [ C0DCF0AC171DB02DB8B0014C5D767CF1 ] \Device\Harddisk0\DR0

22:21:33.0279 1100 Suspicious mbr (Forged): \Device\Harddisk0\DR0

22:21:33.0346 1100 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

22:21:33.0346 1100 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)

22:21:33.0347 1100 ================ Scan VBR ==================================

22:21:33.0354 1100 [ 5806C202976ADC39B3C413B6547AA2C6 ] \Device\Harddisk0\DR0\Partition1

22:21:33.0357 1100 \Device\Harddisk0\DR0\Partition1 - ok

22:21:33.0403 1100 [ 4D55015D9359D71A23786EB6C9A45EFF ] \Device\Harddisk0\DR0\Partition2

22:21:33.0408 1100 \Device\Harddisk0\DR0\Partition2 - ok

22:21:33.0409 1100 ============================================================

22:21:33.0409 1100 Scan finished

22:21:33.0409 1100 ============================================================

22:21:33.0424 7460 Detected object count: 1

22:21:33.0424 7460 Actual detected object count: 1

22:21:40.0959 7460 \Device\Harddisk0\DR0\# - copied to quarantine

22:21:40.0961 7460 \Device\Harddisk0\DR0 - copied to quarantine

22:21:41.0039 7460 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine

22:21:41.0041 7460 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine

22:21:41.0044 7460 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine

22:21:41.0049 7460 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine

22:21:41.0053 7460 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine

22:21:41.0085 7460 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine

22:21:41.0105 7460 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine

22:21:41.0134 7460 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

22:21:41.0138 7460 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine

22:21:41.0139 7460 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine

22:21:41.0146 7460 \Device\Harddisk0\DR0\TDLFS\xh.dll - copied to quarantine

22:21:41.0177 7460 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot

22:21:41.0181 7460 \Device\Harddisk0\DR0 - ok

22:21:41.0225 7460 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

22:22:06.0490 5556 Deinitialize success

Here's the MBRScan log (after the reboot):

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows 7 Home Premium Edition

Windows Information: Service Pack 1 (build 7601), 64-bit

Base Board Manufacturer: Alienware

BIOS Manufacturer: Alienware

System Manufacturer: Alienware

System Product Name: M11x

Logical Drives Mask: 0x0000000c

Kernel Drivers (total 201):

0x03003000 \SystemRoot\system32\ntoskrnl.exe

0x035EC000 \SystemRoot\system32\hal.dll

0x00BA9000 \SystemRoot\system32\kdcom.dll

0x00CBC000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

0x00D0B000 \SystemRoot\system32\PSHED.dll

0x00D1F000 \SystemRoot\system32\CLFS.SYS

0x00E6A000 \SystemRoot\system32\CI.dll

0x00F2A000 \SystemRoot\system32\drivers\01626356.sys

0x00C00000 \SystemRoot\system32\drivers\Wdf01000.sys

0x00F61000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x00F70000 \SystemRoot\system32\drivers\ACPI.sys

0x00FC7000 \SystemRoot\system32\drivers\WMILIB.SYS

0x00FD0000 \SystemRoot\system32\drivers\msisadrv.sys

0x00E00000 \SystemRoot\system32\drivers\pci.sys

0x00E33000 \SystemRoot\system32\drivers\vdrvroot.sys

0x00E40000 \SystemRoot\System32\drivers\partmgr.sys

0x00E55000 \SystemRoot\system32\DRIVERS\compbatt.sys

0x00E5E000 \SystemRoot\system32\DRIVERS\BATTC.SYS

0x00FDA000 \SystemRoot\system32\drivers\volmgr.sys

0x00D7D000 \SystemRoot\System32\drivers\volmgrx.sys

0x00DD9000 \SystemRoot\System32\drivers\mountmgr.sys

0x010D9000 \SystemRoot\system32\DRIVERS\iaStor.sys

0x012E3000 \SystemRoot\system32\drivers\atapi.sys

0x012EC000 \SystemRoot\system32\drivers\ataport.SYS

0x01316000 \SystemRoot\system32\drivers\msahci.sys

0x01321000 \SystemRoot\system32\drivers\PCIIDEX.SYS

0x01331000 \SystemRoot\system32\drivers\amdxata.sys

0x0133C000 \SystemRoot\system32\drivers\fltmgr.sys

0x01388000 \SystemRoot\system32\drivers\fileinfo.sys

0x01408000 \SystemRoot\System32\Drivers\Ntfs.sys

0x0139C000 \SystemRoot\System32\Drivers\msrpc.sys

0x015AB000 \SystemRoot\System32\Drivers\ksecdd.sys

0x01000000 \SystemRoot\System32\Drivers\cng.sys

0x015C6000 \SystemRoot\System32\drivers\pcw.sys

0x015D7000 \SystemRoot\System32\Drivers\Fs_Rec.sys

0x01699000 \SystemRoot\system32\drivers\ndis.sys

0x0178C000 \SystemRoot\system32\drivers\NETIO.SYS

0x01600000 \SystemRoot\System32\Drivers\ksecpkg.sys

0x01895000 \SystemRoot\System32\drivers\tcpip.sys

0x01A99000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x01AE3000 \SystemRoot\system32\drivers\volsnap.sys

0x01B2F000 \SystemRoot\system32\DRIVERS\stdflt.sys

0x01B37000 \SystemRoot\System32\Drivers\spldr.sys

0x01B3F000 \SystemRoot\System32\drivers\rdyboost.sys

0x01B79000 \SystemRoot\System32\Drivers\mup.sys

0x01B94000 \SystemRoot\System32\drivers\hwpolicy.sys

0x01B9D000 \SystemRoot\System32\DRIVERS\fvevol.sys

0x01BD7000 \SystemRoot\system32\DRIVERS\EMSC.SYS

0x01BE1000 \SystemRoot\system32\DRIVERS\disk.sys

0x01800000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS

0x03EF3000 \SystemRoot\System32\Drivers\Null.SYS

0x03EFC000 \SystemRoot\System32\Drivers\Beep.SYS

0x03F03000 \SystemRoot\System32\drivers\vga.sys

0x03F11000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x03F36000 \SystemRoot\System32\drivers\watchdog.sys

0x03F46000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x03F4F000 \SystemRoot\system32\drivers\rdpencdd.sys

0x03F58000 \SystemRoot\system32\drivers\rdprefmp.sys

0x03F61000 \SystemRoot\System32\Drivers\Msfs.SYS

0x03F6C000 \SystemRoot\System32\Drivers\Npfs.SYS

0x03F7D000 \SystemRoot\system32\DRIVERS\tdx.sys

0x03F9F000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x03FAC000 \SystemRoot\System32\DRIVERS\netbt.sys

0x03C00000 \SystemRoot\system32\drivers\afd.sys

0x03C89000 \SystemRoot\system32\drivers\ws2ifsl.sys

0x03C94000 \SystemRoot\system32\DRIVERS\wfplwf.sys

0x03EC9000 \SystemRoot\system32\DRIVERS\pacer.sys

0x0183E000 \SystemRoot\system32\DRIVERS\vwififlt.sys

0x03FF1000 \SystemRoot\system32\DRIVERS\netbios.sys

0x01854000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x0186F000 \SystemRoot\system32\drivers\termdd.sys

0x0162B000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x03C9D000 \SystemRoot\system32\drivers\nsiproxy.sys

0x01883000 \SystemRoot\system32\drivers\mssmbios.sys

0x0167C000 \SystemRoot\System32\Drivers\ElbyCDIO.sys

0x01687000 \SystemRoot\System32\drivers\discache.sys

0x015E1000 \SystemRoot\System32\Drivers\dfsc.sys

0x017EC000 \SystemRoot\system32\DRIVERS\blbdrive.sys

0x01072000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x0F2E2000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys

0x0FF59000 \SystemRoot\System32\Drivers\nvBridge.kmd

0x02E72000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x02F66000 \SystemRoot\System32\drivers\dxgmms1.sys

0x02FAC000 \SystemRoot\system32\drivers\HDAudBus.sys

0x02FD0000 \SystemRoot\system32\DRIVERS\usbuhci.sys

0x02E00000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0x02E56000 \SystemRoot\system32\DRIVERS\usbehci.sys

0x02FDD000 \SystemRoot\system32\DRIVERS\L1C62x64.sys

0x0423D000 \SystemRoot\system32\DRIVERS\bcmwl664.sys

0x0452B000 \SystemRoot\system32\DRIVERS\vwifibus.sys

0x04589000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS

0x045B8000 \SystemRoot\system32\DRIVERS\CmBatt.sys

0x045BD000 \SystemRoot\system32\drivers\i8042prt.sys

0x045DB000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0x0FF5E000 \SystemRoot\system32\DRIVERS\SynTP.sys

0x045EA000 \SystemRoot\system32\DRIVERS\USBD.SYS

0x045EC000 \SystemRoot\system32\DRIVERS\mouclass.sys

0x04200000 \SystemRoot\system32\DRIVERS\Acceler.sys

0x0420F000 \SystemRoot\system32\drivers\wmiacpi.sys

0x04218000 \SystemRoot\system32\DRIVERS\intelppm.sys

0x0FFAE000 \SystemRoot\system32\drivers\CompositeBus.sys

0x0FFBE000 \SystemRoot\system32\DRIVERS\AgileVpn.sys

0x0FFD4000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x0422E000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x0F200000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x0F22F000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x0F24A000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x0F26B000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x0F285000 \SystemRoot\system32\DRIVERS\VClone.sys

0x0423A000 \SystemRoot\system32\drivers\swenum.sys

0x0F294000 \SystemRoot\system32\drivers\ks.sys

0x01098000 \SystemRoot\system32\drivers\umbus.sys

0x046B1000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x0470B000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x04720000 \SystemRoot\system32\drivers\nvhda64v.sys

0x0474D000 \SystemRoot\system32\drivers\portcls.sys

0x0478A000 \SystemRoot\system32\drivers\drmk.sys

0x047AC000 \SystemRoot\system32\drivers\ksthunk.sys

0x0580F000 \SystemRoot\system32\drivers\RTKVHD64.sys

0x05A49000 \SystemRoot\system32\DRIVERS\cdrom.sys

0x05A73000 \SystemRoot\System32\Drivers\crashdmp.sys

0x03CA9000 \SystemRoot\System32\Drivers\dump_iaStor.sys

0x05A81000 \SystemRoot\System32\Drivers\dump_dumpfve.sys

0x00050000 \SystemRoot\System32\win32k.sys

0x05A94000 \SystemRoot\System32\drivers\Dxapi.sys

0x05AA0000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0x05ABD000 \SystemRoot\System32\Drivers\usbvideo.sys

0x05AEB000 \SystemRoot\system32\DRIVERS\hidusb.sys

0x05AF9000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0x05B12000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0x05B1B000 \SystemRoot\system32\DRIVERS\kbdhid.sys

0x05B29000 \SystemRoot\system32\DRIVERS\mouhid.sys

0x05B36000 \SystemRoot\system32\DRIVERS\monitor.sys

0x00560000 \SystemRoot\System32\TSDDD.dll

0x00650000 \SystemRoot\System32\cdd.dll

0x00990000 \SystemRoot\System32\ATMFD.DLL

0x05B44000 \SystemRoot\system32\drivers\luafv.sys

0x05B67000 \SystemRoot\system32\drivers\WudfPf.sys

0x05B88000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x05B9D000 \SystemRoot\system32\DRIVERS\nwifi.sys

0x047B2000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0x047C5000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x0546D000 \SystemRoot\system32\drivers\HTTP.sys

0x05538000 \SystemRoot\system32\DRIVERS\bowser.sys

0x05556000 \SystemRoot\System32\drivers\mpsdrv.sys

0x0556E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0x0559B000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0x05400000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0x04600000 \SystemRoot\system32\DRIVERS\atksgt.sys

0x0545D000 \SystemRoot\system32\DRIVERS\lirsgt.sys

0x0464F000 \??\C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys

0x0849B000 \SystemRoot\system32\drivers\peauth.sys

0x08541000 \SystemRoot\System32\Drivers\secdrv.SYS

0x0854C000 \SystemRoot\System32\DRIVERS\srvnet.sys

0x0857D000 \SystemRoot\System32\drivers\tcpipreg.sys

0x0858F000 \??\C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl

0x08400000 \SystemRoot\System32\DRIVERS\srv2.sys

0x08854000 \SystemRoot\System32\DRIVERS\srv.sys

0x088EC000 \SystemRoot\system32\drivers\BCM42RLY.sys

0x088F5000 \??\C:\Windows\system32\drivers\mbam.sys

0x088FF000 \SystemRoot\system32\drivers\spsys.sys

0x775C0000 \Windows\System32\ntdll.dll

0x47940000 \Windows\System32\smss.exe

0xFF8E0000 \Windows\System32\apisetschema.dll

0xFF270000 \Windows\System32\autochk.exe

0xFF7F0000 \Windows\System32\advapi32.dll

0xFF750000 \Windows\System32\msvcrt.dll

0x774A0000 \Windows\System32\kernel32.dll

0xFF740000 \Windows\System32\nsi.dll

0xFF5C0000 \Windows\System32\urlmon.dll

0xFF5A0000 \Windows\System32\imagehlp.dll

0xFF490000 \Windows\System32\msctf.dll

0xFF3F0000 \Windows\System32\clbcatq.dll

0xFF390000 \Windows\System32\Wldap32.dll

0x77790000 \Windows\System32\psapi.dll

0xFF2B0000 \Windows\System32\oleaut32.dll

0xFF180000 \Windows\System32\wininet.dll

0xFEF70000 \Windows\System32\ole32.dll

0xFEEF0000 \Windows\System32\shlwapi.dll

0xFEE20000 \Windows\System32\usp10.dll

0xFEDA0000 \Windows\System32\difxapi.dll

0xFED30000 \Windows\System32\gdi32.dll

0xFEAD0000 \Windows\System32\iertutil.dll

0xFE9A0000 \Windows\System32\rpcrt4.dll

0x773A0000 \Windows\System32\user32.dll

0xFE900000 \Windows\System32\comdlg32.dll

0xFDB70000 \Windows\System32\shell32.dll

0xFDB40000 \Windows\System32\imm32.dll

0xFDB30000 \Windows\System32\lpk.dll

0xFDB10000 \Windows\System32\sechost.dll

0xFD930000 \Windows\System32\setupapi.dll

0x77780000 \Windows\System32\normaliz.dll

0xFD8E0000 \Windows\System32\ws2_32.dll

0xFD870000 \Windows\System32\KernelBase.dll

0xFD830000 \Windows\System32\wintrust.dll

0xFD6C0000 \Windows\System32\crypt32.dll

0xFD620000 \Windows\System32\comctl32.dll

0xFD600000 \Windows\System32\devobj.dll

0xFD5C0000 \Windows\System32\cfgmgr32.dll

0xFD5B0000 \Windows\System32\msasn1.dll

0x77770000 \Windows\SysWOW64\normaliz.dll

Processes (total 87):

0 System Idle Process

4 System

276 C:\Windows\System32\smss.exe

496 csrss.exe

560 csrss.exe

568 C:\Windows\System32\wininit.exe

620 C:\Windows\System32\services.exe

628 C:\Windows\System32\lsass.exe

636 C:\Windows\System32\lsm.exe

664 C:\Windows\System32\winlogon.exe

792 C:\Windows\System32\svchost.exe

852 C:\Windows\System32\nvvsvc.exe

876 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

924 C:\Windows\System32\svchost.exe

1020 C:\Windows\System32\svchost.exe

312 C:\Windows\System32\svchost.exe

516 C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe

808 C:\Windows\System32\svchost.exe

1060 C:\Windows\System32\audiodg.exe

1112 C:\Windows\System32\svchost.exe

1200 C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

1212 C:\Windows\System32\nvvsvc.exe

1300 C:\Windows\System32\svchost.exe

1552 C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE

1560 C:\Windows\System32\wlanext.exe

1568 C:\Windows\System32\conhost.exe

1700 C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE

1776 C:\Windows\System32\spoolsv.exe

2008 C:\Windows\System32\svchost.exe

1480 C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

1408 C:\Windows\System32\dwm.exe

1640 C:\Windows\System32\taskhost.exe

1916 C:\Windows\System32\taskeng.exe

2112 C:\Windows\explorer.exe

2456 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

2492 C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe

2532 C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe

2552 C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe

2620 C:\Windows\System32\svchost.exe

2664 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

2832 C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

2916 C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe

3028 C:\Windows\System32\svchost.exe

2188 C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe

1012 WmiPrvSE.exe

2864 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

3016 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

1940 C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE

1340 C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe

1128 C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe

1160 C:\Program Files\Logitech\SetPointP\SetPoint.exe

2376 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

1624 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

2656 C:\Program Files (x86)\RAMRush\RAMRush.exe

3096 C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe

3208 C:\Windows\System32\UI0Detect.exe

3260 C:\Users\Morrow\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe

3276 C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe

3648 C:\Windows\System32\SearchIndexer.exe

3664 C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

3716 C:\Users\Morrow\AppData\Local\DIRECTV Player\NDSPCShowServer.exe

3740 C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe

3844 C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe

3864 C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe

3872 C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe

3884 C:\Windows\System32\conhost.exe

3920 C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

4076 WmiPrvSE.exe

700 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

3928 C:\Program Files (x86)\Java\jre6\bin\jusched.exe

4108 C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe

4124 C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe

4376 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

4648 C:\Program Files\Windows Media Player\wmpnetwk.exe

3304 C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe

3496 C:\Program Files\Alienware\Command Center\AlienFXHook64Mngr.exe

4212 C:\Windows\System32\conhost.exe

4404 C:\Windows\System32\conhost.exe

4988 C:\Windows\System32\SearchProtocolHost.exe

4224 C:\Windows\System32\SearchFilterHost.exe

1416 C:\Windows\System32\svchost.exe

5564 C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

4064 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

3388 C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

5428 C:\Windows\System32\sppsvc.exe

1360 C:\Users\Morrow\Desktop\MBRCheck.exe

3976 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000004`a1800000 (NTFS)

PhysicalDrive0 Model Number: ST9160314AS, Rev: D005DEM1

Size Device Name MBR Status

--------------------------------------------

149 GB \\.\PhysicalDrive0 Windows 7 MBR code detected

SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

Done!

Share this post


Link to post
Share on other sites

Hey morrowc. :)

I think you did it! The only odd thing - maybe this is normal - but when I rebooted after running the TDSSKiller program I got a pop-up asking if I wanted to run a .exe file. It had a long random-looking file name and was made by "Kapersky Labs" or something like that. I hit cancel and windows booted no problems. Other that this, everything seems to be running great!

Not sure about the exe file. Glad to hear things have improved.

Just to be sure, please re-run TDSSKiller and post its new log in your reply.

Share this post


Link to post
Share on other sites

Heres the TDSSKiller log:

22:48:05.0056 4120 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48

22:48:05.0374 4120 ============================================================

22:48:05.0374 4120 Current date / time: 2012/08/30 22:48:05.0374

22:48:05.0374 4120 SystemInfo:

22:48:05.0374 4120

22:48:05.0374 4120 OS Version: 6.1.7601 ServicePack: 1.0

22:48:05.0374 4120 Product type: Workstation

22:48:05.0374 4120 ComputerName: M11X

22:48:05.0374 4120 UserName: Morrow

22:48:05.0374 4120 Windows directory: C:\Windows

22:48:05.0374 4120 System windows directory: C:\Windows

22:48:05.0374 4120 Running under WOW64

22:48:05.0374 4120 Processor architecture: Intel x64

22:48:05.0374 4120 Number of processors: 2

22:48:05.0374 4120 Page size: 0x1000

22:48:05.0374 4120 Boot type: Normal boot

22:48:05.0374 4120 ============================================================

22:48:05.0592 4120 BG loaded

22:48:06.0049 4120 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

22:48:06.0057 4120 ============================================================

22:48:06.0057 4120 \Device\Harddisk0\DR0:

22:48:06.0057 4120 MBR partitions:

22:48:06.0057 4120 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x37000, BlocksNum 0x24D5000

22:48:06.0057 4120 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x250C000, BlocksNum 0x1050D000

22:48:06.0057 4120 ============================================================

22:48:06.0102 4120 C: <-> \Device\Harddisk0\DR0\Partition2

22:48:06.0102 4120 ============================================================

22:48:06.0102 4120 Initialize success

22:48:06.0102 4120 ============================================================

22:48:10.0283 5212 ============================================================

22:48:10.0283 5212 Scan started

22:48:10.0283 5212 Mode: Manual;

22:48:10.0283 5212 ============================================================

22:48:10.0483 5212 ================ Scan system memory ========================

22:48:10.0483 5212 System memory - ok

22:48:10.0483 5212 ================ Scan services =============================

22:48:10.0699 5212 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

22:48:10.0704 5212 1394ohci - ok

22:48:10.0750 5212 [ D82BA16D731F1BEAD682E58E45454F29 ] Acceler C:\Windows\system32\DRIVERS\Acceler.sys

22:48:10.0751 5212 Acceler - ok

22:48:10.0774 5212 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

22:48:10.0780 5212 ACPI - ok

22:48:10.0820 5212 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

22:48:10.0822 5212 AcpiPmi - ok

22:48:10.0978 5212 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

22:48:10.0980 5212 AdobeFlashPlayerUpdateSvc - ok

22:48:11.0030 5212 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

22:48:11.0039 5212 adp94xx - ok

22:48:11.0072 5212 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

22:48:11.0079 5212 adpahci - ok

22:48:11.0099 5212 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

22:48:11.0104 5212 adpu320 - ok

22:48:11.0139 5212 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

22:48:11.0140 5212 AeLookupSvc - ok

22:48:11.0202 5212 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

22:48:11.0203 5212 AERTFilters - ok

22:48:11.0265 5212 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

22:48:11.0269 5212 AFD - ok

22:48:11.0320 5212 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

22:48:11.0323 5212 agp440 - ok

22:48:11.0346 5212 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

22:48:11.0347 5212 ALG - ok

22:48:11.0434 5212 [ A99E57669390F265D25288C8BA042D78 ] AlienFusionService C:\Program Files\Alienware\Command Center\AlienFusionService.exe

22:48:11.0435 5212 AlienFusionService - ok

22:48:11.0468 5212 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

22:48:11.0470 5212 aliide - ok

22:48:11.0489 5212 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

22:48:11.0491 5212 amdide - ok

22:48:11.0534 5212 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

22:48:11.0537 5212 AmdK8 - ok

22:48:11.0550 5212 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

22:48:11.0553 5212 AmdPPM - ok

22:48:11.0596 5212 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

22:48:11.0600 5212 amdsata - ok

22:48:11.0615 5212 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

22:48:11.0620 5212 amdsbs - ok

22:48:11.0639 5212 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

22:48:11.0641 5212 amdxata - ok

22:48:11.0701 5212 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

22:48:11.0704 5212 AppID - ok

22:48:11.0735 5212 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

22:48:11.0736 5212 AppIDSvc - ok

22:48:11.0774 5212 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll

22:48:11.0775 5212 Appinfo - ok

22:48:11.0908 5212 [ 5AA788D5A2C6737BB9C45933985BC1B8 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

22:48:11.0910 5212 Apple Mobile Device - ok

22:48:11.0932 5212 appliandMP - ok

22:48:11.0980 5212 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys

22:48:11.0983 5212 arc - ok

22:48:11.0995 5212 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

22:48:11.0998 5212 arcsas - ok

22:48:12.0108 5212 aspnet_state - ok

22:48:12.0140 5212 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

22:48:12.0142 5212 AsyncMac - ok

22:48:12.0186 5212 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

22:48:12.0188 5212 atapi - ok

22:48:12.0239 5212 [ FC0E8778C000291CAF60EB88C011E931 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys

22:48:12.0241 5212 atksgt - ok

22:48:12.0308 5212 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

22:48:12.0313 5212 AudioEndpointBuilder - ok

22:48:12.0341 5212 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

22:48:12.0346 5212 AudioSrv - ok

22:48:12.0427 5212 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

22:48:12.0428 5212 AxInstSV - ok

22:48:12.0473 5212 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys

22:48:12.0481 5212 b06bdrv - ok

22:48:12.0526 5212 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

22:48:12.0532 5212 b57nd60a - ok

22:48:12.0561 5212 [ 5C0F919666954885D7760DFFE4B29A25 ] BCM42RLY C:\Windows\system32\drivers\BCM42RLY.sys

22:48:12.0562 5212 BCM42RLY - ok

22:48:12.0658 5212 [ BAB887A2B2786310A966881F074F4A99 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys

22:48:12.0679 5212 BCM43XX - ok

22:48:12.0750 5212 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

22:48:12.0751 5212 BDESVC - ok

22:48:12.0782 5212 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

22:48:12.0782 5212 Beep - ok

22:48:12.0853 5212 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

22:48:12.0859 5212 BFE - ok

22:48:12.0917 5212 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll

22:48:12.0924 5212 BITS - ok

22:48:12.0962 5212 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

22:48:12.0963 5212 blbdrive - ok

22:48:13.0017 5212 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

22:48:13.0018 5212 bowser - ok

22:48:13.0047 5212 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

22:48:13.0049 5212 BrFiltLo - ok

22:48:13.0056 5212 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

22:48:13.0058 5212 BrFiltUp - ok

22:48:13.0111 5212 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys

22:48:13.0116 5212 BridgeMP - ok

22:48:13.0156 5212 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll

22:48:13.0157 5212 Browser - ok

22:48:13.0179 5212 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

22:48:13.0185 5212 Brserid - ok

22:48:13.0203 5212 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

22:48:13.0206 5212 BrSerWdm - ok

22:48:13.0234 5212 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

22:48:13.0236 5212 BrUsbMdm - ok

22:48:13.0251 5212 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

22:48:13.0253 5212 BrUsbSer - ok

22:48:13.0273 5212 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

22:48:13.0276 5212 BTHMODEM - ok

22:48:13.0308 5212 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

22:48:13.0309 5212 bthserv - ok

22:48:13.0363 5212 [ 17BB17AF3420B1F82308082299710630 ] CamdAudio C:\Windows\system32\drivers\CamdAudio.sys

22:48:13.0366 5212 CamdAudio - ok

22:48:13.0400 5212 catchme - ok

22:48:13.0438 5212 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

22:48:13.0440 5212 cdfs - ok

22:48:13.0501 5212 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

22:48:13.0502 5212 cdrom - ok

22:48:13.0547 5212 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

22:48:13.0548 5212 CertPropSvc - ok

22:48:13.0580 5212 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys

22:48:13.0582 5212 circlass - ok

22:48:13.0619 5212 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

22:48:13.0622 5212 CLFS - ok

22:48:13.0724 5212 [ DB26C2BA2AC0AB6BE1CFA59F61CE22DA ] CLHNServiceForPowerDVD C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe

22:48:13.0725 5212 CLHNServiceForPowerDVD - ok

22:48:13.0764 5212 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

22:48:13.0765 5212 clr_optimization_v2.0.50727_32 - ok

22:48:13.0825 5212 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

22:48:13.0826 5212 clr_optimization_v2.0.50727_64 - ok

22:48:13.0934 5212 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

22:48:14.0080 5212 clr_optimization_v4.0.30319_32 - ok

22:48:14.0164 5212 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

22:48:14.0258 5212 clr_optimization_v4.0.30319_64 - ok

22:48:14.0310 5212 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

22:48:14.0311 5212 CmBatt - ok

22:48:14.0320 5212 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

22:48:14.0322 5212 cmdide - ok

22:48:14.0375 5212 [ C4943B6C962E4B82197542447AD599F4 ] CNG C:\Windows\system32\Drivers\cng.sys

22:48:14.0384 5212 CNG - ok

22:48:14.0397 5212 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

22:48:14.0399 5212 Compbatt - ok

22:48:14.0441 5212 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

22:48:14.0442 5212 CompositeBus - ok

22:48:14.0452 5212 COMSysApp - ok

22:48:14.0465 5212 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

22:48:14.0468 5212 crcdisk - ok

22:48:14.0517 5212 [ 15597883FBE9B056F276ADA3AD87D9AF ] CryptSvc C:\Windows\system32\cryptsvc.dll

22:48:14.0519 5212 CryptSvc - ok

22:48:14.0590 5212 [ E27D60E5A51EEDF9A57F5B69A9A6457D ] CyberLink PowerDVD 11.0 Monitor Service C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe

22:48:14.0591 5212 CyberLink PowerDVD 11.0 Monitor Service - ok

22:48:14.0627 5212 [ 857943A77B06AC056771A3B12CD318DD ] CyberLink PowerDVD 11.0 Service C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe

22:48:14.0629 5212 CyberLink PowerDVD 11.0 Service - ok

22:48:14.0688 5212 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

22:48:14.0693 5212 DcomLaunch - ok

22:48:14.0726 5212 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

22:48:14.0729 5212 defragsvc - ok

22:48:14.0763 5212 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

22:48:14.0764 5212 DfsC - ok

22:48:14.0809 5212 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

22:48:14.0811 5212 Dhcp - ok

22:48:14.0835 5212 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

22:48:14.0836 5212 discache - ok

22:48:14.0875 5212 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys

22:48:14.0878 5212 Disk - ok

22:48:14.0922 5212 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

22:48:14.0924 5212 Dnscache - ok

22:48:14.0988 5212 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

22:48:14.0991 5212 dot3svc - ok

22:48:15.0028 5212 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

22:48:15.0030 5212 DPS - ok

22:48:15.0062 5212 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

22:48:15.0064 5212 drmkaud - ok

22:48:15.0118 5212 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

22:48:15.0125 5212 DXGKrnl - ok

22:48:15.0172 5212 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

22:48:15.0174 5212 EapHost - ok

22:48:15.0271 5212 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys

22:48:15.0494 5212 ebdrv - ok

22:48:15.0538 5212 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

22:48:15.0540 5212 EFS - ok

22:48:15.0631 5212 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

22:48:15.0636 5212 ehRecvr - ok

22:48:15.0668 5212 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

22:48:15.0669 5212 ehSched - ok

22:48:15.0714 5212 [ 9A47AC3DFCF81D30922CDAAF1C2D579F ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys

22:48:15.0715 5212 ElbyCDIO - ok

22:48:15.0768 5212 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

22:48:15.0778 5212 elxstor - ok

22:48:15.0812 5212 [ E47D9D7E6E53892FC97282482F4AE307 ] EMSC C:\Windows\system32\DRIVERS\EMSC.SYS

22:48:15.0815 5212 EMSC - ok

22:48:15.0853 5212 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

22:48:15.0854 5212 ErrDev - ok

22:48:15.0898 5212 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

22:48:15.0902 5212 EventSystem - ok

22:48:15.0932 5212 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

22:48:15.0937 5212 exfat - ok

22:48:15.0983 5212 [ 2C1D443E14F376E8331F52F135DCA9EF ] FACAP C:\Windows\system32\DRIVERS\facap.sys

22:48:15.0984 5212 FACAP - ok

22:48:16.0115 5212 [ 53E30A6E86AA93C0FFC0BC0439E3E636 ] FAService C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe

22:48:16.0133 5212 FAService - ok

22:48:16.0173 5212 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

22:48:16.0178 5212 fastfat - ok

22:48:16.0236 5212 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

22:48:16.0242 5212 Fax - ok

22:48:16.0262 5212 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys

22:48:16.0265 5212 fdc - ok

22:48:16.0288 5212 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

22:48:16.0289 5212 fdPHost - ok

22:48:16.0310 5212 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

22:48:16.0311 5212 FDResPub - ok

22:48:16.0329 5212 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

22:48:16.0330 5212 FileInfo - ok

22:48:16.0344 5212 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

22:48:16.0345 5212 Filetrace - ok

22:48:16.0362 5212 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

22:48:16.0364 5212 flpydisk - ok

22:48:16.0440 5212 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

22:48:16.0443 5212 FltMgr - ok

22:48:16.0499 5212 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll

22:48:16.0507 5212 FontCache - ok

22:48:16.0564 5212 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

22:48:16.0564 5212 FontCache3.0.0.0 - ok

22:48:16.0601 5212 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

22:48:16.0602 5212 FsDepends - ok

22:48:16.0648 5212 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

22:48:16.0650 5212 Fs_Rec - ok

22:48:16.0704 5212 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

22:48:16.0706 5212 fvevol - ok

22:48:16.0735 5212 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

22:48:16.0738 5212 gagp30kx - ok

22:48:16.0791 5212 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

22:48:16.0797 5212 gpsvc - ok

22:48:16.0912 5212 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

22:48:16.0913 5212 gupdate - ok

22:48:16.0947 5212 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

22:48:16.0948 5212 gupdatem - ok

22:48:16.0974 5212 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

22:48:16.0976 5212 gusvc - ok

22:48:17.0017 5212 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

22:48:17.0019 5212 hcw85cir - ok

22:48:17.0059 5212 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys

22:48:17.0060 5212 HDAudBus - ok

22:48:17.0066 5212 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

22:48:17.0068 5212 HidBatt - ok

22:48:17.0089 5212 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

22:48:17.0092 5212 HidBth - ok

22:48:17.0106 5212 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

22:48:17.0108 5212 HidIr - ok

22:48:17.0143 5212 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll

22:48:17.0144 5212 hidserv - ok

22:48:17.0174 5212 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

22:48:17.0174 5212 HidUsb - ok

22:48:17.0212 5212 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

22:48:17.0214 5212 hkmsvc - ok

22:48:17.0256 5212 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

22:48:17.0259 5212 HomeGroupListener - ok

22:48:17.0296 5212 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

22:48:17.0299 5212 HomeGroupProvider - ok

22:48:17.0334 5212 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

22:48:17.0336 5212 HpSAMD - ok

22:48:17.0382 5212 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

22:48:17.0387 5212 HTTP - ok

22:48:17.0417 5212 hwinterface - ok

22:48:17.0455 5212 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

22:48:17.0455 5212 hwpolicy - ok

22:48:17.0506 5212 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys

22:48:17.0507 5212 i8042prt - ok

22:48:17.0550 5212 [ ABBF174CB394F5C437410A788B7E404A ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys

22:48:17.0554 5212 iaStor - ok

22:48:17.0619 5212 [ 31A0E93CDF29007D6C6FFFB632F375ED ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

22:48:17.0620 5212 IAStorDataMgrSvc - ok

22:48:17.0656 5212 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

22:48:17.0664 5212 iaStorV - ok

22:48:17.0721 5212 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

22:48:17.0722 5212 IDriverT - ok

22:48:17.0792 5212 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

22:48:17.0799 5212 idsvc - ok

22:48:17.0980 5212 [ 70B0763C05C18B6FA18B18631A74ECDE ] IDVaultSvc C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe

22:48:17.0981 5212 IDVaultSvc - ok

22:48:18.0257 5212 [ C6238C6ABD6AC99F5D152DA4E9439A3D ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys

22:48:18.0506 5212 igfx - ok

22:48:18.0554 5212 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

22:48:18.0557 5212 iirsp - ok

22:48:18.0619 5212 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

22:48:18.0626 5212 IKEEXT - ok

22:48:18.0672 5212 [ 57AE484D280AEBD405F65166363E98DC ] InstallFilterService C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe

22:48:18.0673 5212 InstallFilterService - ok

22:48:18.0752 5212 [ 0ADF714079AE174A39D69036143E4C50 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys

22:48:18.0769 5212 IntcAzAudAddService - ok

22:48:18.0809 5212 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

22:48:18.0812 5212 intelide - ok

22:48:18.0846 5212 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

22:48:18.0847 5212 intelppm - ok

22:48:18.0908 5212 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

22:48:18.0910 5212 IPBusEnum - ok

22:48:18.0941 5212 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

22:48:18.0944 5212 IpFilterDriver - ok

22:48:19.0002 5212 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

22:48:19.0007 5212 iphlpsvc - ok

22:48:19.0042 5212 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

22:48:19.0044 5212 IPMIDRV - ok

22:48:19.0071 5212 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

22:48:19.0074 5212 IPNAT - ok

22:48:19.0096 5212 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

22:48:19.0097 5212 IRENUM - ok

22:48:19.0113 5212 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

22:48:19.0116 5212 isapnp - ok

22:48:19.0160 5212 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

22:48:19.0165 5212 iScsiPrt - ok

22:48:19.0191 5212 [ 5BD76F820656AEAA2DCE66EED8DA84B9 ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys

22:48:19.0192 5212 JMCR - ok

22:48:19.0221 5212 [ E662CB468A1CFF3A57E120A212FADD57 ] johci C:\Windows\system32\DRIVERS\johci.sys

22:48:19.0223 5212 johci - ok

22:48:19.0247 5212 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

22:48:19.0248 5212 kbdclass - ok

22:48:19.0275 5212 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

22:48:19.0276 5212 kbdhid - ok

22:48:19.0291 5212 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

22:48:19.0292 5212 KeyIso - ok

22:48:19.0334 5212 [ DA1E991A61CFDD755A589E206B97644B ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

22:48:19.0337 5212 KSecDD - ok

22:48:19.0381 5212 [ 7E33198D956943A4F11A5474C1E9106F ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

22:48:19.0386 5212 KSecPkg - ok

22:48:19.0425 5212 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

22:48:19.0425 5212 ksthunk - ok

22:48:19.0462 5212 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

22:48:19.0470 5212 KtmRm - ok

22:48:19.0504 5212 [ 9C46A5421DE9D116C47155317CABB522 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys

22:48:19.0505 5212 L1C - ok

22:48:19.0573 5212 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll

22:48:19.0576 5212 LanmanServer - ok

22:48:19.0622 5212 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

22:48:19.0625 5212 LanmanWorkstation - ok

22:48:19.0758 5212 [ 4ADC135F525D38A498F83B089228CC2D ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe

22:48:19.0761 5212 LBTServ - ok

22:48:19.0788 5212 [ 00BA093A3F316D43A4C3E098A96AE912 ] LEqdUsb C:\Windows\system32\DRIVERS\LEqdUsb.Sys

22:48:19.0792 5212 LEqdUsb - ok

22:48:19.0814 5212 [ 3067CFAD2BAA4A208130CD0AFB130BC9 ] LHidEqd C:\Windows\system32\DRIVERS\LHidEqd.Sys

22:48:19.0816 5212 LHidEqd - ok

22:48:19.0839 5212 [ 24E09882BA51B9830AE029888A3AAF18 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys

22:48:19.0841 5212 LHidFilt - ok

22:48:19.0883 5212 [ 156AB2E56DC3CA0B582E3362E07CDED7 ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys

22:48:19.0884 5212 lirsgt - ok

22:48:19.0919 5212 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

22:48:19.0920 5212 lltdio - ok

22:48:19.0953 5212 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

22:48:19.0960 5212 lltdsvc - ok

22:48:19.0978 5212 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

22:48:19.0979 5212 lmhosts - ok

22:48:19.0997 5212 [ 2F94325D8C10E2B715F3D753C2422AAC ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys

22:48:20.0000 5212 LMouFilt - ok

22:48:20.0033 5212 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

22:48:20.0038 5212 LSI_FC - ok

22:48:20.0054 5212 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

22:48:20.0057 5212 LSI_SAS - ok

22:48:20.0074 5212 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

22:48:20.0078 5212 LSI_SAS2 - ok

22:48:20.0084 5212 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

22:48:20.0086 5212 LSI_SCSI - ok

22:48:20.0115 5212 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

22:48:20.0117 5212 luafv - ok

22:48:20.0183 5212 [ DC8490812A3B72811AE534F423B4C206 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys

22:48:20.0183 5212 MBAMProtector - ok

22:48:20.0270 5212 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

22:48:20.0274 5212 MBAMService - ok

22:48:20.0323 5212 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

22:48:20.0326 5212 Mcx2Svc - ok

22:48:20.0350 5212 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

22:48:20.0353 5212 megasas - ok

22:48:20.0376 5212 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

22:48:20.0382 5212 MegaSR - ok

22:48:20.0400 5212 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

22:48:20.0402 5212 MMCSS - ok

22:48:20.0416 5212 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

22:48:20.0419 5212 Modem - ok

22:48:20.0446 5212 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

22:48:20.0447 5212 monitor - ok

22:48:20.0508 5212 [ 16F9F464DA6E02A020BCE626C56A1797 ] MotioninJoyXFilter C:\Windows\system32\DRIVERS\MijXfilt.sys

22:48:20.0511 5212 MotioninJoyXFilter - ok

22:48:20.0536 5212 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

22:48:20.0537 5212 mouclass - ok

22:48:20.0565 5212 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

22:48:20.0566 5212 mouhid - ok

22:48:20.0620 5212 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

22:48:20.0621 5212 mountmgr - ok

22:48:20.0665 5212 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

22:48:20.0669 5212 mpio - ok

22:48:20.0688 5212 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

22:48:20.0689 5212 mpsdrv - ok

22:48:20.0746 5212 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

22:48:20.0753 5212 MpsSvc - ok

22:48:20.0803 5212 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

22:48:20.0807 5212 MRxDAV - ok

22:48:20.0850 5212 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

22:48:20.0851 5212 mrxsmb - ok

22:48:20.0889 5212 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

22:48:20.0892 5212 mrxsmb10 - ok

22:48:20.0925 5212 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

22:48:20.0927 5212 mrxsmb20 - ok

22:48:20.0966 5212 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

22:48:20.0968 5212 msahci - ok

22:48:21.0012 5212 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

22:48:21.0016 5212 msdsm - ok

22:48:21.0040 5212 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

22:48:21.0045 5212 MSDTC - ok

22:48:21.0088 5212 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

22:48:21.0089 5212 Msfs - ok

22:48:21.0106 5212 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

22:48:21.0107 5212 mshidkmdf - ok

22:48:21.0119 5212 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

22:48:21.0121 5212 msisadrv - ok

22:48:21.0139 5212 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

22:48:21.0144 5212 MSiSCSI - ok

22:48:21.0150 5212 msiserver - ok

22:48:21.0182 5212 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

22:48:21.0185 5212 MSKSSRV - ok

22:48:21.0200 5212 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

22:48:21.0201 5212 MSPCLOCK - ok

22:48:21.0217 5212 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

22:48:21.0218 5212 MSPQM - ok

22:48:21.0254 5212 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

22:48:21.0261 5212 MsRPC - ok

22:48:21.0301 5212 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys

22:48:21.0302 5212 mssmbios - ok

22:48:21.0308 5212 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

22:48:21.0311 5212 MSTEE - ok

22:48:21.0316 5212 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

22:48:21.0318 5212 MTConfig - ok

22:48:21.0335 5212 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

22:48:21.0335 5212 Mup - ok

22:48:21.0383 5212 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

22:48:21.0388 5212 napagent - ok

22:48:21.0424 5212 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

22:48:21.0426 5212 NativeWifiP - ok

22:48:21.0467 5212 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys

22:48:21.0474 5212 NDIS - ok

22:48:21.0493 5212 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

22:48:21.0495 5212 NdisCap - ok

22:48:21.0514 5212 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

22:48:21.0515 5212 NdisTapi - ok

22:48:21.0561 5212 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

22:48:21.0562 5212 Ndisuio - ok

22:48:21.0606 5212 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

22:48:21.0607 5212 NdisWan - ok

22:48:21.0639 5212 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

22:48:21.0640 5212 NDProxy - ok

22:48:21.0686 5212 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

22:48:21.0687 5212 NetBIOS - ok

22:48:21.0731 5212 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

22:48:21.0733 5212 NetBT - ok

22:48:21.0756 5212 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

22:48:21.0757 5212 Netlogon - ok

22:48:21.0803 5212 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

22:48:21.0807 5212 Netman - ok

22:48:21.0856 5212 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

22:48:21.0868 5212 NetMsmqActivator - ok

22:48:21.0908 5212 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

22:48:21.0910 5212 NetPipeActivator - ok

22:48:21.0938 5212 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

22:48:21.0943 5212 netprofm - ok

22:48:21.0959 5212 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

22:48:21.0960 5212 NetTcpActivator - ok

22:48:21.0966 5212 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

22:48:21.0968 5212 NetTcpPortSharing - ok

22:48:22.0005 5212 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

22:48:22.0007 5212 nfrd960 - ok

22:48:22.0060 5212 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll

22:48:22.0063 5212 NlaSvc - ok

22:48:22.0079 5212 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

22:48:22.0079 5212 Npfs - ok

22:48:22.0102 5212 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

22:48:22.0104 5212 nsi - ok

22:48:22.0118 5212 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

22:48:22.0119 5212 nsiproxy - ok

22:48:22.0196 5212 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

22:48:22.0252 5212 Ntfs - ok

22:48:22.0312 5212 [ 7420B2E1F65642129B6E23BD42F752AA ] ntk_PowerDVD C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys

22:48:22.0313 5212 ntk_PowerDVD - ok

22:48:22.0346 5212 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

22:48:22.0347 5212 Null - ok

22:48:22.0382 5212 [ 10204955027011E08A9DC27737A48A54 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys

22:48:22.0384 5212 NVHDA - ok

22:48:22.0702 5212 [ B15258B1F45F9571758AC6BB2F043B01 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys

22:48:22.0793 5212 nvlddmkm - ok

22:48:22.0839 5212 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

22:48:22.0843 5212 nvraid - ok

22:48:22.0856 5212 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

22:48:22.0860 5212 nvstor - ok

22:48:22.0946 5212 [ 2D7092FEC9BD2ACA199673BBA2BA9277 ] nvsvc C:\Windows\system32\nvvsvc.exe

22:48:22.0959 5212 nvsvc - ok

22:48:23.0125 5212 [ 7E22DE30E222BFDFCEC7E77032BAF3CD ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

22:48:23.0141 5212 nvUpdatusService - ok

22:48:23.0220 5212 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

22:48:23.0223 5212 nv_agp - ok

22:48:23.0235 5212 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

22:48:23.0236 5212 ohci1394 - ok

22:48:23.0334 5212 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

22:48:23.0335 5212 ose - ok

22:48:23.0367 5212 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

22:48:23.0371 5212 p2pimsvc - ok

22:48:23.0399 5212 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

22:48:23.0403 5212 p2psvc - ok

22:48:23.0438 5212 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys

22:48:23.0441 5212 Parport - ok

22:48:23.0474 5212 [ 871EADAC56B0A4C6512BBE32753CCF79 ] partmgr C:\Windows\system32\drivers\partmgr.sys

22:48:23.0475 5212 partmgr - ok

22:48:23.0494 5212 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

22:48:23.0497 5212 PcaSvc - ok

22:48:23.0539 5212 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

22:48:23.0543 5212 pci - ok

22:48:23.0560 5212 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

22:48:23.0563 5212 pciide - ok

22:48:23.0581 5212 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

22:48:23.0586 5212 pcmcia - ok

22:48:23.0603 5212 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

22:48:23.0605 5212 pcw - ok

22:48:23.0641 5212 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

22:48:23.0645 5212 PEAUTH - ok

22:48:23.0752 5212 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

22:48:23.0753 5212 PerfHost - ok

22:48:23.0837 5212 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

22:48:23.0848 5212 pla - ok

22:48:23.0910 5212 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

22:48:23.0915 5212 PlugPlay - ok

22:48:23.0942 5212 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

22:48:23.0944 5212 PNRPAutoReg - ok

22:48:23.0972 5212 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

22:48:23.0976 5212 PNRPsvc - ok

22:48:24.0023 5212 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

22:48:24.0032 5212 PolicyAgent - ok

22:48:24.0067 5212 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

22:48:24.0071 5212 Power - ok

22:48:24.0119 5212 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

22:48:24.0120 5212 PptpMiniport - ok

22:48:24.0126 5212 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys

22:48:24.0129 5212 Processor - ok

22:48:24.0144 5212 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll

22:48:24.0147 5212 ProfSvc - ok

22:48:24.0166 5212 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

22:48:24.0167 5212 ProtectedStorage - ok

22:48:24.0213 5212 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

22:48:24.0215 5212 Psched - ok

22:48:24.0275 5212 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

22:48:24.0322 5212 ql2300 - ok

22:48:24.0344 5212 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

22:48:24.0348 5212 ql40xx - ok

22:48:24.0384 5212 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

22:48:24.0387 5212 QWAVE - ok

22:48:24.0400 5212 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

22:48:24.0401 5212 QWAVEdrv - ok

22:48:24.0416 5212 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

22:48:24.0418 5212 RasAcd - ok

22:48:24.0456 5212 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

22:48:24.0457 5212 RasAgileVpn - ok

22:48:24.0472 5212 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

22:48:24.0474 5212 RasAuto - ok

22:48:24.0513 5212 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

22:48:24.0514 5212 Rasl2tp - ok

22:48:24.0561 5212 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

22:48:24.0565 5212 RasMan - ok

22:48:24.0586 5212 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

22:48:24.0587 5212 RasPppoe - ok

22:48:24.0597 5212 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

22:48:24.0598 5212 RasSstp - ok

22:48:24.0640 5212 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

22:48:24.0643 5212 rdbss - ok

22:48:24.0653 5212 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

22:48:24.0655 5212 rdpbus - ok

22:48:24.0665 5212 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

22:48:24.0665 5212 RDPCDD - ok

22:48:24.0702 5212 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

22:48:24.0702 5212 RDPENCDD - ok

22:48:24.0712 5212 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

22:48:24.0713 5212 RDPREFMP - ok

22:48:24.0757 5212 [ 6D76E6433574B058ADCB0C50DF834492 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

22:48:24.0762 5212 RDPWD - ok

22:48:24.0798 5212 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

22:48:24.0803 5212 rdyboost - ok

22:48:24.0825 5212 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

22:48:24.0827 5212 RemoteAccess - ok

22:48:24.0849 5212 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

22:48:24.0852 5212 RemoteRegistry - ok

22:48:24.0870 5212 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

22:48:24.0873 5212 RpcEptMapper - ok

22:48:24.0891 5212 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

22:48:24.0893 5212 RpcLocator - ok

22:48:24.0944 5212 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

22:48:24.0949 5212 RpcSs - ok

22:48:24.0976 5212 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

22:48:24.0977 5212 rspndr - ok

22:48:24.0991 5212 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

22:48:24.0993 5212 SamSs - ok

22:48:25.0038 5212 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

22:48:25.0042 5212 sbp2port - ok

22:48:25.0072 5212 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

22:48:25.0075 5212 SCardSvr - ok

22:48:25.0115 5212 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

22:48:25.0115 5212 scfilter - ok

22:48:25.0179 5212 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

22:48:25.0189 5212 Schedule - ok

22:48:25.0234 5212 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

22:48:25.0235 5212 SCPolicySvc - ok

22:48:25.0279 5212 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

22:48:25.0282 5212 SDRSVC - ok

22:48:25.0322 5212 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

22:48:25.0323 5212 secdrv - ok

22:48:25.0368 5212 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

22:48:25.0370 5212 seclogon - ok

22:48:25.0391 5212 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll

22:48:25.0393 5212 SENS - ok

22:48:25.0412 5212 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

22:48:25.0414 5212 SensrSvc - ok

22:48:25.0428 5212 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

22:48:25.0430 5212 Serenum - ok

22:48:25.0456 5212 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys

22:48:25.0459 5212 Serial - ok

22:48:25.0515 5212 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

22:48:25.0518 5212 sermouse - ok

22:48:25.0563 5212 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

22:48:25.0565 5212 SessionEnv - ok

22:48:25.0603 5212 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

22:48:25.0605 5212 sffdisk - ok

22:48:25.0621 5212 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

22:48:25.0623 5212 sffp_mmc - ok

22:48:25.0633 5212 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

22:48:25.0635 5212 sffp_sd - ok

22:48:25.0663 5212 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

22:48:25.0667 5212 sfloppy - ok

22:48:25.0712 5212 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

22:48:25.0716 5212 SharedAccess - ok

22:48:25.0754 5212 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

22:48:25.0758 5212 ShellHWDetection - ok

22:48:25.0783 5212 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

22:48:25.0786 5212 SiSRaid2 - ok

22:48:25.0795 5212 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

22:48:25.0798 5212 SiSRaid4 - ok

22:48:25.0825 5212 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

22:48:25.0828 5212 Smb - ok

22:48:25.0890 5212 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

22:48:25.0892 5212 SNMPTRAP - ok

22:48:25.0905 5212 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

22:48:25.0907 5212 spldr - ok

22:48:25.0955 5212 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe

22:48:25.0960 5212 Spooler - ok

22:48:26.0071 5212 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

22:48:26.0100 5212 sppsvc - ok

22:48:26.0131 5212 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

22:48:26.0133 5212 sppuinotify - ok

22:48:26.0180 5212 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

22:48:26.0184 5212 srv - ok

22:48:26.0231 5212 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

22:48:26.0235 5212 srv2 - ok

22:48:26.0258 5212 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

22:48:26.0259 5212 srvnet - ok

22:48:26.0295 5212 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

22:48:26.0298 5212 SSDPSRV - ok

22:48:26.0351 5212 SSHDRV65 - ok

22:48:26.0383 5212 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

22:48:26.0385 5212 SstpSvc - ok

22:48:26.0406 5212 [ 3D69F5F3BEB8AA28D7F46F5548B8D6D7 ] stdflt C:\Windows\system32\DRIVERS\stdflt.sys

22:48:26.0408 5212 stdflt - ok

22:48:26.0427 5212 Steam Client Service - ok

22:48:26.0527 5212 [ 9E1222C417291BC836210743624A8E5E ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

22:48:26.0530 5212 Stereo Service - ok

22:48:26.0560 5212 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

22:48:26.0562 5212 stexstor - ok

22:48:26.0612 5212 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

22:48:26.0618 5212 stisvc - ok

22:48:26.0661 5212 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys

22:48:26.0661 5212 swenum - ok

22:48:26.0705 5212 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

22:48:26.0711 5212 swprv - ok

22:48:26.0765 5212 [ BE2B928DE9AF2848289DB7A54C7E2398 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys

22:48:26.0767 5212 SynTP - ok

22:48:26.0849 5212 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

22:48:26.0863 5212 SysMain - ok

22:48:26.0912 5212 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

22:48:26.0914 5212 TabletInputService - ok

22:48:26.0958 5212 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

22:48:26.0962 5212 TapiSrv - ok

22:48:26.0987 5212 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

22:48:26.0990 5212 TBS - ok

22:48:27.0069 5212 [ FC62769E7BFF2896035AEED399108162 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

22:48:27.0136 5212 Tcpip - ok

22:48:27.0201 5212 [ FC62769E7BFF2896035AEED399108162 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

22:48:27.0214 5212 TCPIP6 - ok

22:48:27.0261 5212 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

22:48:27.0262 5212 tcpipreg - ok

22:48:27.0291 5212 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

22:48:27.0293 5212 TDPIPE - ok

22:48:27.0323 5212 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

22:48:27.0325 5212 TDTCP - ok

22:48:27.0368 5212 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

22:48:27.0369 5212 tdx - ok

22:48:27.0404 5212 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys

22:48:27.0405 5212 TermDD - ok

22:48:27.0459 5212 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

22:48:27.0466 5212 TermService - ok

22:48:27.0499 5212 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

22:48:27.0502 5212 Themes - ok

22:48:27.0519 5212 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

22:48:27.0521 5212 THREADORDER - ok

22:48:27.0555 5212 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

22:48:27.0558 5212 TrkWks - ok

22:48:27.0623 5212 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

22:48:27.0624 5212 TrustedInstaller - ok

22:48:27.0668 5212 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

22:48:27.0669 5212 tssecsrv - ok

22:48:27.0706 5212 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

22:48:27.0708 5212 TsUsbFlt - ok

22:48:27.0764 5212 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

22:48:27.0766 5212 tunnel - ok

22:48:27.0793 5212 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

22:48:27.0796 5212 uagp35 - ok

22:48:27.0832 5212 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

22:48:27.0839 5212 udfs - ok

22:48:27.0874 5212 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

22:48:27.0876 5212 UI0Detect - ok

22:48:27.0906 5212 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

22:48:27.0908 5212 uliagpkx - ok

22:48:27.0941 5212 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys

22:48:27.0942 5212 umbus - ok

22:48:27.0961 5212 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

22:48:27.0963 5212 UmPass - ok

22:48:28.0002 5212 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

22:48:28.0006 5212 upnphost - ok

22:48:28.0054 5212 [ F724B03C3DFAACF08D17D38BF3333583 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys

22:48:28.0057 5212 USBAAPL64 - ok

22:48:28.0075 5212 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

22:48:28.0077 5212 usbccgp - ok

22:48:28.0120 5212 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

22:48:28.0123 5212 usbcir - ok

22:48:28.0142 5212 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

22:48:28.0143 5212 usbehci - ok

22:48:28.0180 5212 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

22:48:28.0182 5212 usbhub - ok

22:48:28.0193 5212 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys

22:48:28.0196 5212 usbohci - ok

22:48:28.0231 5212 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

22:48:28.0233 5212 usbprint - ok

22:48:28.0278 5212 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

22:48:28.0281 5212 usbscan - ok

22:48:28.0297 5212 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

22:48:28.0299 5212 USBSTOR - ok

22:48:28.0317 5212 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys

22:48:28.0318 5212 usbuhci - ok

22:48:28.0359 5212 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys

22:48:28.0361 5212 usbvideo - ok

22:48:28.0395 5212 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

22:48:28.0397 5212 UxSms - ok

22:48:28.0413 5212 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

22:48:28.0415 5212 VaultSvc - ok

22:48:28.0466 5212 [ 84BB306B7863883018D7F3EB0C453BD5 ] VClone C:\Windows\system32\DRIVERS\VClone.sys

22:48:28.0467 5212 VClone - ok

22:48:28.0475 5212 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

22:48:28.0477 5212 vdrvroot - ok

22:48:28.0519 5212 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

22:48:28.0524 5212 vds - ok

22:48:28.0564 5212 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

22:48:28.0566 5212 vga - ok

22:48:28.0593 5212 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

22:48:28.0594 5212 VgaSave - ok

22:48:28.0614 5212 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

22:48:28.0619 5212 vhdmp - ok

22:48:28.0635 5212 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

22:48:28.0637 5212 viaide - ok

22:48:28.0655 5212 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

22:48:28.0658 5212 volmgr - ok

22:48:28.0701 5212 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

22:48:28.0704 5212 volmgrx - ok

22:48:28.0728 5212 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

22:48:28.0734 5212 volsnap - ok

22:48:28.0772 5212 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

22:48:28.0777 5212 vsmraid - ok

22:48:28.0846 5212 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

22:48:28.0859 5212 VSS - ok

22:48:28.0893 5212 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

22:48:28.0893 5212 vwifibus - ok

22:48:28.0911 5212 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

22:48:28.0912 5212 vwififlt - ok

22:48:28.0953 5212 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

22:48:28.0957 5212 W32Time - ok

22:48:28.0980 5212 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

22:48:28.0982 5212 WacomPen - ok

22:48:29.0027 5212 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

22:48:29.0028 5212 WANARP - ok

22:48:29.0034 5212 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

22:48:29.0035 5212 Wanarpv6 - ok

22:48:29.0100 5212 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

22:48:29.0133 5212 WatAdminSvc - ok

22:48:29.0203 5212 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

22:48:29.0218 5212 wbengine - ok

22:48:29.0267 5212 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

22:48:29.0271 5212 WbioSrvc - ok

22:48:29.0315 5212 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

22:48:29.0320 5212 wcncsvc - ok

22:48:29.0333 5212 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

22:48:29.0335 5212 WcsPlugInService - ok

22:48:29.0366 5212 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys

22:48:29.0368 5212 Wd - ok

22:48:29.0393 5212 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

22:48:29.0403 5212 Wdf01000 - ok

22:48:29.0418 5212 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

22:48:29.0420 5212 WdiServiceHost - ok

22:48:29.0426 5212 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

22:48:29.0429 5212 WdiSystemHost - ok

22:48:29.0459 5212 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

22:48:29.0463 5212 WebClient - ok

22:48:29.0482 5212 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

22:48:29.0486 5212 Wecsvc - ok

22:48:29.0505 5212 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

22:48:29.0507 5212 wercplsupport - ok

22:48:29.0529 5212 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

22:48:29.0532 5212 WerSvc - ok

22:48:29.0567 5212 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

22:48:29.0568 5212 WfpLwf - ok

22:48:29.0580 5212 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

22:48:29.0582 5212 WIMMount - ok

22:48:29.0613 5212 WinDefend - ok

22:48:29.0706 5212 [ 8258726D076C8FFF994F468712DDFBAB ] WindowBlinds C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe

22:48:29.0709 5212 WindowBlinds - ok

22:48:29.0719 5212 WinHttpAutoProxySvc - ok

22:48:29.0795 5212 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

22:48:29.0797 5212 Winmgmt - ok

22:48:29.0878 5212 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

22:48:29.0894 5212 WinRM - ok

22:48:29.0946 5212 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

22:48:29.0948 5212 WinUsb - ok

22:48:30.0002 5212 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

22:48:30.0010 5212 Wlansvc - ok

22:48:30.0064 5212 [ A96D6C0613DCF84F2D07FAEB75663072 ] wltrysvc C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE

22:48:30.0065 5212 wltrysvc - ok

22:48:30.0083 5212 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

22:48:30.0084 5212 WmiAcpi - ok

22:48:30.0119 5212 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

22:48:30.0121 5212 wmiApSrv - ok

22:48:30.0136 5212 WMPNetworkSvc - ok

22:48:30.0164 5212 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

22:48:30.0167 5212 WPCSvc - ok

22:48:30.0203 5212 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

22:48:30.0206 5212 WPDBusEnum - ok

22:48:30.0231 5212 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

22:48:30.0232 5212 ws2ifsl - ok

22:48:30.0251 5212 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll

22:48:30.0254 5212 wscsvc - ok

22:48:30.0258 5212 WSearch - ok

22:48:30.0362 5212 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

22:48:30.0381 5212 wuauserv - ok

22:48:30.0422 5212 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

22:48:30.0423 5212 WudfPf - ok

22:48:30.0487 5212 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

22:48:30.0492 5212 WUDFRd - ok

22:48:30.0535 5212 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

22:48:30.0538 5212 wudfsvc - ok

22:48:30.0567 5212 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

22:48:30.0571 5212 WwanSvc - ok

22:48:30.0619 5212 [ 9176C0822FAA649E45121875BE32F5D2 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys

22:48:30.0621 5212 xusb21 - ok

22:48:30.0752 5212 [ 1870A74EE2901CA09FFBFE79A5EE0E94 ] {329F96B6-DF1E-4328-BFDA-39EA953C1312} C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl

22:48:30.0754 5212 {329F96B6-DF1E-4328-BFDA-39EA953C1312} - ok

22:48:30.0762 5212 ================ Scan global ===============================

22:48:30.0789 5212 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

22:48:30.0832 5212 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll

22:48:30.0842 5212 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll

22:48:30.0861 5212 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

22:48:30.0884 5212 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

22:48:30.0888 5212 [Global] - ok

22:48:30.0889 5212 ================ Scan MBR ==================================

22:48:30.0909 5212 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

22:48:31.0348 5212 \Device\Harddisk0\DR0 - ok

22:48:31.0349 5212 ================ Scan VBR ==================================

22:48:31.0353 5212 [ 5806C202976ADC39B3C413B6547AA2C6 ] \Device\Harddisk0\DR0\Partition1

22:48:31.0356 5212 \Device\Harddisk0\DR0\Partition1 - ok

22:48:31.0386 5212 [ 4D55015D9359D71A23786EB6C9A45EFF ] \Device\Harddisk0\DR0\Partition2

22:48:31.0389 5212 \Device\Harddisk0\DR0\Partition2 - ok

22:48:31.0389 5212 ============================================================

22:48:31.0389 5212 Scan finished

22:48:31.0389 5212 ============================================================

22:48:31.0403 5064 Detected object count: 0

22:48:31.0403 5064 Actual detected object count: 0

Share this post


Link to post
Share on other sites

Hey morrowc. :)

Please run a free online scan with the ESET Online Scanner.

Note: You can use Internet Explorer or Mozilla Firefox for this scan.

  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start.
  • When asked, allow the ActiveX control to install.
  • Click Start.
  • Make sure that the option Remove found threats is unchecked and the option Scan unwanted applications is checked.
  • Click Scan.
    Wait for the scan to finish.
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Share this post


Link to post
Share on other sites

<p>Hello,</p>

<p> </p>

<p>Here's the log from ESET (25 threats found)</p>

<p> </p>

<p> </p>

<div>ESETSmartInstaller@High as downloader log:</div>

<div>all ok</div>

<div># version=7</div>

<div># OnlineScannerApp.exe=1.0.0.1</div>

<div># OnlineScanner.ocx=1.0.0.6583</div>

<div># api_version=3.0.2</div>

<div># EOSSerial=a8e24247996d8a49bcb91a3f9e338f2e</div>

<div># end=finished</div>

<div># remove_checked=false</div>

<div># archives_checked=false</div>

<div># unwanted_checked=true</div>

<div># unsafe_checked=false</div>

<div># antistealth_checked=true</div>

<div># utc_time=2012-09-01 03:30:57</div>

<div># local_time=2012-08-31 10:30:57 (-0600, Central Daylight Time)</div>

<div># country="United States"</div>

<div># lang=1033</div>

<div># osver=6.1.7601 NT Service Pack 1</div>

<div># compatibility_mode=5893 16776574 100 94 4088688 98008936 0 0</div>

<div># compatibility_mode=8192 67108863 100 0 0 0 0 0</div>

<div># scanned=236397</div>

<div># found=25</div>

<div># cleaned=0</div>

<div># scan_time=4771</div>

<div>C:\$RECYCLE.BIN\S-1-5-21-2923027591-736980571-597195185-1001\$R2DCFR8.mbr<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/Olmarik.AXY trojan (unable to clean)<span class="Apple-tab-span" style="white-space:pre"> </span>00000000000000000000000000000000<span class="Apple-tab-span" style="white-space:pre"> </span>I</div>

<div>C:\$RECYCLE.BIN\S-1-5-21-2923027591-736980571-597195185-1001\$RF8ELEX.mbr<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/Olmarik.AXY trojan (unable to clean)<span class="Apple-tab-span" style="white-space:pre"> </span>00000000000000000000000000000000<span class="Apple-tab-span" style="white-space:pre"> </span>I</div>

<div>C:\$RECYCLE.BIN\S-1-5-21-2923027591-736980571-597195185-1001\$RH0B3QC.mbr<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/Olmarik.AXY trojan (unable to clean)<span class="Apple-tab-span" style="white-space:pre"> </span>00000000000000000000000000000000<span class="Apple-tab-span" style="white-space:pre"> </span>I</div>

<div>C:\$RECYCLE.BIN\S-1-5-21-2923027591-736980571-597195185-1001\$RM24J0G.mbr<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/Olmarik.AXY trojan (unable to clean)<span class="Apple-tab-span" style="white-space:pre"> </span>00000000000000000000000000000000<span class="Apple-tab-span" style="white-space:pre"> </span>I</div>

<div>C:\$RECYCLE.BIN\S-1-5-21-2923027591-736980571-597195185-1001\$RMLF1GO.mbr<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/Olmarik.AXY trojan (unable to clean)<span class="Apple-tab-span" style="white-space:pre"> </span>00000000000000000000000000000000<span class="Apple-tab-span" style="white-space:pre"> </span>I</div>

<div>C:\$RECYCLE.BIN\S-1-5-21-2923027591-736980571-597195185-1001\$RRK35VD.mbr<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/Olmarik.AXY trojan (unable to clean)<span class="Apple-tab-span" style="white-space:pre"> </span>00000000000000000000000000000000<span class="Apple-tab-span" style="white-space:pre"> </span>I</div>

<div>C:\System Volume Information\SystemRestore\FRStaging\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L1T1V55O\fpi[9].htm<span class="Apple-tab-span" style="white-space:pre"> </span>HTML/ScrInject.B.Gen virus (unable to clean)<span class="Apple-tab-span" style="white-space:pre"> </span>00000000000000000000000000000000<span class="Apple-tab-span" style="white-space:pre"> </span>I</div>

<div>C:\TDSSKiller_Quarantine\30.08.2012_22.21.07\mbr0000\tdlfs0000\tsk0003.dta<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/Olmarik.AWO trojan (unable to clean)<span class="Apple-tab-span" style="white-space:pre"> </span>00000000000000000000000000000000<span class="Apple-tab-span" style="white-space:pre"> </span>I</div>

<div>C:\TDSSKiller_Quarantine\30.08.2012_22.21.07\mbr0000\tdlfs0000\tsk0004.dta<span class="Apple-tab-span" style="white-space:pre"> </span>Win64/Olmarik.X trojan (unable to clean)<span class="Apple-tab-span" style="white-space:pre"> </span>00000000000000000000000000000000<span class="Apple-tab-span" style="white-space:pre"> </span>I</div>

<div>C:\TDSSKiller_Quarantine\30.08.2012_22.21.07\mbr0000\tdlfs0000\tsk0005.dta<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/Olmarik.AWO trojan (unable to clean)<span class="Apple-tab-span" style="white-space:pre"> </span>00000000000000000000000000000000<span class="Apple-tab-span" style="white-space:pre"> </span>I</div>

<div>C:\TDSSKiller_Quarantine\30.08.2012_22.21.07\mbr0000\tdlfs0000\tsk0006.dta<span class="Apple-tab-span" style="white-space:pre"> </span>Win64/Olmarik.AC trojan (unable to clean)<span class="Apple-tab-span" style="white-space:pre"> </span>00000000000000000000000000000000<span class="Apple-tab-span" style="white-space:pre"> </span>I</div>

<div>C:\TDSSKiller_Quarantine\30.08.2012_22.21.07\mbr0000\tdlfs0000\tsk0007.dta<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/Olmarik.AWO trojan (unable to clean)<span class="Apple-tab-span" style="white-space:pre"> </span>00000000000000000000000000000000<span class="Apple-tab-span" style="white-space:pre"> </span>I</div>

<div>C:\TDSSKiller_Quarantine\30.08.2012_22.21.07\mbr0000\tdlfs0000\tsk0008.dta<span class="Apple-tab-span" style="white-space:pre"> </span>Win64/Olmarik.Z trojan (unable to clean)<span class="Apple-tab-span" style="white-space:pre"> </span>00000000000000000000000000000000<span class="Apple-tab-span" style="white-space:pre"> </span>I</div>

<div>C:\TDSSKiller_Quarantine\30.08.2012_22.21.07\mbr0000\tdlfs0000\tsk0010.dta<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/Olmarik.AYG trojan (unable to clean)<span class="Apple-tab-span" style="white-space:pre"> </span>00000000000000000000000000000000<span class="Apple-tab-span" style="white-space:pre"> </span>I</div>

<div>C:\Users\Morrow\Downloads\blu-ray-creator-express.exe<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/Toolbar.Zugo application (unable to clean)<span class="Apple-tab-span" style="white-space:pre"> </span>00000000000000000000000000000000<span class="Apple-tab-span" style="white-space:pre"> </span>I</div>

<div>C:\Users\Morrow\Downloads\Dump_DR0.mbr<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/Olmarik.AXY trojan (unable to clean)<span class="Apple-tab-span" style="white-space:pre"> </span>00000000000000000000000000000000<span class="Apple-tab-span" style="white-space:pre"> </span>I</div>

<div>C:\Users\Morrow\Downloads\Dump_Hdd0_DR0.mbr<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/Olmarik.AXY trojan (unable to clean)<span class="Apple-tab-span" style="white-space:pre"> </span>00000000000000000000000000000000<span class="Apple-tab-span" style="white-space:pre"> </span>I</div>

<div>C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1987OBKX\fpi[1].htm<span class="Apple-tab-span" style="white-space:pre"> </span>HTML/ScrInject.B.Gen virus (unable to clean)<span class="Apple-tab-span" style="white-space:pre"> </span>00000000000000000000000000000000<span class="Apple-tab-span" style="white-space:pre"> </span>I</div>

<div>C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8068ULBY\station-approvalspot_com[1].txt<span class="Apple-tab-span" style="white-space:pre"> </span>HTML/ScrInject.B.Gen virus (unable to clean)<span class="Apple-tab-span" style="white-space:pre"> </span>00000000000000000000000000000000<span class="Apple-tab-span" style="white-space:pre"> </span>I</div>

<div>C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUVC5FIY\favorites[1].txt<span class="Apple-tab-span" style="white-space:pre"> </span>HTML/ScrInject.B.Gen virus (unable to clean)<span class="Apple-tab-span" style="white-space:pre"> </span>00000000000000000000000000000000<span class="Apple-tab-span" style="white-space:pre"> </span>I</div>

<div>C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUVC5FIY\fpi[1].htm<span class="Apple-tab-span" style="white-space:pre"> </span>HTML/ScrInject.B.Gen virus (unable to clean)<span class="Apple-tab-span" style="white-space:pre"> </span>00000000000000000000000000000000<span class="Apple-tab-span" style="white-space:pre"> </span>I</div>

<div>C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1987OBKX\fpi[1].htm<span class="Apple-tab-span" style="white-space:pre"> </span>HTML/ScrInject.B.Gen virus (unable to clean)<span class="Apple-tab-span" style="white-space:pre"> </span>00000000000000000000000000000000<span class="Apple-tab-span" style="white-space:pre"> </span>I</div>

<div>C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8068ULBY\station-approvalspot_com[1].txt<span class="Apple-tab-span" style="white-space:pre"> </span>HTML/ScrInject.B.Gen virus (unable to clean)<span class="Apple-tab-span" style="white-space:pre"> </span>00000000000000000000000000000000<span class="Apple-tab-span" style="white-space:pre"> </span>I</div>

<div>C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUVC5FIY\favorites[1].txt<span class="Apple-tab-span" style="white-space:pre"> </span>HTML/ScrInject.B.Gen virus (unable to clean)<span class="Apple-tab-span" style="white-space:pre"> </span>00000000000000000000000000000000<span class="Apple-tab-span" style="white-space:pre"> </span>I</div>

<div>C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUVC5FIY\fpi[1].htm<span class="Apple-tab-span" style="white-space:pre"> </span>HTML/ScrInject.B.Gen virus (unable to clean)<span class="Apple-tab-span" style="white-space:pre"> </span>00000000000000000000000000000000<span class="Apple-tab-span" style="white-space:pre"> </span>I</div>

<div> </div>

Share this post


Link to post
Share on other sites

Hello,

Here's the ESETS log:

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=a8e24247996d8a49bcb91a3f9e338f2e

# end=finished

# remove_checked=false

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-09-01 03:30:57

# local_time=2012-08-31 10:30:57 (-0600, Central Daylight Time)

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=5893 16776574 100 94 4088688 98008936 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=236397

# found=25

# cleaned=0

# scan_time=4771

C:\$RECYCLE.BIN\S-1-5-21-2923027591-736980571-597195185-1001\$R2DCFR8.mbr Win32/Olmarik.AXY trojan (unable to clean) 00000000000000000000000000000000 I

C:\$RECYCLE.BIN\S-1-5-21-2923027591-736980571-597195185-1001\$RF8ELEX.mbr Win32/Olmarik.AXY trojan (unable to clean) 00000000000000000000000000000000 I

C:\$RECYCLE.BIN\S-1-5-21-2923027591-736980571-597195185-1001\$RH0B3QC.mbr Win32/Olmarik.AXY trojan (unable to clean) 00000000000000000000000000000000 I

C:\$RECYCLE.BIN\S-1-5-21-2923027591-736980571-597195185-1001\$RM24J0G.mbr Win32/Olmarik.AXY trojan (unable to clean) 00000000000000000000000000000000 I

C:\$RECYCLE.BIN\S-1-5-21-2923027591-736980571-597195185-1001\$RMLF1GO.mbr Win32/Olmarik.AXY trojan (unable to clean) 00000000000000000000000000000000 I

C:\$RECYCLE.BIN\S-1-5-21-2923027591-736980571-597195185-1001\$RRK35VD.mbr Win32/Olmarik.AXY trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\SystemRestore\FRStaging\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L1T1V55O\fpi[9].htm HTML/ScrInject.B.Gen virus (unable to clean) 00000000000000000000000000000000 I

C:\TDSSKiller_Quarantine\30.08.2012_22.21.07\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AWO trojan (unable to clean) 00000000000000000000000000000000 I

C:\TDSSKiller_Quarantine\30.08.2012_22.21.07\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.X trojan (unable to clean) 00000000000000000000000000000000 I

C:\TDSSKiller_Quarantine\30.08.2012_22.21.07\mbr0000\tdlfs0000\tsk0005.dta Win32/Olmarik.AWO trojan (unable to clean) 00000000000000000000000000000000 I

C:\TDSSKiller_Quarantine\30.08.2012_22.21.07\mbr0000\tdlfs0000\tsk0006.dta Win64/Olmarik.AC trojan (unable to clean) 00000000000000000000000000000000 I

C:\TDSSKiller_Quarantine\30.08.2012_22.21.07\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AWO trojan (unable to clean) 00000000000000000000000000000000 I

C:\TDSSKiller_Quarantine\30.08.2012_22.21.07\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.Z trojan (unable to clean) 00000000000000000000000000000000 I

C:\TDSSKiller_Quarantine\30.08.2012_22.21.07\mbr0000\tdlfs0000\tsk0010.dta Win32/Olmarik.AYG trojan (unable to clean) 00000000000000000000000000000000 I

C:\Users\Morrow\Downloads\blu-ray-creator-express.exe Win32/Toolbar.Zugo application (unable to clean) 00000000000000000000000000000000 I

C:\Users\Morrow\Downloads\Dump_DR0.mbr Win32/Olmarik.AXY trojan (unable to clean) 00000000000000000000000000000000 I

C:\Users\Morrow\Downloads\Dump_Hdd0_DR0.mbr Win32/Olmarik.AXY trojan (unable to clean) 00000000000000000000000000000000 I

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1987OBKX\fpi[1].htm HTML/ScrInject.B.Gen virus (unable to clean) 00000000000000000000000000000000 I

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8068ULBY\station-approvalspot_com[1].txt HTML/ScrInject.B.Gen virus (unable to clean) 00000000000000000000000000000000 I

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUVC5FIY\favorites[1].txt HTML/ScrInject.B.Gen virus (unable to clean) 00000000000000000000000000000000 I

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUVC5FIY\fpi[1].htm HTML/ScrInject.B.Gen virus (unable to clean) 00000000000000000000000000000000 I

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1987OBKX\fpi[1].htm HTML/ScrInject.B.Gen virus (unable to clean) 00000000000000000000000000000000 I

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8068ULBY\station-approvalspot_com[1].txt HTML/ScrInject.B.Gen virus (unable to clean) 00000000000000000000000000000000 I

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUVC5FIY\favorites[1].txt HTML/ScrInject.B.Gen virus (unable to clean) 00000000000000000000000000000000 I

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUVC5FIY\fpi[1].htm HTML/ScrInject.B.Gen virus (unable to clean) 00000000000000000000000000000000 I

Share this post


Link to post
Share on other sites

Hello morrowc. :)

Please navigate to these files and delete them (if present):

C:\Users\Morrow\Downloads\blu-ray-creator-express.exe

C:\Users\Morrow\Downloads\Dump_DR0.mbr

C:\Users\Morrow\Downloads\Dump_Hdd0_DR0.mbr

Next, please download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Finally, please download ATF Cleaner.

Save it to your Desktop.

  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.

If you use Firefox browser, do this also:

  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser, do this also:

  • Click Opera at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE: : If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

===========

Please provide checkup.txt and a description of any remaining computer issues. :)

Share this post


Link to post
Share on other sites

Here's the checkup.txt:

Results of screen317's Security Check version 0.99.49

Windows 7 Service Pack 1 x64 (UAC is disabled!)

Internet Explorer 8 Out of date!

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.62.0.1300

Java 6 Update 10

Java version out of Date!

Adobe Flash Player 11.3.300.271 Flash Player out of Date!

Adobe Reader 9 Adobe Reader out of Date!

Google Chrome 21.0.1180.79

Google Chrome 21.0.1180.83

Google Chrome CommonDotNET.dll..

Google Chrome IdVaultCore.dll..

Google Chrome IdVaultCore.XmlSerializers.dll.

Google Chrome Microsoft.mshtml.dll.

````````Process Check: objlist.exe by Laurent````````

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 2%

````````````````````End of Log``````````````````````

I am not noticing any remaining issues! But I do have two questions:

1) Did this last step remove the "25 threats" that the ESET online scanner found?

2) What software do you recommend I use after we get everything cleaned to best prevent getting these types of infections in the future? Right now I just have MAM, but I can install Norton Security Suite at any time as well. Is there anything else you'd recommend or are those two enough? Thanks so much for all your help - you totally saved me!

Share this post


Link to post
Share on other sites

Hello morrowc. :)

1) Did this last step remove the "25 threats" that the ESET online scanner found?

Some of those threats were in ComboFix's quarantine already so they are fine. The others were in your temporary internet files, which ATF Cleaner successfully emptied so those are gone as well.

2) What software do you recommend I use after we get everything cleaned to best prevent getting these types of infections in the future? Right now I just have MAM, but I can install Norton Security Suite at any time as well. Is there anything else you'd recommend or are those two enough? Thanks so much for all your help - you totally saved me!

After the updates come back successful I will answer this question. :)

I notice that you have the User Account Control turned off. This is a very important security feature on Windows Vista and 7, as it allows you to restrict access to your computer and control programs that try to run. Please see below on how to turn it on:

http://windows.micro...ntrol-on-or-off

===========

Please do the following updates. Your Windows and Internet Explorer are out of date and by updating to the latest Service Packs you will minimise the risk of future infections through these security patches and fixes.

Service Pack 1 (SP1) is an extremely important update for Vista and Windows 7 and will help reduce the chance of an infection through security patches. I strongly recommend you install this update.

Please open Internet Explorer and follow the instructions below to update Windows:

  • Go to this link: Windows Update
  • Download all the Critical updates, making sure you have selected SP1 and Internet Explorer 9.
  • Once they have been installed, please revisit Windows Update and select any further Critical updates.

Note:

It will be necessary for you to restart the computer during the updates, and return to the Windows Update site several times before all critical updates are installed.

IMPORTANT: Please enable Automatic Updates under Start > Control Panel > Automatic Updates to ensure your Windows updates regularly. This is extremely important in ensuring you remain protected against vulnerabilities and infections.

===========

Your version of Java is out of date. It's important to remove older versions of Java since it does not do so automatically and older versions can leave you vulnerable.

Please follow the instructions below to update Java:

  • Please go to the below link and download the latest Windows 7 version:

http://www.java.com/...load/manual.jsp

  • Save it to your Desktop.
  • Please go to Start>Control Panel>Programs and Features>Programs.
  • Navigate to any versions of Java (J2SE Runtime Environment) you have installed. They will have this icon next to them: javaicon.gif
  • Select Remove.
  • Please double-click the installer and follow the prompts to install the latest version once all the previous versions have been successfully removed.

Next, your version of Adobe Reader is out of date. It could have security vulnerabilities, so please follow these instructions to update it:

  • Please go to Start>All Programs>Adobe Reader.
  • Open Adobe Reader and navigate to Help>Check for Updates.
  • Please follow the prompts to install the latest version.

Finally, your version of Adobe Flash Player is out of date. Please follow these instructions to update to the latest version:

Go to the Adobe Global Notifications Update website here:

http://www.macromedi...r05.html#118377

A small box to the right within the window should load. Please select how often you would like Adobe to check for a new update for its Flash Player.

Note:
This has to be done separately for Firefox and IE.

If a new version is found:

  • Please tick the License Agreement.
  • Click Install.

    Note:
    If you are running Mozilla Firefox all of its windows will need to be closed.


  • Click Done.

Note: In future if an update is available Adobe will notify you on your Desktop via the Adobe Download Manager.

==========

In your reply please let me know how the updates go. :)

Share this post


Link to post
Share on other sites

Hello morrowc. :)

I applied all the updates - everything seems to be running fine!

That's great!

A little housekeeping to uninstall ComboFix:

Please click Start>Run and copy/paste the following text, including the space between "ComboFix and "/uninstall", into the Run box and click OK:

ComboFix /uninstall

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Right-click the Recycle Bin and please select Empty Recycle Bin.

==========

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future. :thumbup:

IMPORTANT: Please enable Automatic Updates under Start > Control Panel > Automatic Updates to ensure your Windows updates regularly. This is extremely important in ensuring you remain protected against vulnerabilities and infections. This is a crucial security measure.

As a minimum, you need at least an antivirus, firewall and some type of anti-spyware program.

Please consider installing and running the following program (there is a free version available):

SpywareBlaster

A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster, can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you may be able to find out if it is a rogue here:

http://www.spywarewarrior.com/rogue_anti-spyware.htm

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and Add-ons, like Adblock Plus and NoScript, can make it even more secure. To avoid dangerous sites Web of Trust or McAfee SiteAdvisor can be installed. Google Chrome or Opera are other good options.

Two useful programs for keeping your programs up-to-date are FileHippo or Secunia PSI. Running one of these regularly will help you obtain the latest program updates.

Please also read Tony Klein's excellent article: How did I get infected in the first place.

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help. :)

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.