Jump to content

help with infection (svchosts?)


Recommended Posts

Hi

Out of nowhere I seem to have a nasty injection. Always run AVG and Malwarebytes, it found a number of trojans today, and despite deleting and rebooting, they are straight back everytime i try to boot into windows, crashing my PC within minutes.

My PC does not allow me to operate it correctly in normal mode, so I ran the tests asked for in safe mode, I hope that is ok... Here are the results...

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 02/11/2009 21:39:46

System Uptime: 01/03/2012 19:56:27 (2 hours ago)

.

Motherboard: Dell Inc. | | 0N826N

Processor: Intel® Core2 Quad CPU Q9400 @ 2.66GHz | Socket 775 | 2660/333mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 457 GiB total, 105.374 GiB free.

D: is CDROM ()

E: is FIXED (NTFS) - 932 GiB total, 794.129 GiB free.

G: is Removable

H: is Removable

I: is Removable

J: is Removable

K: is Removable

M: is CDROM (CDFS)

N: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: Security Processor Loader Driver

Device ID: ROOT\LEGACY_SPLDR\0000

Manufacturer:

Name: Security Processor Loader Driver

PNP Device ID: ROOT\LEGACY_SPLDR\0000

Service: spldr

.

==== System Restore Points ===================

.

RP207: 27/02/2012 11:20:35 - Removed WinZip 16.0

RP208: 27/02/2012 18:14:00 - Removed Steam

RP209: 27/02/2012 18:44:32 - Windows Update

RP210: 29/02/2012 13:08:41 - Removed Apple Software Update

RP211: 29/02/2012 13:26:00 - Removed Adobe Community Help

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

7-Zip 4.65

A-PDF Merger 4.6

ACID Pro 7.0

Adobe AIR

Adobe Community Help

Adobe Flash Player 10 Plugin

Adobe Media Player

Adobe Photoshop CS5

Adobe Reader 9.5.0

Any Video Converter 3.0.5

ASIO4ALL

µTorrent

Avidemux 2.5 (32-bit)

Bing Bar

Canon MP Navigator EX 1.0

Canon MP610 series User Registration

Carbonite

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Compatibility Pack for the 2007 Office system

CyberLink PowerDirector

DC++ 0.782

Dell Support Center (Support Software)

Doro 1.66

EOSInfo

exPressit SE

FL Studio 9

FlashFXP v3

Google Chrome

Google Chrome Frame

Google Update Helper

GoToMeeting 4.8.0.723

GTK+ Runtime 2.14.7 rev a (remove only)

HexEdit

IL Download Manager

Java Auto Updater

Java 6 Update 23

Junk Mail filter update

K-Lite Mega Codec Pack 5.3.0

Kayako Desktop

Live Support Chat for Web Site 5.4.4

Malwarebytes Anti-Malware version 1.60.1.1000

Microsoft Choice Guard

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office Home and Student 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (English) 2007

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Mozilla Firefox (3.6.17)

Mp3tag v2.47b

MSVCRT

Native Instruments Traktor DJ Studio 3

Network Stumbler 0.4.0 (remove only)

NVIDIA PhysX

PDF Settings CS5

Pidgin

PoiZone

PowerDVD DX

PowerISO

PremiumSoft Navicat Lite 9.1

QuickTime

Realtek High Definition Audio Driver

rFactor (remove only)

Roxio Burn

Roxio Update Manager

Sawer

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

SmartSound Quicktracks Plugin

Spelling Dictionaries Support For Adobe Reader 9

Steam

TweetDeck

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

VanDyke Software SecureCRT 5.5

Video Capture Master 7.1.0.300

Viewpoint Manager (Remove Only)

Viewpoint Media Player

Visual Studio 2008 x64 Redistributables

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

.

==== Event Viewer Messages From Past Week ========

.

29/02/2012 18:17:26, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff800032b2ab5). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022912-36363-01.

29/02/2012 16:44:57, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {0B5A2C52-3EB9-470A-96E2-6C6D4570E40F}

29/02/2012 16:17:09, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

29/02/2012 16:07:07, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

29/02/2012 16:06:52, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

29/02/2012 16:03:55, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

29/02/2012 16:03:14, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800035d4a9a, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022912-31995-01.

29/02/2012 16:03:10, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx64 Avgmfx64 DfsC discache NetBIOS NetBT nsiproxy Psched rdbss SCDEmu spldr tdx vwififlt Wanarpv6 WfpLwf

29/02/2012 16:03:09, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

29/02/2012 16:03:09, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

29/02/2012 16:03:09, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

29/02/2012 16:03:09, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

29/02/2012 16:03:08, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

29/02/2012 16:03:07, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

29/02/2012 16:03:07, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

29/02/2012 16:03:07, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

29/02/2012 16:03:07, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

29/02/2012 14:30:24, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.

29/02/2012 12:52:39, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff8000325ef6b, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022912-44975-01.

29/02/2012 11:21:00, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x000000003c346351, 0x0000000000000002, 0x0000000000000001, 0xfffff800032c8ab5). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022912-40404-01.

29/02/2012 11:19:28, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

29/02/2012 11:18:58, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

29/02/2012 11:18:57, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

29/02/2012 11:18:57, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

29/02/2012 11:17:45, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80003272f6b, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022912-41995-01.

29/02/2012 11:09:09, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff800032caab5). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022912-31418-01.

27/02/2012 17:55:04, Error: Service Control Manager [7031] - The CarboniteService service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

27/02/2012 17:54:03, Error: Service Control Manager [7034] - The Viewpoint Service service terminated unexpectedly. It has done this 1 time(s).

27/02/2012 17:54:03, Error: Service Control Manager [7034] - The SupportSoft Sprocket Service (DellSupportCenter) service terminated unexpectedly. It has done this 1 time(s).

27/02/2012 17:54:03, Error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).

27/02/2012 17:54:03, Error: Service Control Manager [7034] - The Dyn Updater service terminated unexpectedly. It has done this 1 time(s).

27/02/2012 17:54:03, Error: Service Control Manager [7034] - The Dock Login Service service terminated unexpectedly. It has done this 1 time(s).

27/02/2012 17:54:03, Error: Service Control Manager [7034] - The Dell Wireless WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s).

27/02/2012 17:54:03, Error: Service Control Manager [7034] - The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly. It has done this 1 time(s).

27/02/2012 17:54:03, Error: Service Control Manager [7034] - The BBUpdate service terminated unexpectedly. It has done this 1 time(s).

27/02/2012 17:54:03, Error: Service Control Manager [7034] - The AVG WatchDog service terminated unexpectedly. It has done this 2 time(s).

27/02/2012 17:54:03, Error: Service Control Manager [7034] - The Andrea RT Filters Service service terminated unexpectedly. It has done this 1 time(s).

27/02/2012 17:54:03, Error: Service Control Manager [7031] - The CarboniteService service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

27/02/2012 17:54:03, Error: Service Control Manager [7031] - The AVG WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

01/03/2012 21:46:39, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}

01/03/2012 21:46:39, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

01/03/2012 21:46:34, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk7\DR7.

01/03/2012 21:44:20, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

01/03/2012 21:44:19, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

01/03/2012 21:44:12, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

01/03/2012 21:44:10, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service CarboniteService with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}

01/03/2012 21:44:05, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

01/03/2012 19:57:02, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx64 Avgmfx64 discache SCDEmu spldr Wanarpv6

01/03/2012 10:06:19, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

.

==== End Of File ===========================

.

DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK

Internet Explorer: 9.0.8112.16421

Run by matt at 21:46:47 on 2012-03-01

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8190.7421 [GMT 0:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

-netsvcs

C:\Windows\system32\conhost.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\ctfmon.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page =

uStart Page = hxxp://admin:admin@secure.xssl.net/status/

uSearch Bar =

uURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: FlashFXP Helper for Internet Explorer: {e5a1691b-d188-4419-ad02-90002030b8ee} - C:\PROGRA~2\FlashFXP\IEFlash.dll

BHO: ChromeFrame BHO: {ecb3c477-1a0a-44bd-bb57-78f9efe34fa7} - C:\Program Files (x86)\Google\Chrome Frame\Application\17.0.963.56\npchrome_frame.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB: {5000A11A-D70A-4B1A-B68C-7222F071A313} - No File

uRun: [iSUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe" -scheduler

uRun: [Google Update] "C:\Users\matt\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [Pidgin] C:\Program Files (x86)\Pidgin\pidgin.exe

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [AdobeBridge]

uRun: [lpc] rundll32.exe " non stop to restore the server. We are happy to help your programmers with the code which caused the initial duplicate insertion problem which crashed InnoDB, but obviously cannot do that until such time as the server is working again.cHi MattCurrently your srundll32.exe " non stop to restore the server. We are happy to help your programmers with the", RegisterDll

uRun: [ProvideSupportOperatorConsole] C:\PROGRA~2\PROVID~1\LIVESU~1\PROVID~1.EXE

mRun: [DoroServer] C:\Program Files (x86)\DoroPDFWriter\DoroServer.exe

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun: [dellsupportcenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter

mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

dRun: [lpc] rundll32.exe "C:\Users\matt\AppData\Roaming\Remote\dmc01.dll",RegisterDll

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TWEETD~1.LNK - C:\Program Files (x86)\TweetDeck\TweetDeck.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

Trusted Zone: facebook.com\www

DPF: {0A43D7AC-D6C1-4622-B309-BF975F427C0E} - hxxps://internetbankingplus1.firstdirect.com/ibplus/frontdoorFD.cab

DPF: {26522409-8BBF-4C5B-A4D3-CF4B1D6F255B} - hxxp://www.umediaserver.net/bin/UMediaControl5.cab

DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} - hxxps://moneymanager.egg.com/Pinsafe/accounttracking.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {9B479D7B-916A-45B0-B042-D42865A60E21} - hxxp://dsl2.unitedhosting.co.uk/DvrOcx.cab

DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {F184A6DA-2B5A-4507-8555-C05C5C5C9A9B} - hxxps://72.249.26.251/itcclient.cab

TCP: DhcpNameServer = 194.168.4.100 194.168.8.100

TCP: Interfaces\{5A62F666-7EC5-454A-B022-71178A0C4742} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{5A62F666-7EC5-454A-B022-71178A0C4742}\C416474796D6F627568614E6 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{5A62F666-7EC5-454A-B022-71178A0C4742}\C616474796D6F627568614E6 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{D937D130-9432-4771-89CA-283D835B89F8} : DhcpNameServer = 194.168.4.100 194.168.8.100

TCP: Interfaces\{D937D130-9432-4771-89CA-283D835B89F8}\7516C6370275966496 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{D937D130-9432-4771-89CA-283D835B89F8}\C616474796D6F627568614E6 : NameServer = 192.168.0.1

TCP: Interfaces\{D937D130-9432-4771-89CA-283D835B89F8}\C616474796D6F627568614E6 : DhcpNameServer = 194.168.4.100 194.168.8.100

Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\17.0.963.56\npchrome_frame.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: FlashFXP Helper for Internet Explorer: {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~2\FlashFXP\IEFlash.dll

BHO-X64: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\17.0.963.56\npchrome_frame.dll

BHO-X64: ChromeFrame BHO - No File

TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB-X64: {5000A11A-D70A-4B1A-B68C-7222F071A313} - No File

mRun-x64: [DoroServer] C:\Program Files (x86)\DoroPDFWriter\DoroServer.exe

mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun-x64: [dellsupportcenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter

mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun-x64: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

IE-X64: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe

IE-X64: {03588886-5C50-4645-BD5D-F105F84417DE} - http://www.intercasino.co.uk

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\matt\AppData\Roaming\Mozilla\Firefox\Profiles\af2r319y.default\

FF - prefs.js: browser.startup.homepage - hxxp://admin:admin@www.unitedsupport.co.uk/homepage/

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\matt\AppData\Local\Google\Update\1.3.21.53\npGoogleUpdate3.dll

FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]

S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]

S2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-10-29 92160]

S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]

S2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]

S2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]

S2 Dyn Updater;Dyn Updater;C:\Program Files (x86)\DynDNS Updater\DynUpSvc.exe [2011-9-6 95608]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-11-17 135664]

S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2012-2-27 2214504]

S2 Viewpoint Service;Viewpoint Service;C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe [2010-1-25 30152]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-11-17 135664]

S3 netr28ux;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\Dnetr28ux.sys --> C:\Windows\system32\DRIVERS\Dnetr28ux.sys [?]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

S3 StkTMini;Syntek AVStream USB2.0 ATV;C:\Windows\system32\Drivers\StkTMini.sys --> C:\Windows\system32\Drivers\StkTMini.sys [?]

S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBMULCD;USB Multi-Channel Audio Device Interface;C:\Windows\system32\drivers\CM10664.sys --> C:\Windows\system32\drivers\CM10664.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-02-29 12:53:35 20480 ----a-w- C:\Windows\svchost.exe

2012-02-29 08:07:56 -------- d-----w- C:\Users\matt\AppData\Roaming\Remote

2012-02-27 18:46:22 739432 ----a-w- C:\Windows\System32\easyupdatusapiu64.dll

2012-02-27 18:18:14 -------- d-----w- C:\Program Files (x86)\Steam

2012-02-27 18:15:14 -------- d-----w- C:\Windows\048298C9A4D3490B9FF9AB023A9238F3.TMP

2012-02-25 04:58:39 -------- d-----w- C:\Users\matt\AppData\Roaming\Kayako

2012-02-25 04:58:22 -------- d-----w- C:\Program Files (x86)\Kayako

2012-02-17 23:55:00 -------- d-----w- C:\Users\matt\AppData\Roaming\Malwarebytes

2012-02-17 23:54:54 -------- d-----w- C:\ProgramData\Malwarebytes

2012-02-17 23:54:53 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-02-17 23:54:53 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-02-15 12:34:34 509952 ----a-w- C:\Windows\System32\ntshrui.dll

2012-02-15 12:34:34 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll

2012-02-15 12:34:33 515584 ----a-w- C:\Windows\System32\timedate.cpl

2012-02-15 12:34:33 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl

2012-02-15 12:34:31 3145728 ----a-w- C:\Windows\System32\win32k.sys

2012-02-15 12:34:30 498688 ----a-w- C:\Windows\System32\drivers\afd.sys

2012-02-15 12:34:28 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll

2012-02-15 12:34:28 634880 ----a-w- C:\Windows\System32\msvcrt.dll

.

==================== Find3M ====================

.

2012-02-21 11:51:29 72080 ----a-w- C:\Users\matt\g2mdlhlpx.exe

2011-12-14 07:11:03 2308096 ----a-w- C:\Windows\System32\jscript9.dll

2011-12-14 07:04:30 1390080 ----a-w- C:\Windows\System32\wininet.dll

2011-12-14 07:03:38 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2011-12-14 06:57:28 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2011-12-14 03:04:54 1798656 ----a-w- C:\Windows\SysWow64\jscript9.dll

2011-12-14 02:57:18 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-12-14 02:56:58 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2011-12-14 02:50:04 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

.

============= FINISH: 21:51:30.59 ===============

Link to post
Share on other sites

Hy

my name is Daniel and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.exe and save it to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

Please post the contents of that log in your next reply.

Link to post
Share on other sites

Hi

thanks for the help, here is the TDS log:

10:11:55.0583 1804 TDSS rootkit removing tool 2.7.17.0 Feb 29 2012 14:02:24

10:11:55.0599 1804 ============================================================

10:11:55.0599 1804 Current date / time: 2012/03/02 10:11:55.0599

10:11:55.0599 1804 SystemInfo:

10:11:55.0599 1804

10:11:55.0599 1804 OS Version: 6.1.7601 ServicePack: 1.0

10:11:55.0599 1804 Product type: Workstation

10:11:55.0599 1804 ComputerName: MATT-W7

10:11:55.0599 1804 UserName: matt

10:11:55.0599 1804 Windows directory: C:\Windows

10:11:55.0599 1804 System windows directory: C:\Windows

10:11:55.0599 1804 Running under WOW64

10:11:55.0599 1804 Processor architecture: Intel x64

10:11:55.0599 1804 Number of processors: 4

10:11:55.0599 1804 Page size: 0x1000

10:11:55.0599 1804 Boot type: Safe boot with network

10:11:55.0599 1804 ============================================================

10:11:56.0597 1804 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

10:11:56.0597 1804 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040

10:11:56.0597 1804 Drive \Device\Harddisk2\DR2 - Size: 0x3B5980000 (14.84 Gb), SectorSize: 0x200, Cylinders: 0x790, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

10:11:56.0660 1804 Drive \Device\Harddisk7\DR8 - Size: 0x3BB63FE00 (14.93 Gb), SectorSize: 0x200, Cylinders: 0x79C, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

10:11:56.0660 1804 \Device\Harddisk0\DR0:

10:11:56.0660 1804 MBR used

10:11:56.0660 1804 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x27800, BlocksNum 0x123F000

10:11:56.0660 1804 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1266800, BlocksNum 0x3911F000

10:11:56.0660 1804 \Device\Harddisk1\DR1:

10:11:56.0660 1804 MBR used

10:11:56.0660 1804 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800

10:11:56.0660 1804 \Device\Harddisk2\DR2:

10:11:56.0660 1804 MBR used

10:11:56.0660 1804 \Device\Harddisk2\DR2\Partition0: MBR, Type 0xC, StartLBA 0x2000, BlocksNum 0x1DAAC00

10:11:56.0660 1804 \Device\Harddisk7\DR8:

10:11:56.0660 1804 MBR used

10:11:56.0660 1804 \Device\Harddisk7\DR8\Partition0: MBR, Type 0xC, StartLBA 0x34, BlocksNum 0x1DD5A92

10:11:56.0691 1804 Initialize success

10:11:56.0691 1804 ============================================================

10:11:58.0188 1508 ============================================================

10:11:58.0188 1508 Scan started

10:11:58.0188 1508 Mode: Manual;

10:11:58.0188 1508 ============================================================

10:11:58.0953 1508 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

10:11:58.0953 1508 1394ohci - ok

10:11:59.0093 1508 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

10:11:59.0093 1508 ACPI - ok

10:11:59.0140 1508 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

10:11:59.0140 1508 AcpiPmi - ok

10:11:59.0202 1508 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

10:11:59.0218 1508 adp94xx - ok

10:11:59.0249 1508 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

10:11:59.0249 1508 adpahci - ok

10:11:59.0280 1508 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

10:11:59.0280 1508 adpu320 - ok

10:11:59.0358 1508 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

10:11:59.0358 1508 AFD - ok

10:11:59.0405 1508 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

10:11:59.0405 1508 agp440 - ok

10:11:59.0436 1508 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

10:11:59.0436 1508 aliide - ok

10:11:59.0452 1508 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

10:11:59.0452 1508 amdide - ok

10:11:59.0499 1508 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

10:11:59.0499 1508 AmdK8 - ok

10:11:59.0514 1508 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

10:11:59.0514 1508 AmdPPM - ok

10:11:59.0577 1508 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

10:11:59.0577 1508 amdsata - ok

10:11:59.0639 1508 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

10:11:59.0639 1508 amdsbs - ok

10:11:59.0686 1508 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

10:11:59.0686 1508 amdxata - ok

10:11:59.0733 1508 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

10:11:59.0733 1508 AppID - ok

10:11:59.0764 1508 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

10:11:59.0764 1508 arc - ok

10:11:59.0780 1508 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

10:11:59.0780 1508 arcsas - ok

10:11:59.0826 1508 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

10:11:59.0826 1508 AsyncMac - ok

10:11:59.0842 1508 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

10:11:59.0842 1508 atapi - ok

10:11:59.0920 1508 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys

10:11:59.0920 1508 AVGIDSEH - ok

10:11:59.0982 1508 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys

10:11:59.0982 1508 Avgldx64 - ok

10:12:00.0045 1508 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys

10:12:00.0045 1508 Avgmfx64 - ok

10:12:00.0123 1508 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys

10:12:00.0123 1508 Avgrkx64 - ok

10:12:00.0185 1508 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

10:12:00.0185 1508 b06bdrv - ok

10:12:00.0248 1508 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

10:12:00.0248 1508 b57nd60a - ok

10:12:00.0326 1508 BCM42RLY (e001dd475a7c27ebe5a0db45c11bad71) C:\Windows\system32\drivers\BCM42RLY.sys

10:12:00.0326 1508 BCM42RLY - ok

10:12:00.0388 1508 BCM43XX (f4cd5f52850bf2c978de178f256ba372) C:\Windows\system32\DRIVERS\bcmwl664.sys

10:12:00.0435 1508 BCM43XX - ok

10:12:00.0528 1508 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

10:12:00.0528 1508 Beep - ok

10:12:00.0591 1508 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

10:12:00.0591 1508 blbdrive - ok

10:12:00.0638 1508 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

10:12:00.0638 1508 bowser - ok

10:12:00.0669 1508 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

10:12:00.0669 1508 BrFiltLo - ok

10:12:00.0669 1508 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

10:12:00.0669 1508 BrFiltUp - ok

10:12:00.0700 1508 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

10:12:00.0700 1508 Brserid - ok

10:12:00.0716 1508 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

10:12:00.0716 1508 BrSerWdm - ok

10:12:00.0731 1508 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

10:12:00.0731 1508 BrUsbMdm - ok

10:12:00.0731 1508 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

10:12:00.0731 1508 BrUsbSer - ok

10:12:00.0747 1508 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

10:12:00.0747 1508 BTHMODEM - ok

10:12:00.0825 1508 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

10:12:00.0840 1508 cdfs - ok

10:12:00.0903 1508 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

10:12:00.0903 1508 cdrom - ok

10:12:00.0918 1508 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

10:12:00.0918 1508 circlass - ok

10:12:00.0950 1508 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

10:12:00.0950 1508 CLFS - ok

10:12:00.0981 1508 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

10:12:00.0981 1508 CmBatt - ok

10:12:00.0996 1508 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

10:12:00.0996 1508 cmdide - ok

10:12:01.0043 1508 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

10:12:01.0043 1508 CNG - ok

10:12:01.0074 1508 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

10:12:01.0074 1508 Compbatt - ok

10:12:01.0121 1508 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

10:12:01.0121 1508 CompositeBus - ok

10:12:01.0168 1508 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

10:12:01.0168 1508 crcdisk - ok

10:12:01.0293 1508 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

10:12:01.0293 1508 DfsC - ok

10:12:01.0308 1508 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

10:12:01.0308 1508 discache - ok

10:12:01.0355 1508 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

10:12:01.0371 1508 Disk - ok

10:12:01.0449 1508 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

10:12:01.0449 1508 drmkaud - ok

10:12:01.0527 1508 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

10:12:01.0558 1508 DXGKrnl - ok

10:12:01.0652 1508 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

10:12:01.0714 1508 ebdrv - ok

10:12:01.0745 1508 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

10:12:01.0745 1508 elxstor - ok

10:12:01.0808 1508 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

10:12:01.0808 1508 ErrDev - ok

10:12:01.0854 1508 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

10:12:01.0854 1508 exfat - ok

10:12:01.0886 1508 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

10:12:01.0886 1508 fastfat - ok

10:12:01.0932 1508 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

10:12:01.0932 1508 fdc - ok

10:12:01.0948 1508 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

10:12:01.0964 1508 FileInfo - ok

10:12:01.0979 1508 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

10:12:01.0979 1508 Filetrace - ok

10:12:01.0995 1508 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

10:12:01.0995 1508 flpydisk - ok

10:12:02.0073 1508 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

10:12:02.0088 1508 FltMgr - ok

10:12:02.0135 1508 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

10:12:02.0135 1508 FsDepends - ok

10:12:02.0151 1508 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

10:12:02.0151 1508 Fs_Rec - ok

10:12:02.0213 1508 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

10:12:02.0213 1508 fvevol - ok

10:12:02.0229 1508 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

10:12:02.0229 1508 gagp30kx - ok

10:12:02.0307 1508 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

10:12:02.0307 1508 hcw85cir - ok

10:12:02.0385 1508 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

10:12:02.0385 1508 HDAudBus - ok

10:12:02.0400 1508 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

10:12:02.0400 1508 HidBatt - ok

10:12:02.0416 1508 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

10:12:02.0416 1508 HidBth - ok

10:12:02.0432 1508 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

10:12:02.0447 1508 HidIr - ok

10:12:02.0494 1508 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys

10:12:02.0494 1508 HidUsb - ok

10:12:02.0525 1508 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

10:12:02.0525 1508 HpSAMD - ok

10:12:02.0619 1508 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

10:12:02.0634 1508 HTTP - ok

10:12:02.0697 1508 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

10:12:02.0697 1508 hwpolicy - ok

10:12:02.0744 1508 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

10:12:02.0744 1508 i8042prt - ok

10:12:02.0790 1508 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

10:12:02.0806 1508 iaStorV - ok

10:12:02.0822 1508 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

10:12:02.0822 1508 iirsp - ok

10:12:02.0868 1508 IntcAzAudAddService (f2b52c7b1c8e6a4fc4c4564f4a421f23) C:\Windows\system32\drivers\RTKVHD64.sys

10:12:02.0900 1508 IntcAzAudAddService - ok

10:12:02.0962 1508 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

10:12:02.0962 1508 intelide - ok

10:12:03.0009 1508 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

10:12:03.0009 1508 intelppm - ok

10:12:03.0056 1508 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

10:12:03.0056 1508 IpFilterDriver - ok

10:12:03.0087 1508 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

10:12:03.0087 1508 IPMIDRV - ok

10:12:03.0118 1508 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

10:12:03.0118 1508 IPNAT - ok

10:12:03.0149 1508 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

10:12:03.0149 1508 IRENUM - ok

10:12:03.0180 1508 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

10:12:03.0180 1508 isapnp - ok

10:12:03.0212 1508 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

10:12:03.0212 1508 iScsiPrt - ok

10:12:03.0258 1508 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

10:12:03.0258 1508 kbdclass - ok

10:12:03.0305 1508 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

10:12:03.0305 1508 kbdhid - ok

10:12:03.0352 1508 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

10:12:03.0368 1508 KSecDD - ok

10:12:03.0414 1508 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

10:12:03.0430 1508 KSecPkg - ok

10:12:03.0446 1508 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

10:12:03.0446 1508 ksthunk - ok

10:12:03.0508 1508 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

10:12:03.0508 1508 lltdio - ok

10:12:03.0586 1508 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

10:12:03.0586 1508 LSI_FC - ok

10:12:03.0586 1508 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

10:12:03.0602 1508 LSI_SAS - ok

10:12:03.0617 1508 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

10:12:03.0617 1508 LSI_SAS2 - ok

10:12:03.0633 1508 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

10:12:03.0633 1508 LSI_SCSI - ok

10:12:03.0680 1508 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

10:12:03.0680 1508 luafv - ok

10:12:03.0695 1508 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

10:12:03.0695 1508 megasas - ok

10:12:03.0726 1508 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

10:12:03.0726 1508 MegaSR - ok

10:12:03.0742 1508 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

10:12:03.0742 1508 Modem - ok

10:12:03.0804 1508 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

10:12:03.0804 1508 monitor - ok

10:12:03.0851 1508 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys

10:12:03.0851 1508 mouclass - ok

10:12:03.0898 1508 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

10:12:03.0898 1508 mouhid - ok

10:12:03.0945 1508 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

10:12:03.0945 1508 mountmgr - ok

10:12:04.0007 1508 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

10:12:04.0007 1508 mpio - ok

10:12:04.0023 1508 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

10:12:04.0054 1508 mpsdrv - ok

10:12:04.0226 1508 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

10:12:04.0241 1508 MRxDAV - ok

10:12:04.0288 1508 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

10:12:04.0288 1508 mrxsmb - ok

10:12:04.0350 1508 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

10:12:04.0350 1508 mrxsmb10 - ok

10:12:04.0366 1508 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

10:12:04.0366 1508 mrxsmb20 - ok

10:12:04.0382 1508 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

10:12:04.0382 1508 msahci - ok

10:12:04.0397 1508 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

10:12:04.0413 1508 msdsm - ok

10:12:04.0428 1508 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

10:12:04.0428 1508 Msfs - ok

10:12:04.0444 1508 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

10:12:04.0444 1508 mshidkmdf - ok

10:12:04.0491 1508 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

10:12:04.0491 1508 msisadrv - ok

10:12:04.0538 1508 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

10:12:04.0553 1508 MSKSSRV - ok

10:12:04.0569 1508 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

10:12:04.0569 1508 MSPCLOCK - ok

10:12:04.0584 1508 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

10:12:04.0584 1508 MSPQM - ok

10:12:04.0647 1508 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

10:12:04.0647 1508 MsRPC - ok

10:12:04.0662 1508 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

10:12:04.0662 1508 mssmbios - ok

10:12:04.0678 1508 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

10:12:04.0678 1508 MSTEE - ok

10:12:04.0694 1508 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

10:12:04.0694 1508 MTConfig - ok

10:12:04.0740 1508 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

10:12:04.0740 1508 Mup - ok

10:12:04.0803 1508 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

10:12:04.0803 1508 NativeWifiP - ok

10:12:04.0896 1508 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

10:12:04.0912 1508 NDIS - ok

10:12:04.0974 1508 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

10:12:04.0974 1508 NdisCap - ok

10:12:05.0006 1508 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

10:12:05.0006 1508 NdisTapi - ok

10:12:05.0068 1508 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

10:12:05.0084 1508 Ndisuio - ok

10:12:05.0130 1508 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

10:12:05.0130 1508 NdisWan - ok

10:12:05.0177 1508 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

10:12:05.0177 1508 NDProxy - ok

10:12:05.0224 1508 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

10:12:05.0224 1508 NetBIOS - ok

10:12:05.0286 1508 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

10:12:05.0286 1508 NetBT - ok

10:12:05.0380 1508 netr28ux (26672f93749ac9fd28da1b0f94efa78d) C:\Windows\system32\DRIVERS\Dnetr28ux.sys

10:12:05.0396 1508 netr28ux - ok

10:12:05.0474 1508 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

10:12:05.0474 1508 nfrd960 - ok

10:12:05.0520 1508 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

10:12:05.0520 1508 Npfs - ok

10:12:05.0536 1508 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

10:12:05.0536 1508 nsiproxy - ok

10:12:05.0614 1508 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

10:12:05.0661 1508 Ntfs - ok

10:12:05.0661 1508 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

10:12:05.0661 1508 Null - ok

10:12:05.0723 1508 NVHDA (e20abd5b229760158f753ca90b97e090) C:\Windows\system32\drivers\nvhda64v.sys

10:12:05.0739 1508 NVHDA - ok

10:12:06.0004 1508 nvlddmkm (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys

10:12:06.0207 1508 nvlddmkm - ok

10:12:06.0269 1508 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

10:12:06.0269 1508 nvraid - ok

10:12:06.0332 1508 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

10:12:06.0332 1508 nvstor - ok

10:12:06.0394 1508 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

10:12:06.0394 1508 nv_agp - ok

10:12:06.0456 1508 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

10:12:06.0456 1508 ohci1394 - ok

10:12:06.0519 1508 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

10:12:06.0519 1508 Parport - ok

10:12:06.0581 1508 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

10:12:06.0581 1508 partmgr - ok

10:12:06.0644 1508 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

10:12:06.0644 1508 pci - ok

10:12:06.0659 1508 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

10:12:06.0659 1508 pciide - ok

10:12:06.0675 1508 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

10:12:06.0690 1508 pcmcia - ok

10:12:06.0706 1508 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

10:12:06.0706 1508 pcw - ok

10:12:06.0722 1508 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

10:12:06.0737 1508 PEAUTH - ok

10:12:06.0831 1508 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

10:12:06.0831 1508 PptpMiniport - ok

10:12:06.0846 1508 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

10:12:06.0846 1508 Processor - ok

10:12:06.0924 1508 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

10:12:06.0924 1508 Psched - ok

10:12:06.0987 1508 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys

10:12:06.0987 1508 PxHlpa64 - ok

10:12:07.0034 1508 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

10:12:07.0065 1508 ql2300 - ok

10:12:07.0080 1508 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

10:12:07.0080 1508 ql40xx - ok

10:12:07.0112 1508 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

10:12:07.0112 1508 QWAVEdrv - ok

10:12:07.0112 1508 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

10:12:07.0127 1508 RasAcd - ok

10:12:07.0190 1508 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

10:12:07.0190 1508 RasAgileVpn - ok

10:12:07.0236 1508 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

10:12:07.0236 1508 Rasl2tp - ok

10:12:07.0252 1508 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

10:12:07.0252 1508 RasPppoe - ok

10:12:07.0314 1508 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

10:12:07.0314 1508 RasSstp - ok

10:12:07.0361 1508 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

10:12:07.0361 1508 rdbss - ok

10:12:07.0377 1508 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

10:12:07.0392 1508 rdpbus - ok

10:12:07.0408 1508 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

10:12:07.0408 1508 RDPCDD - ok

10:12:07.0455 1508 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

10:12:07.0455 1508 RDPENCDD - ok

10:12:07.0470 1508 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

10:12:07.0470 1508 RDPREFMP - ok

10:12:07.0533 1508 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

10:12:07.0533 1508 RDPWD - ok

10:12:07.0580 1508 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

10:12:07.0580 1508 rdyboost - ok

10:12:07.0673 1508 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

10:12:07.0673 1508 rspndr - ok

10:12:07.0736 1508 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys

10:12:07.0736 1508 RTL8167 - ok

10:12:07.0782 1508 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

10:12:07.0782 1508 sbp2port - ok

10:12:07.0860 1508 SCDEmu (6ce6f98ea3d07a9c2ce3cd0a5a86352d) C:\Windows\system32\drivers\SCDEmu.sys

10:12:07.0876 1508 SCDEmu - ok

10:12:07.0923 1508 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

10:12:07.0923 1508 scfilter - ok

10:12:07.0970 1508 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

10:12:07.0970 1508 secdrv - ok

10:12:08.0001 1508 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

10:12:08.0001 1508 Serenum - ok

10:12:08.0016 1508 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

10:12:08.0016 1508 Serial - ok

10:12:08.0063 1508 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

10:12:08.0063 1508 sermouse - ok

10:12:08.0126 1508 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

10:12:08.0126 1508 sffdisk - ok

10:12:08.0141 1508 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

10:12:08.0141 1508 sffp_mmc - ok

10:12:08.0157 1508 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

10:12:08.0157 1508 sffp_sd - ok

10:12:08.0157 1508 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

10:12:08.0157 1508 sfloppy - ok

10:12:08.0219 1508 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

10:12:08.0219 1508 SiSRaid2 - ok

10:12:08.0235 1508 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

10:12:08.0235 1508 SiSRaid4 - ok

10:12:08.0282 1508 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

10:12:08.0282 1508 Smb - ok

10:12:08.0344 1508 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

10:12:08.0344 1508 spldr - ok

10:12:08.0422 1508 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

10:12:08.0422 1508 srv - ok

10:12:08.0438 1508 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

10:12:08.0453 1508 srv2 - ok

10:12:08.0469 1508 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

10:12:08.0469 1508 srvnet - ok

10:12:08.0516 1508 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

10:12:08.0516 1508 stexstor - ok

10:12:08.0594 1508 StkTMini (b6baf8151060f07386c72bc5641290b3) C:\Windows\system32\Drivers\StkTMini.sys

10:12:08.0609 1508 StkTMini - ok

10:12:08.0656 1508 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

10:12:08.0656 1508 swenum - ok

10:12:08.0796 1508 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

10:12:08.0843 1508 Tcpip - ok

10:12:08.0874 1508 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

10:12:08.0890 1508 TCPIP6 - ok

10:12:08.0937 1508 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

10:12:08.0937 1508 tcpipreg - ok

10:12:08.0952 1508 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

10:12:08.0952 1508 TDPIPE - ok

10:12:08.0968 1508 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

10:12:08.0968 1508 TDTCP - ok

10:12:09.0030 1508 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

10:12:09.0030 1508 tdx - ok

10:12:09.0046 1508 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

10:12:09.0046 1508 TermDD - ok

10:12:09.0124 1508 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

10:12:09.0124 1508 tssecsrv - ok

10:12:09.0218 1508 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

10:12:09.0218 1508 TsUsbFlt - ok

10:12:09.0280 1508 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

10:12:09.0280 1508 tunnel - ok

10:12:09.0311 1508 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

10:12:09.0311 1508 uagp35 - ok

10:12:09.0374 1508 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

10:12:09.0374 1508 udfs - ok

10:12:09.0405 1508 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

10:12:09.0405 1508 uliagpkx - ok

10:12:09.0452 1508 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

10:12:09.0467 1508 umbus - ok

10:12:09.0483 1508 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

10:12:09.0483 1508 UmPass - ok

10:12:09.0545 1508 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys

10:12:09.0545 1508 usbaudio - ok

10:12:09.0592 1508 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

10:12:09.0592 1508 usbccgp - ok

10:12:09.0670 1508 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

10:12:09.0670 1508 usbcir - ok

10:12:09.0732 1508 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

10:12:09.0732 1508 usbehci - ok

10:12:09.0779 1508 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

10:12:09.0795 1508 usbhub - ok

10:12:09.0857 1508 USBMULCD (957ec5620fb055e9df2250d6fa4188e1) C:\Windows\system32\drivers\CM10664.sys

10:12:09.0888 1508 USBMULCD - ok

10:12:09.0904 1508 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys

10:12:09.0904 1508 usbohci - ok

10:12:09.0966 1508 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

10:12:09.0966 1508 usbprint - ok

10:12:10.0013 1508 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

10:12:10.0013 1508 usbscan - ok

10:12:10.0060 1508 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

10:12:10.0060 1508 USBSTOR - ok

10:12:10.0107 1508 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys

10:12:10.0107 1508 usbuhci - ok

10:12:10.0169 1508 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

10:12:10.0185 1508 vdrvroot - ok

10:12:10.0200 1508 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

10:12:10.0200 1508 vga - ok

10:12:10.0216 1508 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

10:12:10.0216 1508 VgaSave - ok

10:12:10.0263 1508 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

10:12:10.0263 1508 vhdmp - ok

10:12:10.0294 1508 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

10:12:10.0294 1508 viaide - ok

10:12:10.0356 1508 vncmirror (93f279a2c172562050700a18fa84be2e) C:\Windows\system32\DRIVERS\vncmirror.sys

10:12:10.0372 1508 vncmirror - ok

10:12:10.0388 1508 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

10:12:10.0388 1508 volmgr - ok

10:12:10.0450 1508 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

10:12:10.0450 1508 volmgrx - ok

10:12:10.0466 1508 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

10:12:10.0481 1508 volsnap - ok

10:12:10.0528 1508 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

10:12:10.0528 1508 vsmraid - ok

10:12:10.0544 1508 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

10:12:10.0544 1508 vwifibus - ok

10:12:10.0606 1508 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

10:12:10.0606 1508 vwififlt - ok

10:12:10.0622 1508 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

10:12:10.0622 1508 WacomPen - ok

10:12:10.0684 1508 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

10:12:10.0684 1508 WANARP - ok

10:12:10.0700 1508 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

10:12:10.0700 1508 Wanarpv6 - ok

10:12:10.0746 1508 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

10:12:10.0762 1508 Wd - ok

10:12:10.0778 1508 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

10:12:10.0793 1508 Wdf01000 - ok

10:12:10.0871 1508 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

10:12:10.0871 1508 WfpLwf - ok

10:12:10.0934 1508 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys

10:12:10.0934 1508 WimFltr - ok

10:12:10.0949 1508 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

10:12:10.0949 1508 WIMMount - ok

10:12:11.0012 1508 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

10:12:11.0012 1508 WinUsb - ok

10:12:11.0074 1508 WmBEnum (e7f4937b613b1e4294100c9d4efc36a9) C:\Windows\system32\drivers\WmBEnum.sys

10:12:11.0074 1508 WmBEnum - ok

10:12:11.0090 1508 WmFilter (6f6f2b263002b243d3501c7e6c8fc11d) C:\Windows\system32\drivers\WmFilter.sys

10:12:11.0105 1508 WmFilter - ok

10:12:11.0105 1508 WmHidLo (1584f8d5fdfe44c03dba85a2106b937f) C:\Windows\system32\drivers\WmHidLo.sys

10:12:11.0121 1508 WmHidLo - ok

10:12:11.0168 1508 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

10:12:11.0168 1508 WmiAcpi - ok

10:12:11.0199 1508 WmVirHid (52b4fcc6afaec0ffd80bda63f9b140cd) C:\Windows\system32\drivers\WmVirHid.sys

10:12:11.0199 1508 WmVirHid - ok

10:12:11.0246 1508 WmXlCore (395b3e7fba81bdc4501641b3b2cf2e20) C:\Windows\system32\drivers\WmXlCore.sys

10:12:11.0246 1508 WmXlCore - ok

10:12:11.0277 1508 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

10:12:11.0277 1508 ws2ifsl - ok

10:12:11.0339 1508 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

10:12:11.0339 1508 WudfPf - ok

10:12:11.0355 1508 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

10:12:11.0355 1508 WUDFRd - ok

10:12:11.0417 1508 MBR (0x1B8) (0f84f2562620c40d8a3e1908c8075675) \Device\Harddisk0\DR0

10:12:11.0448 1508 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

10:12:11.0448 1508 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)

10:12:11.0448 1508 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1

10:12:11.0464 1508 \Device\Harddisk1\DR1 - ok

10:12:11.0464 1508 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR2

10:12:11.0464 1508 \Device\Harddisk2\DR2 - ok

10:12:11.0464 1508 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk7\DR8

10:12:11.0495 1508 \Device\Harddisk7\DR8 - ok

10:12:11.0526 1508 Boot (0x1200) (a07a5198af6a781af7afcc560ed198ce) \Device\Harddisk0\DR0\Partition0

10:12:11.0526 1508 \Device\Harddisk0\DR0\Partition0 - ok

10:12:11.0542 1508 Boot (0x1200) (1bcd20a54d80090c8e717c26e22f2986) \Device\Harddisk0\DR0\Partition1

10:12:11.0542 1508 \Device\Harddisk0\DR0\Partition1 - ok

10:12:11.0542 1508 Boot (0x1200) (aaf4b08e77719844e87c77a8d921416a) \Device\Harddisk1\DR1\Partition0

10:12:11.0542 1508 \Device\Harddisk1\DR1\Partition0 - ok

10:12:11.0542 1508 Boot (0x1200) (88b500a9b664a2449271a923fa5ae13b) \Device\Harddisk2\DR2\Partition0

10:12:11.0542 1508 \Device\Harddisk2\DR2\Partition0 - ok

10:12:11.0558 1508 Boot (0x1200) (53f48a0287676db45915364c5a8a6c65) \Device\Harddisk7\DR8\Partition0

10:12:11.0558 1508 \Device\Harddisk7\DR8\Partition0 - ok

10:12:11.0558 1508 ============================================================

10:12:11.0558 1508 Scan finished

10:12:11.0558 1508 ============================================================

10:12:11.0558 1272 Detected object count: 1

10:12:11.0558 1272 Actual detected object count: 1

10:12:33.0944 1272 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - skipped by user

10:12:33.0944 1272 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Skip

10:12:38.0265 0504 Deinitialize success

Link to post
Share on other sites

You are welcome.

Execute TDSSKiller.exe and press Start Scan.

  • Ensure Cure is selected ( it should be by default )
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed
  • Click Continue then click Reboot now.

Once complete, a log will be produced at the root drive which is typically C:\

For example, C:\TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txt.

Please post the contents of that log in your next reply.

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================

Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to this topic How to disable your security applications

====================================================

Double click on combofix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

*Note - if after running ComboFix you see a message similar to 'registry key marked for deletion..' rebooting the machine will resolve that.

Please post in your next reply

TDSSKiller LOg

Combofix.txt

Let me know how your system behaves now :)

Link to post
Share on other sites

TDS LOG:

16:25:50.0575 1168 TDSS rootkit removing tool 2.7.17.0 Feb 29 2012 14:02:24

16:25:50.0591 1168 ============================================================

16:25:50.0591 1168 Current date / time: 2012/03/02 16:25:50.0591

16:25:50.0591 1168 SystemInfo:

16:25:50.0591 1168

16:25:50.0591 1168 OS Version: 6.1.7601 ServicePack: 1.0

16:25:50.0591 1168 Product type: Workstation

16:25:50.0591 1168 ComputerName: MATT-W7

16:25:50.0591 1168 UserName: matt

16:25:50.0591 1168 Windows directory: C:\Windows

16:25:50.0591 1168 System windows directory: C:\Windows

16:25:50.0591 1168 Running under WOW64

16:25:50.0591 1168 Processor architecture: Intel x64

16:25:50.0591 1168 Number of processors: 4

16:25:50.0591 1168 Page size: 0x1000

16:25:50.0591 1168 Boot type: Safe boot with network

16:25:50.0591 1168 ============================================================

16:25:51.0558 1168 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

16:25:51.0558 1168 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040

16:25:51.0558 1168 Drive \Device\Harddisk2\DR2 - Size: 0x3B5980000 (14.84 Gb), SectorSize: 0x200, Cylinders: 0x790, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

16:25:51.0605 1168 \Device\Harddisk0\DR0:

16:25:51.0605 1168 MBR used

16:25:51.0605 1168 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x27800, BlocksNum 0x123F000

16:25:51.0605 1168 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1266800, BlocksNum 0x3911F000

16:25:51.0605 1168 \Device\Harddisk1\DR1:

16:25:51.0605 1168 MBR used

16:25:51.0605 1168 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800

16:25:51.0605 1168 \Device\Harddisk2\DR2:

16:25:51.0605 1168 MBR used

16:25:51.0605 1168 \Device\Harddisk2\DR2\Partition0: MBR, Type 0xC, StartLBA 0x2000, BlocksNum 0x1DAAC00

16:25:51.0636 1168 Initialize success

16:25:51.0636 1168 ============================================================

16:25:53.0009 1000 ============================================================

16:25:53.0009 1000 Scan started

16:25:53.0009 1000 Mode: Manual;

16:25:53.0009 1000 ============================================================

16:25:53.0758 1000 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

16:25:53.0758 1000 1394ohci - ok

16:25:53.0851 1000 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

16:25:53.0851 1000 ACPI - ok

16:25:53.0898 1000 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

16:25:53.0898 1000 AcpiPmi - ok

16:25:53.0976 1000 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

16:25:53.0976 1000 adp94xx - ok

16:25:54.0007 1000 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

16:25:54.0007 1000 adpahci - ok

16:25:54.0039 1000 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

16:25:54.0039 1000 adpu320 - ok

16:25:54.0117 1000 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

16:25:54.0117 1000 AFD - ok

16:25:54.0163 1000 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

16:25:54.0163 1000 agp440 - ok

16:25:54.0179 1000 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

16:25:54.0179 1000 aliide - ok

16:25:54.0195 1000 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

16:25:54.0195 1000 amdide - ok

16:25:54.0257 1000 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

16:25:54.0257 1000 AmdK8 - ok

16:25:54.0273 1000 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

16:25:54.0273 1000 AmdPPM - ok

16:25:54.0319 1000 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

16:25:54.0319 1000 amdsata - ok

16:25:54.0382 1000 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

16:25:54.0382 1000 amdsbs - ok

16:25:54.0429 1000 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

16:25:54.0429 1000 amdxata - ok

16:25:54.0491 1000 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

16:25:54.0491 1000 AppID - ok

16:25:54.0507 1000 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

16:25:54.0507 1000 arc - ok

16:25:54.0522 1000 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

16:25:54.0522 1000 arcsas - ok

16:25:54.0585 1000 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

16:25:54.0585 1000 AsyncMac - ok

16:25:54.0600 1000 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

16:25:54.0600 1000 atapi - ok

16:25:54.0678 1000 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys

16:25:54.0678 1000 AVGIDSEH - ok

16:25:54.0741 1000 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys

16:25:54.0741 1000 Avgldx64 - ok

16:25:54.0834 1000 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys

16:25:54.0834 1000 Avgmfx64 - ok

16:25:54.0912 1000 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys

16:25:54.0912 1000 Avgrkx64 - ok

16:25:54.0975 1000 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

16:25:54.0975 1000 b06bdrv - ok

16:25:55.0037 1000 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

16:25:55.0037 1000 b57nd60a - ok

16:25:55.0115 1000 BCM42RLY (e001dd475a7c27ebe5a0db45c11bad71) C:\Windows\system32\drivers\BCM42RLY.sys

16:25:55.0115 1000 BCM42RLY - ok

16:25:55.0177 1000 BCM43XX (f4cd5f52850bf2c978de178f256ba372) C:\Windows\system32\DRIVERS\bcmwl664.sys

16:25:55.0193 1000 BCM43XX - ok

16:25:55.0255 1000 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

16:25:55.0255 1000 Beep - ok

16:25:55.0318 1000 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

16:25:55.0318 1000 blbdrive - ok

16:25:55.0365 1000 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

16:25:55.0365 1000 bowser - ok

16:25:55.0380 1000 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

16:25:55.0380 1000 BrFiltLo - ok

16:25:55.0396 1000 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

16:25:55.0396 1000 BrFiltUp - ok

16:25:55.0411 1000 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

16:25:55.0411 1000 Brserid - ok

16:25:55.0427 1000 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

16:25:55.0427 1000 BrSerWdm - ok

16:25:55.0458 1000 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

16:25:55.0458 1000 BrUsbMdm - ok

16:25:55.0458 1000 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

16:25:55.0458 1000 BrUsbSer - ok

16:25:55.0489 1000 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

16:25:55.0489 1000 BTHMODEM - ok

16:25:55.0567 1000 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

16:25:55.0567 1000 cdfs - ok

16:25:55.0661 1000 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

16:25:55.0661 1000 cdrom - ok

16:25:55.0708 1000 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

16:25:55.0708 1000 circlass - ok

16:25:55.0739 1000 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

16:25:55.0739 1000 CLFS - ok

16:25:55.0770 1000 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

16:25:55.0770 1000 CmBatt - ok

16:25:55.0817 1000 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

16:25:55.0817 1000 cmdide - ok

16:25:55.0879 1000 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

16:25:55.0879 1000 CNG - ok

16:25:55.0895 1000 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

16:25:55.0895 1000 Compbatt - ok

16:25:55.0957 1000 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

16:25:55.0957 1000 CompositeBus - ok

16:25:55.0973 1000 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

16:25:55.0973 1000 crcdisk - ok

16:25:56.0051 1000 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

16:25:56.0051 1000 DfsC - ok

16:25:56.0067 1000 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

16:25:56.0067 1000 discache - ok

16:25:56.0113 1000 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

16:25:56.0113 1000 Disk - ok

16:25:56.0176 1000 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

16:25:56.0176 1000 drmkaud - ok

16:25:56.0254 1000 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

16:25:56.0254 1000 DXGKrnl - ok

16:25:56.0379 1000 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

16:25:56.0394 1000 ebdrv - ok

16:25:56.0425 1000 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

16:25:56.0425 1000 elxstor - ok

16:25:56.0472 1000 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

16:25:56.0472 1000 ErrDev - ok

16:25:56.0503 1000 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

16:25:56.0503 1000 exfat - ok

16:25:56.0519 1000 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

16:25:56.0519 1000 fastfat - ok

16:25:56.0550 1000 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

16:25:56.0550 1000 fdc - ok

16:25:56.0597 1000 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

16:25:56.0597 1000 FileInfo - ok

16:25:56.0613 1000 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

16:25:56.0613 1000 Filetrace - ok

16:25:56.0628 1000 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

16:25:56.0628 1000 flpydisk - ok

16:25:56.0691 1000 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

16:25:56.0691 1000 FltMgr - ok

16:25:56.0706 1000 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

16:25:56.0706 1000 FsDepends - ok

16:25:56.0722 1000 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

16:25:56.0722 1000 Fs_Rec - ok

16:25:56.0784 1000 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

16:25:56.0784 1000 fvevol - ok

16:25:56.0800 1000 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

16:25:56.0800 1000 gagp30kx - ok

16:25:56.0878 1000 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

16:25:56.0878 1000 hcw85cir - ok

16:25:56.0940 1000 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

16:25:56.0940 1000 HDAudBus - ok

16:25:56.0956 1000 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

16:25:56.0956 1000 HidBatt - ok

16:25:56.0971 1000 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

16:25:56.0971 1000 HidBth - ok

16:25:56.0987 1000 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

16:25:56.0987 1000 HidIr - ok

16:25:57.0049 1000 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys

16:25:57.0049 1000 HidUsb - ok

16:25:57.0081 1000 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

16:25:57.0081 1000 HpSAMD - ok

16:25:57.0159 1000 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

16:25:57.0159 1000 HTTP - ok

16:25:57.0221 1000 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

16:25:57.0221 1000 hwpolicy - ok

16:25:57.0268 1000 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

16:25:57.0268 1000 i8042prt - ok

16:25:57.0315 1000 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

16:25:57.0315 1000 iaStorV - ok

16:25:57.0346 1000 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

16:25:57.0346 1000 iirsp - ok

16:25:57.0393 1000 IntcAzAudAddService (f2b52c7b1c8e6a4fc4c4564f4a421f23) C:\Windows\system32\drivers\RTKVHD64.sys

16:25:57.0393 1000 IntcAzAudAddService - ok

16:25:57.0424 1000 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

16:25:57.0424 1000 intelide - ok

16:25:57.0455 1000 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

16:25:57.0471 1000 intelppm - ok

16:25:57.0517 1000 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

16:25:57.0517 1000 IpFilterDriver - ok

16:25:57.0564 1000 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

16:25:57.0564 1000 IPMIDRV - ok

16:25:57.0580 1000 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

16:25:57.0580 1000 IPNAT - ok

16:25:57.0658 1000 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

16:25:57.0658 1000 IRENUM - ok

16:25:57.0673 1000 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

16:25:57.0673 1000 isapnp - ok

16:25:57.0705 1000 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

16:25:57.0705 1000 iScsiPrt - ok

16:25:57.0736 1000 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

16:25:57.0736 1000 kbdclass - ok

16:25:57.0767 1000 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

16:25:57.0783 1000 kbdhid - ok

16:25:57.0829 1000 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

16:25:57.0829 1000 KSecDD - ok

16:25:57.0892 1000 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

16:25:57.0892 1000 KSecPkg - ok

16:25:57.0923 1000 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

16:25:57.0923 1000 ksthunk - ok

16:25:57.0985 1000 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

16:25:57.0985 1000 lltdio - ok

16:25:58.0048 1000 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

16:25:58.0048 1000 LSI_FC - ok

16:25:58.0063 1000 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

16:25:58.0063 1000 LSI_SAS - ok

16:25:58.0079 1000 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

16:25:58.0079 1000 LSI_SAS2 - ok

16:25:58.0095 1000 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

16:25:58.0095 1000 LSI_SCSI - ok

16:25:58.0110 1000 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

16:25:58.0110 1000 luafv - ok

16:25:58.0126 1000 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

16:25:58.0126 1000 megasas - ok

16:25:58.0157 1000 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

16:25:58.0157 1000 MegaSR - ok

16:25:58.0173 1000 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

16:25:58.0173 1000 Modem - ok

16:25:58.0235 1000 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

16:25:58.0235 1000 monitor - ok

16:25:58.0235 1000 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys

16:25:58.0235 1000 mouclass - ok

16:25:58.0282 1000 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

16:25:58.0282 1000 mouhid - ok

16:25:58.0344 1000 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

16:25:58.0344 1000 mountmgr - ok

16:25:58.0407 1000 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

16:25:58.0407 1000 mpio - ok

16:25:58.0422 1000 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

16:25:58.0422 1000 mpsdrv - ok

16:25:58.0469 1000 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

16:25:58.0469 1000 MRxDAV - ok

16:25:58.0531 1000 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

16:25:58.0531 1000 mrxsmb - ok

16:25:58.0594 1000 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

16:25:58.0594 1000 mrxsmb10 - ok

16:25:58.0609 1000 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

16:25:58.0609 1000 mrxsmb20 - ok

16:25:58.0625 1000 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

16:25:58.0625 1000 msahci - ok

16:25:58.0656 1000 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

16:25:58.0656 1000 msdsm - ok

16:25:58.0672 1000 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

16:25:58.0672 1000 Msfs - ok

16:25:58.0734 1000 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

16:25:58.0734 1000 mshidkmdf - ok

16:25:58.0750 1000 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

16:25:58.0750 1000 msisadrv - ok

16:25:58.0797 1000 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

16:25:58.0797 1000 MSKSSRV - ok

16:25:58.0859 1000 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

16:25:58.0859 1000 MSPCLOCK - ok

16:25:58.0859 1000 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

16:25:58.0859 1000 MSPQM - ok

16:25:58.0921 1000 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

16:25:58.0921 1000 MsRPC - ok

16:25:58.0937 1000 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

16:25:58.0937 1000 mssmbios - ok

16:25:58.0953 1000 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

16:25:58.0953 1000 MSTEE - ok

16:25:58.0968 1000 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

16:25:58.0968 1000 MTConfig - ok

16:25:59.0031 1000 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

16:25:59.0031 1000 Mup - ok

16:25:59.0093 1000 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

16:25:59.0093 1000 NativeWifiP - ok

16:25:59.0171 1000 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

16:25:59.0171 1000 NDIS - ok

16:25:59.0233 1000 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

16:25:59.0233 1000 NdisCap - ok

16:25:59.0280 1000 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

16:25:59.0280 1000 NdisTapi - ok

16:25:59.0374 1000 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

16:25:59.0374 1000 Ndisuio - ok

16:25:59.0421 1000 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

16:25:59.0421 1000 NdisWan - ok

16:25:59.0467 1000 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

16:25:59.0467 1000 NDProxy - ok

16:25:59.0514 1000 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

16:25:59.0514 1000 NetBIOS - ok

16:25:59.0577 1000 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

16:25:59.0577 1000 NetBT - ok

16:25:59.0670 1000 netr28ux (26672f93749ac9fd28da1b0f94efa78d) C:\Windows\system32\DRIVERS\Dnetr28ux.sys

16:25:59.0670 1000 netr28ux - ok

16:25:59.0717 1000 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

16:25:59.0717 1000 nfrd960 - ok

16:25:59.0748 1000 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

16:25:59.0748 1000 Npfs - ok

16:25:59.0764 1000 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

16:25:59.0764 1000 nsiproxy - ok

16:25:59.0842 1000 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

16:25:59.0857 1000 Ntfs - ok

16:25:59.0857 1000 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

16:25:59.0857 1000 Null - ok

16:25:59.0920 1000 NVHDA (e20abd5b229760158f753ca90b97e090) C:\Windows\system32\drivers\nvhda64v.sys

16:25:59.0920 1000 NVHDA - ok

16:26:00.0201 1000 nvlddmkm (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys

16:26:00.0263 1000 nvlddmkm - ok

16:26:00.0310 1000 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

16:26:00.0310 1000 nvraid - ok

16:26:00.0357 1000 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

16:26:00.0372 1000 nvstor - ok

16:26:00.0419 1000 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

16:26:00.0419 1000 nv_agp - ok

16:26:00.0466 1000 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

16:26:00.0481 1000 ohci1394 - ok

16:26:00.0528 1000 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

16:26:00.0528 1000 Parport - ok

16:26:00.0591 1000 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

16:26:00.0591 1000 partmgr - ok

16:26:00.0653 1000 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

16:26:00.0653 1000 pci - ok

16:26:00.0669 1000 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

16:26:00.0669 1000 pciide - ok

16:26:00.0700 1000 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

16:26:00.0700 1000 pcmcia - ok

16:26:00.0715 1000 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

16:26:00.0715 1000 pcw - ok

16:26:00.0731 1000 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

16:26:00.0747 1000 PEAUTH - ok

16:26:00.0825 1000 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

16:26:00.0825 1000 PptpMiniport - ok

16:26:00.0840 1000 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

16:26:00.0840 1000 Processor - ok

16:26:00.0934 1000 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

16:26:00.0934 1000 Psched - ok

16:26:00.0981 1000 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys

16:26:00.0981 1000 PxHlpa64 - ok

16:26:01.0027 1000 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

16:26:01.0043 1000 ql2300 - ok

16:26:01.0059 1000 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

16:26:01.0059 1000 ql40xx - ok

16:26:01.0074 1000 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

16:26:01.0074 1000 QWAVEdrv - ok

16:26:01.0090 1000 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

16:26:01.0090 1000 RasAcd - ok

16:26:01.0152 1000 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

16:26:01.0152 1000 RasAgileVpn - ok

16:26:01.0199 1000 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

16:26:01.0215 1000 Rasl2tp - ok

16:26:01.0215 1000 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

16:26:01.0215 1000 RasPppoe - ok

16:26:01.0277 1000 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

16:26:01.0277 1000 RasSstp - ok

16:26:01.0324 1000 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

16:26:01.0324 1000 rdbss - ok

16:26:01.0355 1000 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

16:26:01.0355 1000 rdpbus - ok

16:26:01.0371 1000 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

16:26:01.0371 1000 RDPCDD - ok

16:26:01.0433 1000 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

16:26:01.0433 1000 RDPENCDD - ok

16:26:01.0449 1000 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

16:26:01.0449 1000 RDPREFMP - ok

16:26:01.0495 1000 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

16:26:01.0495 1000 RDPWD - ok

16:26:01.0542 1000 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

16:26:01.0542 1000 rdyboost - ok

16:26:01.0636 1000 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

16:26:01.0636 1000 rspndr - ok

16:26:01.0729 1000 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys

16:26:01.0729 1000 RTL8167 - ok

16:26:01.0776 1000 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

16:26:01.0776 1000 sbp2port - ok

16:26:01.0854 1000 SCDEmu (6ce6f98ea3d07a9c2ce3cd0a5a86352d) C:\Windows\system32\drivers\SCDEmu.sys

16:26:01.0854 1000 SCDEmu - ok

16:26:01.0901 1000 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

16:26:01.0901 1000 scfilter - ok

16:26:01.0932 1000 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

16:26:01.0932 1000 secdrv - ok

16:26:01.0963 1000 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

16:26:01.0963 1000 Serenum - ok

16:26:01.0979 1000 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

16:26:01.0979 1000 Serial - ok

16:26:02.0026 1000 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

16:26:02.0026 1000 sermouse - ok

16:26:02.0073 1000 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

16:26:02.0073 1000 sffdisk - ok

16:26:02.0088 1000 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

16:26:02.0088 1000 sffp_mmc - ok

16:26:02.0104 1000 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

16:26:02.0104 1000 sffp_sd - ok

16:26:02.0119 1000 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

16:26:02.0119 1000 sfloppy - ok

16:26:02.0166 1000 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

16:26:02.0166 1000 SiSRaid2 - ok

16:26:02.0197 1000 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

16:26:02.0197 1000 SiSRaid4 - ok

16:26:02.0229 1000 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

16:26:02.0229 1000 Smb - ok

16:26:02.0260 1000 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

16:26:02.0260 1000 spldr - ok

16:26:02.0338 1000 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

16:26:02.0338 1000 srv - ok

16:26:02.0353 1000 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

16:26:02.0353 1000 srv2 - ok

16:26:02.0385 1000 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

16:26:02.0385 1000 srvnet - ok

16:26:02.0400 1000 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

16:26:02.0400 1000 stexstor - ok

16:26:02.0478 1000 StkTMini (b6baf8151060f07386c72bc5641290b3) C:\Windows\system32\Drivers\StkTMini.sys

16:26:02.0478 1000 StkTMini - ok

16:26:02.0525 1000 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

16:26:02.0525 1000 swenum - ok

16:26:02.0650 1000 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

16:26:02.0665 1000 Tcpip - ok

16:26:02.0712 1000 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

16:26:02.0728 1000 TCPIP6 - ok

16:26:02.0775 1000 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

16:26:02.0775 1000 tcpipreg - ok

16:26:02.0790 1000 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

16:26:02.0790 1000 TDPIPE - ok

16:26:02.0806 1000 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

16:26:02.0806 1000 TDTCP - ok

16:26:02.0868 1000 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

16:26:02.0868 1000 tdx - ok

16:26:02.0884 1000 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

16:26:02.0884 1000 TermDD - ok

16:26:02.0931 1000 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

16:26:02.0931 1000 tssecsrv - ok

16:26:03.0009 1000 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

16:26:03.0009 1000 TsUsbFlt - ok

16:26:03.0055 1000 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

16:26:03.0055 1000 tunnel - ok

16:26:03.0071 1000 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

16:26:03.0071 1000 uagp35 - ok

16:26:03.0149 1000 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

16:26:03.0149 1000 udfs - ok

16:26:03.0165 1000 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

16:26:03.0180 1000 uliagpkx - ok

16:26:03.0227 1000 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

16:26:03.0227 1000 umbus - ok

16:26:03.0243 1000 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

16:26:03.0243 1000 UmPass - ok

16:26:03.0321 1000 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys

16:26:03.0321 1000 usbaudio - ok

16:26:03.0367 1000 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

16:26:03.0367 1000 usbccgp - ok

16:26:03.0445 1000 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

16:26:03.0445 1000 usbcir - ok

16:26:03.0477 1000 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

16:26:03.0477 1000 usbehci - ok

16:26:03.0539 1000 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

16:26:03.0539 1000 usbhub - ok

16:26:03.0617 1000 USBMULCD (957ec5620fb055e9df2250d6fa4188e1) C:\Windows\system32\drivers\CM10664.sys

16:26:03.0617 1000 USBMULCD - ok

16:26:03.0633 1000 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys

16:26:03.0633 1000 usbohci - ok

16:26:03.0695 1000 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

16:26:03.0695 1000 usbprint - ok

16:26:03.0757 1000 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

16:26:03.0757 1000 usbscan - ok

16:26:03.0804 1000 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

16:26:03.0804 1000 USBSTOR - ok

16:26:03.0851 1000 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys

16:26:03.0851 1000 usbuhci - ok

16:26:03.0867 1000 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

16:26:03.0867 1000 vdrvroot - ok

16:26:03.0882 1000 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

16:26:03.0882 1000 vga - ok

16:26:03.0913 1000 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

16:26:03.0913 1000 VgaSave - ok

16:26:03.0929 1000 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

16:26:03.0929 1000 vhdmp - ok

16:26:03.0945 1000 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

16:26:03.0945 1000 viaide - ok

16:26:04.0023 1000 vncmirror (93f279a2c172562050700a18fa84be2e) C:\Windows\system32\DRIVERS\vncmirror.sys

16:26:04.0023 1000 vncmirror - ok

16:26:04.0069 1000 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

16:26:04.0069 1000 volmgr - ok

16:26:04.0132 1000 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

16:26:04.0132 1000 volmgrx - ok

16:26:04.0179 1000 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

16:26:04.0194 1000 volsnap - ok

16:26:04.0241 1000 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

16:26:04.0241 1000 vsmraid - ok

16:26:04.0257 1000 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

16:26:04.0257 1000 vwifibus - ok

16:26:04.0303 1000 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

16:26:04.0303 1000 vwififlt - ok

16:26:04.0335 1000 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

16:26:04.0335 1000 WacomPen - ok

16:26:04.0381 1000 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

16:26:04.0381 1000 WANARP - ok

16:26:04.0413 1000 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

16:26:04.0413 1000 Wanarpv6 - ok

16:26:04.0444 1000 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

16:26:04.0444 1000 Wd - ok

16:26:04.0475 1000 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

16:26:04.0491 1000 Wdf01000 - ok

16:26:04.0553 1000 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

16:26:04.0553 1000 WfpLwf - ok

16:26:04.0615 1000 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys

16:26:04.0615 1000 WimFltr - ok

16:26:04.0631 1000 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

16:26:04.0631 1000 WIMMount - ok

16:26:04.0693 1000 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

16:26:04.0693 1000 WinUsb - ok

16:26:04.0771 1000 WmBEnum (e7f4937b613b1e4294100c9d4efc36a9) C:\Windows\system32\drivers\WmBEnum.sys

16:26:04.0771 1000 WmBEnum - ok

16:26:04.0818 1000 WmFilter (6f6f2b263002b243d3501c7e6c8fc11d) C:\Windows\system32\drivers\WmFilter.sys

16:26:04.0818 1000 WmFilter - ok

16:26:04.0834 1000 WmHidLo (1584f8d5fdfe44c03dba85a2106b937f) C:\Windows\system32\drivers\WmHidLo.sys

16:26:04.0834 1000 WmHidLo - ok

16:26:04.0881 1000 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

16:26:04.0881 1000 WmiAcpi - ok

16:26:04.0943 1000 WmVirHid (52b4fcc6afaec0ffd80bda63f9b140cd) C:\Windows\system32\drivers\WmVirHid.sys

16:26:04.0943 1000 WmVirHid - ok

16:26:04.0990 1000 WmXlCore (395b3e7fba81bdc4501641b3b2cf2e20) C:\Windows\system32\drivers\WmXlCore.sys

16:26:04.0990 1000 WmXlCore - ok

16:26:05.0021 1000 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

16:26:05.0021 1000 ws2ifsl - ok

16:26:05.0068 1000 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

16:26:05.0083 1000 WudfPf - ok

16:26:05.0099 1000 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

16:26:05.0099 1000 WUDFRd - ok

16:26:05.0130 1000 MBR (0x1B8) (0f84f2562620c40d8a3e1908c8075675) \Device\Harddisk0\DR0

16:26:05.0146 1000 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

16:26:05.0146 1000 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)

16:26:05.0146 1000 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1

16:26:05.0161 1000 \Device\Harddisk1\DR1 - ok

16:26:05.0161 1000 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR2

16:26:05.0161 1000 \Device\Harddisk2\DR2 - ok

16:26:05.0208 1000 Boot (0x1200) (a07a5198af6a781af7afcc560ed198ce) \Device\Harddisk0\DR0\Partition0

16:26:05.0208 1000 \Device\Harddisk0\DR0\Partition0 - ok

16:26:05.0224 1000 Boot (0x1200) (1bcd20a54d80090c8e717c26e22f2986) \Device\Harddisk0\DR0\Partition1

16:26:05.0224 1000 \Device\Harddisk0\DR0\Partition1 - ok

16:26:05.0224 1000 Boot (0x1200) (aaf4b08e77719844e87c77a8d921416a) \Device\Harddisk1\DR1\Partition0

16:26:05.0224 1000 \Device\Harddisk1\DR1\Partition0 - ok

16:26:05.0239 1000 Boot (0x1200) (88b500a9b664a2449271a923fa5ae13b) \Device\Harddisk2\DR2\Partition0

16:26:05.0239 1000 \Device\Harddisk2\DR2\Partition0 - ok

16:26:05.0239 1000 ============================================================

16:26:05.0239 1000 Scan finished

16:26:05.0239 1000 ============================================================

16:26:05.0239 1072 Detected object count: 1

16:26:05.0239 1072 Actual detected object count: 1

16:26:35.0613 1072 \Device\Harddisk0\DR0\# - copied to quarantine

16:26:35.0613 1072 \Device\Harddisk0\DR0 - copied to quarantine

16:26:35.0644 1072 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

16:26:35.0644 1072 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine

16:26:35.0644 1072 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine

16:26:35.0660 1072 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine

16:26:35.0660 1072 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine

16:26:35.0660 1072 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine

16:26:35.0660 1072 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine

16:26:35.0660 1072 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine

16:26:35.0660 1072 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine

16:26:35.0660 1072 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine

16:26:35.0660 1072 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot

16:26:35.0660 1072 \Device\Harddisk0\DR0 - ok

16:26:46.0533 1072 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

16:26:52.0164 1124 Deinitialize success

COMBOFIX LOG:

ComboFix 12-03-02.01 - matt 02/03/2012 16:34:54.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8190.6544 [GMT 0:00]

Running from: c:\users\matt\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\desktop.ini

C:\sooi832.bin

c:\sooi832.bin\9125C0DBD1337B9

c:\users\matt\AppData\Roaming\Remote

c:\users\matt\AppData\Roaming\Remote\dki

c:\users\matt\AppData\Roaming\Remote\dmc01.dll

c:\users\matt\AppData\Roaming\Remote\dmc01_shrd

c:\users\matt\AppData\Roaming\Remote\mxd1.txt

c:\users\matt\AppData\Roaming\Remote\n.dat

c:\users\matt\AppData\Roaming\Remote\r.dat

c:\users\matt\AppData\Roaming\Remote\xe.dat

c:\users\matt\g2mdlhlpx.exe

c:\windows\svchost.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-02-02 to 2012-03-02 )))))))))))))))))))))))))))))))

.

.

2012-03-02 16:52 . 2012-03-02 16:52 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-03-02 16:26 . 2012-03-02 16:26 -------- d-----w- C:\TDSSKiller_Quarantine

2012-03-01 09:20 . 2012-03-01 09:20 -------- d-----w- c:\users\SYSTEM

2012-02-27 18:47 . 2012-03-01 19:45 -------- d-----w- c:\users\UpdatusUser

2012-02-27 18:46 . 2011-05-21 06:01 739432 ----a-w- c:\windows\system32\easyupdatusapiu64.dll

2012-02-27 18:18 . 2012-02-27 18:18 -------- d-----w- c:\program files (x86)\Steam

2012-02-27 18:15 . 2012-02-27 18:15 -------- d-----w- c:\windows\048298C9A4D3490B9FF9AB023A9238F3.TMP

2012-02-25 04:58 . 2012-02-25 04:58 -------- d-----w- c:\users\matt\AppData\Roaming\Kayako

2012-02-25 04:58 . 2012-02-27 18:36 -------- d-----w- c:\program files (x86)\Kayako

2012-02-17 23:55 . 2012-02-17 23:55 -------- d-----w- c:\users\matt\AppData\Roaming\Malwarebytes

2012-02-17 23:54 . 2012-02-17 23:54 -------- d-----w- c:\programdata\Malwarebytes

2012-02-17 23:54 . 2012-02-17 23:54 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-02-17 23:54 . 2011-12-10 15:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-02-15 12:34 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll

2012-02-15 12:34 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl

2012-02-15 12:34 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys

2012-02-15 12:34 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys

2012-02-15 12:34 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll

2012-02-15 12:34 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-04 08:58 . 2012-02-15 12:34 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll

2011-12-30 05:27 . 2012-02-15 12:34 478720 ----a-w- c:\windows\SysWow64\timedate.cpl

2011-12-14 02:57 . 2012-02-20 03:00 1127424 ----a-w- c:\windows\SysWow64\wininet.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]

@="{95A27763-F62A-4114-9072-E81D87DE3B68}"

[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]

2011-03-03 20:52 762000 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]

@="{E300CD91-100F-4E67-9AF3-1384A6124015}"

[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]

2011-03-03 20:52 762000 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]

@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"

[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]

2011-03-03 20:52 762000 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"lpc"="non stop to restore the server. We are happy to help your programmers with the code which caused the initial duplicate insertion problem which crashed InnoDB" [X]

"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\11\ISUSPM.exe" [2008-09-26 210208]

"Pidgin"="c:\program files (x86)\Pidgin\pidgin.exe" [2011-06-08 48618]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"DoroServer"="c:\program files (x86)\DoroPDFWriter\DoroServer.exe" [2011-11-26 167936]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

"dellsupportcenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]

"Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2011-03-03 948880]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

TweetDeck.lnk - c:\program files (x86)\TweetDeck\TweetDeck.exe [2011-8-5 142848]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer8"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-17 135664]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-17 135664]

R3 netr28ux;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\Dnetr28ux.sys [x]

R3 StkTMini;Syntek AVStream USB2.0 ATV;c:\windows\system32\Drivers\StkTMini.sys [x]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM10664.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]

S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-03-31 92160]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]

S2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]

S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]

S2 Dyn Updater;Dyn Updater;c:\program files (x86)\DynDNS Updater\DynUpSvc.exe [2011-09-06 95608]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]

S2 Viewpoint Service;Viewpoint Service;c:\program files (x86)\Viewpoint\Common\ViewpointService.exe [2008-04-04 30152]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-17 18:12]

.

2012-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-17 18:12]

.

2012-02-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1415599657-2627169133-3804600032-1001Core.job

- c:\users\matt\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-07 12:42]

.

2012-02-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1415599657-2627169133-3804600032-1001UA.job

- c:\users\matt\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-07 12:42]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]

@="{95A27763-F62A-4114-9072-E81D87DE3B68}"

[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]

2011-03-03 20:36 1174672 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]

@="{E300CD91-100F-4E67-9AF3-1384A6124015}"

[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]

2011-03-03 20:36 1174672 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]

@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"

[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]

2011-03-03 20:36 1174672 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-06-03 7834656]

"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1840720]

"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-09-17 190472]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://admin:admin@secure.xssl.net/status/

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

Trusted Zone: facebook.com\www

TCP: DhcpNameServer = 194.168.4.100 194.168.8.100

TCP: Interfaces\{D937D130-9432-4771-89CA-283D835B89F8}\C616474796D6F627568614E6: NameServer = 192.168.0.1

DPF: {0A43D7AC-D6C1-4622-B309-BF975F427C0E} - hxxps://internetbankingplus1.firstdirect.com/ibplus/frontdoorFD.cab

DPF: {9B479D7B-916A-45B0-B042-D42865A60E21} - hxxp://dsl2.unitedhosting.co.uk/DvrOcx.cab

DPF: {F184A6DA-2B5A-4507-8555-C05C5C5C9A9B} - hxxps://72.249.26.251/itcclient.cab

FF - ProfilePath - c:\users\matt\AppData\Roaming\Mozilla\Firefox\Profiles\af2r319y.default\

FF - prefs.js: browser.startup.homepage - hxxp://admin:admin@www.unitedsupport.co.uk/homepage/

FF - prefs.js: network.proxy.type - 0

FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{5000a11a-d70a-4b1a-b68c-7222f071a313} - (no file)

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-AdobeBridge - (no file)

Wow6432Node-HKU-Default-Run-lpc - c:\users\matt\AppData\Roaming\Remote\dmc01.dll

SafeBoot-mcmscsvc

SafeBoot-MCODS

Toolbar-Locked - (no file)

WebBrowser-{5000A11A-D70A-4B1A-B68C-7222F071A313} - (no file)

HKLM-Run-Skytel - c:\program files\Realtek\Audio\HDA\Skytel.exe

AddRemove-LiveResponse - c:\program files (x86)\Kayako\Desktop\uninstall.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\CyberLink\Shared Files\RichVideo.exe

c:\program files (x86)\Provide Support\Live Support Chat for Web Site\ProvideSupportConsole.exe

c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe

.

**************************************************************************

.

Completion time: 2012-03-02 17:05:57 - machine was rebooted

ComboFix-quarantined-files.txt 2012-03-02 17:05

.

Pre-Run: 112,795,021,312 bytes free

Post-Run: 115,663,749,120 bytes free

.

- - End Of File - - DCB2AA89BBA9D8B816CB7F377EA8467F

Link to post
Share on other sites

Normally, the Rootkit only implements your OS in a Botnet. I never heard it steals informations but this does not mean it cant do this. Anyway, it has been killed :D

I notice you have Malwarebytes' Anti-Malware installed on your machine. Please launch the program and select the update tab, then click on the check for updates button.

  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Save it to your desktop.

Note: Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply.

Go here to run an online scanner from ESET.

  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
  • Click Start
  • Wait for the scan to finish
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name.
  • Push the Back button.
  • Push Finish

Please post this logfile in your next reply

Please post in your next reply

MBAM Log

Eset Log

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.