Jump to content

svchost.exe help


steezD

Recommended Posts

I've been trying to find help for removing svchost.exe all night, kind of hard when my search engines keep redirecting to other sites. I finally got to this website. Any help would be greatly appreciated. ( I read "You can ignore the note about zipping the Attach.txt file in most cases." and wasn't sure if I was supposed to zip)

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26

Run by Steve at 20:29:12 on 2012-02-22

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5885.2216 [GMT -5:00]

.

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

AV: Trend Micro Internet Security *Disabled/Updated* {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}

SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Trend Micro Internet Security *Disabled/Updated* {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\PROGRA~2\AVG\AVG10\avgchsva.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\SysWOW64\AsHookDevice.exe

C:\Program Files\Microsoft LifeCam\MSCamS64.exe

C:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe

C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\SysWOW64\IoctlSvc.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe

C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\AVG\AVG10\avgnsa.exe

C:\Program Files (x86)\AVG\AVG10\avgemca.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe

C:\Windows\Explorer.EXE

C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\LTONHIS\Touch Manager\SKDaemon.exe

C:\Windows\vVX3000.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files (x86)\AIM\aim.exe

C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe

C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe

C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe

C:\Program Files (x86)\AVG\AVG10\avgtray.exe

C:\Program Files (x86)\Ask.com\Updater\Updater.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\AVG Secure Search\vprot.exe

C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wuauclt.exe

C:\PROGRA~2\AVG\AVG10\avgrsa.exe

C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

-netsvcs

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uWindow Title = Windows Internet Explorer provided by Comcast

mStart Page = hxxp://www.comcast.net/

mWindow Title = Windows Internet Explorer provided by Comcast

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: H - No File

mURLSearchHooks: H - No File

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}

uRun: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US

uRun: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_Plugin.exe -update plugin

mRun: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe

mRun: [ddoctorv2] "C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2

mRun: [<NO NAME>]

mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"

mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe

mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe

dRun: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{563AB3CD-2838-4A6E-ADD6-4001CECBEF6A} : DhcpNameServer = 75.75.75.75 75.75.76.76

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll

BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO-X64: Ask Toolbar BHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll

TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

mRun-x64: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe

mRun-x64: [ddoctorv2] "C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2

mRun-x64: [(Default)]

mRun-x64: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"

mRun-x64: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe

mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe

Hosts: 94.63.147.16 www.google.com

Hosts: 94.63.147.17 www.bing.com

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\ffroxiac.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4c6a197b&v=7.008.031.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=

FF - component: C:\Program Files (x86)\AVG\AVG9\Firefox\components\avgssff.dll

FF - component: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll

FF - component: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll

FF - component: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll

FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll

FF - plugin: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll

FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]

R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-1-31 7391072]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]

R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]

R2 Device Handle Service;Device Handle Service;C:\Windows\SysWOW64\AsHookDevice.exe [2010-1-21 196608]

R2 tmpreflt;tmpreflt;C:\Windows\system32\DRIVERS\tmpreflt.sys --> C:\Windows\system32\DRIVERS\tmpreflt.sys [?]

R2 vToolbarUpdater;vToolbarUpdater;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [2012-1-19 909152]

R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]

R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]

S2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-5-6 167264]

S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2009-8-5 704864]

S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]

S3 nosGetPlusHelper;getPlus® Helper 3004;C:\Windows\System32\svchost.exe -k nosGetPlusHelper [2009-7-13 20992]

S3 TmProxy;Trend Micro Proxy Service;C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2010-6-15 917768]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-02-22 23:42:56 -------- d-----w- C:\Users\Steve\AppData\Roaming\Curiolab

2012-02-22 23:42:18 -------- d-----w- C:\Program Files (x86)\Exterminate It!

2012-02-22 23:39:36 -------- d-----w- C:\ProgramData\SUPERSetup

2012-02-22 23:29:02 -------- d-----w- C:\Users\Steve\AppData\Roaming\ParetoLogic

2012-02-22 23:29:02 -------- d-----w- C:\Users\Steve\AppData\Roaming\DriverCure

2012-02-22 23:28:41 -------- d-----w- C:\ProgramData\ParetoLogic

2012-02-22 23:28:41 -------- d-----w- C:\Program Files (x86)\ParetoLogic

2012-02-22 22:59:20 20480 ----a-w- C:\Windows\svchost.exe

2012-02-16 02:45:42 -------- d-----w- C:\Program Files (x86)\SpywareBlaster

2012-02-15 23:26:07 509952 ----a-w- C:\Windows\System32\ntshrui.dll

2012-02-15 23:26:07 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll

2012-02-06 17:57:12 65602 ----a-w- C:\Windows\SysWow64\cook3260.dll

2012-02-06 17:57:12 626688 ----a-w- C:\Windows\SysWow64\vp7vfw.dll

2012-02-06 17:57:12 217127 ----a-w- C:\Windows\SysWow64\drv43260.dll

2012-02-06 17:57:12 208935 ----a-w- C:\Windows\SysWow64\drv33260.dll

2012-02-06 17:57:12 176165 ----a-w- C:\Windows\SysWow64\drv23260.dll

2012-02-06 17:57:12 1184984 ----a-w- C:\Windows\SysWow64\wvc1dmod.dll

2012-02-06 17:57:12 102439 ----a-w- C:\Windows\SysWow64\sipr3260.dll

2012-02-06 17:57:10 -------- d-----w- C:\Program Files (x86)\VSO

2012-01-24 22:14:33 -------- d-----w- C:\Program Files\iTunes

2012-01-24 22:14:33 -------- d-----w- C:\Program Files\iPod

2012-01-24 22:14:33 -------- d-----w- C:\Program Files (x86)\iTunes

.

==================== Find3M ====================

.

2012-02-06 17:54:46 99384 ----a-w- C:\Users\Steve\AppData\Roaming\inst.exe

2012-02-06 17:54:46 82816 ----a-w- C:\Users\Steve\AppData\Roaming\pcouffin.sys

2012-01-14 04:02:25 3143168 ----a-w- C:\Windows\System32\win32k.sys

2012-01-03 06:24:52 515584 ----a-w- C:\Windows\System32\timedate.cpl

2012-01-03 05:44:24 478208 ----a-w- C:\Windows\SysWow64\timedate.cpl

2011-12-28 03:59:11 499200 ----a-w- C:\Windows\System32\drivers\afd.sys

2011-12-16 08:45:22 1197568 ----a-w- C:\Windows\System32\wininet.dll

2011-12-16 08:42:13 634368 ----a-w- C:\Windows\System32\msvcrt.dll

2011-12-16 08:41:26 57856 ----a-w- C:\Windows\System32\licmgr10.dll

2011-12-16 08:02:26 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-12-16 07:59:17 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll

2011-12-16 07:58:33 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2011-12-16 07:26:35 482816 ----a-w- C:\Windows\System32\html.iec

2011-12-16 06:49:33 386048 ----a-w- C:\Windows\SysWow64\html.iec

2011-12-16 06:43:48 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-12-16 06:15:25 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-12-01 00:12:28 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

.

============= FINISH: 20:30:09.72 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 6/15/2010 8:49:00 PM

System Uptime: 2/22/2012 5:58:38 PM (3 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | CM5571

Processor: Pentium® Dual-Core CPU E5400 @ 2.70GHz | LGA775 | 2700/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 924 GiB total, 837.615 GiB free.

D: is CDROM ()

E: is FIXED (NTFS) - 466 GiB total, 360.439 GiB free.

F: is FIXED (NTFS) - 1863 GiB total, 962.587 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP211: 2/6/2012 3:00:24 AM - Windows Backup

RP212: 2/13/2012 3:00:25 AM - Windows Backup

RP213: 2/16/2012 3:00:12 AM - Windows Update

RP214: 2/20/2012 3:12:53 AM - Windows Backup

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

µTorrent

2007 Microsoft Office Suite Service Pack 2 (SP2)

Acrobat.com

Adobe AIR

Adobe Community Help

Adobe Download Assistant

Adobe Flash Player 10 ActiveX

Adobe Media Player

AI Manager

AIM 7

Apple Application Support

Apple Software Update

ASIO4ALL

Ask Toolbar

Ask Toolbar Updater

ASUSUpdate

Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver

Atheros Ethernet Utility

Best Buy Software Installer

Bing Bar

Collab

Comcast High-Speed Internet Install Wizard

Compatibility Pack for the 2007 Office system

ConvertXtoDVD 4.1.19.365

Desktop Doctor

Download Updater (AOL LLC)

EPU-4 Engine

FL Studio 8

IL Download Manager

Java Auto Updater

Java 6 Update 26

Junk Mail filter update

League of Legends

Malwarebytes' Anti-Malware

McAfee Security Scan Plus

Microsoft Choice Guard

Microsoft Corporation

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Excel 2007 Help Actualización (KB963678)

Microsoft Office Excel MUI (Dutch) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Excel MUI (French) 2007

Microsoft Office Excel MUI (German) 2007

Microsoft Office Excel MUI (Spanish) 2007

Microsoft Office Home and Student 2007

Microsoft Office Live Add-in 1.5

Microsoft Office OneNote MUI (Dutch) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office OneNote MUI (French) 2007

Microsoft Office OneNote MUI (German) 2007

Microsoft Office OneNote MUI (Spanish) 2007

Microsoft Office Powerpoint 2007 Help Actualización (KB963669)

Microsoft Office PowerPoint MUI (Dutch) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint MUI (French) 2007

Microsoft Office PowerPoint MUI (German) 2007

Microsoft Office PowerPoint MUI (Spanish) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (Arabic) 2007

Microsoft Office Proof (Basque) 2007

Microsoft Office Proof (Catalan) 2007

Microsoft Office Proof (Dutch) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Galician) 2007

Microsoft Office Proof (German) 2007

Microsoft Office Proof (Italian) 2007

Microsoft Office Proof (Portuguese (Brazil)) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (Dutch) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing (French) 2007

Microsoft Office Proofing (German) 2007

Microsoft Office Proofing (Spanish) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Shared MUI (Dutch) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared MUI (French) 2007

Microsoft Office Shared MUI (German) 2007

Microsoft Office Shared MUI (Spanish) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Suite Activation Assistant

Microsoft Office Word 2007 Help Actualización (KB963665)

Microsoft Office Word MUI (Dutch) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Office Word MUI (French) 2007

Microsoft Office Word MUI (German) 2007

Microsoft Office Word MUI (Spanish) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Mise à jour Microsoft Office Excel 2007 Help (KB963678)

Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)

Mise à jour Microsoft Office Word 2007 Help (KB963665)

Mozilla Firefox 10.0.2 (x86 en-US)

MSVCRT

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP3 Parser (KB973685)

Nero 8

Pando Media Booster

Picasa 3

PoiZone

QuickTime

Realtek High Definition Audio Driver

Safari

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB2553089)

Security Update for 2007 Microsoft Office System (KB2553090)

Security Update for 2007 Microsoft Office System (KB2584063)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Sony ACID Pro 6.0

Sony Media Manager 2.2

SpywareBlaster 4.6

Switch Sound File Converter

Text Twist 2

Toxic Biohazard

Update für Microsoft Office Excel 2007 Help (KB963678)

Update für Microsoft Office Powerpoint 2007 Help (KB963669)

Update für Microsoft Office Word 2007 Help (KB963665)

Update for 2007 Microsoft Office System (KB2284654)

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition

Update for Microsoft Office 2007 System (KB2539530)

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Update voor Microsoft Office Excel 2007 Help (KB963678)

Update voor Microsoft Office Powerpoint 2007 Help (KB963669)

Update voor Microsoft Office Word 2007 Help (KB963665)

Visual C++ 8.0 Runtime Setup Package (x64)

Visual Studio 2008 x64 Redistributables

VLC media player 1.0.5

VLC Setup Helper 4.05

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Gallery

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

WinRAR archiver

.

==== Event Viewer Messages From Past Week ========

.

2/20/2012 3:59:33 AM, Error: Microsoft-Windows-BitLocker-Driver [24620] - Encrypted volume check: Volume information on E: cannot be read.

2/20/2012 3:02:23 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8a0168ed000, 0x0000000000000000, 0xfffff80002ec008e, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022012-43586-01.

2/18/2012 7:37:18 AM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.

2/18/2012 7:37:18 AM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

2/18/2012 5:53:38 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800031683fa, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 021812-45318-01.

2/16/2012 6:41:19 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.

.

==== End Of File ===========================

Link to post
Share on other sites

Hy

my name is Daniel and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.exe and save it to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

Please post the contents of that log in your next reply.

Please post in your next reply

TDSSKiller log

Link to post
Share on other sites

Hey Daniel. Thanks for your time in helping me, I really appreciate it. Here is the TDSSKiller log:

06:13:30.0780 3048 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14

06:13:31.0052 3048 ============================================================

06:13:31.0052 3048 Current date / time: 2012/02/23 06:13:31.0052

06:13:31.0053 3048 SystemInfo:

06:13:31.0053 3048

06:13:31.0053 3048 OS Version: 6.1.7600 ServicePack: 0.0

06:13:31.0053 3048 Product type: Workstation

06:13:31.0053 3048 ComputerName: STEVE-PC

06:13:31.0053 3048 UserName: Steve

06:13:31.0053 3048 Windows directory: C:\Windows

06:13:31.0053 3048 System windows directory: C:\Windows

06:13:31.0053 3048 Running under WOW64

06:13:31.0053 3048 Processor architecture: Intel x64

06:13:31.0053 3048 Number of processors: 2

06:13:31.0053 3048 Page size: 0x1000

06:13:31.0053 3048 Boot type: Normal boot

06:13:31.0053 3048 ============================================================

06:13:32.0345 3048 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

06:13:32.0348 3048 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C0F00000 (1863.01 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

06:13:39.0223 3048 Drive \Device\Harddisk2\DR3 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

06:13:42.0368 3048 \Device\Harddisk0\DR0:

06:13:42.0368 3048 MBR used

06:13:42.0368 3048 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x10029D5, BlocksNum 0x73702FEC

06:13:42.0368 3048 \Device\Harddisk1\DR1:

06:13:42.0369 3048 MBR used

06:13:42.0369 3048 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07000

06:13:42.0401 3048 Initialize success

06:13:42.0401 3048 ============================================================

06:13:53.0912 3796 ============================================================

06:13:53.0912 3796 Scan started

06:13:53.0912 3796 Mode: Manual;

06:13:53.0913 3796 ============================================================

06:13:55.0132 3796 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys

06:13:55.0136 3796 1394ohci - ok

06:13:55.0178 3796 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys

06:13:55.0182 3796 ACPI - ok

06:13:55.0195 3796 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys

06:13:55.0198 3796 AcpiPmi - ok

06:13:55.0235 3796 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

06:13:55.0243 3796 adp94xx - ok

06:13:55.0271 3796 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

06:13:55.0277 3796 adpahci - ok

06:13:55.0298 3796 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

06:13:55.0303 3796 adpu320 - ok

06:13:55.0337 3796 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys

06:13:55.0342 3796 AFD - ok

06:13:55.0357 3796 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys

06:13:55.0360 3796 agp440 - ok

06:13:55.0396 3796 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys

06:13:55.0399 3796 aliide - ok

06:13:55.0418 3796 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys

06:13:55.0420 3796 amdide - ok

06:13:55.0466 3796 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

06:13:55.0468 3796 AmdK8 - ok

06:13:55.0488 3796 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

06:13:55.0491 3796 AmdPPM - ok

06:13:55.0536 3796 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys

06:13:55.0541 3796 amdsata - ok

06:13:55.0564 3796 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

06:13:55.0567 3796 amdsbs - ok

06:13:55.0601 3796 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys

06:13:55.0601 3796 amdxata - ok

06:13:55.0631 3796 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys

06:13:55.0633 3796 AppID - ok

06:13:55.0675 3796 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

06:13:55.0679 3796 arc - ok

06:13:55.0703 3796 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

06:13:55.0706 3796 arcsas - ok

06:13:55.0712 3796 AsIO - ok

06:13:55.0724 3796 AsUpIO - ok

06:13:55.0763 3796 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

06:13:55.0764 3796 AsyncMac - ok

06:13:55.0785 3796 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys

06:13:55.0785 3796 atapi - ok

06:13:55.0840 3796 AVGIDSDriver (e6671e90d38c88764412e07c9d9b3d63) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys

06:13:55.0843 3796 AVGIDSDriver - ok

06:13:55.0867 3796 AVGIDSEH (1553b388e0f0462c25ad8f30c3c29e83) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys

06:13:55.0868 3796 AVGIDSEH - ok

06:13:55.0880 3796 AVGIDSFilter (dca426a66739e75f51a72160dfb945ad) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys

06:13:55.0882 3796 AVGIDSFilter - ok

06:13:55.0918 3796 Avgldx64 (ff7383388a7d2283dae5831abc2b0720) C:\Windows\system32\DRIVERS\avgldx64.sys

06:13:55.0923 3796 Avgldx64 - ok

06:13:55.0947 3796 Avgmfx64 (997d002827d3e3dcbbb25bf46db161ab) C:\Windows\system32\DRIVERS\avgmfx64.sys

06:13:55.0948 3796 Avgmfx64 - ok

06:13:55.0989 3796 Avgrkx64 (bccfe3374c887075cde2ac8fdb1cb2f8) C:\Windows\system32\DRIVERS\avgrkx64.sys

06:13:55.0991 3796 Avgrkx64 - ok

06:13:56.0013 3796 Avgtdia (0d49adcebe243b79366ea523b647519a) C:\Windows\system32\DRIVERS\avgtdia.sys

06:13:56.0018 3796 Avgtdia - ok

06:13:56.0059 3796 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

06:13:56.0065 3796 b06bdrv - ok

06:13:56.0094 3796 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

06:13:56.0099 3796 b57nd60a - ok

06:13:56.0142 3796 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

06:13:56.0144 3796 Beep - ok

06:13:56.0178 3796 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

06:13:56.0181 3796 blbdrive - ok

06:13:56.0216 3796 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys

06:13:56.0217 3796 bowser - ok

06:13:56.0234 3796 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

06:13:56.0237 3796 BrFiltLo - ok

06:13:56.0253 3796 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

06:13:56.0255 3796 BrFiltUp - ok

06:13:56.0294 3796 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

06:13:56.0299 3796 Brserid - ok

06:13:56.0352 3796 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

06:13:56.0369 3796 BrSerWdm - ok

06:13:56.0439 3796 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

06:13:56.0441 3796 BrUsbMdm - ok

06:13:56.0461 3796 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

06:13:56.0464 3796 BrUsbSer - ok

06:13:56.0489 3796 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

06:13:56.0493 3796 BTHMODEM - ok

06:13:56.0517 3796 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

06:13:56.0528 3796 cdfs - ok

06:13:56.0562 3796 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys

06:13:56.0565 3796 cdrom - ok

06:13:56.0592 3796 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

06:13:56.0595 3796 circlass - ok

06:13:56.0652 3796 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

06:13:56.0656 3796 CLFS - ok

06:13:56.0711 3796 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

06:13:56.0716 3796 CmBatt - ok

06:13:56.0739 3796 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys

06:13:56.0742 3796 cmdide - ok

06:13:56.0788 3796 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys

06:13:56.0793 3796 CNG - ok

06:13:56.0811 3796 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

06:13:56.0813 3796 Compbatt - ok

06:13:56.0833 3796 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys

06:13:56.0835 3796 CompositeBus - ok

06:13:56.0861 3796 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

06:13:56.0864 3796 crcdisk - ok

06:13:56.0929 3796 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys

06:13:56.0940 3796 DfsC - ok

06:13:56.0955 3796 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

06:13:56.0956 3796 discache - ok

06:13:56.0976 3796 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

06:13:56.0978 3796 Disk - ok

06:13:57.0021 3796 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

06:13:57.0023 3796 drmkaud - ok

06:13:57.0076 3796 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys

06:13:57.0088 3796 DXGKrnl - ok

06:13:57.0167 3796 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

06:13:57.0219 3796 ebdrv - ok

06:13:57.0267 3796 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

06:13:57.0275 3796 elxstor - ok

06:13:57.0294 3796 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys

06:13:57.0297 3796 ErrDev - ok

06:13:57.0334 3796 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

06:13:57.0338 3796 exfat - ok

06:13:57.0357 3796 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

06:13:57.0362 3796 fastfat - ok

06:13:57.0390 3796 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

06:13:57.0392 3796 fdc - ok

06:13:57.0416 3796 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

06:13:57.0418 3796 FileInfo - ok

06:13:57.0432 3796 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

06:13:57.0434 3796 Filetrace - ok

06:13:57.0455 3796 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

06:13:57.0457 3796 flpydisk - ok

06:13:57.0486 3796 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys

06:13:57.0489 3796 FltMgr - ok

06:13:57.0512 3796 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

06:13:57.0517 3796 FsDepends - ok

06:13:57.0573 3796 fssfltr (53dab1791917a72738539ad25c4eed7f) C:\Windows\system32\DRIVERS\fssfltr.sys

06:13:57.0576 3796 fssfltr - ok

06:13:57.0604 3796 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

06:13:57.0606 3796 Fs_Rec - ok

06:13:57.0642 3796 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys

06:13:57.0644 3796 fvevol - ok

06:13:57.0662 3796 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

06:13:57.0693 3796 gagp30kx - ok

06:13:57.0720 3796 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

06:13:57.0723 3796 GEARAspiWDM - ok

06:13:57.0757 3796 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

06:13:57.0760 3796 hcw85cir - ok

06:13:57.0798 3796 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys

06:13:57.0803 3796 HdAudAddService - ok

06:13:57.0823 3796 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys

06:13:57.0826 3796 HDAudBus - ok

06:13:57.0850 3796 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

06:13:57.0852 3796 HidBatt - ok

06:13:57.0868 3796 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

06:13:57.0871 3796 HidBth - ok

06:13:57.0888 3796 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

06:13:57.0890 3796 HidIr - ok

06:13:57.0918 3796 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys

06:13:57.0920 3796 HidUsb - ok

06:13:57.0953 3796 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys

06:13:57.0955 3796 HpSAMD - ok

06:13:57.0990 3796 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys

06:13:57.0998 3796 HTTP - ok

06:13:58.0010 3796 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys

06:13:58.0011 3796 hwpolicy - ok

06:13:58.0050 3796 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

06:13:58.0054 3796 i8042prt - ok

06:13:58.0099 3796 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys

06:13:58.0105 3796 iaStorV - ok

06:13:58.0293 3796 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys

06:13:58.0459 3796 igfx - ok

06:13:58.0476 3796 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

06:13:58.0481 3796 iirsp - ok

06:13:58.0580 3796 IntcAzAudAddService (d42d651676883181400e22957a7e0b1e) C:\Windows\system32\drivers\RTKVHD64.sys

06:13:58.0615 3796 IntcAzAudAddService - ok

06:13:58.0652 3796 IntcHdmiAddService (88a20fa54c73ded4e8dac764e9130ae9) C:\Windows\system32\drivers\IntcHdmi.sys

06:13:58.0655 3796 IntcHdmiAddService - ok

06:13:58.0669 3796 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys

06:13:58.0672 3796 intelide - ok

06:13:58.0696 3796 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

06:13:58.0699 3796 intelppm - ok

06:13:58.0736 3796 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys

06:13:58.0747 3796 IpFilterDriver - ok

06:13:58.0765 3796 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys

06:13:58.0768 3796 IPMIDRV - ok

06:13:58.0791 3796 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

06:13:58.0795 3796 IPNAT - ok

06:13:58.0833 3796 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

06:13:58.0836 3796 IRENUM - ok

06:13:58.0855 3796 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys

06:13:58.0857 3796 isapnp - ok

06:13:58.0879 3796 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys

06:13:58.0884 3796 iScsiPrt - ok

06:13:58.0904 3796 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

06:13:58.0906 3796 kbdclass - ok

06:13:58.0922 3796 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys

06:13:58.0924 3796 kbdhid - ok

06:13:58.0959 3796 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys

06:13:58.0961 3796 KSecDD - ok

06:13:58.0992 3796 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys

06:13:58.0995 3796 KSecPkg - ok

06:13:59.0009 3796 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

06:13:59.0012 3796 ksthunk - ok

06:13:59.0040 3796 L1E (1541d77d3eb41177bd7026d49948aa95) C:\Windows\system32\DRIVERS\L1E62x64.sys

06:13:59.0042 3796 L1E - ok

06:13:59.0070 3796 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

06:13:59.0072 3796 lltdio - ok

06:13:59.0106 3796 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

06:13:59.0108 3796 LSI_FC - ok

06:13:59.0125 3796 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

06:13:59.0128 3796 LSI_SAS - ok

06:13:59.0155 3796 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

06:13:59.0158 3796 LSI_SAS2 - ok

06:13:59.0178 3796 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

06:13:59.0218 3796 LSI_SCSI - ok

06:13:59.0291 3796 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

06:13:59.0311 3796 luafv - ok

06:13:59.0348 3796 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

06:13:59.0375 3796 megasas - ok

06:13:59.0399 3796 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

06:13:59.0404 3796 MegaSR - ok

06:13:59.0423 3796 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

06:13:59.0425 3796 Modem - ok

06:13:59.0446 3796 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

06:13:59.0448 3796 monitor - ok

06:13:59.0459 3796 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

06:13:59.0462 3796 mouclass - ok

06:13:59.0481 3796 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

06:13:59.0484 3796 mouhid - ok

06:13:59.0506 3796 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys

06:13:59.0508 3796 mountmgr - ok

06:13:59.0536 3796 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys

06:13:59.0539 3796 mpio - ok

06:13:59.0565 3796 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

06:13:59.0575 3796 mpsdrv - ok

06:13:59.0603 3796 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys

06:13:59.0609 3796 MRxDAV - ok

06:13:59.0661 3796 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys

06:13:59.0663 3796 mrxsmb - ok

06:13:59.0695 3796 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys

06:13:59.0699 3796 mrxsmb10 - ok

06:13:59.0741 3796 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys

06:13:59.0743 3796 mrxsmb20 - ok

06:13:59.0771 3796 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys

06:13:59.0773 3796 msahci - ok

06:13:59.0800 3796 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys

06:13:59.0803 3796 msdsm - ok

06:13:59.0843 3796 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

06:13:59.0843 3796 Msfs - ok

06:13:59.0857 3796 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

06:13:59.0859 3796 mshidkmdf - ok

06:13:59.0876 3796 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys

06:13:59.0876 3796 msisadrv - ok

06:13:59.0901 3796 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

06:13:59.0903 3796 MSKSSRV - ok

06:13:59.0919 3796 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

06:13:59.0921 3796 MSPCLOCK - ok

06:13:59.0942 3796 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

06:13:59.0944 3796 MSPQM - ok

06:13:59.0967 3796 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys

06:13:59.0971 3796 MsRPC - ok

06:13:59.0987 3796 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

06:13:59.0989 3796 mssmbios - ok

06:14:00.0016 3796 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

06:14:00.0019 3796 MSTEE - ok

06:14:00.0083 3796 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

06:14:00.0113 3796 MTConfig - ok

06:14:00.0175 3796 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys

06:14:00.0177 3796 MTsensor - ok

06:14:00.0197 3796 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

06:14:00.0197 3796 Mup - ok

06:14:00.0238 3796 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

06:14:00.0243 3796 NativeWifiP - ok

06:14:00.0284 3796 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys

06:14:00.0301 3796 NDIS - ok

06:14:00.0321 3796 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

06:14:00.0324 3796 NdisCap - ok

06:14:00.0360 3796 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

06:14:00.0362 3796 NdisTapi - ok

06:14:00.0383 3796 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys

06:14:00.0386 3796 Ndisuio - ok

06:14:00.0403 3796 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys

06:14:00.0406 3796 NdisWan - ok

06:14:00.0425 3796 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys

06:14:00.0427 3796 NDProxy - ok

06:14:00.0464 3796 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

06:14:00.0465 3796 NetBIOS - ok

06:14:00.0507 3796 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys

06:14:00.0511 3796 NetBT - ok

06:14:00.0555 3796 netr28x (b72bb9496a126fcfc7fc5945ded9b411) C:\Windows\system32\DRIVERS\netr28x.sys

06:14:00.0566 3796 netr28x - ok

06:14:00.0629 3796 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

06:14:00.0694 3796 nfrd960 - ok

06:14:00.0848 3796 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

06:14:00.0848 3796 Npfs - ok

06:14:00.0864 3796 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

06:14:00.0865 3796 nsiproxy - ok

06:14:00.0927 3796 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys

06:14:00.0954 3796 Ntfs - ok

06:14:00.0970 3796 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

06:14:00.0972 3796 Null - ok

06:14:01.0004 3796 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys

06:14:01.0009 3796 nvraid - ok

06:14:01.0045 3796 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys

06:14:01.0049 3796 nvstor - ok

06:14:01.0067 3796 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys

06:14:01.0070 3796 nv_agp - ok

06:14:01.0097 3796 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys

06:14:01.0099 3796 ohci1394 - ok

06:14:01.0138 3796 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

06:14:01.0142 3796 Parport - ok

06:14:01.0165 3796 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys

06:14:01.0166 3796 partmgr - ok

06:14:01.0192 3796 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys

06:14:01.0194 3796 pci - ok

06:14:01.0203 3796 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys

06:14:01.0204 3796 pciide - ok

06:14:01.0228 3796 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

06:14:01.0232 3796 pcmcia - ok

06:14:01.0267 3796 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys

06:14:01.0269 3796 pcouffin - ok

06:14:01.0284 3796 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

06:14:01.0285 3796 pcw - ok

06:14:01.0305 3796 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

06:14:01.0313 3796 PEAUTH - ok

06:14:01.0392 3796 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys

06:14:01.0395 3796 PptpMiniport - ok

06:14:01.0410 3796 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

06:14:01.0412 3796 Processor - ok

06:14:01.0466 3796 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys

06:14:01.0468 3796 Psched - ok

06:14:01.0510 3796 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

06:14:01.0536 3796 ql2300 - ok

06:14:01.0555 3796 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

06:14:01.0562 3796 ql40xx - ok

06:14:01.0588 3796 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

06:14:01.0598 3796 QWAVEdrv - ok

06:14:01.0614 3796 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

06:14:01.0616 3796 RasAcd - ok

06:14:01.0639 3796 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

06:14:01.0642 3796 RasAgileVpn - ok

06:14:01.0664 3796 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys

06:14:01.0668 3796 Rasl2tp - ok

06:14:01.0688 3796 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

06:14:01.0691 3796 RasPppoe - ok

06:14:01.0711 3796 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

06:14:01.0714 3796 RasSstp - ok

06:14:01.0738 3796 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys

06:14:01.0742 3796 rdbss - ok

06:14:01.0761 3796 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

06:14:01.0763 3796 rdpbus - ok

06:14:01.0785 3796 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

06:14:01.0786 3796 RDPCDD - ok

06:14:01.0804 3796 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

06:14:01.0804 3796 RDPENCDD - ok

06:14:01.0820 3796 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

06:14:01.0821 3796 RDPREFMP - ok

06:14:01.0842 3796 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys

06:14:01.0846 3796 RDPWD - ok

06:14:01.0877 3796 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys

06:14:01.0880 3796 rdyboost - ok

06:14:01.0917 3796 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

06:14:01.0919 3796 rspndr - ok

06:14:01.0946 3796 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys

06:14:01.0949 3796 sbp2port - ok

06:14:01.0971 3796 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys

06:14:01.0974 3796 scfilter - ok

06:14:02.0002 3796 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

06:14:02.0005 3796 secdrv - ok

06:14:02.0036 3796 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

06:14:02.0040 3796 Serenum - ok

06:14:02.0053 3796 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

06:14:02.0058 3796 Serial - ok

06:14:02.0072 3796 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

06:14:02.0075 3796 sermouse - ok

06:14:02.0122 3796 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys

06:14:02.0124 3796 sffdisk - ok

06:14:02.0139 3796 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys

06:14:02.0143 3796 sffp_mmc - ok

06:14:02.0161 3796 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys

06:14:02.0163 3796 sffp_sd - ok

06:14:02.0181 3796 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

06:14:02.0183 3796 sfloppy - ok

06:14:02.0222 3796 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

06:14:02.0225 3796 SiSRaid2 - ok

06:14:02.0240 3796 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

06:14:02.0243 3796 SiSRaid4 - ok

06:14:02.0262 3796 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

06:14:02.0265 3796 Smb - ok

06:14:02.0288 3796 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

06:14:02.0289 3796 spldr - ok

06:14:02.0361 3796 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys

06:14:02.0366 3796 srv - ok

06:14:02.0386 3796 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys

06:14:02.0390 3796 srv2 - ok

06:14:02.0411 3796 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys

06:14:02.0414 3796 srvnet - ok

06:14:02.0450 3796 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

06:14:02.0453 3796 stexstor - ok

06:14:02.0484 3796 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

06:14:02.0486 3796 swenum - ok

06:14:02.0558 3796 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys

06:14:02.0593 3796 Tcpip - ok

06:14:02.0667 3796 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys

06:14:02.0678 3796 TCPIP6 - ok

06:14:02.0706 3796 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys

06:14:02.0708 3796 tcpipreg - ok

06:14:02.0732 3796 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

06:14:02.0734 3796 TDPIPE - ok

06:14:02.0751 3796 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

06:14:02.0754 3796 TDTCP - ok

06:14:02.0782 3796 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys

06:14:02.0787 3796 tdx - ok

06:14:02.0802 3796 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys

06:14:02.0807 3796 TermDD - ok

06:14:02.0863 3796 tmpreflt (ee0d3cb7368bf08ff5610dd62990e62e) C:\Windows\system32\DRIVERS\tmpreflt.sys

06:14:02.0866 3796 tmpreflt - ok

06:14:02.0908 3796 tmtdi (21cc12b7f8b44e91d03ead5b17aaf0b2) C:\Windows\system32\DRIVERS\tmtdi.sys

06:14:02.0910 3796 tmtdi - ok

06:14:02.0932 3796 tmxpflt (850db5e4b0c840c1ede013ac9838f1eb) C:\Windows\system32\DRIVERS\tmxpflt.sys

06:14:02.0936 3796 tmxpflt - ok

06:14:02.0988 3796 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys

06:14:02.0990 3796 tssecsrv - ok

06:14:03.0015 3796 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys

06:14:03.0019 3796 tunnel - ok

06:14:03.0042 3796 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

06:14:03.0044 3796 uagp35 - ok

06:14:03.0079 3796 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys

06:14:03.0084 3796 udfs - ok

06:14:03.0110 3796 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys

06:14:03.0112 3796 uliagpkx - ok

06:14:03.0124 3796 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys

06:14:03.0127 3796 umbus - ok

06:14:03.0141 3796 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

06:14:03.0143 3796 UmPass - ok

06:14:03.0175 3796 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys

06:14:03.0179 3796 USBAAPL64 - ok

06:14:03.0219 3796 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys

06:14:03.0223 3796 usbaudio - ok

06:14:03.0257 3796 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys

06:14:03.0260 3796 usbccgp - ok

06:14:03.0284 3796 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys

06:14:03.0288 3796 usbcir - ok

06:14:03.0321 3796 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys

06:14:03.0322 3796 usbehci - ok

06:14:03.0345 3796 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys

06:14:03.0350 3796 usbhub - ok

06:14:03.0381 3796 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys

06:14:03.0382 3796 usbohci - ok

06:14:03.0404 3796 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

06:14:03.0407 3796 usbprint - ok

06:14:03.0440 3796 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS

06:14:03.0443 3796 USBSTOR - ok

06:14:03.0460 3796 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys

06:14:03.0461 3796 usbuhci - ok

06:14:03.0483 3796 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys

06:14:03.0485 3796 vdrvroot - ok

06:14:03.0512 3796 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

06:14:03.0515 3796 vga - ok

06:14:03.0525 3796 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

06:14:03.0528 3796 VgaSave - ok

06:14:03.0550 3796 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys

06:14:03.0553 3796 vhdmp - ok

06:14:03.0569 3796 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys

06:14:03.0571 3796 viaide - ok

06:14:03.0590 3796 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys

06:14:03.0592 3796 volmgr - ok

06:14:03.0611 3796 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys

06:14:03.0615 3796 volmgrx - ok

06:14:03.0656 3796 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys

06:14:03.0660 3796 volsnap - ok

06:14:03.0721 3796 vsapint (6a42451b220ac2eaeb3524200c3b8acc) C:\Windows\system32\DRIVERS\vsapint.sys

06:14:03.0757 3796 vsapint - ok

06:14:03.0778 3796 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

06:14:03.0782 3796 vsmraid - ok

06:14:03.0829 3796 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

06:14:03.0831 3796 vwifibus - ok

06:14:03.0849 3796 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

06:14:03.0852 3796 vwififlt - ok

06:14:03.0910 3796 VX3000 (c366ae91d2cc2c1c25380061d235c36b) C:\Windows\system32\DRIVERS\VX3000.sys

06:14:03.0946 3796 VX3000 - ok

06:14:03.0972 3796 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

06:14:03.0975 3796 WacomPen - ok

06:14:03.0995 3796 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

06:14:03.0998 3796 WANARP - ok

06:14:04.0003 3796 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

06:14:04.0005 3796 Wanarpv6 - ok

06:14:04.0053 3796 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

06:14:04.0055 3796 Wd - ok

06:14:04.0088 3796 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

06:14:04.0096 3796 Wdf01000 - ok

06:14:04.0147 3796 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

06:14:04.0149 3796 WfpLwf - ok

06:14:04.0182 3796 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

06:14:04.0185 3796 WIMMount - ok

06:14:04.0245 3796 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys

06:14:04.0248 3796 WinUsb - ok

06:14:04.0268 3796 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

06:14:04.0270 3796 WmiAcpi - ok

06:14:04.0316 3796 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

06:14:04.0319 3796 ws2ifsl - ok

06:14:04.0349 3796 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys

06:14:04.0353 3796 WudfPf - ok

06:14:04.0376 3796 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys

06:14:04.0380 3796 WUDFRd - ok

06:14:04.0420 3796 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys

06:14:04.0423 3796 xusb21 - ok

06:14:04.0445 3796 MBR (0x1B8) (3bb56f97daa0dea66fd223920040a0d0) \Device\Harddisk0\DR0

06:14:04.0470 3796 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

06:14:04.0470 3796 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)

06:14:04.0476 3796 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1

06:14:04.0482 3796 \Device\Harddisk1\DR1 - ok

06:14:04.0510 3796 Boot (0x1200) (232a969e1d339efa1afa1d61a3383175) \Device\Harddisk0\DR0\Partition0

06:14:04.0512 3796 \Device\Harddisk0\DR0\Partition0 - ok

06:14:04.0516 3796 Boot (0x1200) (fab2c106923264ab5e39e1a602afd4dc) \Device\Harddisk1\DR1\Partition0

06:14:04.0518 3796 \Device\Harddisk1\DR1\Partition0 - ok

06:14:04.0518 3796 ============================================================

06:14:04.0519 3796 Scan finished

06:14:04.0519 3796 ============================================================

06:14:04.0533 4396 Detected object count: 1

06:14:04.0533 4396 Actual detected object count: 1

06:14:28.0368 4396 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - skipped by user

06:14:28.0368 4396 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Skip

06:15:07.0432 1260 Deinitialize success

Link to post
Share on other sites

You are welcome

Execute TDSSKiller.exe and press Start Scan.

  • Ensure Cure is selected ( it should be by default )
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed
  • Click Continue then click Reboot now.

Once complete, a log will be produced at the root drive which is typically C:\

For example, C:\TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txt.

Please post the contents of that log in your next reply.

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================

Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to this topic How to disable your security applications

====================================================

Double click on combofix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

*Note - if after running ComboFix you see a message similar to 'registry key marked for deletion..' rebooting the machine will resolve that.

Please post in your next reply

TDSSKIller Log

COmbofix.txt

Link to post
Share on other sites

TDSSKIller Log:

18:07:42.0677 5892 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14

18:07:42.0941 5892 ============================================================

18:07:42.0941 5892 Current date / time: 2012/02/23 18:07:42.0941

18:07:42.0941 5892 SystemInfo:

18:07:42.0941 5892

18:07:42.0941 5892 OS Version: 6.1.7600 ServicePack: 0.0

18:07:42.0941 5892 Product type: Workstation

18:07:42.0941 5892 ComputerName: STEVE-PC

18:07:42.0941 5892 UserName: Steve

18:07:42.0941 5892 Windows directory: C:\Windows

18:07:42.0941 5892 System windows directory: C:\Windows

18:07:42.0941 5892 Running under WOW64

18:07:42.0941 5892 Processor architecture: Intel x64

18:07:42.0941 5892 Number of processors: 2

18:07:42.0941 5892 Page size: 0x1000

18:07:42.0941 5892 Boot type: Normal boot

18:07:42.0941 5892 ============================================================

18:07:43.0840 5892 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

18:07:43.0843 5892 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C0F00000 (1863.01 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

18:07:50.0750 5892 Drive \Device\Harddisk2\DR4 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

18:07:53.0124 5892 \Device\Harddisk0\DR0:

18:07:53.0124 5892 MBR used

18:07:53.0124 5892 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x10029D5, BlocksNum 0x73702FEC

18:07:53.0124 5892 \Device\Harddisk1\DR1:

18:07:53.0124 5892 MBR used

18:07:53.0125 5892 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07000

18:07:53.0161 5892 Initialize success

18:07:53.0161 5892 ============================================================

18:07:55.0064 5836 ============================================================

18:07:55.0064 5836 Scan started

18:07:55.0064 5836 Mode: Manual;

18:07:55.0064 5836 ============================================================

18:07:55.0808 5836 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys

18:07:55.0811 5836 1394ohci - ok

18:07:55.0837 5836 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys

18:07:55.0839 5836 ACPI - ok

18:07:55.0855 5836 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys

18:07:55.0856 5836 AcpiPmi - ok

18:07:55.0886 5836 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

18:07:55.0889 5836 adp94xx - ok

18:07:55.0914 5836 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

18:07:55.0917 5836 adpahci - ok

18:07:55.0933 5836 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

18:07:55.0935 5836 adpu320 - ok

18:07:55.0971 5836 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys

18:07:55.0975 5836 AFD - ok

18:07:55.0992 5836 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys

18:07:55.0994 5836 agp440 - ok

18:07:56.0014 5836 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys

18:07:56.0015 5836 aliide - ok

18:07:56.0036 5836 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys

18:07:56.0038 5836 amdide - ok

18:07:56.0058 5836 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

18:07:56.0060 5836 AmdK8 - ok

18:07:56.0072 5836 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

18:07:56.0074 5836 AmdPPM - ok

18:07:56.0113 5836 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys

18:07:56.0114 5836 amdsata - ok

18:07:56.0132 5836 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

18:07:56.0134 5836 amdsbs - ok

18:07:56.0160 5836 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys

18:07:56.0160 5836 amdxata - ok

18:07:56.0182 5836 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys

18:07:56.0183 5836 AppID - ok

18:07:56.0210 5836 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

18:07:56.0211 5836 arc - ok

18:07:56.0229 5836 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

18:07:56.0231 5836 arcsas - ok

18:07:56.0234 5836 AsIO - ok

18:07:56.0240 5836 AsUpIO - ok

18:07:56.0264 5836 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

18:07:56.0265 5836 AsyncMac - ok

18:07:56.0286 5836 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys

18:07:56.0286 5836 atapi - ok

18:07:56.0341 5836 AVGIDSDriver (e6671e90d38c88764412e07c9d9b3d63) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys

18:07:56.0344 5836 AVGIDSDriver - ok

18:07:56.0369 5836 AVGIDSEH (1553b388e0f0462c25ad8f30c3c29e83) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys

18:07:56.0369 5836 AVGIDSEH - ok

18:07:56.0381 5836 AVGIDSFilter (dca426a66739e75f51a72160dfb945ad) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys

18:07:56.0383 5836 AVGIDSFilter - ok

18:07:56.0419 5836 Avgldx64 (ff7383388a7d2283dae5831abc2b0720) C:\Windows\system32\DRIVERS\avgldx64.sys

18:07:56.0421 5836 Avgldx64 - ok

18:07:56.0448 5836 Avgmfx64 (997d002827d3e3dcbbb25bf46db161ab) C:\Windows\system32\DRIVERS\avgmfx64.sys

18:07:56.0449 5836 Avgmfx64 - ok

18:07:56.0474 5836 Avgrkx64 (bccfe3374c887075cde2ac8fdb1cb2f8) C:\Windows\system32\DRIVERS\avgrkx64.sys

18:07:56.0475 5836 Avgrkx64 - ok

18:07:56.0498 5836 Avgtdia (0d49adcebe243b79366ea523b647519a) C:\Windows\system32\DRIVERS\avgtdia.sys

18:07:56.0502 5836 Avgtdia - ok

18:07:56.0534 5836 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

18:07:56.0538 5836 b06bdrv - ok

18:07:56.0579 5836 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

18:07:56.0582 5836 b57nd60a - ok

18:07:56.0618 5836 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

18:07:56.0619 5836 Beep - ok

18:07:56.0663 5836 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

18:07:56.0664 5836 blbdrive - ok

18:07:56.0692 5836 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys

18:07:56.0693 5836 bowser - ok

18:07:56.0711 5836 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

18:07:56.0712 5836 BrFiltLo - ok

18:07:56.0729 5836 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

18:07:56.0730 5836 BrFiltUp - ok

18:07:56.0754 5836 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

18:07:56.0756 5836 Brserid - ok

18:07:56.0770 5836 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

18:07:56.0771 5836 BrSerWdm - ok

18:07:56.0790 5836 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

18:07:56.0791 5836 BrUsbMdm - ok

18:07:56.0804 5836 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

18:07:56.0805 5836 BrUsbSer - ok

18:07:56.0840 5836 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

18:07:56.0842 5836 BTHMODEM - ok

18:07:56.0868 5836 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

18:07:56.0870 5836 cdfs - ok

18:07:56.0888 5836 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys

18:07:56.0890 5836 cdrom - ok

18:07:56.0918 5836 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

18:07:56.0919 5836 circlass - ok

18:07:56.0946 5836 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

18:07:56.0948 5836 CLFS - ok

18:07:56.0981 5836 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

18:07:56.0983 5836 CmBatt - ok

18:07:56.0999 5836 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys

18:07:57.0000 5836 cmdide - ok

18:07:57.0031 5836 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys

18:07:57.0034 5836 CNG - ok

18:07:57.0054 5836 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

18:07:57.0055 5836 Compbatt - ok

18:07:57.0076 5836 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys

18:07:57.0078 5836 CompositeBus - ok

18:07:57.0096 5836 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

18:07:57.0097 5836 crcdisk - ok

18:07:57.0148 5836 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys

18:07:57.0149 5836 DfsC - ok

18:07:57.0165 5836 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

18:07:57.0166 5836 discache - ok

18:07:57.0179 5836 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

18:07:57.0180 5836 Disk - ok

18:07:57.0219 5836 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

18:07:57.0220 5836 drmkaud - ok

18:07:57.0253 5836 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys

18:07:57.0259 5836 DXGKrnl - ok

18:07:57.0327 5836 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

18:07:57.0346 5836 ebdrv - ok

18:07:57.0386 5836 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

18:07:57.0390 5836 elxstor - ok

18:07:57.0404 5836 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys

18:07:57.0406 5836 ErrDev - ok

18:07:57.0436 5836 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

18:07:57.0438 5836 exfat - ok

18:07:57.0458 5836 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

18:07:57.0460 5836 fastfat - ok

18:07:57.0483 5836 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

18:07:57.0485 5836 fdc - ok

18:07:57.0509 5836 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

18:07:57.0510 5836 FileInfo - ok

18:07:57.0532 5836 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

18:07:57.0533 5836 Filetrace - ok

18:07:57.0549 5836 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

18:07:57.0550 5836 flpydisk - ok

18:07:57.0571 5836 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys

18:07:57.0573 5836 FltMgr - ok

18:07:57.0597 5836 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

18:07:57.0599 5836 FsDepends - ok

18:07:57.0633 5836 fssfltr (53dab1791917a72738539ad25c4eed7f) C:\Windows\system32\DRIVERS\fssfltr.sys

18:07:57.0635 5836 fssfltr - ok

18:07:57.0664 5836 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

18:07:57.0665 5836 Fs_Rec - ok

18:07:57.0693 5836 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys

18:07:57.0695 5836 fvevol - ok

18:07:57.0722 5836 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

18:07:57.0724 5836 gagp30kx - ok

18:07:57.0747 5836 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

18:07:57.0748 5836 GEARAspiWDM - ok

18:07:57.0776 5836 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

18:07:57.0778 5836 hcw85cir - ok

18:08:07.0891 5836 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys

18:08:07.0895 5836 HdAudAddService - ok

18:08:07.0965 5836 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys

18:08:07.0967 5836 HDAudBus - ok

18:08:08.0067 5836 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

18:08:08.0070 5836 HidBatt - ok

18:08:08.0102 5836 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

18:08:08.0104 5836 HidBth - ok

18:08:08.0121 5836 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

18:08:08.0123 5836 HidIr - ok

18:08:08.0151 5836 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys

18:08:08.0153 5836 HidUsb - ok

18:08:08.0178 5836 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys

18:08:08.0180 5836 HpSAMD - ok

18:08:08.0215 5836 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys

18:08:08.0222 5836 HTTP - ok

18:08:08.0235 5836 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys

18:08:08.0236 5836 hwpolicy - ok

18:08:08.0276 5836 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

18:08:08.0277 5836 i8042prt - ok

18:08:08.0316 5836 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys

18:08:08.0319 5836 iaStorV - ok

18:08:08.0507 5836 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys

18:08:08.0568 5836 igfx - ok

18:08:08.0602 5836 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

18:08:08.0604 5836 iirsp - ok

18:08:08.0697 5836 IntcAzAudAddService (d42d651676883181400e22957a7e0b1e) C:\Windows\system32\drivers\RTKVHD64.sys

18:08:08.0718 5836 IntcAzAudAddService - ok

18:08:08.0752 5836 IntcHdmiAddService (88a20fa54c73ded4e8dac764e9130ae9) C:\Windows\system32\drivers\IntcHdmi.sys

18:08:08.0755 5836 IntcHdmiAddService - ok

18:08:08.0778 5836 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys

18:08:08.0779 5836 intelide - ok

18:08:08.0796 5836 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

18:08:08.0798 5836 intelppm - ok

18:08:08.0820 5836 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys

18:08:08.0822 5836 IpFilterDriver - ok

18:08:08.0848 5836 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys

18:08:08.0850 5836 IPMIDRV - ok

18:08:08.0874 5836 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

18:08:08.0876 5836 IPNAT - ok

18:08:08.0909 5836 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

18:08:08.0911 5836 IRENUM - ok

18:08:08.0931 5836 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys

18:08:08.0932 5836 isapnp - ok

18:08:08.0963 5836 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys

18:08:08.0965 5836 iScsiPrt - ok

18:08:08.0988 5836 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

18:08:08.0989 5836 kbdclass - ok

18:08:09.0014 5836 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys

18:08:09.0016 5836 kbdhid - ok

18:08:09.0052 5836 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys

18:08:09.0053 5836 KSecDD - ok

18:08:09.0080 5836 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys

18:08:09.0081 5836 KSecPkg - ok

18:08:09.0102 5836 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

18:08:09.0103 5836 ksthunk - ok

18:08:09.0140 5836 L1E (1541d77d3eb41177bd7026d49948aa95) C:\Windows\system32\DRIVERS\L1E62x64.sys

18:08:09.0142 5836 L1E - ok

18:08:09.0170 5836 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

18:08:09.0172 5836 lltdio - ok

18:08:09.0198 5836 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

18:08:09.0199 5836 LSI_FC - ok

18:08:09.0218 5836 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

18:08:09.0220 5836 LSI_SAS - ok

18:08:09.0239 5836 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

18:08:09.0241 5836 LSI_SAS2 - ok

18:08:09.0262 5836 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

18:08:09.0263 5836 LSI_SCSI - ok

18:08:09.0292 5836 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

18:08:09.0293 5836 luafv - ok

18:08:09.0324 5836 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

18:08:09.0325 5836 megasas - ok

18:08:09.0358 5836 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

18:08:09.0360 5836 MegaSR - ok

18:08:09.0382 5836 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

18:08:09.0383 5836 Modem - ok

18:08:09.0404 5836 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

18:08:09.0406 5836 monitor - ok

18:08:09.0418 5836 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

18:08:09.0420 5836 mouclass - ok

18:08:09.0440 5836 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

18:08:09.0442 5836 mouhid - ok

18:08:09.0457 5836 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys

18:08:09.0458 5836 mountmgr - ok

18:08:09.0478 5836 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys

18:08:09.0480 5836 mpio - ok

18:08:09.0499 5836 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

18:08:09.0501 5836 mpsdrv - ok

18:08:09.0520 5836 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys

18:08:09.0522 5836 MRxDAV - ok

18:08:09.0554 5836 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys

18:08:09.0555 5836 mrxsmb - ok

18:08:09.0588 5836 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys

18:08:09.0590 5836 mrxsmb10 - ok

18:08:09.0616 5836 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys

18:08:09.0617 5836 mrxsmb20 - ok

18:08:09.0638 5836 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys

18:08:09.0640 5836 msahci - ok

18:08:09.0683 5836 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys

18:08:09.0688 5836 msdsm - ok

18:08:09.0726 5836 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

18:08:09.0727 5836 Msfs - ok

18:08:09.0741 5836 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

18:08:09.0743 5836 mshidkmdf - ok

18:08:09.0754 5836 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys

18:08:09.0756 5836 msisadrv - ok

18:08:09.0785 5836 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

18:08:09.0787 5836 MSKSSRV - ok

18:08:09.0803 5836 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

18:08:09.0805 5836 MSPCLOCK - ok

18:08:09.0826 5836 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

18:08:09.0827 5836 MSPQM - ok

18:08:09.0858 5836 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys

18:08:09.0860 5836 MsRPC - ok

18:08:09.0879 5836 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

18:08:09.0881 5836 mssmbios - ok

18:08:09.0909 5836 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

18:08:09.0910 5836 MSTEE - ok

18:08:09.0925 5836 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

18:08:09.0926 5836 MTConfig - ok

18:08:09.0951 5836 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys

18:08:09.0953 5836 MTsensor - ok

18:08:09.0972 5836 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

18:08:09.0973 5836 Mup - ok

18:08:10.0005 5836 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

18:08:10.0008 5836 NativeWifiP - ok

18:08:10.0033 5836 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys

18:08:10.0039 5836 NDIS - ok

18:08:10.0055 5836 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

18:08:10.0057 5836 NdisCap - ok

18:08:10.0078 5836 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

18:08:10.0079 5836 NdisTapi - ok

18:08:10.0108 5836 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys

18:08:10.0110 5836 Ndisuio - ok

18:08:10.0128 5836 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys

18:08:10.0130 5836 NdisWan - ok

18:08:10.0143 5836 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys

18:08:10.0144 5836 NDProxy - ok

18:08:10.0181 5836 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

18:08:10.0182 5836 NetBIOS - ok

18:08:10.0200 5836 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys

18:08:10.0204 5836 NetBT - ok

18:08:10.0252 5836 netr28x (b72bb9496a126fcfc7fc5945ded9b411) C:\Windows\system32\DRIVERS\netr28x.sys

18:08:10.0257 5836 netr28x - ok

18:08:10.0288 5836 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

18:08:10.0290 5836 nfrd960 - ok

18:08:10.0332 5836 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

18:08:10.0333 5836 Npfs - ok

18:08:10.0366 5836 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

18:08:10.0368 5836 nsiproxy - ok

18:08:10.0428 5836 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys

18:08:10.0438 5836 Ntfs - ok

18:08:10.0454 5836 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

18:08:10.0456 5836 Null - ok

18:08:10.0497 5836 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys

18:08:10.0499 5836 nvraid - ok

18:08:10.0538 5836 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys

18:08:10.0541 5836 nvstor - ok

18:08:10.0559 5836 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys

18:08:10.0561 5836 nv_agp - ok

18:08:10.0589 5836 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys

18:08:10.0591 5836 ohci1394 - ok

18:08:10.0623 5836 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

18:08:10.0625 5836 Parport - ok

18:08:10.0658 5836 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys

18:08:10.0659 5836 partmgr - ok

18:08:10.0691 5836 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys

18:08:10.0692 5836 pci - ok

18:08:10.0708 5836 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys

18:08:10.0709 5836 pciide - ok

18:08:10.0738 5836 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

18:08:10.0742 5836 pcmcia - ok

18:08:10.0776 5836 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys

18:08:10.0778 5836 pcouffin - ok

18:08:10.0794 5836 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

18:08:10.0794 5836 pcw - ok

18:08:10.0826 5836 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

18:08:10.0834 5836 PEAUTH - ok

18:08:10.0952 5836 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys

18:08:10.0954 5836 PptpMiniport - ok

18:08:11.0036 5836 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

18:08:11.0038 5836 Processor - ok

18:08:11.0072 5836 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys

18:08:11.0074 5836 Psched - ok

18:08:11.0118 5836 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

18:08:11.0133 5836 ql2300 - ok

18:08:11.0156 5836 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

18:08:11.0159 5836 ql40xx - ok

18:08:11.0181 5836 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

18:08:11.0182 5836 QWAVEdrv - ok

18:08:11.0198 5836 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

18:08:11.0200 5836 RasAcd - ok

18:08:11.0215 5836 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

18:08:11.0217 5836 RasAgileVpn - ok

18:08:11.0257 5836 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys

18:08:11.0259 5836 Rasl2tp - ok

18:08:11.0281 5836 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

18:08:11.0284 5836 RasPppoe - ok

18:08:11.0304 5836 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

18:08:11.0308 5836 RasSstp - ok

18:08:11.0330 5836 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys

18:08:11.0332 5836 rdbss - ok

18:08:11.0353 5836 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

18:08:11.0355 5836 rdpbus - ok

18:08:11.0377 5836 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

18:08:11.0378 5836 RDPCDD - ok

18:08:11.0391 5836 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

18:08:11.0393 5836 RDPENCDD - ok

18:08:11.0412 5836 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

18:08:11.0414 5836 RDPREFMP - ok

18:08:11.0443 5836 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys

18:08:11.0445 5836 RDPWD - ok

18:08:11.0478 5836 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys

18:08:11.0480 5836 rdyboost - ok

18:08:11.0526 5836 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

18:08:11.0528 5836 rspndr - ok

18:08:11.0547 5836 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys

18:08:11.0549 5836 sbp2port - ok

18:08:11.0573 5836 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys

18:08:11.0574 5836 scfilter - ok

18:08:11.0603 5836 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

18:08:11.0604 5836 secdrv - ok

18:08:11.0637 5836 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

18:08:11.0640 5836 Serenum - ok

18:08:11.0662 5836 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

18:08:11.0664 5836 Serial - ok

18:08:11.0682 5836 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

18:08:11.0683 5836 sermouse - ok

18:08:11.0740 5836 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys

18:08:11.0741 5836 sffdisk - ok

18:08:11.0773 5836 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys

18:08:11.0775 5836 sffp_mmc - ok

18:08:11.0787 5836 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys

18:08:11.0791 5836 sffp_sd - ok

18:08:11.0807 5836 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

18:08:11.0809 5836 sfloppy - ok

18:08:11.0848 5836 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

18:08:11.0849 5836 SiSRaid2 - ok

18:08:11.0866 5836 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

18:08:11.0867 5836 SiSRaid4 - ok

18:08:11.0888 5836 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

18:08:11.0890 5836 Smb - ok

18:08:11.0920 5836 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

18:08:11.0921 5836 spldr - ok

18:08:11.0979 5836 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys

18:08:11.0982 5836 srv - ok

18:08:12.0003 5836 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys

18:08:12.0008 5836 srv2 - ok

18:08:12.0045 5836 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys

18:08:12.0047 5836 srvnet - ok

18:08:12.0093 5836 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

18:08:12.0094 5836 stexstor - ok

18:08:12.0135 5836 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

18:08:12.0136 5836 swenum - ok

18:08:12.0201 5836 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys

18:08:12.0212 5836 Tcpip - ok

18:08:12.0259 5836 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys

18:08:12.0270 5836 TCPIP6 - ok

18:08:12.0298 5836 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys

18:08:12.0300 5836 tcpipreg - ok

18:08:12.0316 5836 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

18:08:12.0317 5836 TDPIPE - ok

18:08:12.0335 5836 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

18:08:12.0336 5836 TDTCP - ok

18:08:12.0357 5836 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys

18:08:12.0359 5836 tdx - ok

18:08:12.0378 5836 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys

18:08:12.0380 5836 TermDD - ok

18:08:12.0431 5836 tmpreflt (ee0d3cb7368bf08ff5610dd62990e62e) C:\Windows\system32\DRIVERS\tmpreflt.sys

18:08:12.0432 5836 tmpreflt - ok

18:08:12.0467 5836 tmtdi (21cc12b7f8b44e91d03ead5b17aaf0b2) C:\Windows\system32\DRIVERS\tmtdi.sys

18:08:12.0469 5836 tmtdi - ok

18:08:12.0490 5836 tmxpflt (850db5e4b0c840c1ede013ac9838f1eb) C:\Windows\system32\DRIVERS\tmxpflt.sys

18:08:12.0493 5836 tmxpflt - ok

18:08:12.0521 5836 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys

18:08:12.0522 5836 tssecsrv - ok

18:08:12.0549 5836 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys

18:08:12.0551 5836 tunnel - ok

18:08:12.0575 5836 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

18:08:12.0577 5836 uagp35 - ok

18:08:12.0596 5836 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys

18:08:12.0599 5836 udfs - ok

18:08:12.0635 5836 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys

18:08:12.0636 5836 uliagpkx - ok

18:08:12.0652 5836 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys

18:08:12.0654 5836 umbus - ok

18:08:12.0674 5836 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

18:08:12.0676 5836 UmPass - ok

18:08:12.0709 5836 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys

18:08:12.0712 5836 USBAAPL64 - ok

18:08:12.0761 5836 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys

18:08:12.0763 5836 usbaudio - ok

18:08:12.0798 5836 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys

18:08:12.0800 5836 usbccgp - ok

18:08:12.0826 5836 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys

18:08:12.0828 5836 usbcir - ok

18:08:12.0854 5836 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys

18:08:12.0856 5836 usbehci - ok

18:08:12.0879 5836 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys

18:08:12.0882 5836 usbhub - ok

18:08:12.0898 5836 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys

18:08:12.0899 5836 usbohci - ok

18:08:12.0912 5836 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

18:08:12.0914 5836 usbprint - ok

18:08:12.0949 5836 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS

18:08:12.0950 5836 USBSTOR - ok

18:08:12.0968 5836 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys

18:08:12.0970 5836 usbuhci - ok

18:08:13.0000 5836 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys

18:08:13.0001 5836 vdrvroot - ok

18:08:13.0020 5836 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

18:08:13.0022 5836 vga - ok

18:08:13.0033 5836 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

18:08:13.0038 5836 VgaSave - ok

18:08:13.0058 5836 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys

18:08:13.0061 5836 vhdmp - ok

18:08:13.0078 5836 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys

18:08:13.0079 5836 viaide - ok

18:08:13.0099 5836 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys

18:08:13.0100 5836 volmgr - ok

18:08:13.0120 5836 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys

18:08:13.0122 5836 volmgrx - ok

18:08:13.0140 5836 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys

18:08:13.0142 5836 volsnap - ok

18:08:13.0204 5836 vsapint (6a42451b220ac2eaeb3524200c3b8acc) C:\Windows\system32\DRIVERS\vsapint.sys

18:08:13.0216 5836 vsapint - ok

18:08:13.0245 5836 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

18:08:13.0247 5836 vsmraid - ok

18:08:13.0295 5836 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

18:08:13.0297 5836 vwifibus - ok

18:08:13.0316 5836 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

18:08:13.0318 5836 vwififlt - ok

18:08:13.0386 5836 VX3000 (c366ae91d2cc2c1c25380061d235c36b) C:\Windows\system32\DRIVERS\VX3000.sys

18:08:13.0398 5836 VX3000 - ok

18:08:13.0431 5836 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

18:08:13.0432 5836 WacomPen - ok

18:08:13.0454 5836 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

18:08:13.0455 5836 WANARP - ok

18:08:13.0463 5836 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

18:08:13.0465 5836 Wanarpv6 - ok

18:08:13.0520 5836 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

18:08:13.0521 5836 Wd - ok

18:08:13.0554 5836 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

18:08:13.0559 5836 Wdf01000 - ok

18:08:13.0605 5836 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

18:08:13.0606 5836 WfpLwf - ok

18:08:13.0633 5836 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

18:08:13.0634 5836 WIMMount - ok

18:08:13.0679 5836 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys

18:08:13.0681 5836 WinUsb - ok

18:08:13.0718 5836 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

18:08:13.0737 5836 WmiAcpi - ok

18:08:13.0766 5836 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

18:08:13.0770 5836 ws2ifsl - ok

18:08:13.0816 5836 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys

18:08:13.0818 5836 WudfPf - ok

18:08:13.0845 5836 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys

18:08:13.0848 5836 WUDFRd - ok

18:08:13.0895 5836 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys

18:08:13.0897 5836 xusb21 - ok

18:08:13.0920 5836 MBR (0x1B8) (3bb56f97daa0dea66fd223920040a0d0) \Device\Harddisk0\DR0

18:08:13.0945 5836 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

18:08:13.0945 5836 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)

18:08:13.0950 5836 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1

18:08:13.0955 5836 \Device\Harddisk1\DR1 - ok

18:08:13.0985 5836 Boot (0x1200) (232a969e1d339efa1afa1d61a3383175) \Device\Harddisk0\DR0\Partition0

18:08:13.0987 5836 \Device\Harddisk0\DR0\Partition0 - ok

18:08:13.0991 5836 Boot (0x1200) (fab2c106923264ab5e39e1a602afd4dc) \Device\Harddisk1\DR1\Partition0

18:08:13.0994 5836 \Device\Harddisk1\DR1\Partition0 - ok

18:08:13.0994 5836 ============================================================

18:08:13.0995 5836 Scan finished

18:08:13.0995 5836 ============================================================

18:08:14.0011 6972 Detected object count: 1

18:08:14.0011 6972 Actual detected object count: 1

18:08:24.0124 6972 \Device\Harddisk0\DR0\# - copied to quarantine

18:08:24.0125 6972 \Device\Harddisk0\DR0 - copied to quarantine

18:08:24.0156 6972 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine

18:08:24.0157 6972 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine

18:08:24.0173 6972 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine

18:08:24.0175 6972 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine

18:08:24.0177 6972 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine

18:08:24.0187 6972 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine

18:08:24.0195 6972 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine

18:08:24.0205 6972 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

18:08:24.0207 6972 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine

18:08:24.0208 6972 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine

18:08:24.0211 6972 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot

18:08:24.0212 6972 \Device\Harddisk0\DR0 - ok

18:08:24.0238 6972 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

18:10:01.0414 5612 Deinitialize success

COmbofix.txt

ComboFix 12-02-23.02 - Steve 02/23/2012 18:24:28.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5885.3945 [GMT -5:00]

Running from: c:\users\Steve\Downloads\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

AV: Trend Micro Internet Security *Disabled/Updated* {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}

SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Trend Micro Internet Security *Disabled/Updated* {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\users\Steve\AppData\Roaming\inst.exe

c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\ffroxiac.default\searchplugins\bing-zugo.xml

c:\users\Steve\AppData\Roaming\vso_ts_preview.xml

c:\windows\dasetup.log

c:\windows\svchost.exe

F:\autorun.inf

.

.

((((((((((((((((((((((((( Files Created from 2012-01-23 to 2012-02-23 )))))))))))))))))))))))))))))))

.

.

2012-02-23 23:29 . 2012-02-23 23:29 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-02-23 23:08 . 2012-02-23 23:08 -------- d-----w- C:\TDSSKiller_Quarantine

2012-02-22 23:42 . 2012-02-22 23:42 -------- d-----w- c:\users\Steve\AppData\Roaming\Curiolab

2012-02-22 23:39 . 2012-02-22 23:39 -------- d-----w- c:\programdata\SUPERSetup

2012-02-22 23:29 . 2012-02-22 23:29 -------- d-----w- c:\users\Steve\AppData\Roaming\ParetoLogic

2012-02-22 23:29 . 2012-02-22 23:29 -------- d-----w- c:\users\Steve\AppData\Roaming\DriverCure

2012-02-22 23:28 . 2012-02-23 00:11 -------- d-----w- c:\programdata\ParetoLogic

2012-02-22 23:28 . 2012-02-22 23:28 -------- d-----w- c:\program files (x86)\ParetoLogic

2012-02-16 02:45 . 2012-02-16 02:45 -------- d-----w- c:\program files (x86)\SpywareBlaster

2012-02-15 23:26 . 2012-01-04 09:58 509952 ----a-w- c:\windows\system32\ntshrui.dll

2012-02-15 23:26 . 2012-01-04 09:03 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll

2012-02-06 17:57 . 2009-09-02 18:44 65602 ----a-w- c:\windows\SysWow64\cook3260.dll

2012-02-06 17:57 . 2009-09-02 18:44 626688 ----a-w- c:\windows\SysWow64\vp7vfw.dll

2012-02-06 17:57 . 2009-09-02 18:44 217127 ----a-w- c:\windows\SysWow64\drv43260.dll

2012-02-06 17:57 . 2009-09-02 18:44 208935 ----a-w- c:\windows\SysWow64\drv33260.dll

2012-02-06 17:57 . 2009-09-02 18:44 176165 ----a-w- c:\windows\SysWow64\drv23260.dll

2012-02-06 17:57 . 2009-09-02 18:44 1184984 ----a-w- c:\windows\SysWow64\wvc1dmod.dll

2012-02-06 17:57 . 2009-09-02 18:44 102439 ----a-w- c:\windows\SysWow64\sipr3260.dll

2012-02-06 17:57 . 2012-02-06 17:57 -------- d-----w- c:\program files (x86)\VSO

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-06 17:54 . 2010-06-20 20:29 82816 ----a-w- c:\users\Steve\AppData\Roaming\pcouffin.sys

2011-12-01 00:12 . 2011-12-01 00:12 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-01-19 23:05 1811296 ----a-w- c:\program files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2012-01-03 21:31 1514152 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-01-19 1811296]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Aim"="c:\program files (x86)\AIM\aim.exe" [2011-01-05 4321112]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"RunAIShell"="c:\program files (x86)\ASUS\AI Manager\AsShellApplication.exe" [2009-08-20 225280]

"ddoctorv2"="c:\program files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]

"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]

"AVG_TRAY"="c:\program files (x86)\AVG\AVG10\avgtray.exe" [2012-01-18 2339168]

"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-01-19 939872]

"ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-19 928096]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Best Buy Software Installer.lnk - c:\program files\Best Buy Software Installer\Best Buy Software Installer.exe [2009-10-5 1132472]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer3"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-11-10 167264]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [x]

R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 27136]

R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]

R3 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2009-08-22 917768]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]

S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]

S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-01-31 7391072]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]

S2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]

S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]

S2 Device Handle Service;Device Handle Service;c:\windows\SysWOW64\AsHookDevice.exe [2009-08-20 196608]

S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [x]

S2 vToolbarUpdater;vToolbarUpdater;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [2012-01-19 909152]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]

S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

Hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2010-02-23 1022904]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-05-24 7833120]

"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-05-24 1833504]

"SKDaemon.exe"="c:\program files\LTONHIS\Touch Manager\SKDaemon.exe" [2009-06-16 318464]

"VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://www.comcast.net/

mLocal Page = c:\windows\SysWOW64\blank.htm

mWindow Title = Windows Internet Explorer provided by Comcast

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll

FF - ProfilePath - c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\ffroxiac.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4c6a197b&v=7.008.031.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)

Toolbar-Locked - (no file)

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

Wow6432Node-HKLM-Run-dplaysvr - c:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe

Wow6432Node-HKU-Default-Run-dplaysvr - c:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe

Toolbar-Locked - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]

@Denied: (A 2) (Everyone)

@="IFlashBroker2"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe

c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe

c:\windows\SysWOW64\IoctlSvc.exe

c:\program files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe

c:\program files (x86)\ASUS\EPU-4 Engine\FourEngine.exe

c:\program files (x86)\Common Files\Nero\Lib\NMIndexingService.exe

c:\program files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

.

**************************************************************************

.

Completion time: 2012-02-23 18:36:27 - machine was rebooted

ComboFix-quarantined-files.txt 2012-02-23 23:36

.

Pre-Run: 899,393,146,880 bytes free

Post-Run: 900,071,624,704 bytes free

.

- - End Of File - - 8F340BD89536A36B59198682A05DC6B9

Link to post
Share on other sites

My system seems to be running great. Is this temporary or is it fixed? Malwarebytes detected nothing malicious:

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.02.23.05

Windows 7 x64 NTFS

Internet Explorer 8.0.7600.16385

Steve :: STEVE-PC [administrator]

2/23/2012 9:51:16 PM

mbam-log-2012-02-23 (21-51-16).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 191786

Time elapsed: 2 minute(s), 40 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

It is fixed untill you get reinfected :D

Go here to run an online scanner from ESET.

  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
  • Click Start
  • Wait for the scan to finish
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name.
  • Push the Back button.
  • Push Finish

Please post this logfile in your next reply

Please launch DDS

  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt

    [*]Save both reports to your desktop and post both in your next reply

Please post in your next reply

ESET Log

dds.txt

attach.txt

Link to post
Share on other sites

ESET Log:

C:\TDSSKiller_Quarantine\23.02.2012_18.07.42\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AWO trojan

C:\TDSSKiller_Quarantine\23.02.2012_18.07.42\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.X trojan

C:\TDSSKiller_Quarantine\23.02.2012_18.07.42\mbr0000\tdlfs0000\tsk0005.dta a variant of Win32/Rootkit.Kryptik.IC trojan

C:\TDSSKiller_Quarantine\23.02.2012_18.07.42\mbr0000\tdlfs0000\tsk0006.dta Win64/Olmarik.AC trojan

C:\TDSSKiller_Quarantine\23.02.2012_18.07.42\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AWO trojan

C:\TDSSKiller_Quarantine\23.02.2012_18.07.42\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.Z trojan

dds.txt:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26

Run by Steve at 20:07:08 on 2012-02-24

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5885.2950 [GMT -5:00]

.

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

AV: Trend Micro Internet Security *Disabled/Updated* {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}

SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Trend Micro Internet Security *Disabled/Updated* {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\PROGRA~2\AVG\AVG10\avgchsva.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\SysWOW64\AsHookDevice.exe

C:\Program Files\Microsoft LifeCam\MSCamS64.exe

C:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe

C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\SysWOW64\IoctlSvc.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe

C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe

C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\AVG\AVG10\avgnsa.exe

C:\Program Files (x86)\AVG\AVG10\avgemca.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe

C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\LTONHIS\Touch Manager\SKDaemon.exe

C:\Windows\vVX3000.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files (x86)\AIM\aim.exe

C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe

C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe

C:\Program Files (x86)\AVG\AVG10\avgtray.exe

C:\Program Files (x86)\Ask.com\Updater\Updater.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe

C:\Program Files (x86)\AVG Secure Search\vprot.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\DllHost.exe

C:\PROGRA~2\AVG\AVG10\avgrsa.exe

C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

mStart Page = hxxp://www.comcast.net/

mWindow Title = Windows Internet Explorer provided by Comcast

uInternet Settings,ProxyOverride = *.local

mURLSearchHooks: H - No File

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}

uRun: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US

uRun: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

mRun: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe

mRun: [ddoctorv2] "C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2

mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"

mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe

mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{563AB3CD-2838-4A6E-ADD6-4001CECBEF6A} : DhcpNameServer = 75.75.75.75 75.75.76.76

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll

BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO-X64: Ask Toolbar BHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll

TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

mRun-x64: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe

mRun-x64: [ddoctorv2] "C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2

mRun-x64: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"

mRun-x64: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe

mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\ffroxiac.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4c6a197b&v=7.008.031.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=

FF - plugin: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll

FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]

R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-1-31 7391072]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]

R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]

R2 Device Handle Service;Device Handle Service;C:\Windows\SysWOW64\AsHookDevice.exe [2010-1-21 196608]

R2 tmpreflt;tmpreflt;C:\Windows\system32\DRIVERS\tmpreflt.sys --> C:\Windows\system32\DRIVERS\tmpreflt.sys [?]

R2 vToolbarUpdater;vToolbarUpdater;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [2012-1-19 909152]

R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]

R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]

S2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-5-6 167264]

S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2009-8-5 704864]

S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]

S3 nosGetPlusHelper;getPlus® Helper 3004;C:\Windows\System32\svchost.exe -k nosGetPlusHelper [2009-7-13 20992]

S3 TmProxy;Trend Micro Proxy Service;C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2010-6-15 917768]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-02-25 00:09:25 -------- d-----w- C:\Program Files (x86)\ESET

2012-02-24 02:47:25 -------- d-----w- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE

2012-02-24 02:36:41 709968 ----a-w- C:\Windows\isRS-000.tmp

2012-02-24 00:39:46 -------- d-sh--w- C:\$RECYCLE.BIN

2012-02-23 23:22:42 98816 ----a-w- C:\Windows\sed.exe

2012-02-23 23:22:42 518144 ----a-w- C:\Windows\SWREG.exe

2012-02-23 23:22:42 256000 ----a-w- C:\Windows\PEV.exe

2012-02-23 23:22:42 208896 ----a-w- C:\Windows\MBR.exe

2012-02-23 23:08:23 -------- d-----w- C:\TDSSKiller_Quarantine

2012-02-22 23:42:56 -------- d-----w- C:\Users\Steve\AppData\Roaming\Curiolab

2012-02-22 23:39:36 -------- d-----w- C:\ProgramData\SUPERSetup

2012-02-22 23:29:02 -------- d-----w- C:\Users\Steve\AppData\Roaming\ParetoLogic

2012-02-22 23:29:02 -------- d-----w- C:\Users\Steve\AppData\Roaming\DriverCure

2012-02-22 23:28:41 -------- d-----w- C:\ProgramData\ParetoLogic

2012-02-22 23:28:41 -------- d-----w- C:\Program Files (x86)\ParetoLogic

2012-02-16 02:45:42 -------- d-----w- C:\Program Files (x86)\SpywareBlaster

2012-02-15 23:26:07 509952 ----a-w- C:\Windows\System32\ntshrui.dll

2012-02-15 23:26:07 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll

2012-02-06 17:57:12 65602 ----a-w- C:\Windows\SysWow64\cook3260.dll

2012-02-06 17:57:12 626688 ----a-w- C:\Windows\SysWow64\vp7vfw.dll

2012-02-06 17:57:12 217127 ----a-w- C:\Windows\SysWow64\drv43260.dll

2012-02-06 17:57:12 208935 ----a-w- C:\Windows\SysWow64\drv33260.dll

2012-02-06 17:57:12 176165 ----a-w- C:\Windows\SysWow64\drv23260.dll

2012-02-06 17:57:12 1184984 ----a-w- C:\Windows\SysWow64\wvc1dmod.dll

2012-02-06 17:57:12 102439 ----a-w- C:\Windows\SysWow64\sipr3260.dll

2012-02-06 17:57:10 -------- d-----w- C:\Program Files (x86)\VSO

.

==================== Find3M ====================

.

2012-02-06 17:54:46 82816 ----a-w- C:\Users\Steve\AppData\Roaming\pcouffin.sys

2012-01-14 04:02:25 3143168 ----a-w- C:\Windows\System32\win32k.sys

2012-01-03 06:24:52 515584 ----a-w- C:\Windows\System32\timedate.cpl

2012-01-03 05:44:24 478208 ----a-w- C:\Windows\SysWow64\timedate.cpl

2011-12-28 03:59:11 499200 ----a-w- C:\Windows\System32\drivers\afd.sys

2011-12-16 08:45:22 1197568 ----a-w- C:\Windows\System32\wininet.dll

2011-12-16 08:42:13 634368 ----a-w- C:\Windows\System32\msvcrt.dll

2011-12-16 08:41:26 57856 ----a-w- C:\Windows\System32\licmgr10.dll

2011-12-16 08:02:26 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-12-16 07:59:17 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll

2011-12-16 07:58:33 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2011-12-16 07:26:35 482816 ----a-w- C:\Windows\System32\html.iec

2011-12-16 06:49:33 386048 ----a-w- C:\Windows\SysWow64\html.iec

2011-12-16 06:43:48 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-12-16 06:15:25 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-12-10 20:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-12-01 00:12:28 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

.

============= FINISH: 20:07:45.20 ===============

attach.txt:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 6/15/2010 8:49:00 PM

System Uptime: 2/23/2012 9:43:20 PM (23 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | CM5571

Processor: Pentium® Dual-Core CPU E5400 @ 2.70GHz | LGA775 | 2700/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 924 GiB total, 838.883 GiB free.

D: is CDROM ()

E: is FIXED (NTFS) - 466 GiB total, 360.439 GiB free.

F: is FIXED (NTFS) - 1863 GiB total, 962.588 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP211: 2/6/2012 3:00:24 AM - Windows Backup

RP212: 2/13/2012 3:00:25 AM - Windows Backup

RP213: 2/16/2012 3:00:12 AM - Windows Update

RP214: 2/20/2012 3:12:53 AM - Windows Backup

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

µTorrent

2007 Microsoft Office Suite Service Pack 2 (SP2)

Acrobat.com

Adobe AIR

Adobe Community Help

Adobe Download Assistant

Adobe Flash Player 10 ActiveX

Adobe Media Player

AI Manager

AIM 7

Apple Application Support

Apple Software Update

ASIO4ALL

Ask Toolbar

Ask Toolbar Updater

ASUSUpdate

Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver

Atheros Ethernet Utility

Best Buy Software Installer

Bing Bar

Collab

Comcast High-Speed Internet Install Wizard

Compatibility Pack for the 2007 Office system

ConvertXtoDVD 4.1.19.365

Desktop Doctor

Download Updater (AOL LLC)

EPU-4 Engine

ESET Online Scanner v3

FL Studio 8

IL Download Manager

Java Auto Updater

Java 6 Update 26

Junk Mail filter update

League of Legends

Malwarebytes Anti-Malware version 1.60.1.1000

McAfee Security Scan Plus

Microsoft Choice Guard

Microsoft Corporation

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Excel 2007 Help Actualización (KB963678)

Microsoft Office Excel MUI (Dutch) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Excel MUI (French) 2007

Microsoft Office Excel MUI (German) 2007

Microsoft Office Excel MUI (Spanish) 2007

Microsoft Office Home and Student 2007

Microsoft Office Live Add-in 1.5

Microsoft Office OneNote MUI (Dutch) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office OneNote MUI (French) 2007

Microsoft Office OneNote MUI (German) 2007

Microsoft Office OneNote MUI (Spanish) 2007

Microsoft Office Powerpoint 2007 Help Actualización (KB963669)

Microsoft Office PowerPoint MUI (Dutch) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint MUI (French) 2007

Microsoft Office PowerPoint MUI (German) 2007

Microsoft Office PowerPoint MUI (Spanish) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (Arabic) 2007

Microsoft Office Proof (Basque) 2007

Microsoft Office Proof (Catalan) 2007

Microsoft Office Proof (Dutch) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Galician) 2007

Microsoft Office Proof (German) 2007

Microsoft Office Proof (Italian) 2007

Microsoft Office Proof (Portuguese (Brazil)) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (Dutch) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing (French) 2007

Microsoft Office Proofing (German) 2007

Microsoft Office Proofing (Spanish) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Shared MUI (Dutch) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared MUI (French) 2007

Microsoft Office Shared MUI (German) 2007

Microsoft Office Shared MUI (Spanish) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Suite Activation Assistant

Microsoft Office Word 2007 Help Actualización (KB963665)

Microsoft Office Word MUI (Dutch) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Office Word MUI (French) 2007

Microsoft Office Word MUI (German) 2007

Microsoft Office Word MUI (Spanish) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Mise à jour Microsoft Office Excel 2007 Help (KB963678)

Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)

Mise à jour Microsoft Office Word 2007 Help (KB963665)

Mozilla Firefox 10.0.2 (x86 en-US)

MSVCRT

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP3 Parser (KB973685)

Nero 8

Pando Media Booster

Picasa 3

PoiZone

QuickTime

Realtek High Definition Audio Driver

Safari

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB2553089)

Security Update for 2007 Microsoft Office System (KB2553090)

Security Update for 2007 Microsoft Office System (KB2584063)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Sony ACID Pro 6.0

Sony Media Manager 2.2

SpywareBlaster 4.6

Switch Sound File Converter

Text Twist 2

Toxic Biohazard

Update für Microsoft Office Excel 2007 Help (KB963678)

Update für Microsoft Office Powerpoint 2007 Help (KB963669)

Update für Microsoft Office Word 2007 Help (KB963665)

Update for 2007 Microsoft Office System (KB2284654)

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition

Update for Microsoft Office 2007 System (KB2539530)

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Update voor Microsoft Office Excel 2007 Help (KB963678)

Update voor Microsoft Office Powerpoint 2007 Help (KB963669)

Update voor Microsoft Office Word 2007 Help (KB963665)

Visual C++ 8.0 Runtime Setup Package (x64)

Visual Studio 2008 x64 Redistributables

VLC media player 1.0.5

VLC Setup Helper 4.05

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Gallery

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

WinRAR archiver

.

==== Event Viewer Messages From Past Week ========

.

2/23/2012 8:11:04 PM, Error: Service Control Manager [7034] - The Windows Image Acquisition (WIA) service terminated unexpectedly. It has done this 1 time(s).

2/23/2012 6:31:27 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.

2/23/2012 6:29:29 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

2/23/2012 6:28:39 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

2/23/2012 6:14:43 PM, Error: Service Control Manager [7022] - The AVG WatchDog service hung on starting.

2/23/2012 6:12:10 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.

2/20/2012 3:59:33 AM, Error: Microsoft-Windows-BitLocker-Driver [24620] - Encrypted volume check: Volume information on E: cannot be read.

2/20/2012 3:02:23 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8a0168ed000, 0x0000000000000000, 0xfffff80002ec008e, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022012-43586-01.

2/18/2012 7:37:18 AM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.

2/18/2012 7:37:18 AM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

2/18/2012 5:53:38 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800031683fa, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 021812-45318-01.

.

==== End Of File ===========================

Link to post
Share on other sites

Hy there and sorry for the delay. I felt ill.

Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs (if present):

Ask Toolbar

Ask Toolbar Updater

You may want to read this link why I want you to uninstall this toolbar.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

  • Download the latest version of Java Runtime Enviroment 6 Update 31 and save it to your desktop.
  • Scroll down to where it says Java SE 6 Update 31
  • Click the red Download JRE button on the right.
  • Read the License Agreement then select Accept License Agreement
  • Click on the link to download Windows x86 Offline and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u31-windows-i586 to install the newest version.

After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)

  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are three options in the window to clear the cache - Make sure all are checked
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

Please post in your next reply

Note any open issues

Link to post
Share on other sites

Great :)

Unless you have any open issues, you are good to go. Please follow these last few steps.

Please press the windows.jpg + R Key and Copy/Paste the following single-line command into the Run box and click OK

combofix /uninstall

This will uninstall ComboFix and delete ComboFix's quarantine folder. It will also implement some cleanup procedures, remove old System Restore Points which contain previous infections, and create a fresh, clean System Restore Point.

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Empty your Recycle Bin if it does not do so automatically.

Please delete the following folder ( if exists )

C:\TDSSKiller_quarantine

Now that you appear to be free from malware lets help you stay that way!

It is vital that you keep your system up to date

  • Please enable Automatic Updates to keep your system up to date.
  • Windows Updates
    • Win XP: Start --> Control Panel and double- click on Automatic Updates.
    • Vista / 7: Start --> Control Panel --> System and Security --> Windows Updates

    [*] Software Updates

    Your installed Software also can have vulnerabilities that malware can use to infect your system.

    To keep your installed Software up to date I recommend File Hippo.

Anti Virus Software

  • Make sure to have one Anti Virus programme installed and update it on a regular basis. It is useless with out of date definitions.

Additional Protection
  • Malwarebytes Anti Malware
    The freeware Version is an on demand scanner which will check your system for malware. Update it once a week and run a Quick Scan. You can also buy a licence which offers more features.
  • WinPatrol
    WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.

Safer Browsing

Use an alternate browser

Other browsers tend to be more secure than IE as they do not make use of active x objects. Active x objects can be used by spyware as an infection point on your computer.

Note: If you use Firefox you may want to have a look on this Add Ons.

Computer Maintenance

Clean out your temp files on a regular basis -I recommend TFC ( Temp File Cleaner ).

Thinking while surfing

There is no software which will protect your system from yourself.

I have included some security related articles that I advise you read through in your own time. These articles will give you tips and advice on preventing infection, and how to stay safe whilst browsing the internet.

If you have any questions kindly ask.

Please respond to this thread one more time so we can mark this thread as resolved.

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.