lodwyvern Posted December 23, 2011 ID:508481 Share Posted December 23, 2011 I really need help attempting to cleanse my computer of win7 antivirus 2012 and I'd like to avoid a reformat/reinstall if possible. The first time around I followed bleeping computer's guide to remove the infection, but 4 days later win7 antivirus 2012 reappeared with its nasty buddies. I removed it once again and today it reappeared once again. I'm coming here looking for a bit more professional and thorough help. I'd really like to keep my laptop (infected computer) as is since I have to send out my college applications soon and I've also got music and games that I'd hate to lose : (. A side note, I tried looking for system restore points and windows could not locate any so I'd assume this has something to do with win7 antivirus 2012. Please help me out, PLEASE!Logs are here.DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORKInternet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26Run by Kemi at 8:30:59 on 2011-12-23Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3957.2944 [GMT -5:00]..============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exeC:\Windows\system32\wbem\unsecapp.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\Explorer.EXEC:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exeC:\Windows\system32\ctfmon.exeC:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exeC:\Windows\SysWOW64\cmd.exeC:\Windows\system32\conhost.exeC:\Windows\SysWOW64\cscript.exeC:\Windows\system32\wbem\wmiprvse.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHPuInternet Settings,ProxyOverride = *.localuURLSearchHooks: H - No FileBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dllBHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dllBHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No FileBHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dllBHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dllBHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllBHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dllTB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dllTB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dllTB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dllTB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No FilemRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunmRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /mmRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCentermRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"mRun: [VERIZONDM] "C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDMmRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resumemRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRunOnce: [GrpConv] grpconv -oStartupFolder: C:\Users\Kemi\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exemPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLLDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cabTCP: DhcpNameServer = 192.168.1.1TCP: Interfaces\{29DB9033-1D8F-430E-8E0C-640B74B55DE0} : DhcpNameServer = 192.168.1.1TCP: Interfaces\{FC0F6433-02A0-437A-B5A9-DB9A138C4834} : DhcpNameServer = 192.168.1.1TCP: Interfaces\{FC0F6433-02A0-437A-B5A9-DB9A138C4834}\1427C696E67647F6E6 : DhcpNameServer = 68.87.73.246 68.87.71.230TCP: Interfaces\{FC0F6433-02A0-437A-B5A9-DB9A138C4834}\2656C6B696E6E253936336 : DhcpNameServer = 192.168.2.1TCP: Interfaces\{FC0F6433-02A0-437A-B5A9-DB9A138C4834}\452796E6964797D27457563747 : DhcpNameServer = 4.2.2.2TCP: Interfaces\{FC0F6433-02A0-437A-B5A9-DB9A138C4834}\45B434D423 : DhcpNameServer = 192.168.1.1 71.252.0.12TCP: Interfaces\{FC0F6433-02A0-437A-B5A9-DB9A138C4834}\66C6164726573786 : DhcpNameServer = 192.168.1.1TCP: Interfaces\{FC0F6433-02A0-437A-B5A9-DB9A138C4834}\8686F6E6F62737 : DhcpNameServer = 12.127.16.67 12.127.17.71Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dllHandler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dllSEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dllBHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO-X64: AcroIEHelperStub - No FileBHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dllBHO-X64: Increase performance and video formats for your HTML5 <video> - No FileBHO-X64: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dllBHO-X64: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - No FileBHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No FileBHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dllBHO-X64: Search Helper - No FileBHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dllBHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dllBHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllBHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dllTB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dllTB-X64: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dllTB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dllTB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No FilemRun-x64: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunmRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /mmRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCentermRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"mRun-x64: [VERIZONDM] "C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDMmRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resumemRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRunOnce-x64: [GrpConv] grpconv -oSEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Kemi\AppData\Roaming\Mozilla\Firefox\Profiles\shqvloku.default\FF - prefs.js: browser.startup.homepage - about:homeFF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3001705&SearchSource=2&q=FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dllFF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugins\npvsharetvplg.dllFF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dllFF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllFF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dllFF - plugin: C:\Users\Kemi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll.---- FIREFOX POLICIES ----FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(general.useragent.extra.brc, BRI/1FF - user.js: network.protocol-handler.warn-external.dnupdate - false.============= SERVICES / DRIVERS ===============.R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-12-12 2152152]R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]S2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-10-9 92160]S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-19 135664]S2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-10-14 994360]S2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]S2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe [2010-6-11 206120]S2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe [2010-6-11 185640]S2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-4-9 2320920]S3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-19 135664]S3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2011-6-28 17152]S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]S3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?].=============== Created Last 30 ================.2011-12-23 13:27:22 -------- d-sh--w- C:\$RECYCLE.BIN2011-12-22 01:02:35 25160 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys2011-12-22 01:01:22 -------- d-----w- C:\ProgramData\Hitman Pro2011-12-21 23:20:19 98816 ----a-w- C:\Windows\sed.exe2011-12-21 23:20:19 518144 ----a-w- C:\Windows\SWREG.exe2011-12-21 23:20:19 256000 ----a-w- C:\Windows\PEV.exe2011-12-21 23:20:19 208896 ----a-w- C:\Windows\MBR.exe2011-12-21 05:43:37 -------- d-----w- C:\Program Files\iPod2011-12-21 05:43:36 -------- d-----w- C:\Program Files\iTunes2011-12-21 05:43:36 -------- d-----w- C:\Program Files (x86)\iTunes2011-12-21 05:36:43 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll2011-12-21 05:36:43 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll2011-12-21 05:36:43 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll2011-12-21 05:36:43 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll2011-12-21 05:36:43 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll2011-12-21 05:36:43 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll2011-12-21 05:36:43 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll2011-12-18 14:46:32 -------- d-----w- C:\ProgramData\Kaspersky Lab2011-12-18 01:08:33 -------- d-----w- C:\Program Files\Perfect Uninstaller2011-12-15 23:31:00 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys2011-12-15 23:23:10 -------- d-----w- C:\Users\Kemi\AppData\Local\Secunia PSI2011-12-15 23:23:01 -------- d-----w- C:\Program Files (x86)\Secunia2011-12-15 21:41:41 -------- d-----w- C:\Users\Kemi\AppData\Roaming\Malwarebytes2011-12-15 21:41:36 -------- d-----w- C:\ProgramData\Malwarebytes2011-12-15 21:41:33 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys2011-12-15 21:41:33 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2011-12-13 22:14:11 43520 ----a-w- C:\Windows\System32\csrsrv.dll2011-12-03 21:30:56 -------- d-----w- C:\Program Files (x86)\Conduit2011-12-03 21:30:47 -------- d-----w- C:\Program Files (x86)\vShare.tv plugin.==================== Find3M ====================.2011-12-15 23:34:48 16432 ----a-w- C:\Windows\System32\lsdelete.exe2011-12-15 23:30:06 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2011-11-24 05:00:47 3141632 ----a-w- C:\Windows\System32\win32k.sys2011-11-05 05:26:29 1197568 ----a-w- C:\Windows\System32\wininet.dll2011-11-05 05:23:10 57856 ----a-w- C:\Windows\System32\licmgr10.dll2011-11-05 05:17:42 2048 ----a-w- C:\Windows\System32\tzres.dll2011-11-05 04:35:50 981504 ----a-w- C:\Windows\SysWow64\wininet.dll2011-11-05 04:34:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll2011-11-05 04:30:11 2048 ----a-w- C:\Windows\SysWow64\tzres.dll2011-11-05 04:07:32 482816 ----a-w- C:\Windows\System32\html.iec2011-11-05 03:28:41 386048 ----a-w- C:\Windows\SysWow64\html.iec2011-11-05 03:25:44 1638912 ----a-w- C:\Windows\System32\mshtml.tlb2011-11-05 02:55:38 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb2011-10-24 19:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx2011-10-24 19:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts2011-10-15 06:25:12 723456 ----a-w- C:\Windows\System32\EncDec.dll2011-10-15 05:48:52 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll2011-09-29 16:24:44 1897328 ----a-w- C:\Windows\System32\drivers\tcpip.sys.============= FINISH: 8:32:25.53 =============== Link to post Share on other sites More sharing options...
lodwyvern Posted December 23, 2011 Author ID:508658 Share Posted December 23, 2011 here is the "attach"Attach.zip Link to post Share on other sites More sharing options...
liverfibrosis Posted December 24, 2011 ID:508748 Share Posted December 24, 2011 Dear mod,I am having issues with Win7 Security malware. I first got it six months ago. At that time, I ran rkill, malwarebytes, NCR registry restore, unhide and was able to remove it. I again got it last Friday and this time rkill and malwarebytes combo didn't do much (also ran TDSS rootkill which didn't identify anthing). Eventually, I used system restore to December 15th. I again was attacked today by the same program and immediately used system restore to go back to December 22nd.I think the malware has secured itself and keeps reinstalling itself. I have run malwarebytes and DDS per your recommendation. The text logs are attached for your kind perusal.Thank you for your time and efforts in keeping us safe from the dark lords of the interwebs.DDS.txtmbam-log-2011-12-23 (19-44-39).txt Link to post Share on other sites More sharing options...
MrCharlie Posted December 24, 2011 ID:508879 Share Posted December 24, 2011 Welcome to the forum.Vista and Windows 7 users:1. These tools MUST be run from the executable. (.exe) every time you run them 2. With Admin Rights (Right click, choose "Run as Administrator")Please download and run TDSSKiller as outlined in the post below:http://forums.malwarebytes.org/index.php?showtopic=100665&view=findpost&p=499595Post back the log.----------------------Please download OTL from one of the links below:http://oldtimer.geekstogo.com/OTL.exehttp://oldtimer.geekstogo.com/OTL.com (<---renamed version)Save it to your desktop.Double click on the icon on your desktop.Click the Scan All Users checkbox.Push the Quick Scan button.Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedMrC Link to post Share on other sites More sharing options...
lodwyvern Posted December 24, 2011 Author ID:508896 Share Posted December 24, 2011 TDSSKiller log10:27:41.0939 3972 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:1610:27:42.0251 3972 ============================================================10:27:42.0251 3972 Current date / time: 2011/12/24 10:27:42.025110:27:42.0251 3972 SystemInfo:10:27:42.0251 3972 10:27:42.0251 3972 OS Version: 6.1.7600 ServicePack: 0.010:27:42.0251 3972 Product type: Workstation10:27:42.0251 3972 ComputerName: POUNDEDYAM10:27:42.0251 3972 UserName: Kemi10:27:42.0251 3972 Windows directory: C:\Windows10:27:42.0251 3972 System windows directory: C:\Windows10:27:42.0251 3972 Running under WOW6410:27:42.0251 3972 Processor architecture: Intel x6410:27:42.0251 3972 Number of processors: 410:27:42.0251 3972 Page size: 0x100010:27:42.0251 3972 Boot type: Normal boot10:27:42.0251 3972 ============================================================10:27:43.0640 3972 Initialize success10:27:50.0909 5004 ============================================================10:27:50.0909 5004 Scan started10:27:50.0909 5004 Mode: Manual; SigCheck; TDLFS; 10:27:50.0909 5004 ============================================================10:27:53.0124 5004 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys10:27:53.0327 5004 1394ohci - ok10:27:53.0546 5004 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys10:27:53.0577 5004 ACPI - ok10:27:53.0811 5004 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys10:27:53.0951 5004 AcpiPmi - ok10:27:54.0310 5004 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys10:27:54.0357 5004 adp94xx - ok10:27:54.0606 5004 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys10:27:54.0638 5004 adpahci - ok10:27:54.0856 5004 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys10:27:54.0887 5004 adpu320 - ok10:27:55.0168 5004 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys10:27:55.0262 5004 AFD - ok10:27:55.0449 5004 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys10:27:55.0464 5004 agp440 - ok10:27:55.0730 5004 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys10:27:55.0745 5004 aliide - ok10:27:55.0964 5004 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys10:27:55.0979 5004 amdide - ok10:27:56.0182 5004 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys10:27:56.0260 5004 AmdK8 - ok10:27:56.0463 5004 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys10:27:56.0510 5004 AmdPPM - ok10:27:56.0790 5004 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys10:27:56.0806 5004 amdsata - ok10:27:56.0978 5004 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys10:27:57.0009 5004 amdsbs - ok10:27:57.0196 5004 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys10:27:57.0212 5004 amdxata - ok10:27:57.0539 5004 ApfiltrService (8b522286c8d6a20133d12225b7759596) C:\Windows\system32\DRIVERS\Apfiltr.sys10:27:57.0726 5004 ApfiltrService - ok10:27:57.0976 5004 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys10:27:58.0272 5004 AppID - ok10:27:58.0569 5004 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys10:27:58.0584 5004 arc - ok10:27:58.0694 5004 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys10:27:58.0709 5004 arcsas - ok10:27:58.0928 5004 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys10:27:59.0708 5004 AsyncMac - ok10:27:59.0864 5004 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys10:27:59.0879 5004 atapi - ok10:28:00.0066 5004 AtiHdmiService (506934df94e3197f4a1bbe8fbeab0ccd) C:\Windows\system32\drivers\AtiHdmi.sys10:28:00.0082 5004 AtiHdmiService - ok10:28:00.0768 5004 atikmdag (c9f90fee4fdc829382b9130a92fb744c) C:\Windows\system32\DRIVERS\atikmdag.sys10:28:01.0190 5004 atikmdag - ok10:28:01.0517 5004 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys10:28:01.0673 5004 b06bdrv - ok10:28:01.0829 5004 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys10:28:01.0938 5004 b57nd60a - ok10:28:02.0126 5004 BCM42RLY (e001dd475a7c27ebe5a0db45c11bad71) C:\Windows\system32\drivers\BCM42RLY.sys10:28:02.0141 5004 BCM42RLY - ok10:28:02.0547 5004 BCM43XX (37394d3553e220fb732c21e217e1bd8b) C:\Windows\system32\DRIVERS\bcmwl664.sys10:28:02.0594 5004 BCM43XX - ok10:28:02.0812 5004 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys10:28:02.0906 5004 Beep - ok10:28:03.0093 5004 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys10:28:03.0124 5004 blbdrive - ok10:28:03.0311 5004 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys10:28:03.0405 5004 bowser - ok10:28:03.0576 5004 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys10:28:03.0639 5004 BrFiltLo - ok10:28:03.0717 5004 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys10:28:03.0764 5004 BrFiltUp - ok10:28:03.0920 5004 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys10:28:04.0169 5004 Brserid - ok10:28:04.0310 5004 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys10:28:04.0419 5004 BrSerWdm - ok10:28:04.0559 5004 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys10:28:04.0653 5004 BrUsbMdm - ok10:28:04.0840 5004 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys10:28:04.0871 5004 BrUsbSer - ok10:28:05.0027 5004 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys10:28:05.0058 5004 BTHMODEM - ok10:28:05.0105 5004 catchme - ok10:28:05.0261 5004 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys10:28:05.0324 5004 cdfs - ok10:28:05.0526 5004 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys10:28:05.0573 5004 cdrom - ok10:28:05.0760 5004 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys10:28:05.0807 5004 circlass - ok10:28:05.0916 5004 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys10:28:05.0979 5004 CLFS - ok10:28:06.0213 5004 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys10:28:06.0260 5004 CmBatt - ok10:28:06.0447 5004 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys10:28:06.0478 5004 cmdide - ok10:28:06.0728 5004 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys10:28:06.0837 5004 CNG - ok10:28:07.0024 5004 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys10:28:07.0040 5004 Compbatt - ok10:28:07.0289 5004 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys10:28:07.0336 5004 CompositeBus - ok10:28:07.0523 5004 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys10:28:07.0539 5004 crcdisk - ok10:28:07.0788 5004 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys10:28:07.0851 5004 CtClsFlt - ok10:28:08.0007 5004 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys10:28:08.0069 5004 DfsC - ok10:28:08.0241 5004 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys10:28:08.0319 5004 discache - ok10:28:08.0506 5004 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys10:28:08.0522 5004 Disk - ok10:28:08.0802 5004 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys10:28:08.0849 5004 drmkaud - ok10:28:08.0896 5004 dump_wmimmc - ok10:28:09.0068 5004 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys10:28:09.0114 5004 DXGKrnl - ok10:28:09.0270 5004 EagleX64 - ok10:28:09.0863 5004 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys10:28:09.0988 5004 ebdrv - ok10:28:10.0253 5004 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys10:28:10.0316 5004 elxstor - ok10:28:10.0518 5004 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys10:28:10.0643 5004 ErrDev - ok10:28:10.0893 5004 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys10:28:10.0986 5004 exfat - ok10:28:11.0174 5004 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys10:28:11.0267 5004 fastfat - ok10:28:11.0439 5004 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys10:28:11.0470 5004 fdc - ok10:28:11.0610 5004 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys10:28:11.0642 5004 FileInfo - ok10:28:11.0876 5004 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys10:28:11.0922 5004 Filetrace - ok10:28:12.0094 5004 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys10:28:12.0125 5004 flpydisk - ok10:28:12.0359 5004 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys10:28:12.0390 5004 FltMgr - ok10:28:12.0546 5004 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys10:28:12.0562 5004 FsDepends - ok10:28:12.0749 5004 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys10:28:12.0749 5004 Fs_Rec - ok10:28:12.0921 5004 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys10:28:12.0936 5004 fvevol - ok10:28:13.0108 5004 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys10:28:13.0124 5004 gagp30kx - ok10:28:13.0248 5004 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys10:28:13.0264 5004 GEARAspiWDM - ok10:28:13.0326 5004 Gun - ok10:28:13.0623 5004 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys10:28:13.0670 5004 hcw85cir - ok10:28:13.0841 5004 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys10:28:13.0872 5004 HDAudBus - ok10:28:14.0278 5004 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys10:28:14.0294 5004 HECIx64 - ok10:28:14.0496 5004 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys10:28:14.0512 5004 HidBatt - ok10:28:14.0668 5004 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys10:28:14.0715 5004 HidBth - ok10:28:14.0902 5004 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys10:28:14.0933 5004 HidIr - ok10:28:15.0105 5004 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys10:28:15.0152 5004 HidUsb - ok10:28:15.0245 5004 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys10:28:15.0276 5004 HpSAMD - ok10:28:15.0370 5004 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys10:28:15.0495 5004 HTTP - ok10:28:15.0620 5004 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys10:28:15.0635 5004 hwpolicy - ok10:28:15.0807 5004 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys10:28:15.0822 5004 i8042prt - ok10:28:16.0025 5004 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys10:28:16.0103 5004 iaStorV - ok10:28:16.0322 5004 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys10:28:16.0337 5004 iirsp - ok10:28:16.0571 5004 IntcAzAudAddService (2a7cf87be453241fe0baa1c8651e7aa4) C:\Windows\system32\drivers\RTKVHD64.sys10:28:16.0618 5004 IntcAzAudAddService - ok10:28:16.0821 5004 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys10:28:16.0852 5004 intelide - ok10:28:17.0195 5004 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys10:28:17.0258 5004 intelppm - ok10:28:17.0382 5004 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys10:28:17.0492 5004 IpFilterDriver - ok10:28:17.0694 5004 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys10:28:17.0772 5004 IPMIDRV - ok10:28:17.0897 5004 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys10:28:18.0006 5004 IPNAT - ok10:28:18.0147 5004 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys10:28:18.0381 5004 IRENUM - ok10:28:18.0552 5004 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys10:28:18.0568 5004 isapnp - ok10:28:18.0677 5004 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys10:28:18.0708 5004 iScsiPrt - ok10:28:18.0833 5004 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys10:28:18.0849 5004 kbdclass - ok10:28:18.0958 5004 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys10:28:19.0005 5004 kbdhid - ok10:28:19.0208 5004 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys10:28:19.0239 5004 KSecDD - ok10:28:19.0488 5004 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys10:28:19.0520 5004 KSecPkg - ok10:28:19.0769 5004 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys10:28:19.0878 5004 ksthunk - ok10:28:20.0050 5004 Lavasoft Kernexplorer (9a7fa6371f68335fd3c3d6488bc5a9f8) C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys10:28:20.0081 5004 Lavasoft Kernexplorer - ok10:28:20.0268 5004 Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys10:28:20.0284 5004 Lbd - ok10:28:20.0502 5004 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys10:28:20.0612 5004 lltdio - ok10:28:20.0986 5004 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys10:28:21.0002 5004 LSI_FC - ok10:28:21.0329 5004 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys10:28:21.0345 5004 LSI_SAS - ok10:28:21.0516 5004 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys10:28:21.0548 5004 LSI_SAS2 - ok10:28:21.0750 5004 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys10:28:21.0766 5004 LSI_SCSI - ok10:28:21.0860 5004 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys10:28:21.0938 5004 luafv - ok10:28:22.0140 5004 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys10:28:22.0172 5004 megasas - ok10:28:22.0468 5004 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys10:28:22.0499 5004 MegaSR - ok10:28:22.0718 5004 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys10:28:22.0811 5004 Modem - ok10:28:23.0014 5004 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys10:28:23.0108 5004 monitor - ok10:28:23.0357 5004 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys10:28:23.0373 5004 mouclass - ok10:28:23.0560 5004 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys10:28:23.0685 5004 mouhid - ok10:28:23.0810 5004 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys10:28:23.0841 5004 mountmgr - ok10:28:23.0997 5004 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys10:28:24.0028 5004 mpio - ok10:28:24.0200 5004 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys10:28:24.0324 5004 mpsdrv - ok10:28:24.0527 5004 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys10:28:24.0574 5004 MRxDAV - ok10:28:24.0730 5004 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys10:28:24.0839 5004 mrxsmb - ok10:28:25.0089 5004 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys10:28:25.0151 5004 mrxsmb10 - ok10:28:25.0354 5004 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys10:28:25.0401 5004 mrxsmb20 - ok10:28:25.0635 5004 msahci (bccf16d5fb1109162380e3e28dc9e4e5) C:\Windows\system32\DRIVERS\msahci.sys10:28:25.0650 5004 msahci - ok10:28:25.0806 5004 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys10:28:25.0838 5004 msdsm - ok10:28:25.0962 5004 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys10:28:26.0009 5004 Msfs - ok10:28:26.0274 5004 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys10:28:26.0368 5004 mshidkmdf - ok10:28:26.0477 5004 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys10:28:26.0493 5004 msisadrv - ok10:28:26.0696 5004 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys10:28:26.0774 5004 MSKSSRV - ok10:28:27.0054 5004 msloop (103b3bbe23ab774b009d182276ec6786) C:\Windows\system32\DRIVERS\loop.sys10:28:27.0101 5004 msloop - ok10:28:27.0273 5004 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys10:28:27.0366 5004 MSPCLOCK - ok10:28:27.0538 5004 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys10:28:27.0632 5004 MSPQM - ok10:28:27.0897 5004 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys10:28:27.0928 5004 MsRPC - ok10:28:28.0146 5004 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys10:28:28.0162 5004 mssmbios - ok10:28:28.0318 5004 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys10:28:28.0412 5004 MSTEE - ok10:28:28.0693 5004 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys10:28:28.0786 5004 MTConfig - ok10:28:29.0176 5004 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys10:28:29.0207 5004 Mup - ok10:28:29.0551 5004 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys10:28:29.0660 5004 NativeWifiP - ok10:28:29.0972 5004 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys10:28:30.0034 5004 NDIS - ok10:28:30.0393 5004 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys10:28:30.0471 5004 NdisCap - ok10:28:30.0799 5004 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys10:28:30.0908 5004 NdisTapi - ok10:28:31.0111 5004 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys10:28:31.0204 5004 Ndisuio - ok10:28:31.0610 5004 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys10:28:31.0672 5004 NdisWan - ok10:28:31.0891 5004 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys10:28:32.0015 5004 NDProxy - ok10:28:32.0218 5004 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys10:28:32.0312 5004 NetBIOS - ok10:28:32.0858 5004 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys10:28:33.0076 5004 NetBT - ok10:28:33.0794 5004 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys10:28:33.0809 5004 nfrd960 - ok10:28:33.0997 5004 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys10:28:34.0059 5004 Npfs - ok10:28:34.0168 5004 NPPTNT2 - ok10:28:34.0246 5004 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys10:28:34.0293 5004 nsiproxy - ok10:28:34.0433 5004 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys10:28:34.0527 5004 Ntfs - ok10:28:34.0683 5004 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys10:28:34.0761 5004 Null - ok10:28:35.0011 5004 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys10:28:35.0026 5004 nvraid - ok10:28:35.0182 5004 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys10:28:35.0198 5004 nvstor - ok10:28:35.0369 5004 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys10:28:35.0401 5004 nv_agp - ok10:28:35.0650 5004 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys10:28:35.0697 5004 ohci1394 - ok10:28:35.0837 5004 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys10:28:35.0869 5004 Parport - ok10:28:36.0009 5004 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys10:28:36.0025 5004 partmgr - ok10:28:36.0259 5004 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys10:28:36.0274 5004 pci - ok10:28:36.0477 5004 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys10:28:36.0493 5004 pciide - ok10:28:36.0851 5004 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys10:28:36.0883 5004 pcmcia - ok10:28:37.0070 5004 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys10:28:37.0101 5004 pcw - ok10:28:37.0257 5004 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys10:28:37.0351 5004 PEAUTH - ok10:28:37.0850 5004 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys10:28:37.0928 5004 PptpMiniport - ok10:28:38.0131 5004 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys10:28:38.0209 5004 Processor - ok10:28:38.0427 5004 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys10:28:38.0567 5004 Psched - ok10:28:38.0848 5004 PSI (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys10:28:38.0864 5004 PSI - ok10:28:39.0457 5004 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys10:28:39.0472 5004 PxHlpa64 - ok10:28:40.0112 5004 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys10:28:40.0205 5004 ql2300 - ok10:28:40.0517 5004 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys10:28:40.0549 5004 ql40xx - ok10:28:40.0720 5004 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys10:28:40.0829 5004 QWAVEdrv - ok10:28:41.0313 5004 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys10:28:41.0391 5004 RasAcd - ok10:28:41.0750 5004 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys10:28:41.0843 5004 RasAgileVpn - ok10:28:42.0109 5004 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys10:28:42.0187 5004 Rasl2tp - ok10:28:42.0389 5004 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys10:28:42.0452 5004 RasPppoe - ok10:28:42.0639 5004 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys10:28:42.0701 5004 RasSstp - ok10:28:42.0873 5004 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys10:28:42.0951 5004 rdbss - ok10:28:43.0154 5004 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys10:28:43.0216 5004 rdpbus - ok10:28:43.0372 5004 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys10:28:43.0450 5004 RDPCDD - ok10:28:43.0778 5004 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys10:28:43.0840 5004 RDPENCDD - ok10:28:43.0965 5004 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys10:28:44.0012 5004 RDPREFMP - ok10:28:44.0152 5004 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys10:28:44.0215 5004 RDPWD - ok10:28:44.0355 5004 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys10:28:44.0371 5004 rdyboost - ok10:28:44.0589 5004 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys10:28:44.0651 5004 rspndr - ok10:28:44.0761 5004 RSUSBSTOR (502b316947ea887cddd325d4745eb7d0) C:\Windows\system32\Drivers\RtsUStor.sys10:28:44.0839 5004 RSUSBSTOR - ok10:28:45.0026 5004 RTL8167 (3b01789ee4eaee97f5eb46b711387d5e) C:\Windows\system32\DRIVERS\Rt64win7.sys10:28:45.0104 5004 RTL8167 - ok10:28:45.0369 5004 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys10:28:45.0400 5004 sbp2port - ok10:28:45.0743 5004 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys10:28:45.0853 5004 scfilter - ok10:28:46.0024 5004 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys10:28:46.0118 5004 secdrv - ok10:28:46.0258 5004 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys10:28:46.0289 5004 Serenum - ok10:28:46.0399 5004 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys10:28:46.0430 5004 Serial - ok10:28:46.0633 5004 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys10:28:46.0679 5004 sermouse - ok10:28:46.0913 5004 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys10:28:46.0960 5004 sffdisk - ok10:28:47.0194 5004 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys10:28:47.0225 5004 sffp_mmc - ok10:28:47.0428 5004 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys10:28:47.0537 5004 sffp_sd - ok10:28:47.0709 5004 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys10:28:47.0756 5004 sfloppy - ok10:28:47.0912 5004 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys10:28:47.0943 5004 SiSRaid2 - ok10:28:48.0068 5004 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys10:28:48.0099 5004 SiSRaid4 - ok10:28:48.0317 5004 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys10:28:48.0395 5004 Smb - ok10:28:48.0598 5004 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys10:28:48.0629 5004 spldr - ok10:28:48.0801 5004 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys10:28:48.0895 5004 srv - ok10:28:49.0066 5004 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys10:28:49.0129 5004 srv2 - ok10:28:49.0253 5004 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys10:28:49.0300 5004 srvnet - ok10:28:49.0550 5004 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys10:28:49.0581 5004 stexstor - ok10:28:49.0721 5004 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys10:28:49.0737 5004 swenum - ok10:28:49.0955 5004 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys10:28:49.0987 5004 Tcpip - ok10:28:50.0253 5004 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys10:28:50.0300 5004 TCPIP6 - ok10:28:50.0424 5004 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys10:28:50.0487 5004 tcpipreg - ok10:28:50.0674 5004 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys10:28:50.0736 5004 TDPIPE - ok10:28:50.0924 5004 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys10:28:51.0002 5004 TDTCP - ok10:28:51.0143 5004 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys10:28:51.0221 5004 tdx - ok10:28:51.0361 5004 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys10:28:51.0377 5004 TermDD - ok10:28:51.0689 5004 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys10:28:51.0736 5004 tssecsrv - ok10:28:51.0970 5004 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys10:28:52.0048 5004 tunnel - ok10:28:52.0204 5004 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys10:28:52.0219 5004 uagp35 - ok10:28:52.0485 5004 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys10:28:52.0531 5004 udfs - ok10:28:52.0812 5004 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys10:28:52.0843 5004 uliagpkx - ok10:28:52.0999 5004 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys10:28:53.0046 5004 umbus - ok10:28:53.0187 5004 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys10:28:53.0233 5004 UmPass - ok10:28:53.0436 5004 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys10:28:53.0623 5004 USBAAPL64 - ok10:28:53.0857 5004 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys10:28:53.0935 5004 usbccgp - ok10:28:54.0091 5004 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys10:28:54.0154 5004 usbcir - ok10:28:54.0310 5004 usbehci (cb490987a7f6928a04bb838e3bd8a936) C:\Windows\system32\DRIVERS\usbehci.sys10:28:54.0341 5004 usbehci - ok10:28:54.0559 5004 usbhub (18124ef0a881a00ee222d02a3ee30270) C:\Windows\system32\DRIVERS\usbhub.sys10:28:54.0606 5004 usbhub - ok10:28:54.0778 5004 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys10:28:54.0809 5004 usbohci - ok10:28:54.0934 5004 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys10:28:54.0981 5004 usbprint - ok10:28:55.0168 5004 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS10:28:55.0215 5004 USBSTOR - ok10:28:55.0371 5004 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys10:28:55.0417 5004 usbuhci - ok10:28:55.0683 5004 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys10:28:55.0714 5004 usbvideo - ok10:28:55.0854 5004 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys10:28:55.0870 5004 vdrvroot - ok10:28:55.0979 5004 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys10:28:56.0010 5004 vga - ok10:28:56.0182 5004 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys10:28:56.0260 5004 VgaSave - ok10:28:56.0478 5004 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys10:28:56.0509 5004 vhdmp - ok10:28:56.0681 5004 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys10:28:56.0712 5004 viaide - ok10:28:56.0853 5004 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys10:28:56.0884 5004 volmgr - ok10:28:57.0149 5004 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys10:28:57.0196 5004 volmgrx - ok10:28:57.0399 5004 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys10:28:57.0430 5004 volsnap - ok10:28:57.0679 5004 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys10:28:57.0711 5004 vsmraid - ok10:28:57.0882 5004 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys10:28:57.0913 5004 vwifibus - ok10:28:58.0054 5004 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys10:28:58.0085 5004 vwififlt - ok10:28:58.0335 5004 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys10:28:58.0381 5004 WacomPen - ok10:28:58.0600 5004 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys10:28:58.0662 5004 WANARP - ok10:28:58.0693 5004 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys10:28:58.0740 5004 Wanarpv6 - ok10:28:58.0927 5004 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys10:28:58.0943 5004 Wd - ok10:28:59.0099 5004 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys10:28:59.0161 5004 WDC_SAM - ok10:28:59.0286 5004 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys10:28:59.0349 5004 Wdf01000 - ok10:28:59.0536 5004 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys10:28:59.0598 5004 WfpLwf - ok10:28:59.0739 5004 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys10:28:59.0754 5004 WIMMount - ok10:29:00.0051 5004 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys10:29:00.0097 5004 WinUsb - ok10:29:00.0222 5004 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys10:29:00.0269 5004 WmiAcpi - ok10:29:00.0550 5004 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys10:29:00.0643 5004 ws2ifsl - ok10:29:00.0893 5004 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys10:29:00.0987 5004 WudfPf - ok10:29:01.0174 5004 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys10:29:01.0236 5004 WUDFRd - ok10:29:01.0299 5004 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR010:29:01.0626 5004 \Device\Harddisk0\DR0 ( TDSS File System ) - warning10:29:01.0626 5004 \Device\Harddisk0\DR0 - detected TDSS File System (1)10:29:01.0657 5004 Boot (0x1200) (d6882cab9992beb45569aaef134498eb) \Device\Harddisk0\DR0\Partition010:29:01.0657 5004 \Device\Harddisk0\DR0\Partition0 - ok10:29:01.0673 5004 Boot (0x1200) (648a5e096581ccef30c7bbc0de874e61) \Device\Harddisk0\DR0\Partition110:29:01.0673 5004 \Device\Harddisk0\DR0\Partition1 - ok10:29:01.0689 5004 Boot (0x1200) (0296ff0c586fcbf37be610805f67b35e) \Device\Harddisk0\DR0\Partition210:29:01.0689 5004 \Device\Harddisk0\DR0\Partition2 - ok10:29:01.0689 5004 ============================================================10:29:01.0689 5004 Scan finished10:29:01.0689 5004 ============================================================10:29:01.0704 3196 Detected object count: 110:29:01.0704 3196 Actual detected object count: 110:29:24.0263 3196 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user10:29:24.0263 3196 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 10:29:38.0599 2604 ============================================================10:29:38.0599 2604 Scan started10:29:38.0599 2604 Mode: Manual; SigCheck; TDLFS; 10:29:38.0599 2604 ============================================================10:29:41.0298 2604 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys10:29:41.0345 2604 1394ohci - ok10:29:41.0532 2604 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys10:29:41.0563 2604 ACPI - ok10:29:41.0704 2604 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys10:29:41.0719 2604 AcpiPmi - ok10:29:41.0875 2604 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys10:29:41.0906 2604 adp94xx - ok10:29:42.0125 2604 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys10:29:42.0172 2604 adpahci - ok10:29:42.0296 2604 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys10:29:42.0328 2604 adpu320 - ok10:29:42.0546 2604 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys10:29:42.0577 2604 AFD - ok10:29:42.0702 2604 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys10:29:42.0718 2604 agp440 - ok10:29:42.0967 2604 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys10:29:42.0983 2604 aliide - ok10:29:43.0154 2604 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys10:29:43.0186 2604 amdide - ok10:29:43.0279 2604 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys10:29:43.0310 2604 AmdK8 - ok10:29:43.0357 2604 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys10:29:43.0388 2604 AmdPPM - ok10:29:43.0513 2604 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys10:29:43.0529 2604 amdsata - ok10:29:43.0732 2604 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys10:29:43.0763 2604 amdsbs - ok10:29:43.0934 2604 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys10:29:43.0950 2604 amdxata - ok10:29:44.0153 2604 ApfiltrService (8b522286c8d6a20133d12225b7759596) C:\Windows\system32\DRIVERS\Apfiltr.sys10:29:44.0184 2604 ApfiltrService - ok10:29:44.0324 2604 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys10:29:44.0356 2604 AppID - ok10:29:44.0496 2604 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys10:29:44.0512 2604 arc - ok10:29:44.0574 2604 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys10:29:44.0605 2604 arcsas - ok10:29:44.0714 2604 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys10:29:44.0777 2604 AsyncMac - ok10:29:44.0917 2604 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys10:29:44.0933 2604 atapi - ok10:29:45.0042 2604 AtiHdmiService (506934df94e3197f4a1bbe8fbeab0ccd) C:\Windows\system32\drivers\AtiHdmi.sys10:29:45.0058 2604 AtiHdmiService - ok10:29:45.0650 2604 atikmdag (c9f90fee4fdc829382b9130a92fb744c) C:\Windows\system32\DRIVERS\atikmdag.sys10:29:45.0744 2604 atikmdag - ok10:29:45.0931 2604 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys10:29:45.0962 2604 b06bdrv - ok10:29:46.0150 2604 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys10:29:46.0181 2604 b57nd60a - ok10:29:46.0368 2604 BCM42RLY (e001dd475a7c27ebe5a0db45c11bad71) C:\Windows\system32\drivers\BCM42RLY.sys10:29:46.0384 2604 BCM42RLY - ok10:29:46.0789 2604 BCM43XX (37394d3553e220fb732c21e217e1bd8b) C:\Windows\system32\DRIVERS\bcmwl664.sys10:29:46.0836 2604 BCM43XX - ok10:29:47.0039 2604 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys10:29:47.0086 2604 Beep - ok10:29:47.0210 2604 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys10:29:47.0242 2604 blbdrive - ok10:29:47.0382 2604 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys10:29:47.0398 2604 bowser - ok10:29:47.0554 2604 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys10:29:47.0585 2604 BrFiltLo - ok10:29:47.0725 2604 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys10:29:47.0756 2604 BrFiltUp - ok10:29:47.0912 2604 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys10:29:47.0959 2604 Brserid - ok10:29:48.0115 2604 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys10:29:48.0146 2604 BrSerWdm - ok10:29:48.0240 2604 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys10:29:48.0271 2604 BrUsbMdm - ok10:29:48.0380 2604 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys10:29:48.0412 2604 BrUsbSer - ok10:29:48.0490 2604 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys10:29:48.0521 2604 BTHMODEM - ok10:29:48.0536 2604 catchme - ok10:29:48.0614 2604 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys10:29:48.0677 2604 cdfs - ok10:29:48.0817 2604 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys10:29:48.0833 2604 cdrom - ok10:29:49.0051 2604 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys10:29:49.0082 2604 circlass - ok10:29:49.0254 2604 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys10:29:49.0285 2604 CLFS - ok10:29:49.0441 2604 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys10:29:49.0472 2604 CmBatt - ok10:29:49.0566 2604 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys10:29:49.0582 2604 cmdide - ok10:29:49.0722 2604 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys10:29:49.0753 2604 CNG - ok10:29:49.0894 2604 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys10:29:49.0925 2604 Compbatt - ok10:29:50.0050 2604 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys10:29:50.0096 2604 CompositeBus - ok10:29:50.0221 2604 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys10:29:50.0237 2604 crcdisk - ok10:29:50.0455 2604 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys10:29:50.0471 2604 CtClsFlt - ok10:29:50.0705 2604 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys10:29:50.0736 2604 DfsC - ok10:29:50.0986 2604 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys10:29:51.0032 2604 discache - ok10:29:51.0220 2604 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys10:29:51.0251 2604 Disk - ok10:29:51.0438 2604 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys10:29:51.0454 2604 drmkaud - ok10:29:51.0469 2604 dump_wmimmc - ok10:29:51.0719 2604 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys10:29:51.0766 2604 DXGKrnl - ok10:29:51.0922 2604 EagleX64 - ok10:29:52.0390 2604 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys10:29:52.0452 2604 ebdrv - ok10:29:52.0655 2604 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys10:29:52.0702 2604 elxstor - ok10:29:52.0858 2604 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys10:29:52.0873 2604 ErrDev - ok10:29:53.0138 2604 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys10:29:53.0232 2604 exfat - ok10:29:53.0466 2604 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys10:29:53.0513 2604 fastfat - ok10:29:53.0575 2604 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys10:29:53.0591 2604 fdc - ok10:29:53.0716 2604 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys10:29:53.0747 2604 FileInfo - ok10:29:53.0840 2604 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys10:29:53.0887 2604 Filetrace - ok10:29:54.0028 2604 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys10:29:54.0043 2604 flpydisk - ok10:29:54.0152 2604 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys10:29:54.0184 2604 FltMgr - ok10:29:54.0355 2604 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys10:29:54.0371 2604 FsDepends - ok10:29:54.0433 2604 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys10:29:54.0449 2604 Fs_Rec - ok10:29:54.0542 2604 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys10:29:54.0574 2604 fvevol - ok10:29:54.0730 2604 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys10:29:54.0745 2604 gagp30kx - ok10:29:54.0808 2604 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys10:29:54.0823 2604 GEARAspiWDM - ok10:29:54.0839 2604 Gun - ok10:29:55.0042 2604 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys10:29:55.0057 2604 hcw85cir - ok10:29:55.0166 2604 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys10:29:55.0182 2604 HDAudBus - ok10:29:55.0229 2604 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys10:29:55.0229 2604 HECIx64 - ok10:29:55.0276 2604 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys10:29:55.0307 2604 HidBatt - ok10:29:55.0338 2604 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys10:29:55.0369 2604 HidBth - ok10:29:55.0416 2604 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys10:29:55.0463 2604 HidIr - ok10:29:55.0494 2604 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys10:29:55.0510 2604 HidUsb - ok10:29:55.0712 2604 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys10:29:55.0728 2604 HpSAMD - ok10:29:55.0946 2604 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys10:29:56.0009 2604 HTTP - ok10:29:56.0180 2604 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys10:29:56.0196 2604 hwpolicy - ok10:29:56.0336 2604 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys10:29:56.0368 2604 i8042prt - ok10:29:56.0602 2604 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys10:29:56.0633 2604 iaStorV - ok10:29:56.0836 2604 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys10:29:56.0851 2604 iirsp - ok10:29:57.0288 2604 IntcAzAudAddService (2a7cf87be453241fe0baa1c8651e7aa4) C:\Windows\system32\drivers\RTKVHD64.sys10:29:57.0350 2604 IntcAzAudAddService - ok10:29:57.0538 2604 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys10:29:57.0553 2604 intelide - ok10:29:57.0740 2604 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys10:29:57.0772 2604 intelppm - ok10:29:57.0881 2604 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys10:29:57.0943 2604 IpFilterDriver - ok10:29:58.0084 2604 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys10:29:58.0115 2604 IPMIDRV - ok10:29:58.0240 2604 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys10:29:58.0302 2604 IPNAT - ok10:29:58.0474 2604 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys10:29:58.0505 2604 IRENUM - ok10:29:58.0661 2604 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys10:29:58.0676 2604 isapnp - ok10:29:58.0817 2604 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys10:29:58.0848 2604 iScsiPrt - ok10:29:59.0004 2604 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys10:29:59.0020 2604 kbdclass - ok10:29:59.0176 2604 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys10:29:59.0191 2604 kbdhid - ok10:29:59.0332 2604 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys10:29:59.0347 2604 KSecDD - ok10:29:59.0644 2604 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys10:29:59.0675 2604 KSecPkg - ok10:29:59.0909 2604 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys10:29:59.0971 2604 ksthunk - ok10:30:00.0143 2604 Lavasoft Kernexplorer (9a7fa6371f68335fd3c3d6488bc5a9f8) C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys10:30:00.0158 2604 Lavasoft Kernexplorer - ok10:30:00.0860 2604 Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys10:30:00.0876 2604 Lbd - ok10:30:01.0141 2604 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys10:30:01.0204 2604 lltdio - ok10:30:01.0344 2604 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys10:30:01.0360 2604 LSI_FC - ok10:30:01.0547 2604 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys10:30:01.0562 2604 LSI_SAS - ok10:30:01.0750 2604 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys10:30:01.0750 2604 LSI_SAS2 - ok10:30:01.0906 2604 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys10:30:01.0906 2604 LSI_SCSI - ok10:30:02.0015 2604 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys10:30:02.0046 2604 luafv - ok10:30:02.0296 2604 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys10:30:02.0327 2604 megasas - ok10:30:02.0545 2604 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys10:30:02.0576 2604 MegaSR - ok10:30:02.0732 2604 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys10:30:02.0810 2604 Modem - ok10:30:02.0951 2604 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys10:30:02.0982 2604 monitor - ok10:30:03.0076 2604 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys10:30:03.0076 2604 mouclass - ok10:30:03.0232 2604 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys10:30:03.0232 2604 mouhid - ok10:30:03.0310 2604 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys10:30:03.0341 2604 mountmgr - ok10:30:03.0434 2604 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys10:30:03.0466 2604 mpio - ok10:30:03.0653 2604 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys10:30:03.0700 2604 mpsdrv - ok10:30:03.0965 2604 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys10:30:03.0980 2604 MRxDAV - ok10:30:04.0168 2604 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys10:30:04.0168 2604 mrxsmb - ok10:30:04.0370 2604 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys10:30:04.0386 2604 mrxsmb10 - ok10:30:04.0558 2604 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys10:30:04.0558 2604 mrxsmb20 - ok10:30:04.0854 2604 msahci (bccf16d5fb1109162380e3e28dc9e4e5) C:\Windows\system32\DRIVERS\msahci.sys10:30:04.0885 2604 msahci - ok10:30:05.0041 2604 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys10:30:05.0057 2604 msdsm - ok10:30:05.0322 2604 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys10:30:05.0369 2604 Msfs - ok10:30:05.0525 2604 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys10:30:05.0587 2604 mshidkmdf - ok10:30:05.0806 2604 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys10:30:05.0821 2604 msisadrv - ok10:30:06.0024 2604 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys10:30:06.0071 2604 MSKSSRV - ok10:30:06.0242 2604 msloop (103b3bbe23ab774b009d182276ec6786) C:\Windows\system32\DRIVERS\loop.sys10:30:06.0258 2604 msloop - ok10:30:06.0445 2604 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys10:30:06.0492 2604 MSPCLOCK - ok10:30:06.0695 2604 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys10:30:06.0757 2604 MSPQM - ok10:30:07.0054 2604 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys10:30:07.0085 2604 MsRPC - ok10:30:07.0225 2604 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys10:30:07.0241 2604 mssmbios - ok10:30:07.0303 2604 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys10:30:07.0366 2604 MSTEE - ok10:30:07.0506 2604 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys10:30:07.0537 2604 MTConfig - ok10:30:07.0646 2604 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys10:30:07.0662 2604 Mup - ok10:30:07.0724 2604 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys10:30:07.0756 2604 NativeWifiP - ok10:30:07.0865 2604 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys10:30:07.0912 2604 NDIS - ok10:30:08.0083 2604 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys10:30:08.0146 2604 NdisCap - ok10:30:08.0270 2604 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys10:30:08.0317 2604 NdisTapi - ok10:30:08.0426 2604 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys10:30:08.0489 2604 Ndisuio - ok10:30:08.0614 2604 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys10:30:08.0676 2604 NdisWan - ok10:30:08.0816 2604 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys10:30:08.0863 2604 NDProxy - ok10:30:08.0972 2604 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys10:30:09.0035 2604 NetBIOS - ok10:30:09.0144 2604 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys10:30:09.0191 2604 NetBT - ok10:30:09.0331 2604 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys10:30:09.0347 2604 nfrd960 - ok10:30:09.0472 2604 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys10:30:09.0534 2604 Npfs - ok10:30:09.0612 2604 NPPTNT2 - ok10:30:09.0768 2604 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys10:30:09.0815 2604 nsiproxy - ok10:30:10.0049 2604 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys10:30:10.0111 2604 Ntfs - ok10:30:10.0345 2604 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys10:30:10.0376 2604 Null - ok10:30:10.0610 2604 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys10:30:10.0610 2604 nvraid - ok10:30:10.0782 2604 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys10:30:10.0813 2604 nvstor - ok10:30:11.0063 2604 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys10:30:11.0078 2604 nv_agp - ok10:30:11.0188 2604 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys10:30:11.0219 2604 ohci1394 - ok10:30:11.0484 2604 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys10:30:11.0515 2604 Parport - ok10:30:11.0640 2604 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys10:30:11.0656 2604 partmgr - ok10:30:11.0765 2604 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys10:30:11.0780 2604 pci - ok10:30:11.0968 2604 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys10:30:11.0983 2604 pciide - ok10:30:12.0155 2604 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys10:30:12.0170 2604 pcmcia - ok10:30:12.0326 2604 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys10:30:12.0342 2604 pcw - ok10:30:12.0482 2604 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys10:30:12.0529 2604 PEAUTH - ok10:30:12.0670 2604 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys10:30:12.0732 2604 PptpMiniport - ok10:30:12.0857 2604 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys10:30:12.0872 2604 Processor - ok10:30:13.0013 2604 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys10:30:13.0060 2604 Psched - ok10:30:13.0200 2604 PSI (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys10:30:13.0216 2604 PSI - ok10:30:13.0325 2604 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys10:30:13.0340 2604 PxHlpa64 - ok10:30:13.0574 2604 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys10:30:13.0621 2604 ql2300 - ok10:30:13.0762 2604 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys10:30:13.0777 2604 ql40xx - ok10:30:13.0840 2604 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys10:30:13.0871 2604 QWAVEdrv - ok10:30:13.0980 2604 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys10:30:14.0042 2604 RasAcd - ok10:30:14.0183 2604 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys10:30:14.0230 2604 RasAgileVpn - ok10:30:14.0339 2604 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys10:30:14.0386 2604 Rasl2tp - ok10:30:14.0495 2604 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys10:30:14.0557 2604 RasPppoe - ok10:30:14.0651 2604 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys10:30:14.0698 2604 RasSstp - ok10:30:14.0822 2604 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys10:30:14.0869 2604 rdbss - ok10:30:15.0119 2604 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys10:30:15.0150 2604 rdpbus - ok10:30:15.0259 2604 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys10:30:15.0322 2604 RDPCDD - ok10:30:15.0400 2604 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys10:30:15.0446 2604 RDPENCDD - ok10:30:15.0571 2604 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys10:30:15.0634 2604 RDPREFMP - ok10:30:15.0805 2604 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys10:30:15.0852 2604 RDPWD - ok10:30:15.0977 2604 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys10:30:16.0008 2604 rdyboost - ok10:30:16.0117 2604 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys10:30:16.0180 2604 rspndr - ok10:30:16.0320 2604 RSUSBSTOR (502b316947ea887cddd325d4745eb7d0) C:\Windows\system32\Drivers\RtsUStor.sys10:30:16.0336 2604 RSUSBSTOR - ok10:30:16.0492 2604 RTL8167 (3b01789ee4eaee97f5eb46b711387d5e) C:\Windows\system32\DRIVERS\Rt64win7.sys10:30:16.0523 2604 RTL8167 - ok10:30:16.0694 2604 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys10:30:16.0726 2604 sbp2port - ok10:30:16.0850 2604 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys10:30:16.0897 2604 scfilter - ok10:30:17.0053 2604 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys10:30:17.0131 2604 secdrv - ok10:30:17.0272 2604 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys10:30:17.0287 2604 Serenum - ok10:30:17.0412 2604 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys10:30:17.0443 2604 Serial - ok10:30:17.0537 2604 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys10:30:17.0568 2604 sermouse - ok10:30:17.0724 2604 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys10:30:17.0755 2604 sffdisk - ok10:30:17.0896 2604 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys10:30:17.0927 2604 sffp_mmc - ok10:30:18.0036 2604 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys10:30:18.0067 2604 sffp_sd - ok10:30:18.0192 2604 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys10:30:18.0208 2604 sfloppy - ok10:30:18.0348 2604 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys10:30:18.0364 2604 SiSRaid2 - ok10:30:18.0488 2604 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys10:30:18.0504 2604 SiSRaid4 - ok10:30:18.0629 2604 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys10:30:18.0691 2604 Smb - ok10:30:18.0800 2604 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys10:30:18.0816 2604 spldr - ok10:30:19.0050 2604 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys10:30:19.0081 2604 srv - ok10:30:19.0253 2604 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys10:30:19.0284 2604 srv2 - ok10:30:19.0440 2604 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys10:30:19.0456 2604 srvnet - ok10:30:19.0580 2604 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys10:30:19.0596 2604 stexstor - ok10:30:19.0768 2604 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys10:30:19.0783 2604 swenum - ok10:30:20.0048 2604 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys10:30:20.0095 2604 Tcpip - ok10:30:20.0298 2604 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys10:30:20.0345 2604 TCPIP6 - ok10:30:20.0516 2604 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys10:30:20.0579 2604 tcpipreg - ok10:30:20.0704 2604 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys10:30:20.0766 2604 TDPIPE - ok10:30:20.0891 2604 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys10:30:20.0953 2604 TDTCP - ok10:30:21.0047 2604 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys10:30:21.0094 2604 tdx - ok10:30:21.0218 2604 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys10:30:21.0234 2604 TermDD - ok10:30:21.0421 2604 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys10:30:21.0484 2604 tssecsrv - ok10:30:21.0624 2604 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys10:30:21.0671 2604 tunnel - ok10:30:21.0796 2604 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys10:30:21.0827 2604 uagp35 - ok10:30:21.0952 2604 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys10:30:21.0983 2604 udfs - ok10:30:22.0123 2604 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys10:30:22.0139 2604 uliagpkx - ok10:30:22.0248 2604 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys10:30:22.0279 2604 umbus - ok10:30:22.0388 2604 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys10:30:22.0404 2604 UmPass - ok10:30:22.0529 2604 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys10:30:22.0545 2604 USBAAPL64 - ok10:30:22.0716 2604 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys10:30:22.0732 2604 usbccgp - ok10:30:22.0794 2604 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys10:30:22.0810 2604 usbcir - ok10:30:23.0215 2604 usbehci (cb490987a7f6928a04bb838e3bd8a936) C:\Windows\system32\DRIVERS\usbehci.sys10:30:23.0231 2604 usbehci - ok10:30:23.0621 2604 usbhub (18124ef0a881a00ee222d02a3ee30270) C:\Windows\system32\DRIVERS\usbhub.sys10:30:23.0637 2604 usbhub - ok10:30:23.0933 2604 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys10:30:23.0949 2604 usbohci - ok10:30:24.0073 2604 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys10:30:24.0089 2604 usbprint - ok10:30:24.0183 2604 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS10:30:24.0198 2604 USBSTOR - ok10:30:24.0370 2604 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys10:30:24.0370 2604 usbuhci - ok10:30:24.0510 2604 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys10:30:24.0526 2604 usbvideo - ok10:30:24.0635 2604 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys10:30:24.0635 2604 vdrvroot - ok10:30:24.0791 2604 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys10:30:24.0822 2604 vga - ok10:30:25.0228 2604 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys10:30:25.0259 2604 VgaSave - ok10:30:25.0494 2604 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys10:30:25.0510 2604 vhdmp - ok10:30:25.0650 2604 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys10:30:25.0650 2604 viaide - ok10:30:25.0822 2604 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys10:30:25.0837 2604 volmgr - ok10:30:25.0978 2604 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys10:30:26.0009 2604 volmgrx - ok10:30:26.0180 2604 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys10:30:26.0212 2604 volsnap - ok10:30:26.0414 2604 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys10:30:26.0447 2604 vsmraid - ok10:30:26.0540 2604 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys10:30:26.0556 2604 vwifibus - ok10:30:26.0618 2604 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys10:30:26.0665 2604 vwififlt - ok10:30:26.0805 2604 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys10:30:26.0821 2604 WacomPen - ok10:30:26.0946 2604 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys10:30:26.0993 2604 WANARP - ok10:30:26.0993 2604 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys10:30:27.0039 2604 Wanarpv6 - ok10:30:27.0242 2604 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys10:30:27.0242 2604 Wd - ok10:30:27.0414 2604 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys10:30:27.0429 2604 WDC_SAM - ok10:30:27.0585 2604 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys10:30:27.0601 2604 Wdf01000 - ok10:30:27.0757 2604 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys10:30:27.0819 2604 WfpLwf - ok10:30:28.0131 2604 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys10:30:28.0147 2604 WIMMount - ok10:30:28.0459 2604 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys10:30:28.0490 2604 WinUsb - ok10:30:28.0693 2604 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys10:30:28.0709 2604 WmiAcpi - ok10:30:28.0849 2604 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys10:30:28.0911 2604 ws2ifsl - ok10:30:29.0099 2604 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys10:30:29.0130 2604 WudfPf - ok10:30:29.0286 2604 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys10:30:29.0348 2604 WUDFRd - ok10:30:29.0379 2604 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR010:30:29.0629 2604 \Device\Harddisk0\DR0 ( TDSS File System ) - warning10:30:29.0629 2604 \Device\Harddisk0\DR0 - detected TDSS File System (1)10:30:29.0629 2604 Boot (0x1200) (d6882cab9992beb45569aaef134498eb) \Device\Harddisk0\DR0\Partition010:30:29.0629 2604 \Device\Harddisk0\DR0\Partition0 - ok10:30:29.0660 2604 Boot (0x1200) (648a5e096581ccef30c7bbc0de874e61) \Device\Harddisk0\DR0\Partition110:30:29.0660 2604 \Device\Harddisk0\DR0\Partition1 - ok10:30:29.0676 2604 Boot (0x1200) (0296ff0c586fcbf37be610805f67b35e) \Device\Harddisk0\DR0\Partition210:30:29.0691 2604 \Device\Harddisk0\DR0\Partition2 - ok10:30:29.0691 2604 ============================================================10:30:29.0691 2604 Scan finished10:30:29.0691 2604 ============================================================10:30:29.0707 4188 Detected object count: 110:30:29.0707 4188 Actual detected object count: 110:31:02.0623 4188 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user10:31:02.0623 4188 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 10:31:54.0528 3664 Deinitialize success_________________________OTL and Extras are AttachedOTL.TxtExtras.Txt Link to post Share on other sites More sharing options...
MrCharlie Posted December 24, 2011 ID:508897 Share Posted December 24, 2011 10:30:29.0629 2604 \Device\Harddisk0\DR0 ( TDSS File System ) - warning10:30:29.0629 2604 \Device\Harddisk0\DR0 - detected TDSS File System (1)10:30:29.0629 2604 Boot (0x1200) (d6882cab9992beb45569aaef134498eb) \Device\Harddisk0\DR0\Partition0Run TDSSKiller again and have it cure this one.Post the log, MrC Link to post Share on other sites More sharing options...
lodwyvern Posted December 24, 2011 Author ID:508902 Share Posted December 24, 2011 10:30:29.0629 2604 \Device\Harddisk0\DR0 ( TDSS File System ) - warning10:30:29.0629 2604 \Device\Harddisk0\DR0 - detected TDSS File System (1)10:30:29.0629 2604 Boot (0x1200) (d6882cab9992beb45569aaef134498eb) \Device\Harddisk0\DR0\Partition0Run TDSSKiller again and have it cure this one.Post the log, MrCthere is no option to cure this one Link to post Share on other sites More sharing options...
MrCharlie Posted December 24, 2011 ID:508906 Share Posted December 24, 2011 What options are available? MrC Link to post Share on other sites More sharing options...
lodwyvern Posted December 24, 2011 Author ID:508907 Share Posted December 24, 2011 skip quarantine or delete Link to post Share on other sites More sharing options...
MrCharlie Posted December 24, 2011 ID:508913 Share Posted December 24, 2011 Please visit this webpage for download links, and instructions for running ComboFixhttp://www.bleepingcomputer.com/combofix/how-to-use-combofixEnsure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Make sure you run ComboFix from your desktop. Please include the C:\ComboFix.txt in your next reply for further review.MrC Link to post Share on other sites More sharing options...
lodwyvern Posted December 24, 2011 Author ID:508916 Share Posted December 24, 2011 ComboFix 11-12-24.03 - Kemi 12/24/2011 11:12:00.5.4 - x64Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3957.2550 [GMT -5:00]Running from: c:\users\Kemi\Desktop\ComboFix.exe * Created a new restore point..((((((((((((((((((((((((( Files Created from 2011-11-24 to 2011-12-24 )))))))))))))))))))))))))))))))..2011-12-24 16:17 . 2011-12-24 16:17 -------- d-----w- c:\users\Default\AppData\Local\temp2011-12-24 16:17 . 2011-12-24 16:17 -------- d-----w- c:\users\Administrator\AppData\Local\temp2011-12-22 01:02 . 2011-12-22 01:02 25160 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys2011-12-22 01:01 . 2011-12-22 01:02 -------- d-----w- c:\programdata\Hitman Pro2011-12-21 05:43 . 2011-12-21 05:43 -------- d-----w- c:\program files\iPod2011-12-21 05:43 . 2011-12-21 05:44 -------- d-----w- c:\program files\iTunes2011-12-21 05:43 . 2011-12-21 05:44 -------- d-----w- c:\program files (x86)\iTunes2011-12-21 05:36 . 2011-12-21 05:36 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll2011-12-21 05:36 . 2011-12-21 05:36 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll2011-12-21 05:36 . 2011-12-21 05:36 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll2011-12-21 05:36 . 2011-12-21 05:36 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll2011-12-21 05:36 . 2011-12-21 05:36 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll2011-12-21 05:36 . 2011-12-21 05:36 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll2011-12-21 05:36 . 2011-12-21 05:36 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll2011-12-21 05:36 . 2011-12-21 05:36 -------- d-----w- c:\program files (x86)\QuickTime2011-12-18 14:46 . 2011-12-18 14:46 -------- d-----w- c:\programdata\Kaspersky Lab2011-12-18 01:08 . 2011-12-18 01:08 -------- d-----w- c:\program files\Perfect Uninstaller2011-12-15 23:31 . 2011-12-12 15:07 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys2011-12-15 23:23 . 2011-12-15 23:23 -------- d-----w- c:\users\Kemi\AppData\Local\Secunia PSI2011-12-15 23:23 . 2011-12-15 23:23 -------- d-----w- c:\program files (x86)\Secunia2011-12-15 21:41 . 2011-12-15 21:41 -------- d-----w- c:\users\Kemi\AppData\Roaming\Malwarebytes2011-12-15 21:41 . 2011-12-15 21:41 -------- d-----w- c:\programdata\Malwarebytes2011-12-15 21:41 . 2011-12-15 21:41 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware2011-12-15 21:41 . 2011-08-31 22:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys2011-12-13 22:14 . 2011-10-26 05:19 43520 ----a-w- c:\windows\system32\csrsrv.dll2011-12-03 21:30 . 2011-12-03 21:30 -------- d-----w- c:\program files (x86)\Conduit2011-12-03 21:30 . 2011-12-03 21:31 -------- d-----w- c:\program files (x86)\vShare.tv plugin...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2011-12-15 23:34 . 2011-06-28 16:28 16432 ----a-w- c:\windows\system32\lsdelete.exe2011-12-15 23:30 . 2011-05-19 01:34 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts2011-09-29 16:24 . 2011-11-08 23:30 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys..((((((((((((((((((((((((((((( SnapShot@2011-12-21_23.44.03 ))))))))))))))))))))))))))))))))))))))))).+ 2010-04-10 01:09 . 2011-12-24 15:50 44194 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin+ 2009-07-14 05:10 . 2011-12-24 15:50 27694 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin+ 2010-04-15 20:09 . 2011-12-24 15:50 12520 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2388530736-2293520703-3528504006-1001_UserData.bin+ 2009-07-14 05:30 . 2011-12-22 01:35 86016 c:\windows\system32\DriverStore\infpub.dat- 2009-07-14 05:30 . 2011-12-21 05:41 86016 c:\windows\system32\DriverStore\infpub.dat+ 2010-04-14 20:57 . 2011-12-24 15:30 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat- 2010-04-14 20:57 . 2011-12-19 23:42 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat- 2010-04-14 20:57 . 2011-12-19 23:42 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat+ 2010-04-14 20:57 . 2011-12-24 15:30 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat- 2009-07-14 04:54 . 2011-12-19 23:42 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat+ 2009-07-14 04:54 . 2011-12-24 15:30 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat+ 2010-04-14 21:11 . 2011-12-24 15:49 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat- 2010-04-14 21:11 . 2011-12-19 23:39 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat- 2010-04-14 21:11 . 2011-12-19 23:39 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat+ 2010-04-14 21:11 . 2011-12-24 15:49 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat- 2010-04-14 21:11 . 2011-12-19 23:39 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat+ 2010-04-14 21:11 . 2011-12-24 15:49 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat- 2010-04-14 21:11 . 2011-12-19 23:39 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat+ 2010-04-14 21:11 . 2011-12-24 15:49 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat+ 2010-04-14 21:11 . 2011-12-24 15:49 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat- 2010-04-14 21:11 . 2011-12-19 23:39 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat- 2011-12-21 21:46 . 2011-12-21 21:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat+ 2011-12-24 15:48 . 2011-12-24 15:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat- 2011-12-21 21:46 . 2011-12-21 21:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat+ 2011-12-24 15:48 . 2011-12-24 15:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat+ 2009-07-14 04:54 . 2011-12-24 15:48 212992 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat- 2009-07-14 04:54 . 2011-12-21 21:47 212992 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat+ 2009-07-14 04:54 . 2011-12-24 15:48 753664 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat- 2009-07-14 04:54 . 2011-12-21 21:47 753664 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat+ 2010-04-16 10:37 . 2011-12-22 12:24 258240 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin- 2009-07-14 05:30 . 2011-12-21 05:41 143360 c:\windows\system32\DriverStore\infstrng.dat+ 2009-07-14 05:30 . 2011-12-22 01:35 143360 c:\windows\system32\DriverStore\infstrng.dat- 2009-07-14 05:30 . 2011-10-19 21:11 143360 c:\windows\system32\DriverStore\infstor.dat+ 2009-07-14 05:30 . 2011-12-22 01:35 143360 c:\windows\system32\DriverStore\infstor.dat+ 2009-07-14 05:01 . 2011-12-24 15:39 406380 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat- 2009-07-14 05:01 . 2011-12-18 01:11 406380 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat+ 2009-07-14 04:54 . 2011-12-24 15:48 3538944 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat- 2009-07-14 04:54 . 2011-12-21 21:47 3538944 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat+ 2009-07-14 02:36 . 2011-12-24 15:53 3292482 c:\windows\system32\perfh009.dat+ 2009-07-14 02:36 . 2011-12-24 15:53 1038742 c:\windows\system32\perfc009.dat- 2011-03-22 00:19 . 2011-12-18 01:11 2029388 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2388530736-2293520703-3528504006-1001-8192.dat+ 2011-03-22 00:19 . 2011-12-23 22:56 2029388 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2388530736-2293520703-3528504006-1001-8192.dat- 2009-07-14 02:34 . 2011-12-21 23:51 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT+ 2009-07-14 02:34 . 2011-12-22 12:45 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2011-02-18 05:12 94208 ----a-w- c:\users\Kemi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2011-02-18 05:12 94208 ----a-w- c:\users\Kemi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2011-02-18 05:12 94208 ----a-w- c:\users\Kemi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-09 98304]"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]"VERIZONDM"="c:\program files (x86)\VERIZONDM\bin\sprtcmd.exe" [2010-06-11 206120]"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736].c:\users\Kemi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk - c:\program files (x86)\Dell\DellDock\DellDock.exe [N/A].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-14 291896].c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"aux1"=wdmaud.drv.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]@="Service".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]@="Driver".R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-19 135664]R3 dump_wmimmc;dump_wmimmc;c:\rohan_blood_feud\GameGuard\dump_wmimmc.sys [x]R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]R3 Gun;Gun;c:\game\SoftnyxGame\GunBoundIS\Gun64.sys [x]R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-19 135664]R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-06-28 17152]R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-10-09 92160]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-12-15 2152152]S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360]S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]S2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files (x86)\VERIZONDM\bin\sprtsvc.exe [2010-06-11 206120]S2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files (x86)\VERIZONDM\bin\tgsrvc.exe [2010-06-11 185640]S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - 47972999*Deregistered* - 47972999.Contents of the 'Scheduled Tasks' folder.2011-12-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-19 13:45].2011-12-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-19 13:45]..--------- x86-64 -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2011-02-18 05:12 97792 ----a-w- c:\users\Kemi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2011-02-18 05:12 97792 ----a-w- c:\users\Kemi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2011-02-18 05:12 97792 ----a-w- c:\users\Kemi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2011-02-18 05:12 97792 ----a-w- c:\users\Kemi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-09-16 357376]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-09 8158240]"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHPmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localIE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000TCP: DhcpNameServer = 192.168.1.1FF - ProfilePath - c:\users\Kemi\AppData\Roaming\Mozilla\Firefox\Profiles\shqvloku.default\FF - prefs.js: browser.startup.homepage - about:homeFF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3001705&SearchSource=2&q=FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(general.useragent.extra.brc, BRI/1FF - user.js: network.protocol-handler.warn-external.dnupdate - false.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)AddRemove-Age of Empires II: The Conquerors Expansion 1.0 - c:\program files (x86)\Microsoft Games\Age of Empires II\UNINSTALX.EXE...[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]"ImagePath"="c:\windows\system32\GameMon.des -service".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10y_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10y_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10y.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.10".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10y.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10y.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10y.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2011-12-24 11:19:26ComboFix-quarantined-files.txt 2011-12-24 16:19ComboFix2.txt 2011-12-22 16:47ComboFix3.txt 2011-12-21 23:54ComboFix4.txt 2011-12-18 20:18.Pre-Run: 6,481,264,640 bytes freePost-Run: 6,426,660,864 bytes free.- - End Of File - - CFB221522F4277C298276B7A1208EFA8 Link to post Share on other sites More sharing options...
MrCharlie Posted December 24, 2011 ID:508925 Share Posted December 24, 2011 Please Update and run a Quick Scan with MBAM, post the report.Please let me know how it is, MrC Link to post Share on other sites More sharing options...
lodwyvern Posted December 24, 2011 Author ID:508930 Share Posted December 24, 2011 Here is the scan reportMalwarebytes' Anti-Malware 1.51.2.1300www.malwarebytes.orgDatabase version: 911122404Windows 6.1.7600Internet Explorer 8.0.7600.1638512/24/2011 11:59:28 AMmbam-log-2011-12-24 (11-59-28).txtScan type: Quick scanObjects scanned: 189699Time elapsed: 3 minute(s), 5 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected) Link to post Share on other sites More sharing options...
MrCharlie Posted December 24, 2011 ID:508935 Share Posted December 24, 2011 How is it???Grab a fresh copy of TDSSKiller and run it, post the log...lets see if CF cleared out the infection.MrC Link to post Share on other sites More sharing options...
lodwyvern Posted December 24, 2011 Author ID:508939 Share Posted December 24, 2011 I've still got the uncurable file in the harddisk 12:12:25.0041 0888 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:1612:12:25.0291 0888 ============================================================12:12:25.0291 0888 Current date / time: 2011/12/24 12:12:25.029112:12:25.0291 0888 SystemInfo:12:12:25.0291 0888 12:12:25.0291 0888 OS Version: 6.1.7600 ServicePack: 0.012:12:25.0291 0888 Product type: Workstation12:12:25.0291 0888 ComputerName: POUNDEDYAM12:12:25.0291 0888 UserName: Kemi12:12:25.0291 0888 Windows directory: C:\Windows12:12:25.0291 0888 System windows directory: C:\Windows12:12:25.0291 0888 Running under WOW6412:12:25.0291 0888 Processor architecture: Intel x6412:12:25.0291 0888 Number of processors: 412:12:25.0291 0888 Page size: 0x100012:12:25.0291 0888 Boot type: Normal boot12:12:25.0291 0888 ============================================================12:12:26.0242 0888 Initialize success12:12:32.0763 4288 ============================================================12:12:32.0763 4288 Scan started12:12:32.0763 4288 Mode: Manual; SigCheck; TDLFS; 12:12:32.0763 4288 ============================================================12:12:33.0730 4288 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys12:12:33.0839 4288 1394ohci - ok12:12:33.0902 4288 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys12:12:33.0917 4288 ACPI - ok12:12:33.0964 4288 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys12:12:34.0027 4288 AcpiPmi - ok12:12:34.0167 4288 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys12:12:34.0198 4288 adp94xx - ok12:12:34.0229 4288 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys12:12:34.0276 4288 adpahci - ok12:12:34.0323 4288 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys12:12:34.0354 4288 adpu320 - ok12:12:34.0448 4288 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys12:12:34.0510 4288 AFD - ok12:12:34.0573 4288 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys12:12:34.0588 4288 agp440 - ok12:12:34.0651 4288 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys12:12:34.0682 4288 aliide - ok12:12:34.0744 4288 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys12:12:34.0760 4288 amdide - ok12:12:34.0822 4288 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys12:12:34.0885 4288 AmdK8 - ok12:12:34.0931 4288 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys12:12:34.0978 4288 AmdPPM - ok12:12:35.0056 4288 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys12:12:35.0087 4288 amdsata - ok12:12:35.0134 4288 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys12:12:35.0165 4288 amdsbs - ok12:12:35.0197 4288 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys12:12:35.0228 4288 amdxata - ok12:12:35.0290 4288 ApfiltrService (8b522286c8d6a20133d12225b7759596) C:\Windows\system32\DRIVERS\Apfiltr.sys12:12:35.0321 4288 ApfiltrService - ok12:12:35.0384 4288 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys12:12:35.0446 4288 AppID - ok12:12:35.0587 4288 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys12:12:35.0602 4288 arc - ok12:12:35.0649 4288 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys12:12:35.0665 4288 arcsas - ok12:12:35.0743 4288 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys12:12:35.0852 4288 AsyncMac - ok12:12:35.0899 4288 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys12:12:35.0914 4288 atapi - ok12:12:35.0992 4288 AtiHdmiService (506934df94e3197f4a1bbe8fbeab0ccd) C:\Windows\system32\drivers\AtiHdmi.sys12:12:36.0008 4288 AtiHdmiService - ok12:12:36.0179 4288 atikmdag (c9f90fee4fdc829382b9130a92fb744c) C:\Windows\system32\DRIVERS\atikmdag.sys12:12:36.0382 4288 atikmdag - ok12:12:36.0585 4288 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys12:12:36.0647 4288 b06bdrv - ok12:12:37.0022 4288 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys12:12:37.0069 4288 b57nd60a - ok12:12:37.0147 4288 BCM42RLY (e001dd475a7c27ebe5a0db45c11bad71) C:\Windows\system32\drivers\BCM42RLY.sys12:12:37.0162 4288 BCM42RLY - ok12:12:37.0427 4288 BCM43XX (37394d3553e220fb732c21e217e1bd8b) C:\Windows\system32\DRIVERS\bcmwl664.sys12:12:37.0474 4288 BCM43XX - ok12:12:37.0646 4288 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys12:12:37.0739 4288 Beep - ok12:12:37.0786 4288 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys12:12:37.0817 4288 blbdrive - ok12:12:37.0927 4288 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys12:12:37.0973 4288 bowser - ok12:12:38.0036 4288 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys12:12:38.0083 4288 BrFiltLo - ok12:12:38.0114 4288 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys12:12:38.0145 4288 BrFiltUp - ok12:12:38.0207 4288 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys12:12:38.0254 4288 Brserid - ok12:12:38.0301 4288 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys12:12:38.0348 4288 BrSerWdm - ok12:12:38.0379 4288 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys12:12:38.0441 4288 BrUsbMdm - ok12:12:38.0519 4288 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys12:12:38.0551 4288 BrUsbSer - ok12:12:38.0597 4288 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys12:12:38.0629 4288 BTHMODEM - ok12:12:38.0675 4288 catchme - ok12:12:38.0769 4288 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys12:12:38.0863 4288 cdfs - ok12:12:38.0909 4288 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys12:12:38.0956 4288 cdrom - ok12:12:39.0065 4288 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys12:12:39.0112 4288 circlass - ok12:12:39.0175 4288 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys12:12:39.0206 4288 CLFS - ok12:12:39.0331 4288 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys12:12:39.0362 4288 CmBatt - ok12:12:39.0410 4288 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys12:12:39.0425 4288 cmdide - ok12:12:39.0488 4288 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys12:12:39.0519 4288 CNG - ok12:12:39.0581 4288 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys12:12:39.0581 4288 Compbatt - ok12:12:39.0628 4288 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys12:12:39.0659 4288 CompositeBus - ok12:12:39.0722 4288 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys12:12:39.0722 4288 crcdisk - ok12:12:39.0815 4288 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys12:12:39.0846 4288 CtClsFlt - ok12:12:39.0924 4288 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys12:12:39.0956 4288 DfsC - ok12:12:40.0002 4288 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys12:12:40.0065 4288 discache - ok12:12:40.0112 4288 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys12:12:40.0127 4288 Disk - ok12:12:40.0205 4288 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys12:12:40.0236 4288 drmkaud - ok12:12:40.0252 4288 dump_wmimmc - ok12:12:40.0299 4288 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys12:12:40.0330 4288 DXGKrnl - ok12:12:40.0377 4288 EagleX64 - ok12:12:40.0486 4288 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys12:12:40.0611 4288 ebdrv - ok12:12:40.0689 4288 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys12:12:40.0720 4288 elxstor - ok12:12:40.0751 4288 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys12:12:40.0798 4288 ErrDev - ok12:12:40.0892 4288 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys12:12:40.0954 4288 exfat - ok12:12:41.0001 4288 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys12:12:41.0063 4288 fastfat - ok12:12:41.0126 4288 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys12:12:41.0172 4288 fdc - ok12:12:41.0219 4288 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys12:12:41.0250 4288 FileInfo - ok12:12:41.0282 4288 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys12:12:41.0375 4288 Filetrace - ok12:12:41.0406 4288 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys12:12:41.0438 4288 flpydisk - ok12:12:41.0484 4288 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys12:12:41.0500 4288 FltMgr - ok12:12:41.0547 4288 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys12:12:41.0578 4288 FsDepends - ok12:12:41.0625 4288 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys12:12:41.0640 4288 Fs_Rec - ok12:12:41.0687 4288 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys12:12:41.0718 4288 fvevol - ok12:12:41.0765 4288 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys12:12:41.0781 4288 gagp30kx - ok12:12:41.0874 4288 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys12:12:41.0890 4288 GEARAspiWDM - ok12:12:41.0921 4288 Gun - ok12:12:42.0015 4288 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys12:12:42.0046 4288 hcw85cir - ok12:12:42.0108 4288 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys12:12:42.0140 4288 HDAudBus - ok12:12:42.0202 4288 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys12:12:42.0218 4288 HECIx64 - ok12:12:42.0264 4288 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys12:12:42.0296 4288 HidBatt - ok12:12:42.0327 4288 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys12:12:42.0389 4288 HidBth - ok12:12:42.0420 4288 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys12:12:42.0452 4288 HidIr - ok12:12:42.0530 4288 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys12:12:42.0561 4288 HidUsb - ok12:12:42.0795 4288 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys12:12:42.0826 4288 HpSAMD - ok12:12:42.0982 4288 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys12:12:43.0076 4288 HTTP - ok12:12:43.0107 4288 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys12:12:43.0122 4288 hwpolicy - ok12:12:43.0169 4288 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys12:12:43.0200 4288 i8042prt - ok12:12:43.0247 4288 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys12:12:43.0278 4288 iaStorV - ok12:12:43.0294 4288 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys12:12:43.0310 4288 iirsp - ok12:12:43.0403 4288 IntcAzAudAddService (2a7cf87be453241fe0baa1c8651e7aa4) C:\Windows\system32\drivers\RTKVHD64.sys12:12:43.0466 4288 IntcAzAudAddService - ok12:12:43.0497 4288 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys12:12:43.0512 4288 intelide - ok12:12:43.0559 4288 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys12:12:43.0606 4288 intelppm - ok12:12:43.0715 4288 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys12:12:43.0793 4288 IpFilterDriver - ok12:12:43.0824 4288 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys12:12:43.0871 4288 IPMIDRV - ok12:12:43.0918 4288 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys12:12:43.0980 4288 IPNAT - ok12:12:44.0058 4288 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys12:12:44.0105 4288 IRENUM - ok12:12:44.0136 4288 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys12:12:44.0168 4288 isapnp - ok12:12:44.0214 4288 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys12:12:44.0246 4288 iScsiPrt - ok12:12:44.0308 4288 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys12:12:44.0324 4288 kbdclass - ok12:12:44.0355 4288 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys12:12:44.0386 4288 kbdhid - ok12:12:44.0448 4288 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys12:12:44.0464 4288 KSecDD - ok12:12:44.0526 4288 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys12:12:44.0542 4288 KSecPkg - ok12:12:44.0589 4288 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys12:12:44.0667 4288 ksthunk - ok12:12:44.0807 4288 Lavasoft Kernexplorer (9a7fa6371f68335fd3c3d6488bc5a9f8) C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys12:12:44.0823 4288 Lavasoft Kernexplorer - ok12:12:44.0901 4288 Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys12:12:44.0916 4288 Lbd - ok12:12:44.0979 4288 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys12:12:45.0088 4288 lltdio - ok12:12:45.0213 4288 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys12:12:45.0244 4288 LSI_FC - ok12:12:45.0291 4288 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys12:12:45.0306 4288 LSI_SAS - ok12:12:45.0353 4288 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys12:12:45.0369 4288 LSI_SAS2 - ok12:12:45.0416 4288 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys12:12:45.0431 4288 LSI_SCSI - ok12:12:45.0478 4288 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys12:12:45.0556 4288 luafv - ok12:12:45.0603 4288 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys12:12:45.0618 4288 megasas - ok12:12:45.0665 4288 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys12:12:45.0696 4288 MegaSR - ok12:12:45.0759 4288 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys12:12:45.0837 4288 Modem - ok12:12:45.0868 4288 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys12:12:45.0915 4288 monitor - ok12:12:45.0977 4288 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys12:12:45.0993 4288 mouclass - ok12:12:46.0040 4288 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys12:12:46.0086 4288 mouhid - ok12:12:46.0133 4288 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys12:12:46.0149 4288 mountmgr - ok12:12:46.0211 4288 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys12:12:46.0227 4288 mpio - ok12:12:46.0274 4288 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys12:12:46.0352 4288 mpsdrv - ok12:12:46.0398 4288 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys12:12:46.0445 4288 MRxDAV - ok12:12:46.0508 4288 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys12:12:46.0554 4288 mrxsmb - ok12:12:46.0632 4288 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys12:12:46.0679 4288 mrxsmb10 - ok12:12:46.0726 4288 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys12:12:46.0757 4288 mrxsmb20 - ok12:12:46.0804 4288 msahci (bccf16d5fb1109162380e3e28dc9e4e5) C:\Windows\system32\DRIVERS\msahci.sys12:12:46.0820 4288 msahci - ok12:12:46.0866 4288 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys12:12:46.0898 4288 msdsm - ok12:12:46.0944 4288 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys12:12:47.0007 4288 Msfs - ok12:12:47.0069 4288 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys12:12:47.0147 4288 mshidkmdf - ok12:12:47.0194 4288 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys12:12:47.0210 4288 msisadrv - ok12:12:47.0288 4288 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys12:12:47.0366 4288 MSKSSRV - ok12:12:47.0459 4288 msloop (103b3bbe23ab774b009d182276ec6786) C:\Windows\system32\DRIVERS\loop.sys12:12:47.0506 4288 msloop - ok12:12:47.0568 4288 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys12:12:47.0646 4288 MSPCLOCK - ok12:12:47.0678 4288 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys12:12:47.0787 4288 MSPQM - ok12:12:47.0818 4288 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys12:12:47.0865 4288 MsRPC - ok12:12:47.0896 4288 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys12:12:47.0912 4288 mssmbios - ok12:12:47.0990 4288 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys12:12:48.0099 4288 MSTEE - ok12:12:48.0114 4288 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys12:12:48.0161 4288 MTConfig - ok12:12:48.0192 4288 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys12:12:48.0208 4288 Mup - ok12:12:48.0302 4288 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys12:12:48.0348 4288 NativeWifiP - ok12:12:48.0411 4288 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys12:12:48.0458 4288 NDIS - ok12:12:48.0520 4288 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys12:12:48.0598 4288 NdisCap - ok12:12:48.0645 4288 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys12:12:48.0723 4288 NdisTapi - ok12:12:48.0770 4288 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys12:12:48.0863 4288 Ndisuio - ok12:12:48.0894 4288 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys12:12:48.0957 4288 NdisWan - ok12:12:49.0004 4288 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys12:12:49.0082 4288 NDProxy - ok12:12:49.0128 4288 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys12:12:49.0206 4288 NetBIOS - ok12:12:49.0269 4288 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys12:12:49.0378 4288 NetBT - ok12:12:49.0472 4288 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys12:12:49.0503 4288 nfrd960 - ok12:12:49.0550 4288 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys12:12:49.0643 4288 Npfs - ok12:12:49.0659 4288 NPPTNT2 - ok12:12:49.0706 4288 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys12:12:49.0768 4288 nsiproxy - ok12:12:49.0862 4288 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys12:12:49.0940 4288 Ntfs - ok12:12:49.0986 4288 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys12:12:50.0049 4288 Null - ok12:12:50.0096 4288 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys12:12:50.0127 4288 nvraid - ok12:12:50.0174 4288 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys12:12:50.0189 4288 nvstor - ok12:12:50.0236 4288 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys12:12:50.0267 4288 nv_agp - ok12:12:50.0314 4288 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys12:12:50.0345 4288 ohci1394 - ok12:12:50.0439 4288 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys12:12:50.0454 4288 Parport - ok12:12:50.0501 4288 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys12:12:50.0517 4288 partmgr - ok12:12:50.0579 4288 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys12:12:50.0610 4288 pci - ok12:12:50.0657 4288 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys12:12:50.0673 4288 pciide - ok12:12:50.0704 4288 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys12:12:50.0735 4288 pcmcia - ok12:12:50.0782 4288 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys12:12:50.0798 4288 pcw - ok12:12:50.0844 4288 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys12:12:50.0922 4288 PEAUTH - ok12:12:51.0063 4288 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys12:12:51.0141 4288 PptpMiniport - ok12:12:51.0188 4288 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys12:12:51.0219 4288 Processor - ok12:12:51.0266 4288 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys12:12:51.0359 4288 Psched - ok12:12:51.0406 4288 PSI (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys12:12:51.0422 4288 PSI - ok12:12:51.0484 4288 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys12:12:51.0500 4288 PxHlpa64 - ok12:12:51.0593 4288 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys12:12:51.0671 4288 ql2300 - ok12:12:51.0718 4288 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys12:12:51.0734 4288 ql40xx - ok12:12:51.0780 4288 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys12:12:51.0827 4288 QWAVEdrv - ok12:12:51.0858 4288 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys12:12:51.0952 4288 RasAcd - ok12:12:52.0030 4288 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys12:12:52.0124 4288 RasAgileVpn - ok12:12:52.0186 4288 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys12:12:52.0264 4288 Rasl2tp - ok12:12:52.0311 4288 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys12:12:52.0373 4288 RasPppoe - ok12:12:52.0436 4288 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys12:12:52.0498 4288 RasSstp - ok12:12:52.0545 4288 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys12:12:52.0654 4288 rdbss - ok12:12:52.0701 4288 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys12:12:52.0732 4288 rdpbus - ok12:12:52.0763 4288 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys12:12:52.0826 4288 RDPCDD - ok12:12:52.0919 4288 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys12:12:52.0997 4288 RDPENCDD - ok12:12:53.0028 4288 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys12:12:53.0075 4288 RDPREFMP - ok12:12:53.0122 4288 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys12:12:53.0184 4288 RDPWD - ok12:12:53.0231 4288 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys12:12:53.0262 4288 rdyboost - ok12:12:53.0356 4288 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys12:12:53.0434 4288 rspndr - ok12:12:53.0528 4288 RSUSBSTOR (502b316947ea887cddd325d4745eb7d0) C:\Windows\system32\Drivers\RtsUStor.sys12:12:53.0559 4288 RSUSBSTOR - ok12:12:53.0621 4288 RTL8167 (3b01789ee4eaee97f5eb46b711387d5e) C:\Windows\system32\DRIVERS\Rt64win7.sys12:12:53.0652 4288 RTL8167 - ok12:12:53.0715 4288 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys12:12:53.0730 4288 sbp2port - ok12:12:53.0777 4288 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys12:12:53.0871 4288 scfilter - ok12:12:53.0949 4288 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys12:12:54.0027 4288 secdrv - ok12:12:54.0089 4288 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys12:12:54.0120 4288 Serenum - ok12:12:54.0152 4288 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys12:12:54.0183 4288 Serial - ok12:12:54.0214 4288 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys12:12:54.0261 4288 sermouse - ok12:12:54.0292 4288 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys12:12:54.0323 4288 sffdisk - ok12:12:54.0354 4288 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys12:12:54.0401 4288 sffp_mmc - ok12:12:54.0417 4288 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys12:12:54.0464 4288 sffp_sd - ok12:12:54.0479 4288 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys12:12:54.0526 4288 sfloppy - ok12:12:54.0620 4288 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys12:12:54.0651 4288 SiSRaid2 - ok12:12:54.0682 4288 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys12:12:54.0698 4288 SiSRaid4 - ok12:12:54.0744 4288 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys12:12:54.0838 4288 Smb - ok12:12:54.0885 4288 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys12:12:54.0900 4288 spldr - ok12:12:55.0056 4288 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys12:12:55.0103 4288 srv - ok12:12:55.0166 4288 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys12:12:55.0197 4288 srv2 - ok12:12:55.0275 4288 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys12:12:55.0322 4288 srvnet - ok12:12:55.0368 4288 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys12:12:55.0384 4288 stexstor - ok12:12:55.0431 4288 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys12:12:55.0446 4288 swenum - ok12:12:55.0556 4288 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys12:12:55.0602 4288 Tcpip - ok12:12:55.0680 4288 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys12:12:55.0727 4288 TCPIP6 - ok12:12:55.0774 4288 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys12:12:55.0852 4288 tcpipreg - ok12:12:55.0883 4288 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys12:12:55.0946 4288 TDPIPE - ok12:12:55.0977 4288 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys12:12:56.0039 4288 TDTCP - ok12:12:56.0086 4288 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys12:12:56.0164 4288 tdx - ok12:12:56.0429 4288 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys12:12:56.0460 4288 TermDD - ok12:12:56.0538 4288 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys12:12:56.0616 4288 tssecsrv - ok12:12:56.0679 4288 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys12:12:56.0757 4288 tunnel - ok12:12:56.0788 4288 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys12:12:56.0819 4288 uagp35 - ok12:12:56.0866 4288 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys12:12:56.0913 4288 udfs - ok12:12:56.0991 4288 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys12:12:57.0022 4288 uliagpkx - ok12:12:57.0069 4288 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys12:12:57.0100 4288 umbus - ok12:12:57.0162 4288 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys12:12:57.0194 4288 UmPass - ok12:12:57.0240 4288 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys12:12:57.0272 4288 USBAAPL64 - ok12:12:57.0318 4288 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys12:12:57.0365 4288 usbccgp - ok12:12:57.0396 4288 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys12:12:57.0428 4288 usbcir - ok12:12:57.0474 4288 usbehci (cb490987a7f6928a04bb838e3bd8a936) C:\Windows\system32\DRIVERS\usbehci.sys12:12:57.0490 4288 usbehci - ok12:12:57.0552 4288 usbhub (18124ef0a881a00ee222d02a3ee30270) C:\Windows\system32\DRIVERS\usbhub.sys12:12:57.0599 4288 usbhub - ok12:12:57.0646 4288 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys12:12:57.0677 4288 usbohci - ok12:12:57.0724 4288 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys12:12:57.0771 4288 usbprint - ok12:12:57.0818 4288 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS12:12:57.0849 4288 USBSTOR - ok12:12:57.0896 4288 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys12:12:57.0927 4288 usbuhci - ok12:12:58.0005 4288 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys12:12:58.0036 4288 usbvideo - ok12:12:58.0114 4288 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys12:12:58.0130 4288 vdrvroot - ok12:12:58.0176 4288 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys12:12:58.0208 4288 vga - ok12:12:58.0239 4288 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys12:12:58.0317 4288 VgaSave - ok12:12:58.0364 4288 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys12:12:58.0395 4288 vhdmp - ok12:12:58.0442 4288 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys12:12:58.0457 4288 viaide - ok12:12:58.0488 4288 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys12:12:58.0520 4288 volmgr - ok12:12:58.0551 4288 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys12:12:58.0582 4288 volmgrx - ok12:12:58.0644 4288 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys12:12:58.0676 4288 volsnap - ok12:12:58.0738 4288 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys12:12:58.0769 4288 vsmraid - ok12:12:58.0800 4288 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys12:12:58.0832 4288 vwifibus - ok12:12:58.0878 4288 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys12:12:58.0925 4288 vwififlt - ok12:12:58.0956 4288 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys12:12:58.0988 4288 WacomPen - ok12:12:59.0034 4288 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys12:12:59.0128 4288 WANARP - ok12:12:59.0128 4288 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys12:12:59.0175 4288 Wanarpv6 - ok12:12:59.0237 4288 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys12:12:59.0253 4288 Wd - ok12:12:59.0315 4288 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys12:12:59.0346 4288 WDC_SAM - ok12:12:59.0393 4288 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys12:12:59.0456 4288 Wdf01000 - ok12:12:59.0518 4288 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys12:12:59.0580 4288 WfpLwf - ok12:12:59.0643 4288 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys12:12:59.0658 4288 WIMMount - ok12:12:59.0752 4288 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys12:12:59.0783 4288 WinUsb - ok12:12:59.0846 4288 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys12:12:59.0877 4288 WmiAcpi - ok12:12:59.0939 4288 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys12:13:00.0002 4288 ws2ifsl - ok12:13:00.0095 4288 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys12:13:00.0158 4288 WudfPf - ok12:13:00.0204 4288 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys12:13:00.0267 4288 WUDFRd - ok12:13:00.0298 4288 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR012:13:00.0501 4288 \Device\Harddisk0\DR0 ( TDSS File System ) - warning12:13:00.0501 4288 \Device\Harddisk0\DR0 - detected TDSS File System (1)12:13:00.0516 4288 Boot (0x1200) (d6882cab9992beb45569aaef134498eb) \Device\Harddisk0\DR0\Partition012:13:00.0516 4288 \Device\Harddisk0\DR0\Partition0 - ok12:13:00.0563 4288 Boot (0x1200) (648a5e096581ccef30c7bbc0de874e61) \Device\Harddisk0\DR0\Partition112:13:00.0563 4288 \Device\Harddisk0\DR0\Partition1 - ok12:13:00.0579 4288 Boot (0x1200) (0296ff0c586fcbf37be610805f67b35e) \Device\Harddisk0\DR0\Partition212:13:00.0579 4288 \Device\Harddisk0\DR0\Partition2 - ok12:13:00.0579 4288 ============================================================12:13:00.0579 4288 Scan finished12:13:00.0579 4288 ============================================================12:13:00.0594 0564 Detected object count: 112:13:00.0594 0564 Actual detected object count: 112:13:32.0028 0564 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user12:13:32.0028 0564 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip Link to post Share on other sites More sharing options...
MrCharlie Posted December 24, 2011 ID:508947 Share Posted December 24, 2011 Vista and Windows 7 users:1. These tools MUST be run from the executable. (.exe) every time you run them 2. With Admin Rights (Right click, choose "Run as Administrator")http://http://www.howtogeek.com/wp-content/uploads/2008/03/image51.png <---like this!Download and run RogueKiller:http://www.sur-la-toile.com/RogueKiller/RogueKiller.exeChoose 1 and scan the system, post the log.-------------------Please download Farbar Service Scanner and run it on the computer with the issue.Make sure the following options are checked:Internet Services Windows Firewall System Restore [*]Press "Scan". [*]It will create a log (FSS.txt) in the same directory the tool is run. [*]Please copy and paste the log to your reply. MrC Link to post Share on other sites More sharing options...
lodwyvern Posted December 24, 2011 Author ID:508949 Share Posted December 24, 2011 RogueKiller report RogueKiller V6.2.0 [12/12/2011] by Tigzymail: tigzyRK<at>gmail<dot>comFeedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/Blog: http://tigzyrk.blogspot.comOperating System: Windows 7 (6.1.7600 ) 64 bits versionStarted in : Normal modeUser: Kemi [Admin rights]Mode: Scan -- Date : 12/24/2011 12:30:58¤¤¤ Bad processes: 0 ¤¤¤¤¤¤ Registry Entries: 5 ¤¤¤[sUSP PATH] winupd.job : C:\Users\Kemi\AppData\Local\Temp:winupd.exe -> FOUND[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver: [NOT LOADED] ¤¤¤¤¤¤ Infection : ¤¤¤¤¤¤ HOSTS File: ¤¤¤127.0.0.1 localhost¤¤¤ MBR Check: ¤¤¤--- User ---[MBR] bebd625783af19bd720cb0da2a74e85d[bSP] 3d64f04ebf035370535b85a2f92cfc38 : MBR Code unknownPartition table:0 - [XXXXXX] FAT16 [HIDDEN!] Offset (sectors): 2048 | Size: 104 Mo1 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 206848 | Size: 10485 Mo2 - [XXXXXX] NTFS [VISIBLE] Offset (sectors): 20686848 | Size: 62914 Mo3 - [XXXXXX] UNKNW [VISIBLE] Offset (sectors): 143566848 | Size: 426600 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[1].txt >>RKreport[1].txt-----------------FSS logFarbar Service Scanner Ran by Kemi (administrator) on 24-12-2011 at 12:32:06Microsoft Windows 7 Home Premium (X64)****************************************************************Internet Services:============Connection Status:==============Localhost is accessible.LAN connected.Google IP is accessible.Yahoo IP is accessible.Windows Firewall:=============MpsSvc Service is not running. Checking service configuration:Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.bfe Service is not running. Checking service configuration:Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.mpsdrv Service is not running. Checking service configuration:The start type of mpsdrv service is OK.The ImagePath of mpsdrv service is OK.Firewall Disabled Policy: ==================System Restore:============SDRSVC Service is not running. Checking service configuration:The start type of SDRSVC service is OK.The ImagePath of SDRSVC service is OK.The ServiceDll of SDRSVC service is OK.VSS Service is not running. Checking service configuration:The start type of VSS service is OK.The ImagePath of VSS service is OK.System Restore Disabled Policy: ========================File Check:========C:\Windows\System32\nsisvc.dll => MD5 is legitC:\Windows\System32\drivers\nsiproxy.sys => MD5 is legitC:\Windows\System32\dhcpcore.dll => MD5 is legitC:\Windows\System32\drivers\afd.sys => MD5 is legitC:\Windows\System32\drivers\tdx.sys => MD5 is legitC:\Windows\System32\Drivers\tcpip.sys => MD5 is legitC:\Windows\System32\dnsrslvr.dll => MD5 is legitC:\Windows\System32\mpssvc.dll[2009-07-13 19:09] - [2009-07-13 20:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3C:\Windows\System32\bfe.dll[2009-07-13 19:09] - [2009-07-13 20:40] - 0703488 ____A (Microsoft Corporation) 4992C609A6315671463E30F6512BC022C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legitC:\Windows\System32\SDRSVC.dll[2009-07-13 18:36] - [2009-07-13 20:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5C:\Windows\System32\vssvc.exe[2009-07-13 18:39] - [2009-07-13 20:39] - 1598976 ____A (Microsoft Corporation) 787898BF9FB6D7BD87A36E2D95C899BAC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legit**** End of log **** Link to post Share on other sites More sharing options...
MrCharlie Posted December 24, 2011 ID:508960 Share Posted December 24, 2011 First see if you can delete this file:C:\Users\Kemi\AppData\Local\Temp:winupd.exe--------------------------I've never used this tool before on an infected computer but it's supposed to be able to deal with this infection. if you'd like to try it...use the 64bit version:BDRemovalTool_TDSS-Clones_x64.exehttp://www.malwarecity.com/blog/new-removal-tools-for-the-tdss-family-of-crimeware-1221.htmlIf not you'll have to wait until I can get some additional advice on this.MrC Link to post Share on other sites More sharing options...
lodwyvern Posted December 24, 2011 Author ID:508961 Share Posted December 24, 2011 there was no "winupd.exe" in my temp folder but there were 2 undeletable's "etilqs_F6y5JfAXi49d5u6" and "FXSAPIDebugLogFile.txt". I'll run the removal program and tell you how that goes! Link to post Share on other sites More sharing options...
lodwyvern Posted December 24, 2011 Author ID:508962 Share Posted December 24, 2011 BDRemoval found nothing unfortunately, so I'll await your further help, thanks! Link to post Share on other sites More sharing options...
MrCharlie Posted December 24, 2011 ID:508964 Share Posted December 24, 2011 OK, I'll get back to you asap with an answer.Thanks.....MrC Link to post Share on other sites More sharing options...
MrCharlie Posted December 24, 2011 ID:508973 Share Posted December 24, 2011 Do me a favor and download MbrScan.exehttp://eric71.geekstogo.com/tools/MbrScan.exeClick on scan and then report, post it back here.Then run it again and choose DumpMBRuse the drop down box to highlight it and choose dump selectedit will be on your desktop as Dump_DR0.mbrPlease attach it to your post.Thanks...MrC Link to post Share on other sites More sharing options...
lodwyvern Posted December 24, 2011 Author ID:508978 Share Posted December 24, 2011 I'll do this as soon as I get back from my mom's birthday lunch, thanks! Link to post Share on other sites More sharing options...
MrCharlie Posted December 24, 2011 ID:508986 Share Posted December 24, 2011 No, rush...it's just going to needed in determining the fix.Thanks.....MrC Link to post Share on other sites More sharing options...
lodwyvern Posted December 24, 2011 Author ID:509035 Share Posted December 24, 2011 i believe this is the reportMBRScan v1.0================================================================================\Device\Harddisk0\DR0 465 Go [Fixed] ==> 7 MBR Code....._MBR_MD5 ------------------> BEBD625783AF19BD720CB0DA2A74E85D\Device\Harddisk0\Partition1 100 Mo [Fixed] 0xDE Dell Utility \Device\Harddisk0\Partition2 9.8 Go [Fixed] 0x07 NTFS / HPFS ___ BOOTABLE ___\Device\Harddisk0\Partition3 58.6 Go [Fixed] 0x07 NTFS / HPFS\Device\Harddisk0\Partition4 397 Go [Fixed] 0x07 NTFS / HPFS================================================================================_______MBR \Device\Harddisk0\DR0 0x00000000 33 C0 8E D0 BC 00 7C 8E C0 8E D8 BE 00 7C BF 00 3À.м.|.À.ؾ.|¿.0x00000010 06 B9 00 02 FC F3 A4 50 68 1C 06 CB FB B9 04 00 .¹..üó¤Ph..Ëû¹..0x00000020 BD BE 07 80 7E 00 00 7C 0B 0F 85 0E 01 83 C5 10 ½¾..~..|......Å.0x00000030 E2 F1 CD 18 88 56 00 55 C6 46 11 05 C6 46 10 00 âñÍ..V.UÆF..ÆF..0x00000040 B4 41 BB AA 55 CD 13 5D 72 0F 81 FB 55 AA 75 09 ´A»ªUÍ.]r..ûUªu.0x00000050 F7 C1 01 00 74 03 FE 46 10 66 60 80 7E 10 00 74 ÷Á..t.þF.f`.~..t0x00000060 26 66 68 00 00 00 00 66 FF 76 08 68 00 00 68 00 &fh....f.v.h..h.0x00000070 7C 68 01 00 68 10 00 B4 42 8A 56 00 8B F4 CD 13 |h..h..´B.V..ôÍ.0x00000080 9F 83 C4 10 9E EB 14 B8 01 02 BB 00 7C 8A 56 00 ..Ä..ë.¸..».|.V.0x00000090 8A 76 01 8A 4E 02 8A 6E 03 CD 13 66 61 73 1C FE .v..N..n.Í.fas.þ0x000000A0 4E 11 75 0C 80 7E 00 80 0F 84 8A 00 B2 80 EB 84 N.u..~......².ë.0x000000B0 55 32 E4 8A 56 00 CD 13 5D EB 9E 81 3E FE 7D 55 U2ä.V.Í.]ë..>þ}U0x000000C0 AA 75 6E FF 76 00 E8 8D 00 75 17 FA B0 D1 E6 64 ªun.v.è..u.ú°Ñæd0x000000D0 E8 83 00 B0 DF E6 60 E8 7C 00 B0 FF E6 64 E8 75 è..°ßæ`è|.°.ædèu0x000000E0 00 FB B8 00 BB CD 1A 66 23 C0 75 3B 66 81 FB 54 .û¸.»Í.f#Àu;f.ûT0x000000F0 43 50 41 75 32 81 F9 02 01 72 2C 66 68 07 BB 00 CPAu2.ù..r,fh.».0x00000100 00 66 68 00 02 00 00 66 68 08 00 00 00 66 53 66 .fh....fh....fSf0x00000110 53 66 55 66 68 00 00 00 00 66 68 00 7C 00 00 66 SfUfh....fh.|..f0x00000120 61 68 00 00 07 CD 1A 5A 32 F6 EA 00 7C 00 00 CD ah...Í.Z2öê.|..Í0x00000130 18 A0 B7 07 EB 08 A0 B6 07 EB 03 A0 B5 07 32 E4 ..·.ë..¶.ë..µ.2ä0x00000140 05 00 07 8B F0 AC 3C 00 74 09 BB 07 00 B4 0E CD ....ð¬<.t.»..´.Í0x00000150 10 EB F2 F4 EB FD 2B C9 E4 64 EB 00 24 02 E0 F8 .ëòôëý+Éädë.$.àø0x00000160 24 02 C3 49 6E 76 61 6C 69 64 20 70 61 72 74 69 $.ÃInvalid parti0x00000170 74 69 6F 6E 20 74 61 62 6C 65 00 45 72 72 6F 72 tion table.Error0x00000180 20 6C 6F 61 64 69 6E 67 20 6F 70 65 72 61 74 69 loading operati0x00000190 6E 67 20 73 79 73 74 65 6D 00 4D 69 73 73 69 6E ng system.Missin0x000001A0 67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74 g operating syst0x000001B0 65 6D 00 00 00 63 7B 9A FD 77 DD CC 00 00 00 20 em...c{.ýwÝÌ... 0x000001C0 21 00 DE FE FF FF 00 08 00 00 00 20 03 00 80 DF !.Þþ....... ...ß0x000001D0 14 0C 07 FE FF FF 00 28 03 00 00 80 38 01 00 FE ...þ...(....8..þ0x000001E0 FF FF 07 FE FF FF 00 A8 3B 01 00 00 53 07 00 FE ...þ...¨;...S..þ0x000001F0 FF FF 0F FE FF FF 00 A8 8E 08 00 B0 A9 31 55 AA ...þ...¨...°©1UªIt will not, however, allow me to attach the .mbr dump file Link to post Share on other sites More sharing options...
Recommended Posts