Jump to content

Unable to remove Trojan Alureon.A


Recommended Posts

Hy

my name is Daniel and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.exe and save it to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

Please post the contents of that log in your next reply.

Link to post
Share on other sites

Thank you for your prompt reply. Here is the log:

09:13:49.0754 5604 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24

09:13:50.0269 5604 ============================================================

09:13:50.0269 5604 Current date / time: 2012/09/28 09:13:50.0269

09:13:50.0269 5604 SystemInfo:

09:13:50.0269 5604

09:13:50.0269 5604 OS Version: 6.1.7601 ServicePack: 1.0

09:13:50.0269 5604 Product type: Workstation

09:13:50.0269 5604 ComputerName: ASUS-NOTEBOOK

09:13:50.0269 5604 UserName: Murdock

09:13:50.0269 5604 Windows directory: C:\Windows

09:13:50.0269 5604 System windows directory: C:\Windows

09:13:50.0269 5604 Running under WOW64

09:13:50.0269 5604 Processor architecture: Intel x64

09:13:50.0269 5604 Number of processors: 2

09:13:50.0269 5604 Page size: 0x1000

09:13:50.0269 5604 Boot type: Normal boot

09:13:50.0269 5604 ============================================================

09:13:55.0651 5604 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

09:13:55.0666 5604 ============================================================

09:13:55.0666 5604 \Device\Harddisk0\DR0:

09:13:55.0666 5604 MBR partitions:

09:13:55.0666 5604 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3200800, BlocksNum 0xFA0E000

09:13:55.0698 5604 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x12C0F000, BlocksNum 0x1281F000

09:13:55.0698 5604 ============================================================

09:13:55.0744 5604 C: <-> \Device\Harddisk0\DR0\Partition1

09:13:55.0776 5604 D: <-> \Device\Harddisk0\DR0\Partition2

09:13:55.0776 5604 ============================================================

09:13:55.0776 5604 Initialize success

09:13:55.0776 5604 ============================================================

09:13:58.0116 4852 ============================================================

09:13:58.0116 4852 Scan started

09:13:58.0116 4852 Mode: Manual;

09:13:58.0116 4852 ============================================================

09:13:58.0334 4852 ================ Scan system memory ========================

09:13:58.0334 4852 System memory - ok

09:13:58.0334 4852 ================ Scan services =============================

09:13:58.0568 4852 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

09:13:58.0568 4852 1394ohci - ok

09:13:58.0630 4852 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

09:13:58.0646 4852 ACPI - ok

09:13:58.0693 4852 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

09:13:58.0693 4852 AcpiPmi - ok

09:13:58.0802 4852 [ E42F7B36B4D8866184E8DF9776CA4226 ] AdobeActiveFileMonitor C:\Program Files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe

09:13:58.0802 4852 AdobeActiveFileMonitor - ok

09:13:58.0896 4852 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

09:13:58.0896 4852 AdobeARMservice - ok

09:13:59.0052 4852 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

09:13:59.0067 4852 AdobeFlashPlayerUpdateSvc - ok

09:13:59.0130 4852 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

09:13:59.0145 4852 adp94xx - ok

09:13:59.0176 4852 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

09:13:59.0176 4852 adpahci - ok

09:13:59.0208 4852 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

09:13:59.0208 4852 adpu320 - ok

09:13:59.0254 4852 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

09:13:59.0254 4852 AeLookupSvc - ok

09:13:59.0286 4852 [ 6E79A119B0CE418FE44E0C824BF3F039 ] AFBAgent C:\Windows\system32\FBAgent.exe

09:13:59.0301 4852 AFBAgent - ok

09:13:59.0364 4852 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

09:13:59.0364 4852 AFD - ok

09:13:59.0426 4852 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

09:13:59.0426 4852 agp440 - ok

09:13:59.0473 4852 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

09:13:59.0473 4852 ALG - ok

09:13:59.0535 4852 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

09:13:59.0535 4852 aliide - ok

09:13:59.0566 4852 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

09:13:59.0566 4852 amdide - ok

09:13:59.0598 4852 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

09:13:59.0598 4852 AmdK8 - ok

09:13:59.0598 4852 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

09:13:59.0598 4852 AmdPPM - ok

09:13:59.0676 4852 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

09:13:59.0676 4852 amdsata - ok

09:13:59.0707 4852 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

09:13:59.0707 4852 amdsbs - ok

09:13:59.0738 4852 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

09:13:59.0738 4852 amdxata - ok

09:13:59.0800 4852 [ 92A848F962DA91C631147D566414BB7E ] AmUStor C:\Windows\system32\drivers\AmUStor.SYS

09:13:59.0816 4852 AmUStor - ok

09:13:59.0878 4852 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

09:13:59.0878 4852 AppID - ok

09:13:59.0925 4852 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

09:13:59.0925 4852 AppIDSvc - ok

09:13:59.0972 4852 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll

09:13:59.0972 4852 Appinfo - ok

09:14:00.0081 4852 [ D8E18021F91AD79CA8491CB5A5DA22D4 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

09:14:00.0097 4852 Apple Mobile Device - ok

09:14:00.0144 4852 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys

09:14:00.0144 4852 arc - ok

09:14:00.0144 4852 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

09:14:00.0159 4852 arcsas - ok

09:14:00.0206 4852 [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

09:14:00.0206 4852 ASLDRService - ok

09:14:00.0237 4852 [ 4C016FD76ED5C05E84CA8CAB77993961 ] ASMMAP64 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys

09:14:00.0253 4852 ASMMAP64 - ok

09:14:00.0284 4852 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

09:14:00.0300 4852 AsyncMac - ok

09:14:00.0331 4852 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

09:14:00.0331 4852 atapi - ok

09:14:00.0393 4852 [ E857EEE6B92AAA473EBB3465ADD8F7E7 ] athr C:\Windows\system32\DRIVERS\athrx.sys

09:14:00.0424 4852 athr - ok

09:14:00.0456 4852 [ 7910158929571214A959D5A6D16DD9C0 ] ATKGFNEXSrv C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

09:14:00.0456 4852 ATKGFNEXSrv - ok

09:14:00.0502 4852 [ 1F7238A37389ED92E9D8EEE975CABD54 ] ATKWMIACPIIO C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys

09:14:00.0502 4852 ATKWMIACPIIO - ok

09:14:00.0565 4852 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

09:14:00.0580 4852 AudioEndpointBuilder - ok

09:14:00.0612 4852 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

09:14:00.0612 4852 AudioSrv - ok

09:14:00.0674 4852 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

09:14:00.0674 4852 AxInstSV - ok

09:14:00.0736 4852 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys

09:14:00.0736 4852 b06bdrv - ok

09:14:00.0799 4852 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

09:14:00.0799 4852 b57nd60a - ok

09:14:00.0861 4852 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

09:14:00.0877 4852 BDESVC - ok

09:14:00.0924 4852 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

09:14:00.0924 4852 Beep - ok

09:14:01.0002 4852 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

09:14:01.0017 4852 BFE - ok

09:14:01.0048 4852 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll

09:14:01.0064 4852 BITS - ok

09:14:01.0111 4852 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

09:14:01.0111 4852 blbdrive - ok

09:14:01.0220 4852 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

09:14:01.0220 4852 Bonjour Service - ok

09:14:01.0282 4852 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

09:14:01.0282 4852 bowser - ok

09:14:01.0329 4852 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

09:14:01.0329 4852 BrFiltLo - ok

09:14:01.0360 4852 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

09:14:01.0360 4852 BrFiltUp - ok

09:14:01.0407 4852 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll

09:14:01.0423 4852 Browser - ok

09:14:01.0454 4852 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

09:14:01.0454 4852 Brserid - ok

09:14:01.0470 4852 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

09:14:01.0470 4852 BrSerWdm - ok

09:14:01.0470 4852 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

09:14:01.0485 4852 BrUsbMdm - ok

09:14:01.0485 4852 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

09:14:01.0485 4852 BrUsbSer - ok

09:14:01.0548 4852 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys

09:14:01.0548 4852 BthEnum - ok

09:14:01.0579 4852 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

09:14:01.0594 4852 BTHMODEM - ok

09:14:01.0594 4852 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys

09:14:01.0594 4852 BthPan - ok

09:14:01.0641 4852 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys

09:14:01.0657 4852 BTHPORT - ok

09:14:01.0704 4852 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

09:14:01.0704 4852 bthserv - ok

09:14:01.0735 4852 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys

09:14:01.0750 4852 BTHUSB - ok

09:14:01.0782 4852 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

09:14:01.0782 4852 cdfs - ok

09:14:01.0844 4852 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys

09:14:01.0844 4852 cdrom - ok

09:14:01.0891 4852 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

09:14:01.0906 4852 CertPropSvc - ok

09:14:01.0938 4852 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys

09:14:01.0938 4852 circlass - ok

09:14:02.0000 4852 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

09:14:02.0000 4852 CLFS - ok

09:14:02.0062 4852 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

09:14:02.0062 4852 clr_optimization_v2.0.50727_32 - ok

09:14:02.0125 4852 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

09:14:02.0125 4852 clr_optimization_v2.0.50727_64 - ok

09:14:02.0203 4852 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

09:14:02.0203 4852 clr_optimization_v4.0.30319_32 - ok

09:14:02.0265 4852 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

09:14:02.0265 4852 clr_optimization_v4.0.30319_64 - ok

09:14:02.0328 4852 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

09:14:02.0328 4852 CmBatt - ok

09:14:02.0359 4852 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

09:14:02.0359 4852 cmdide - ok

09:14:02.0421 4852 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys

09:14:02.0437 4852 CNG - ok

09:14:02.0499 4852 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

09:14:02.0499 4852 Compbatt - ok

09:14:02.0562 4852 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

09:14:02.0562 4852 CompositeBus - ok

09:14:02.0593 4852 COMSysApp - ok

09:14:02.0608 4852 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

09:14:02.0608 4852 crcdisk - ok

09:14:02.0655 4852 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll

09:14:02.0655 4852 CryptSvc - ok

09:14:02.0718 4852 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

09:14:02.0733 4852 DcomLaunch - ok

09:14:02.0780 4852 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

09:14:02.0780 4852 defragsvc - ok

09:14:02.0827 4852 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

09:14:02.0842 4852 DfsC - ok

09:14:02.0905 4852 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

09:14:02.0905 4852 Dhcp - ok

09:14:02.0936 4852 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

09:14:02.0936 4852 discache - ok

09:14:02.0983 4852 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys

09:14:02.0998 4852 Disk - ok

09:14:03.0030 4852 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

09:14:03.0030 4852 Dnscache - ok

09:14:03.0061 4852 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

09:14:03.0076 4852 dot3svc - ok

09:14:03.0108 4852 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

09:14:03.0139 4852 DPS - ok

09:14:03.0186 4852 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

09:14:03.0186 4852 drmkaud - ok

09:14:03.0248 4852 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

09:14:03.0264 4852 DXGKrnl - ok

09:14:03.0310 4852 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

09:14:03.0310 4852 EapHost - ok

09:14:03.0420 4852 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys

09:14:03.0529 4852 ebdrv - ok

09:14:03.0544 4852 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

09:14:03.0560 4852 EFS - ok

09:14:03.0700 4852 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

09:14:03.0700 4852 ehRecvr - ok

09:14:03.0732 4852 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

09:14:03.0747 4852 ehSched - ok

09:14:03.0825 4852 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

09:14:03.0841 4852 elxstor - ok

09:14:03.0872 4852 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

09:14:03.0872 4852 ErrDev - ok

09:14:03.0934 4852 [ 4C120D2B2EA269EAE7A5744794EB6DB1 ] ETD C:\Windows\system32\DRIVERS\ETD.sys

09:14:03.0934 4852 ETD - ok

09:14:03.0997 4852 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

09:14:04.0012 4852 EventSystem - ok

09:14:04.0075 4852 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

09:14:04.0075 4852 exfat - ok

09:14:04.0106 4852 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

09:14:04.0122 4852 fastfat - ok

09:14:04.0200 4852 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

09:14:04.0215 4852 Fax - ok

09:14:04.0231 4852 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys

09:14:04.0231 4852 fdc - ok

09:14:04.0293 4852 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

09:14:04.0293 4852 fdPHost - ok

09:14:04.0309 4852 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

09:14:04.0309 4852 FDResPub - ok

09:14:04.0371 4852 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

09:14:04.0371 4852 FileInfo - ok

09:14:04.0387 4852 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

09:14:04.0402 4852 Filetrace - ok

09:14:04.0418 4852 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

09:14:04.0418 4852 flpydisk - ok

09:14:04.0465 4852 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

09:14:04.0480 4852 FltMgr - ok

09:14:04.0527 4852 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll

09:14:04.0558 4852 FontCache - ok

09:14:04.0605 4852 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

09:14:04.0605 4852 FontCache3.0.0.0 - ok

09:14:04.0652 4852 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

09:14:04.0652 4852 FsDepends - ok

09:14:04.0699 4852 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys

09:14:04.0699 4852 fssfltr - ok

09:14:04.0808 4852 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

09:14:04.0839 4852 fsssvc - ok

09:14:04.0870 4852 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

09:14:04.0870 4852 Fs_Rec - ok

09:14:04.0902 4852 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

09:14:04.0917 4852 fvevol - ok

09:14:04.0964 4852 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

09:14:04.0964 4852 gagp30kx - ok

09:14:05.0011 4852 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

09:14:05.0011 4852 GEARAspiWDM - ok

09:14:05.0058 4852 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

09:14:05.0073 4852 gpsvc - ok

09:14:05.0104 4852 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

09:14:05.0104 4852 hcw85cir - ok

09:14:05.0151 4852 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

09:14:05.0167 4852 HdAudAddService - ok

09:14:05.0214 4852 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys

09:14:05.0214 4852 HDAudBus - ok

09:14:05.0245 4852 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

09:14:05.0245 4852 HidBatt - ok

09:14:05.0260 4852 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

09:14:05.0260 4852 HidBth - ok

09:14:05.0307 4852 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

09:14:05.0307 4852 HidIr - ok

09:14:05.0338 4852 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll

09:14:05.0338 4852 hidserv - ok

09:14:05.0401 4852 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

09:14:05.0401 4852 HidUsb - ok

09:14:05.0432 4852 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

09:14:05.0432 4852 hkmsvc - ok

09:14:05.0479 4852 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

09:14:05.0479 4852 HomeGroupListener - ok

09:14:05.0526 4852 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

09:14:05.0526 4852 HomeGroupProvider - ok

09:14:05.0557 4852 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

09:14:05.0557 4852 HpSAMD - ok

09:14:05.0635 4852 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

09:14:05.0650 4852 HTTP - ok

09:14:05.0682 4852 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

09:14:05.0682 4852 hwpolicy - ok

09:14:05.0760 4852 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

09:14:05.0760 4852 i8042prt - ok

09:14:05.0838 4852 [ D7921D5A870B11CC1ADAB198A519D50A ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys

09:14:05.0853 4852 iaStor - ok

09:14:05.0916 4852 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

09:14:05.0916 4852 iaStorV - ok

09:14:05.0994 4852 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

09:14:06.0009 4852 idsvc - ok

09:14:06.0430 4852 [ 10BB0DC3361C9420CC1B0B2128BB89DB ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys

09:14:06.0820 4852 igfx - ok

09:14:06.0945 4852 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

09:14:06.0945 4852 iirsp - ok

09:14:07.0008 4852 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

09:14:07.0023 4852 IKEEXT - ok

09:14:07.0148 4852 [ 02C93EBAA4421418411448FE7FDFD815 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys

09:14:07.0195 4852 IntcAzAudAddService - ok

09:14:07.0257 4852 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys

09:14:07.0273 4852 IntcDAud - ok

09:14:07.0304 4852 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

09:14:07.0304 4852 intelide - ok

09:14:07.0351 4852 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

09:14:07.0351 4852 intelppm - ok

09:14:07.0398 4852 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

09:14:07.0398 4852 IPBusEnum - ok

09:14:07.0444 4852 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

09:14:07.0444 4852 IpFilterDriver - ok

09:14:07.0522 4852 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

09:14:07.0522 4852 iphlpsvc - ok

09:14:07.0569 4852 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

09:14:07.0569 4852 IPMIDRV - ok

09:14:07.0600 4852 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

09:14:07.0616 4852 IPNAT - ok

09:14:07.0694 4852 [ 3C0D4B3E80FC4854CA325DD123CC4DED ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

09:14:07.0710 4852 iPod Service - ok

09:14:07.0772 4852 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

09:14:07.0772 4852 IRENUM - ok

09:14:07.0803 4852 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

09:14:07.0803 4852 isapnp - ok

09:14:07.0866 4852 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

09:14:07.0866 4852 iScsiPrt - ok

09:14:07.0897 4852 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys

09:14:07.0897 4852 kbdclass - ok

09:14:07.0944 4852 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys

09:14:07.0944 4852 kbdhid - ok

09:14:07.0990 4852 [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys

09:14:07.0990 4852 kbfiltr - ok

09:14:08.0037 4852 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

09:14:08.0037 4852 KeyIso - ok

09:14:08.0068 4852 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

09:14:08.0068 4852 KSecDD - ok

09:14:08.0115 4852 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

09:14:08.0115 4852 KSecPkg - ok

09:14:08.0146 4852 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

09:14:08.0146 4852 ksthunk - ok

09:14:08.0193 4852 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

09:14:08.0193 4852 KtmRm - ok

09:14:08.0240 4852 [ A4A9CA24E54E81C6C3E469EAEB4B3F42 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys

09:14:08.0240 4852 L1C - ok

09:14:08.0318 4852 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll

09:14:08.0334 4852 LanmanServer - ok

09:14:08.0365 4852 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

09:14:08.0380 4852 LanmanWorkstation - ok

09:14:08.0427 4852 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

09:14:08.0427 4852 lltdio - ok

09:14:08.0474 4852 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

09:14:08.0474 4852 lltdsvc - ok

09:14:08.0521 4852 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

09:14:08.0521 4852 lmhosts - ok

09:14:08.0599 4852 [ 0803906D607A9B83184447B75B60ECC2 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

09:14:08.0599 4852 LMS - ok

09:14:08.0661 4852 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

09:14:08.0661 4852 LSI_FC - ok

09:14:08.0677 4852 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

09:14:08.0677 4852 LSI_SAS - ok

09:14:08.0692 4852 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

09:14:08.0692 4852 LSI_SAS2 - ok

09:14:08.0708 4852 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

09:14:08.0708 4852 LSI_SCSI - ok

09:14:08.0724 4852 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

09:14:08.0724 4852 luafv - ok

09:14:08.0802 4852 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys

09:14:08.0802 4852 MBAMProtector - ok

09:14:08.0926 4852 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

09:14:08.0926 4852 MBAMScheduler - ok

09:14:08.0973 4852 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

09:14:08.0973 4852 MBAMService - ok

09:14:09.0004 4852 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

09:14:09.0020 4852 Mcx2Svc - ok

09:14:09.0036 4852 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

09:14:09.0036 4852 megasas - ok

09:14:09.0082 4852 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

09:14:09.0082 4852 MegaSR - ok

09:14:09.0129 4852 [ 1C6E73FC46B509EFF9D0086AA37132DF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys

09:14:09.0129 4852 MEIx64 - ok

09:14:09.0223 4852 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe

09:14:09.0223 4852 Microsoft Office Groove Audit Service - ok

09:14:09.0254 4852 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

09:14:09.0254 4852 MMCSS - ok

09:14:09.0270 4852 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

09:14:09.0270 4852 Modem - ok

09:14:09.0332 4852 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

09:14:09.0332 4852 monitor - ok

09:14:09.0363 4852 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

09:14:09.0379 4852 mouclass - ok

09:14:09.0410 4852 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

09:14:09.0410 4852 mouhid - ok

09:14:09.0472 4852 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

09:14:09.0472 4852 mountmgr - ok

09:14:09.0535 4852 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

09:14:09.0535 4852 MozillaMaintenance - ok

09:14:09.0597 4852 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys

09:14:09.0597 4852 MpFilter - ok

09:14:09.0628 4852 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

09:14:09.0628 4852 mpio - ok

09:14:09.0800 4852 [ 0EBB390B7AEEC45EC061D9870A34FD42 ] MpKsl475aa156 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C0622623-079C-405F-957F-6D7D77BDD764}\MpKsl475aa156.sys

09:14:09.0800 4852 MpKsl475aa156 - ok

09:14:09.0831 4852 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

09:14:09.0847 4852 mpsdrv - ok

09:14:09.0894 4852 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

09:14:09.0909 4852 MpsSvc - ok

09:14:09.0956 4852 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

09:14:09.0956 4852 MRxDAV - ok

09:14:10.0003 4852 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

09:14:10.0003 4852 mrxsmb - ok

09:14:10.0034 4852 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

09:14:10.0034 4852 mrxsmb10 - ok

09:14:10.0081 4852 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

09:14:10.0081 4852 mrxsmb20 - ok

09:14:10.0112 4852 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

09:14:10.0112 4852 msahci - ok

09:14:10.0143 4852 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

09:14:10.0143 4852 msdsm - ok

09:14:10.0174 4852 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

09:14:10.0174 4852 MSDTC - ok

09:14:10.0237 4852 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

09:14:10.0237 4852 Msfs - ok

09:14:10.0284 4852 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

09:14:10.0284 4852 mshidkmdf - ok

09:14:10.0315 4852 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

09:14:10.0315 4852 msisadrv - ok

09:14:10.0362 4852 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

09:14:10.0377 4852 MSiSCSI - ok

09:14:10.0377 4852 msiserver - ok

09:14:10.0440 4852 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

09:14:10.0440 4852 MSKSSRV - ok

09:14:10.0533 4852 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe

09:14:10.0533 4852 MsMpSvc - ok

09:14:10.0580 4852 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

09:14:10.0580 4852 MSPCLOCK - ok

09:14:10.0596 4852 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

09:14:10.0596 4852 MSPQM - ok

09:14:10.0627 4852 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

09:14:10.0642 4852 MsRPC - ok

09:14:10.0674 4852 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys

09:14:10.0674 4852 mssmbios - ok

09:14:10.0705 4852 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

09:14:10.0705 4852 MSTEE - ok

09:14:10.0705 4852 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

09:14:10.0705 4852 MTConfig - ok

09:14:10.0736 4852 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

09:14:10.0736 4852 Mup - ok

09:14:10.0783 4852 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

09:14:10.0798 4852 napagent - ok

09:14:10.0876 4852 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

09:14:10.0876 4852 NativeWifiP - ok

09:14:10.0939 4852 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys

09:14:10.0954 4852 NDIS - ok

09:14:10.0986 4852 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

09:14:11.0001 4852 NdisCap - ok

09:14:11.0048 4852 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

09:14:11.0048 4852 NdisTapi - ok

09:14:11.0095 4852 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

09:14:11.0095 4852 Ndisuio - ok

09:14:11.0142 4852 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

09:14:11.0157 4852 NdisWan - ok

09:14:11.0188 4852 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

09:14:11.0188 4852 NDProxy - ok

09:14:11.0235 4852 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

09:14:11.0235 4852 NetBIOS - ok

09:14:11.0266 4852 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

09:14:11.0282 4852 NetBT - ok

09:14:11.0313 4852 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

09:14:11.0313 4852 Netlogon - ok

09:14:11.0391 4852 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

09:14:11.0391 4852 Netman - ok

09:14:11.0469 4852 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

09:14:11.0469 4852 netprofm - ok

09:14:11.0500 4852 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

09:14:11.0500 4852 NetTcpPortSharing - ok

09:14:11.0563 4852 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

09:14:11.0563 4852 nfrd960 - ok

09:14:11.0625 4852 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys

09:14:11.0641 4852 NisDrv - ok

09:14:11.0734 4852 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe

09:14:11.0734 4852 NisSrv - ok

09:14:11.0797 4852 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll

09:14:11.0812 4852 NlaSvc - ok

09:14:11.0844 4852 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

09:14:11.0859 4852 Npfs - ok

09:14:11.0875 4852 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

09:14:11.0890 4852 nsi - ok

09:14:11.0906 4852 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

09:14:11.0906 4852 nsiproxy - ok

09:14:11.0984 4852 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

09:14:12.0015 4852 Ntfs - ok

09:14:12.0031 4852 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

09:14:12.0046 4852 Null - ok

09:14:12.0109 4852 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

09:14:12.0109 4852 nvraid - ok

09:14:12.0140 4852 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

09:14:12.0156 4852 nvstor - ok

09:14:12.0187 4852 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

09:14:12.0202 4852 nv_agp - ok

09:14:12.0280 4852 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

09:14:12.0296 4852 odserv - ok

09:14:12.0327 4852 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

09:14:12.0327 4852 ohci1394 - ok

09:14:12.0405 4852 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

09:14:12.0405 4852 ose - ok

09:14:12.0452 4852 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

09:14:12.0468 4852 p2pimsvc - ok

09:14:12.0514 4852 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

09:14:12.0514 4852 p2psvc - ok

09:14:12.0546 4852 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys

09:14:12.0546 4852 Parport - ok

09:14:12.0577 4852 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys

09:14:12.0577 4852 partmgr - ok

09:14:12.0608 4852 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

09:14:12.0624 4852 PcaSvc - ok

09:14:12.0639 4852 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

09:14:12.0639 4852 pci - ok

09:14:12.0686 4852 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

09:14:12.0686 4852 pciide - ok

09:14:12.0717 4852 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

09:14:12.0717 4852 pcmcia - ok

09:14:12.0733 4852 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

09:14:12.0748 4852 pcw - ok

09:14:12.0780 4852 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

09:14:12.0780 4852 PEAUTH - ok

09:14:12.0842 4852 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

09:14:12.0858 4852 PerfHost - ok

09:14:12.0951 4852 [ D0F9F362023BF94CF58A1C3CDBBEBE06 ] PhotoshopElementsDeviceConnect C:\Program Files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe

09:14:12.0951 4852 PhotoshopElementsDeviceConnect - ok

09:14:13.0123 4852 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

09:14:13.0154 4852 pla - ok

09:14:13.0201 4852 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

09:14:13.0216 4852 PlugPlay - ok

09:14:13.0232 4852 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

09:14:13.0248 4852 PNRPAutoReg - ok

09:14:13.0263 4852 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

09:14:13.0279 4852 PNRPsvc - ok

09:14:13.0326 4852 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

09:14:13.0341 4852 PolicyAgent - ok

09:14:13.0372 4852 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

09:14:13.0372 4852 Power - ok

09:14:13.0466 4852 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

09:14:13.0466 4852 PptpMiniport - ok

09:14:13.0497 4852 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys

09:14:13.0497 4852 Processor - ok

09:14:13.0528 4852 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll

09:14:13.0544 4852 ProfSvc - ok

09:14:13.0544 4852 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

09:14:13.0560 4852 ProtectedStorage - ok

09:14:13.0606 4852 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

09:14:13.0606 4852 Psched - ok

09:14:13.0684 4852 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

09:14:13.0716 4852 ql2300 - ok

09:14:13.0731 4852 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

09:14:13.0731 4852 ql40xx - ok

09:14:13.0778 4852 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

09:14:13.0778 4852 QWAVE - ok

09:14:13.0794 4852 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

09:14:13.0794 4852 QWAVEdrv - ok

09:14:13.0794 4852 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

09:14:13.0809 4852 RasAcd - ok

09:14:13.0872 4852 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

09:14:13.0887 4852 RasAgileVpn - ok

09:14:13.0918 4852 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

09:14:13.0918 4852 RasAuto - ok

09:14:13.0965 4852 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

09:14:13.0965 4852 Rasl2tp - ok

09:14:14.0028 4852 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

09:14:14.0043 4852 RasMan - ok

09:14:14.0074 4852 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

09:14:14.0074 4852 RasPppoe - ok

09:14:14.0121 4852 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

09:14:14.0121 4852 RasSstp - ok

09:14:14.0168 4852 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

09:14:14.0184 4852 rdbss - ok

09:14:14.0199 4852 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

09:14:14.0199 4852 rdpbus - ok

09:14:14.0230 4852 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

09:14:14.0230 4852 RDPCDD - ok

09:14:14.0262 4852 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

09:14:14.0262 4852 RDPENCDD - ok

09:14:14.0277 4852 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

09:14:14.0277 4852 RDPREFMP - ok

09:14:14.0324 4852 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

09:14:14.0340 4852 RDPWD - ok

09:14:14.0386 4852 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

09:14:14.0402 4852 rdyboost - ok

09:14:14.0433 4852 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

09:14:14.0449 4852 RemoteAccess - ok

09:14:14.0480 4852 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

09:14:14.0496 4852 RemoteRegistry - ok

09:14:14.0542 4852 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys

09:14:14.0542 4852 RFCOMM - ok

09:14:14.0574 4852 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

09:14:14.0574 4852 RpcEptMapper - ok

09:14:14.0589 4852 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

09:14:14.0589 4852 RpcLocator - ok

09:14:14.0652 4852 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

09:14:14.0667 4852 RpcSs - ok

09:14:14.0714 4852 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

09:14:14.0714 4852 rspndr - ok

09:14:14.0808 4852 [ 25AABB94BB2D59F1CA6101290255D2E8 ] RTL8192Ce C:\Windows\system32\DRIVERS\rtl8192Ce.sys

09:14:14.0823 4852 RTL8192Ce - ok

09:14:14.0839 4852 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

09:14:14.0839 4852 SamSs - ok

09:14:14.0870 4852 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

09:14:14.0870 4852 sbp2port - ok

09:14:14.0932 4852 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

09:14:14.0948 4852 SCardSvr - ok

09:14:14.0979 4852 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

09:14:14.0979 4852 scfilter - ok

09:14:15.0057 4852 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

09:14:15.0073 4852 Schedule - ok

09:14:15.0120 4852 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

09:14:15.0120 4852 SCPolicySvc - ok

09:14:15.0166 4852 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

09:14:15.0166 4852 SDRSVC - ok

09:14:15.0229 4852 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

09:14:15.0229 4852 secdrv - ok

09:14:15.0260 4852 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

09:14:15.0260 4852 seclogon - ok

09:14:15.0291 4852 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll

09:14:15.0291 4852 SENS - ok

09:14:15.0307 4852 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

09:14:15.0307 4852 SensrSvc - ok

09:14:15.0322 4852 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

09:14:15.0338 4852 Serenum - ok

09:14:15.0369 4852 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys

09:14:15.0369 4852 Serial - ok

09:14:15.0416 4852 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

09:14:15.0416 4852 sermouse - ok

09:14:15.0463 4852 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

09:14:15.0478 4852 SessionEnv - ok

09:14:15.0510 4852 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

09:14:15.0510 4852 sffdisk - ok

09:14:15.0541 4852 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

09:14:15.0541 4852 sffp_mmc - ok

09:14:15.0556 4852 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

09:14:15.0556 4852 sffp_sd - ok

09:14:15.0603 4852 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

09:14:15.0603 4852 sfloppy - ok

09:14:15.0650 4852 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

09:14:15.0666 4852 SharedAccess - ok

09:14:15.0712 4852 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

09:14:15.0712 4852 ShellHWDetection - ok

09:14:15.0744 4852 [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH C:\Windows\system32\DRIVERS\SiSG664.sys

09:14:15.0744 4852 SiSGbeLH - ok

09:14:15.0759 4852 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

09:14:15.0759 4852 SiSRaid2 - ok

09:14:15.0775 4852 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

09:14:15.0775 4852 SiSRaid4 - ok

09:14:15.0837 4852 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe

09:14:15.0837 4852 SkypeUpdate - ok

09:14:15.0868 4852 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

09:14:15.0868 4852 Smb - ok

09:14:15.0946 4852 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

09:14:15.0946 4852 SNMPTRAP - ok

09:14:16.0040 4852 [ C98375D19F9E9966F6201BAE65FB3728 ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys

09:14:16.0071 4852 SNP2UVC - ok

09:14:16.0118 4852 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

09:14:16.0118 4852 spldr - ok

09:14:16.0165 4852 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe

09:14:16.0180 4852 Spooler - ok

09:14:16.0321 4852 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

09:14:16.0430 4852 sppsvc - ok

09:14:16.0477 4852 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

09:14:16.0477 4852 sppuinotify - ok

09:14:16.0539 4852 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

09:14:16.0539 4852 srv - ok

09:14:16.0570 4852 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

09:14:16.0570 4852 srv2 - ok

09:14:16.0602 4852 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

09:14:16.0602 4852 srvnet - ok

09:14:16.0648 4852 [ 1612881760C9DF7FBB09B6CF1D3BA0DF ] sscdbus C:\Windows\system32\DRIVERS\sscdbus.sys

09:14:16.0664 4852 sscdbus - ok

09:14:16.0680 4852 [ D7803A687E85189EA2B525CC22093521 ] sscdmdfl C:\Windows\system32\DRIVERS\sscdmdfl.sys

09:14:16.0680 4852 sscdmdfl - ok

09:14:16.0726 4852 [ 06DB3D5EB2444083C7F5AF7874765505 ] sscdmdm C:\Windows\system32\DRIVERS\sscdmdm.sys

09:14:16.0726 4852 sscdmdm - ok

09:14:16.0758 4852 [ 23EBB395609D9CDB8B1074A12254119B ] sscdserd C:\Windows\system32\DRIVERS\sscdserd.sys

09:14:16.0758 4852 sscdserd - ok

09:14:16.0820 4852 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

09:14:16.0820 4852 SSDPSRV - ok

09:14:16.0836 4852 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

09:14:16.0851 4852 SstpSvc - ok

09:14:16.0867 4852 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

09:14:16.0882 4852 stexstor - ok

09:14:16.0929 4852 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

09:14:16.0945 4852 stisvc - ok

09:14:16.0976 4852 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys

09:14:16.0976 4852 swenum - ok

09:14:17.0023 4852 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

09:14:17.0038 4852 swprv - ok

09:14:17.0116 4852 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

09:14:17.0163 4852 SysMain - ok

09:14:17.0194 4852 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

09:14:17.0194 4852 TabletInputService - ok

09:14:17.0226 4852 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

09:14:17.0241 4852 TapiSrv - ok

09:14:17.0272 4852 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

09:14:17.0272 4852 TBS - ok

09:14:17.0382 4852 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys

09:14:17.0413 4852 Tcpip - ok

09:14:17.0460 4852 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

09:14:17.0491 4852 TCPIP6 - ok

09:14:17.0538 4852 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

09:14:17.0553 4852 tcpipreg - ok

09:14:17.0600 4852 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

09:14:17.0600 4852 TDPIPE - ok

09:14:17.0631 4852 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

09:14:17.0631 4852 TDTCP - ok

09:14:17.0678 4852 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

09:14:17.0678 4852 tdx - ok

09:14:17.0709 4852 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys

09:14:17.0709 4852 TermDD - ok

09:14:17.0740 4852 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

09:14:17.0756 4852 TermService - ok

09:14:17.0803 4852 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

09:14:17.0803 4852 Themes - ok

09:14:17.0834 4852 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

09:14:17.0834 4852 THREADORDER - ok

09:14:17.0865 4852 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

09:14:17.0881 4852 TrkWks - ok

09:14:17.0943 4852 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

09:14:17.0959 4852 TrustedInstaller - ok

09:14:18.0006 4852 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

09:14:18.0006 4852 tssecsrv - ok

09:14:18.0068 4852 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

09:14:18.0068 4852 TsUsbFlt - ok

09:14:18.0146 4852 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

09:14:18.0162 4852 tunnel - ok

09:14:18.0193 4852 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

09:14:18.0193 4852 uagp35 - ok

09:14:18.0240 4852 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

09:14:18.0240 4852 udfs - ok

09:14:18.0286 4852 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

09:14:18.0286 4852 UI0Detect - ok

09:14:18.0333 4852 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

09:14:18.0349 4852 uliagpkx - ok

09:14:18.0396 4852 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys

09:14:18.0396 4852 umbus - ok

09:14:18.0427 4852 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

09:14:18.0427 4852 UmPass - ok

09:14:18.0583 4852 [ EB79C6C91A99930015EF29AE7FA802D1 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

09:14:18.0614 4852 UNS - ok

09:14:18.0661 4852 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

09:14:18.0661 4852 upnphost - ok

09:14:18.0723 4852 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys

09:14:18.0723 4852 USBAAPL64 - ok

09:14:18.0770 4852 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys

09:14:18.0770 4852 usbaudio - ok

09:14:18.0801 4852 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

09:14:18.0817 4852 usbccgp - ok

09:14:18.0864 4852 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

09:14:18.0864 4852 usbcir - ok

09:14:18.0879 4852 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys

09:14:18.0879 4852 usbehci - ok

09:14:18.0926 4852 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

09:14:18.0942 4852 usbhub - ok

09:14:18.0957 4852 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys

09:14:18.0957 4852 usbohci - ok

09:14:19.0020 4852 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

09:14:19.0020 4852 usbprint - ok

09:14:19.0035 4852 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

09:14:19.0051 4852 usbscan - ok

09:14:19.0066 4852 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

09:14:19.0066 4852 USBSTOR - ok

09:14:19.0098 4852 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

09:14:19.0098 4852 usbuhci - ok

09:14:19.0144 4852 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys

09:14:19.0160 4852 usbvideo - ok

09:14:19.0191 4852 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

09:14:19.0191 4852 UxSms - ok

09:14:19.0207 4852 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

09:14:19.0207 4852 VaultSvc - ok

09:14:19.0269 4852 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

09:14:19.0269 4852 vdrvroot - ok

09:14:19.0316 4852 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

09:14:19.0332 4852 vds - ok

09:14:19.0394 4852 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

09:14:19.0394 4852 vga - ok

09:14:19.0410 4852 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

09:14:19.0410 4852 VgaSave - ok

09:14:19.0456 4852 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

09:14:19.0456 4852 vhdmp - ok

09:14:19.0488 4852 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

09:14:19.0488 4852 viaide - ok

09:14:19.0519 4852 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

09:14:19.0519 4852 volmgr - ok

09:14:19.0581 4852 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

09:14:19.0597 4852 volmgrx - ok

09:14:19.0628 4852 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

09:14:19.0628 4852 volsnap - ok

09:14:19.0675 4852 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

09:14:19.0675 4852 vsmraid - ok

09:14:19.0862 4852 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

09:14:19.0893 4852 VSS - ok

09:14:19.0909 4852 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

09:14:19.0924 4852 vwifibus - ok

09:14:19.0956 4852 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

09:14:19.0956 4852 vwififlt - ok

09:14:19.0987 4852 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

09:14:20.0002 4852 W32Time - ok

09:14:20.0034 4852 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

09:14:20.0034 4852 WacomPen - ok

09:14:20.0096 4852 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

09:14:20.0096 4852 WANARP - ok

09:14:20.0096 4852 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

09:14:20.0112 4852 Wanarpv6 - ok

09:14:20.0236 4852 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

09:14:20.0252 4852 WatAdminSvc - ok

09:14:20.0330 4852 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

09:14:20.0361 4852 wbengine - ok

09:14:20.0392 4852 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

09:14:20.0408 4852 WbioSrvc - ok

09:14:20.0455 4852 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

09:14:20.0470 4852 wcncsvc - ok

09:14:20.0486 4852 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

09:14:20.0486 4852 WcsPlugInService - ok

09:14:20.0517 4852 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys

09:14:20.0517 4852 Wd - ok

09:14:20.0548 4852 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

09:14:20.0564 4852 Wdf01000 - ok

09:14:20.0580 4852 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

09:14:20.0595 4852 WdiServiceHost - ok

09:14:20.0595 4852 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

09:14:20.0595 4852 WdiSystemHost - ok

09:14:20.0658 4852 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

09:14:20.0673 4852 WebClient - ok

09:14:20.0704 4852 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

09:14:20.0720 4852 Wecsvc - ok

09:14:20.0736 4852 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

09:14:20.0736 4852 wercplsupport - ok

09:14:20.0782 4852 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

09:14:20.0782 4852 WerSvc - ok

09:14:20.0814 4852 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

09:14:20.0814 4852 WfpLwf - ok

09:14:20.0876 4852 [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys

09:14:20.0876 4852 WimFltr - ok

09:14:20.0892 4852 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

09:14:20.0892 4852 WIMMount - ok

09:14:20.0923 4852 WinDefend - ok

09:14:20.0938 4852 WinHttpAutoProxySvc - ok

09:14:20.0985 4852 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

09:14:21.0001 4852 Winmgmt - ok

09:14:21.0079 4852 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

09:14:21.0126 4852 WinRM - ok

09:14:21.0204 4852 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

09:14:21.0204 4852 WinUsb - ok

09:14:21.0266 4852 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

09:14:21.0282 4852 Wlansvc - ok

09:14:21.0375 4852 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

09:14:21.0375 4852 wlcrasvc - ok

09:14:21.0484 4852 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

09:14:21.0516 4852 wlidsvc - ok

09:14:21.0562 4852 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

09:14:21.0562 4852 WmiAcpi - ok

09:14:21.0594 4852 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

09:14:21.0609 4852 wmiApSrv - ok

09:14:21.0640 4852 WMPNetworkSvc - ok

09:14:21.0672 4852 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

09:14:21.0672 4852 WPCSvc - ok

09:14:21.0718 4852 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

09:14:21.0734 4852 WPDBusEnum - ok

09:14:21.0750 4852 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

09:14:21.0750 4852 ws2ifsl - ok

09:14:21.0781 4852 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll

09:14:21.0781 4852 wscsvc - ok

09:14:21.0796 4852 WSearch - ok

09:14:21.0890 4852 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

09:14:21.0952 4852 wuauserv - ok

09:14:21.0968 4852 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

09:14:21.0968 4852 WudfPf - ok

09:14:22.0030 4852 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

09:14:22.0046 4852 WUDFRd - ok

09:14:22.0077 4852 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

09:14:22.0093 4852 wudfsvc - ok

09:14:22.0124 4852 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

09:14:22.0124 4852 WwanSvc - ok

09:14:22.0171 4852 ================ Scan global ===============================

09:14:22.0202 4852 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

09:14:22.0233 4852 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll

09:14:22.0249 4852 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll

09:14:22.0280 4852 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

09:14:22.0327 4852 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

09:14:22.0327 4852 [Global] - ok

09:14:22.0342 4852 ================ Scan MBR ==================================

09:14:22.0358 4852 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

09:14:22.0358 4852 Suspicious mbr (Forged): \Device\Harddisk0\DR0

09:14:22.0420 4852 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected

09:14:22.0420 4852 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)

09:14:22.0420 4852 ================ Scan VBR ==================================

09:14:22.0420 4852 [ 2A57E7637956AB4F66B50A01D8C310E0 ] \Device\Harddisk0\DR0\Partition1

09:14:22.0420 4852 \Device\Harddisk0\DR0\Partition1 - ok

09:14:22.0452 4852 [ A9DC61F490CCF928793631B231721B7D ] \Device\Harddisk0\DR0\Partition2

09:14:22.0452 4852 \Device\Harddisk0\DR0\Partition2 - ok

09:14:22.0467 4852 ============================================================

09:14:22.0467 4852 Scan finished

09:14:22.0467 4852 ============================================================

09:14:22.0483 5108 Detected object count: 1

09:14:22.0483 5108 Actual detected object count: 1

09:15:04.0946 5108 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - skipped by user

09:15:04.0946 5108 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Skip

Link to post
Share on other sites

You are welcome.

Execute TDSSKiller.exe and press Start Scan.

  • Ensure Cure is selected ( it should be by default )
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed
  • Click Continue then click Reboot now.

Once complete, a log will be produced at the root drive which is typically C:\

For example, C:\TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txt.

Please post the contents of that log in your next reply.

Download ComboFix from this location:

Link 1

* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================

Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to this topic How to disable your security applications

====================================================

Double click on combofix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

*Note - if after running ComboFix you see a message similar to 'registry key marked for deletion..' rebooting the machine will resolve that.

Link to post
Share on other sites

Here is the TDSSKiller log after marking "cure":

10:36:26.0137 1076 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24

10:36:27.0260 1076 ============================================================

10:36:27.0260 1076 Current date / time: 2012/09/28 10:36:27.0260

10:36:27.0260 1076 SystemInfo:

10:36:27.0260 1076

10:36:27.0260 1076 OS Version: 6.1.7601 ServicePack: 1.0

10:36:27.0260 1076 Product type: Workstation

10:36:27.0260 1076 ComputerName: ASUS-NOTEBOOK

10:36:27.0276 1076 UserName: Murdock

10:36:27.0276 1076 Windows directory: C:\Windows

10:36:27.0276 1076 System windows directory: C:\Windows

10:36:27.0276 1076 Running under WOW64

10:36:27.0276 1076 Processor architecture: Intel x64

10:36:27.0276 1076 Number of processors: 2

10:36:27.0276 1076 Page size: 0x1000

10:36:27.0276 1076 Boot type: Normal boot

10:36:27.0276 1076 ============================================================

10:36:35.0170 1076 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

10:36:35.0170 1076 ============================================================

10:36:35.0170 1076 \Device\Harddisk0\DR0:

10:36:35.0170 1076 MBR partitions:

10:36:35.0170 1076 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3200800, BlocksNum 0xFA0E000

10:36:35.0217 1076 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x12C0F000, BlocksNum 0x1281F000

10:36:35.0217 1076 ============================================================

10:36:35.0326 1076 C: <-> \Device\Harddisk0\DR0\Partition1

10:36:35.0420 1076 D: <-> \Device\Harddisk0\DR0\Partition2

10:36:35.0420 1076 ============================================================

10:36:35.0420 1076 Initialize success

10:36:35.0420 1076 ============================================================

10:36:51.0862 2696 ============================================================

10:36:51.0862 2696 Scan started

10:36:51.0862 2696 Mode: Manual;

10:36:51.0862 2696 ============================================================

10:36:52.0627 2696 ================ Scan system memory ========================

10:36:52.0627 2696 System memory - ok

10:36:52.0627 2696 ================ Scan services =============================

10:36:53.0063 2696 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

10:36:53.0079 2696 1394ohci - ok

10:36:53.0141 2696 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

10:36:53.0157 2696 ACPI - ok

10:36:53.0188 2696 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

10:36:53.0188 2696 AcpiPmi - ok

10:36:53.0313 2696 [ E42F7B36B4D8866184E8DF9776CA4226 ] AdobeActiveFileMonitor C:\Program Files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe

10:36:53.0313 2696 AdobeActiveFileMonitor - ok

10:36:53.0407 2696 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

10:36:53.0407 2696 AdobeARMservice - ok

10:36:53.0578 2696 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

10:36:53.0578 2696 AdobeFlashPlayerUpdateSvc - ok

10:36:53.0703 2696 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

10:36:53.0703 2696 adp94xx - ok

10:36:53.0734 2696 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

10:36:53.0750 2696 adpahci - ok

10:36:53.0797 2696 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

10:36:53.0797 2696 adpu320 - ok

10:36:53.0843 2696 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

10:36:53.0859 2696 AeLookupSvc - ok

10:36:53.0921 2696 [ 6E79A119B0CE418FE44E0C824BF3F039 ] AFBAgent C:\Windows\system32\FBAgent.exe

10:36:53.0921 2696 AFBAgent - ok

10:36:53.0999 2696 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

10:36:54.0015 2696 AFD - ok

10:36:54.0077 2696 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

10:36:54.0077 2696 agp440 - ok

10:36:54.0124 2696 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

10:36:54.0124 2696 ALG - ok

10:36:54.0171 2696 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

10:36:54.0171 2696 aliide - ok

10:36:54.0202 2696 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

10:36:54.0202 2696 amdide - ok

10:36:54.0249 2696 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

10:36:54.0265 2696 AmdK8 - ok

10:36:54.0265 2696 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

10:36:54.0265 2696 AmdPPM - ok

10:36:54.0358 2696 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

10:36:54.0358 2696 amdsata - ok

10:36:54.0405 2696 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

10:36:54.0405 2696 amdsbs - ok

10:36:54.0436 2696 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

10:36:54.0436 2696 amdxata - ok

10:36:54.0499 2696 [ 92A848F962DA91C631147D566414BB7E ] AmUStor C:\Windows\system32\drivers\AmUStor.SYS

10:36:54.0499 2696 AmUStor - ok

10:36:54.0545 2696 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

10:36:54.0545 2696 AppID - ok

10:36:54.0592 2696 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

10:36:54.0592 2696 AppIDSvc - ok

10:36:54.0623 2696 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll

10:36:54.0623 2696 Appinfo - ok

10:36:54.0701 2696 [ D8E18021F91AD79CA8491CB5A5DA22D4 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

10:36:54.0701 2696 Apple Mobile Device - ok

10:36:54.0748 2696 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys

10:36:54.0764 2696 arc - ok

10:36:54.0764 2696 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

10:36:54.0779 2696 arcsas - ok

10:36:54.0842 2696 [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

10:36:54.0857 2696 ASLDRService - ok

10:36:54.0889 2696 [ 4C016FD76ED5C05E84CA8CAB77993961 ] ASMMAP64 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys

10:36:54.0889 2696 ASMMAP64 - ok

10:36:54.0935 2696 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

10:36:54.0951 2696 AsyncMac - ok

10:36:54.0998 2696 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

10:36:54.0998 2696 atapi - ok

10:36:55.0076 2696 [ E857EEE6B92AAA473EBB3465ADD8F7E7 ] athr C:\Windows\system32\DRIVERS\athrx.sys

10:36:55.0091 2696 athr - ok

10:36:55.0138 2696 [ 7910158929571214A959D5A6D16DD9C0 ] ATKGFNEXSrv C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

10:36:55.0138 2696 ATKGFNEXSrv - ok

10:36:55.0169 2696 [ 1F7238A37389ED92E9D8EEE975CABD54 ] ATKWMIACPIIO C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys

10:36:55.0169 2696 ATKWMIACPIIO - ok

10:36:55.0247 2696 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

10:36:55.0263 2696 AudioEndpointBuilder - ok

10:36:55.0294 2696 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

10:36:55.0294 2696 AudioSrv - ok

10:36:55.0357 2696 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

10:36:55.0372 2696 AxInstSV - ok

10:36:55.0419 2696 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys

10:36:55.0435 2696 b06bdrv - ok

10:36:55.0481 2696 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

10:36:55.0481 2696 b57nd60a - ok

10:36:55.0559 2696 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

10:36:55.0575 2696 BDESVC - ok

10:36:55.0606 2696 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

10:36:55.0606 2696 Beep - ok

10:36:55.0684 2696 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

10:36:55.0700 2696 BFE - ok

10:36:55.0747 2696 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll

10:36:55.0778 2696 BITS - ok

10:36:55.0809 2696 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

10:36:55.0809 2696 blbdrive - ok

10:36:55.0934 2696 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

10:36:55.0934 2696 Bonjour Service - ok

10:36:56.0027 2696 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

10:36:56.0027 2696 bowser - ok

10:36:56.0091 2696 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

10:36:56.0091 2696 BrFiltLo - ok

10:36:56.0153 2696 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

10:36:56.0153 2696 BrFiltUp - ok

10:36:56.0200 2696 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll

10:36:56.0200 2696 Browser - ok

10:36:56.0231 2696 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

10:36:56.0231 2696 Brserid - ok

10:36:56.0278 2696 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

10:36:56.0278 2696 BrSerWdm - ok

10:36:56.0294 2696 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

10:36:56.0294 2696 BrUsbMdm - ok

10:36:56.0294 2696 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

10:36:56.0294 2696 BrUsbSer - ok

10:36:56.0356 2696 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys

10:36:56.0356 2696 BthEnum - ok

10:36:56.0387 2696 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

10:36:56.0403 2696 BTHMODEM - ok

10:36:56.0418 2696 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys

10:36:56.0418 2696 BthPan - ok

10:36:56.0465 2696 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys

10:36:56.0481 2696 BTHPORT - ok

10:36:56.0528 2696 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

10:36:56.0543 2696 bthserv - ok

10:36:56.0590 2696 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys

10:36:56.0590 2696 BTHUSB - ok

10:36:56.0637 2696 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

10:36:56.0637 2696 cdfs - ok

10:36:56.0699 2696 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys

10:36:56.0699 2696 cdrom - ok

10:36:56.0746 2696 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

10:36:56.0746 2696 CertPropSvc - ok

10:36:56.0777 2696 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys

10:36:56.0777 2696 circlass - ok

10:36:56.0824 2696 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

10:36:56.0824 2696 CLFS - ok

10:36:56.0918 2696 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

10:36:56.0918 2696 clr_optimization_v2.0.50727_32 - ok

10:36:56.0964 2696 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

10:36:56.0980 2696 clr_optimization_v2.0.50727_64 - ok

10:36:57.0074 2696 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

10:36:57.0074 2696 clr_optimization_v4.0.30319_32 - ok

10:36:57.0136 2696 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

10:36:57.0136 2696 clr_optimization_v4.0.30319_64 - ok

10:36:57.0214 2696 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

10:36:57.0214 2696 CmBatt - ok

10:36:57.0245 2696 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

10:36:57.0245 2696 cmdide - ok

10:36:57.0308 2696 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys

10:36:57.0323 2696 CNG - ok

10:36:57.0370 2696 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

10:36:57.0370 2696 Compbatt - ok

10:36:57.0432 2696 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

10:36:57.0448 2696 CompositeBus - ok

10:36:57.0464 2696 COMSysApp - ok

10:36:57.0495 2696 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

10:36:57.0495 2696 crcdisk - ok

10:36:57.0542 2696 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll

10:36:57.0542 2696 CryptSvc - ok

10:36:57.0604 2696 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

10:36:57.0620 2696 DcomLaunch - ok

10:36:57.0698 2696 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

10:36:57.0713 2696 defragsvc - ok

10:36:57.0760 2696 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

10:36:57.0776 2696 DfsC - ok

10:36:57.0822 2696 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

10:36:57.0822 2696 Dhcp - ok

10:36:57.0854 2696 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

10:36:57.0854 2696 discache - ok

10:36:57.0900 2696 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys

10:36:57.0900 2696 Disk - ok

10:36:57.0932 2696 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

10:36:57.0947 2696 Dnscache - ok

10:36:57.0994 2696 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

10:36:58.0010 2696 dot3svc - ok

10:36:58.0072 2696 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

10:36:58.0072 2696 DPS - ok

10:36:58.0119 2696 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

10:36:58.0119 2696 drmkaud - ok

10:36:58.0181 2696 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

10:36:58.0212 2696 DXGKrnl - ok

10:36:58.0259 2696 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

10:36:58.0275 2696 EapHost - ok

10:36:58.0400 2696 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys

10:36:58.0509 2696 ebdrv - ok

10:36:58.0540 2696 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

10:36:58.0540 2696 EFS - ok

10:36:58.0634 2696 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

10:36:58.0649 2696 ehRecvr - ok

10:36:58.0680 2696 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

10:36:58.0680 2696 ehSched - ok

10:36:58.0790 2696 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

10:36:58.0805 2696 elxstor - ok

10:36:58.0821 2696 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

10:36:58.0821 2696 ErrDev - ok

10:36:58.0883 2696 [ 4C120D2B2EA269EAE7A5744794EB6DB1 ] ETD C:\Windows\system32\DRIVERS\ETD.sys

10:36:58.0883 2696 ETD - ok

10:36:58.0946 2696 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

10:36:58.0961 2696 EventSystem - ok

10:36:59.0039 2696 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

10:36:59.0039 2696 exfat - ok

10:36:59.0070 2696 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

10:36:59.0070 2696 fastfat - ok

10:36:59.0164 2696 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

10:36:59.0180 2696 Fax - ok

10:36:59.0195 2696 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys

10:36:59.0195 2696 fdc - ok

10:36:59.0226 2696 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

10:36:59.0226 2696 fdPHost - ok

10:36:59.0258 2696 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

10:36:59.0258 2696 FDResPub - ok

10:36:59.0289 2696 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

10:36:59.0304 2696 FileInfo - ok

10:36:59.0304 2696 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

10:36:59.0320 2696 Filetrace - ok

10:36:59.0320 2696 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

10:36:59.0320 2696 flpydisk - ok

10:36:59.0382 2696 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

10:36:59.0382 2696 FltMgr - ok

10:36:59.0460 2696 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll

10:36:59.0492 2696 FontCache - ok

10:36:59.0538 2696 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

10:36:59.0538 2696 FontCache3.0.0.0 - ok

10:36:59.0570 2696 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

10:36:59.0585 2696 FsDepends - ok

10:36:59.0648 2696 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys

10:36:59.0663 2696 fssfltr - ok

10:36:59.0835 2696 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

10:36:59.0850 2696 fsssvc - ok

10:36:59.0882 2696 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

10:36:59.0882 2696 Fs_Rec - ok

10:36:59.0928 2696 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

10:36:59.0928 2696 fvevol - ok

10:36:59.0991 2696 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

10:36:59.0991 2696 gagp30kx - ok

10:37:00.0022 2696 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

10:37:00.0022 2696 GEARAspiWDM - ok

10:37:00.0084 2696 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

10:37:00.0100 2696 gpsvc - ok

10:37:00.0147 2696 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

10:37:00.0162 2696 hcw85cir - ok

10:37:00.0209 2696 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

10:37:00.0209 2696 HdAudAddService - ok

10:37:00.0256 2696 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys

10:37:00.0256 2696 HDAudBus - ok

10:37:00.0287 2696 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

10:37:00.0287 2696 HidBatt - ok

10:37:00.0303 2696 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

10:37:00.0303 2696 HidBth - ok

10:37:00.0334 2696 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

10:37:00.0334 2696 HidIr - ok

10:37:00.0365 2696 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll

10:37:00.0365 2696 hidserv - ok

10:37:00.0412 2696 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

10:37:00.0412 2696 HidUsb - ok

10:37:00.0443 2696 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

10:37:00.0459 2696 hkmsvc - ok

10:37:00.0506 2696 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

10:37:00.0521 2696 HomeGroupListener - ok

10:37:00.0568 2696 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

10:37:00.0568 2696 HomeGroupProvider - ok

10:37:00.0599 2696 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

10:37:00.0599 2696 HpSAMD - ok

10:37:00.0662 2696 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

10:37:00.0677 2696 HTTP - ok

10:37:00.0708 2696 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

10:37:00.0724 2696 hwpolicy - ok

10:37:00.0771 2696 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

10:37:00.0771 2696 i8042prt - ok

10:37:00.0849 2696 [ D7921D5A870B11CC1ADAB198A519D50A ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys

10:37:00.0849 2696 iaStor - ok

10:37:00.0911 2696 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

10:37:00.0927 2696 iaStorV - ok

10:37:00.0989 2696 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

10:37:01.0005 2696 idsvc - ok

10:37:01.0956 2696 [ 10BB0DC3361C9420CC1B0B2128BB89DB ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys

10:37:02.0331 2696 igfx - ok

10:37:02.0424 2696 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

10:37:02.0440 2696 iirsp - ok

10:37:02.0502 2696 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

10:37:02.0518 2696 IKEEXT - ok

10:37:02.0643 2696 [ 02C93EBAA4421418411448FE7FDFD815 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys

10:37:02.0690 2696 IntcAzAudAddService - ok

10:37:02.0736 2696 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys

10:37:02.0752 2696 IntcDAud - ok

10:37:02.0783 2696 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

10:37:02.0783 2696 intelide - ok

10:37:02.0846 2696 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

10:37:02.0846 2696 intelppm - ok

10:37:02.0877 2696 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

10:37:02.0892 2696 IPBusEnum - ok

10:37:02.0924 2696 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

10:37:02.0939 2696 IpFilterDriver - ok

10:37:02.0986 2696 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

10:37:03.0002 2696 iphlpsvc - ok

10:37:03.0048 2696 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

10:37:03.0048 2696 IPMIDRV - ok

10:37:03.0080 2696 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

10:37:03.0080 2696 IPNAT - ok

10:37:03.0173 2696 [ 3C0D4B3E80FC4854CA325DD123CC4DED ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

10:37:03.0189 2696 iPod Service - ok

10:37:03.0251 2696 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

10:37:03.0251 2696 IRENUM - ok

10:37:03.0314 2696 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

10:37:03.0314 2696 isapnp - ok

10:37:03.0360 2696 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

10:37:03.0360 2696 iScsiPrt - ok

10:37:03.0392 2696 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys

10:37:03.0392 2696 kbdclass - ok

10:37:03.0438 2696 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys

10:37:03.0438 2696 kbdhid - ok

10:37:03.0485 2696 [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys

10:37:03.0485 2696 kbfiltr - ok

10:37:03.0501 2696 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

10:37:03.0501 2696 KeyIso - ok

10:37:03.0532 2696 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

10:37:03.0548 2696 KSecDD - ok

10:37:03.0579 2696 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

10:37:03.0579 2696 KSecPkg - ok

10:37:03.0626 2696 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

10:37:03.0626 2696 ksthunk - ok

10:37:03.0657 2696 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

10:37:03.0657 2696 KtmRm - ok

10:37:03.0719 2696 [ A4A9CA24E54E81C6C3E469EAEB4B3F42 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys

10:37:03.0719 2696 L1C - ok

10:37:03.0782 2696 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll

10:37:03.0782 2696 LanmanServer - ok

10:37:03.0828 2696 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

10:37:03.0828 2696 LanmanWorkstation - ok

10:37:03.0891 2696 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

10:37:03.0891 2696 lltdio - ok

10:37:03.0938 2696 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

10:37:03.0938 2696 lltdsvc - ok

10:37:03.0953 2696 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

10:37:03.0969 2696 lmhosts - ok

10:37:04.0047 2696 [ 0803906D607A9B83184447B75B60ECC2 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

10:37:04.0047 2696 LMS - ok

10:37:04.0109 2696 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

10:37:04.0109 2696 LSI_FC - ok

10:37:04.0109 2696 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

10:37:04.0125 2696 LSI_SAS - ok

10:37:04.0125 2696 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

10:37:04.0140 2696 LSI_SAS2 - ok

10:37:04.0140 2696 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

10:37:04.0156 2696 LSI_SCSI - ok

10:37:04.0172 2696 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

10:37:04.0172 2696 luafv - ok

10:37:04.0265 2696 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys

10:37:04.0265 2696 MBAMProtector - ok

10:37:04.0390 2696 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

10:37:04.0406 2696 MBAMScheduler - ok

10:37:04.0437 2696 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

10:37:04.0452 2696 MBAMService - ok

10:37:04.0484 2696 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

10:37:04.0499 2696 Mcx2Svc - ok

10:37:04.0515 2696 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

10:37:04.0515 2696 megasas - ok

10:37:04.0562 2696 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

10:37:04.0562 2696 MegaSR - ok

10:37:04.0624 2696 [ 1C6E73FC46B509EFF9D0086AA37132DF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys

10:37:04.0624 2696 MEIx64 - ok

10:37:04.0702 2696 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe

10:37:04.0702 2696 Microsoft Office Groove Audit Service - ok

10:37:04.0733 2696 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

10:37:04.0733 2696 MMCSS - ok

10:37:04.0749 2696 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

10:37:04.0749 2696 Modem - ok

10:37:04.0811 2696 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

10:37:04.0811 2696 monitor - ok

10:37:04.0842 2696 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

10:37:04.0842 2696 mouclass - ok

10:37:04.0889 2696 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

10:37:04.0889 2696 mouhid - ok

10:37:04.0936 2696 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

10:37:04.0952 2696 mountmgr - ok

10:37:05.0014 2696 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

10:37:05.0030 2696 MozillaMaintenance - ok

10:37:05.0092 2696 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys

10:37:05.0092 2696 MpFilter - ok

10:37:05.0123 2696 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

10:37:05.0123 2696 mpio - ok

10:37:05.0139 2696 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

10:37:05.0154 2696 mpsdrv - ok

10:37:05.0217 2696 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

10:37:05.0232 2696 MpsSvc - ok

10:37:05.0295 2696 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

10:37:05.0310 2696 MRxDAV - ok

10:37:05.0342 2696 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

10:37:05.0342 2696 mrxsmb - ok

10:37:05.0373 2696 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

10:37:05.0388 2696 mrxsmb10 - ok

10:37:05.0420 2696 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

10:37:05.0420 2696 mrxsmb20 - ok

10:37:05.0451 2696 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

10:37:05.0451 2696 msahci - ok

10:37:05.0482 2696 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

10:37:05.0482 2696 msdsm - ok

10:37:05.0513 2696 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

10:37:05.0529 2696 MSDTC - ok

10:37:05.0576 2696 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

10:37:05.0591 2696 Msfs - ok

10:37:05.0622 2696 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

10:37:05.0622 2696 mshidkmdf - ok

10:37:05.0654 2696 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

10:37:05.0669 2696 msisadrv - ok

10:37:05.0700 2696 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

10:37:05.0716 2696 MSiSCSI - ok

10:37:05.0716 2696 msiserver - ok

10:37:05.0778 2696 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

10:37:05.0778 2696 MSKSSRV - ok

10:37:05.0872 2696 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe

10:37:05.0872 2696 MsMpSvc - ok

10:37:05.0919 2696 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

10:37:05.0919 2696 MSPCLOCK - ok

10:37:05.0934 2696 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

10:37:05.0934 2696 MSPQM - ok

10:37:05.0966 2696 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

10:37:05.0981 2696 MsRPC - ok

10:37:06.0012 2696 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys

10:37:06.0012 2696 mssmbios - ok

10:37:06.0044 2696 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

10:37:06.0044 2696 MSTEE - ok

10:37:06.0059 2696 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

10:37:06.0059 2696 MTConfig - ok

10:37:06.0075 2696 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

10:37:06.0075 2696 Mup - ok

10:37:06.0122 2696 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

10:37:06.0137 2696 napagent - ok

10:37:06.0200 2696 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

10:37:06.0215 2696 NativeWifiP - ok

10:37:06.0262 2696 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys

10:37:06.0293 2696 NDIS - ok

10:37:06.0340 2696 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

10:37:06.0340 2696 NdisCap - ok

10:37:06.0387 2696 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

10:37:06.0387 2696 NdisTapi - ok

10:37:06.0418 2696 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

10:37:06.0418 2696 Ndisuio - ok

10:37:06.0480 2696 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

10:37:06.0480 2696 NdisWan - ok

10:37:06.0512 2696 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

10:37:06.0527 2696 NDProxy - ok

10:37:06.0558 2696 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

10:37:06.0558 2696 NetBIOS - ok

10:37:06.0605 2696 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

10:37:06.0605 2696 NetBT - ok

10:37:06.0652 2696 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

10:37:06.0668 2696 Netlogon - ok

10:37:06.0714 2696 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

10:37:06.0730 2696 Netman - ok

10:37:06.0761 2696 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

10:37:06.0777 2696 netprofm - ok

10:37:06.0792 2696 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

10:37:06.0808 2696 NetTcpPortSharing - ok

10:37:06.0870 2696 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

10:37:06.0870 2696 nfrd960 - ok

10:37:06.0933 2696 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys

10:37:06.0948 2696 NisDrv - ok

10:37:06.0995 2696 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe

10:37:07.0011 2696 NisSrv - ok

10:37:07.0073 2696 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll

10:37:07.0073 2696 NlaSvc - ok

10:37:07.0120 2696 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

10:37:07.0120 2696 Npfs - ok

10:37:07.0151 2696 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

10:37:07.0151 2696 nsi - ok

10:37:07.0167 2696 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

10:37:07.0167 2696 nsiproxy - ok

10:37:07.0245 2696 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

10:37:07.0276 2696 Ntfs - ok

10:37:07.0307 2696 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

10:37:07.0323 2696 Null - ok

10:37:07.0385 2696 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

10:37:07.0385 2696 nvraid - ok

10:37:07.0416 2696 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

10:37:07.0432 2696 nvstor - ok

10:37:07.0463 2696 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

10:37:07.0463 2696 nv_agp - ok

10:37:07.0557 2696 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

10:37:07.0572 2696 odserv - ok

10:37:07.0604 2696 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

10:37:07.0604 2696 ohci1394 - ok

10:37:07.0650 2696 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

10:37:07.0666 2696 ose - ok

10:37:07.0713 2696 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

10:37:07.0713 2696 p2pimsvc - ok

10:37:07.0775 2696 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

10:37:07.0791 2696 p2psvc - ok

10:37:07.0822 2696 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys

10:37:07.0822 2696 Parport - ok

10:37:07.0853 2696 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys

10:37:07.0853 2696 partmgr - ok

10:37:07.0884 2696 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

10:37:07.0884 2696 PcaSvc - ok

10:37:07.0916 2696 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

10:37:07.0916 2696 pci - ok

10:37:07.0978 2696 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

10:37:07.0978 2696 pciide - ok

10:37:08.0009 2696 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

10:37:08.0025 2696 pcmcia - ok

10:37:08.0040 2696 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

10:37:08.0040 2696 pcw - ok

10:37:08.0072 2696 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

10:37:08.0087 2696 PEAUTH - ok

10:37:08.0165 2696 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

10:37:08.0165 2696 PerfHost - ok

10:37:08.0290 2696 [ D0F9F362023BF94CF58A1C3CDBBEBE06 ] PhotoshopElementsDeviceConnect C:\Program Files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe

10:37:08.0290 2696 PhotoshopElementsDeviceConnect - ok

10:37:08.0399 2696 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

10:37:08.0430 2696 pla - ok

10:37:08.0477 2696 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

10:37:08.0493 2696 PlugPlay - ok

10:37:08.0524 2696 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

10:37:08.0524 2696 PNRPAutoReg - ok

10:37:08.0571 2696 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

10:37:08.0586 2696 PNRPsvc - ok

10:37:08.0649 2696 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

10:37:08.0664 2696 PolicyAgent - ok

10:37:08.0696 2696 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

10:37:08.0696 2696 Power - ok

10:37:08.0758 2696 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

10:37:08.0758 2696 PptpMiniport - ok

10:37:08.0789 2696 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys

10:37:08.0789 2696 Processor - ok

10:37:08.0820 2696 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll

10:37:08.0836 2696 ProfSvc - ok

10:37:08.0852 2696 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

10:37:08.0852 2696 ProtectedStorage - ok

10:37:08.0898 2696 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

10:37:08.0898 2696 Psched - ok

10:37:09.0023 2696 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

10:37:09.0054 2696 ql2300 - ok

10:37:09.0070 2696 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

10:37:09.0086 2696 ql40xx - ok

10:37:09.0117 2696 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

10:37:09.0117 2696 QWAVE - ok

10:37:09.0148 2696 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

10:37:09.0148 2696 QWAVEdrv - ok

10:37:09.0148 2696 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

10:37:09.0148 2696 RasAcd - ok

10:37:09.0210 2696 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

10:37:09.0210 2696 RasAgileVpn - ok

10:37:09.0242 2696 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

10:37:09.0242 2696 RasAuto - ok

10:37:09.0288 2696 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

10:37:09.0288 2696 Rasl2tp - ok

10:37:09.0335 2696 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

10:37:09.0351 2696 RasMan - ok

10:37:09.0366 2696 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

10:37:09.0382 2696 RasPppoe - ok

10:37:09.0444 2696 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

10:37:09.0444 2696 RasSstp - ok

10:37:09.0491 2696 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

10:37:09.0491 2696 rdbss - ok

10:37:09.0507 2696 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

10:37:09.0522 2696 rdpbus - ok

10:37:09.0538 2696 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

10:37:09.0538 2696 RDPCDD - ok

10:37:09.0585 2696 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

10:37:09.0585 2696 RDPENCDD - ok

10:37:09.0600 2696 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

10:37:09.0600 2696 RDPREFMP - ok

10:37:09.0647 2696 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

10:37:09.0647 2696 RDPWD - ok

10:37:09.0710 2696 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

10:37:09.0710 2696 rdyboost - ok

10:37:09.0756 2696 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

10:37:09.0788 2696 RemoteAccess - ok

10:37:09.0819 2696 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

10:37:09.0834 2696 RemoteRegistry - ok

10:37:09.0881 2696 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys

10:37:09.0881 2696 RFCOMM - ok

10:37:09.0912 2696 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

10:37:09.0912 2696 RpcEptMapper - ok

10:37:09.0928 2696 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

10:37:09.0944 2696 RpcLocator - ok

10:37:09.0990 2696 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

10:37:09.0990 2696 RpcSs - ok

10:37:10.0053 2696 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

10:37:10.0053 2696 rspndr - ok

10:37:10.0131 2696 [ 25AABB94BB2D59F1CA6101290255D2E8 ] RTL8192Ce C:\Windows\system32\DRIVERS\rtl8192Ce.sys

10:37:10.0146 2696 RTL8192Ce - ok

10:37:10.0162 2696 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

10:37:10.0178 2696 SamSs - ok

10:37:10.0209 2696 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

10:37:10.0209 2696 sbp2port - ok

10:37:10.0271 2696 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

10:37:10.0271 2696 SCardSvr - ok

10:37:10.0318 2696 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

10:37:10.0318 2696 scfilter - ok

10:37:10.0380 2696 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

10:37:10.0412 2696 Schedule - ok

10:37:10.0443 2696 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

10:37:10.0443 2696 SCPolicySvc - ok

10:37:10.0490 2696 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

10:37:10.0490 2696 SDRSVC - ok

10:37:10.0536 2696 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

10:37:10.0552 2696 secdrv - ok

10:37:10.0583 2696 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

10:37:10.0583 2696 seclogon - ok

10:37:10.0599 2696 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll

10:37:10.0614 2696 SENS - ok

10:37:10.0630 2696 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

10:37:10.0630 2696 SensrSvc - ok

10:37:10.0646 2696 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

10:37:10.0646 2696 Serenum - ok

10:37:10.0677 2696 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys

10:37:10.0677 2696 Serial - ok

10:37:10.0724 2696 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

10:37:10.0724 2696 sermouse - ok

10:37:10.0770 2696 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

10:37:10.0786 2696 SessionEnv - ok

10:37:10.0802 2696 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

10:37:10.0817 2696 sffdisk - ok

10:37:10.0833 2696 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

10:37:10.0833 2696 sffp_mmc - ok

10:37:10.0864 2696 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

10:37:10.0864 2696 sffp_sd - ok

10:37:10.0895 2696 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

10:37:10.0895 2696 sfloppy - ok

10:37:10.0942 2696 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

10:37:10.0958 2696 SharedAccess - ok

10:37:11.0004 2696 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

10:37:11.0020 2696 ShellHWDetection - ok

10:37:11.0036 2696 [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH C:\Windows\system32\DRIVERS\SiSG664.sys

10:37:11.0036 2696 SiSGbeLH - ok

10:37:11.0051 2696 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

10:37:11.0051 2696 SiSRaid2 - ok

10:37:11.0067 2696 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

10:37:11.0082 2696 SiSRaid4 - ok

10:37:11.0145 2696 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe

10:37:11.0145 2696 SkypeUpdate - ok

10:37:11.0176 2696 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

10:37:11.0176 2696 Smb - ok

10:37:11.0238 2696 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

10:37:11.0238 2696 SNMPTRAP - ok

10:37:11.0348 2696 [ C98375D19F9E9966F6201BAE65FB3728 ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys

10:37:11.0379 2696 SNP2UVC - ok

10:37:11.0394 2696 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

10:37:11.0426 2696 spldr - ok

10:37:11.0472 2696 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe

10:37:11.0488 2696 Spooler - ok

10:37:11.0613 2696 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

10:37:11.0738 2696 sppsvc - ok

10:37:11.0769 2696 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

10:37:11.0769 2696 sppuinotify - ok

10:37:11.0816 2696 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

10:37:11.0816 2696 srv - ok

10:37:11.0847 2696 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

10:37:11.0847 2696 srv2 - ok

10:37:11.0878 2696 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

10:37:11.0878 2696 srvnet - ok

10:37:11.0925 2696 [ 1612881760C9DF7FBB09B6CF1D3BA0DF ] sscdbus C:\Windows\system32\DRIVERS\sscdbus.sys

10:37:11.0940 2696 sscdbus - ok

10:37:11.0987 2696 [ D7803A687E85189EA2B525CC22093521 ] sscdmdfl C:\Windows\system32\DRIVERS\sscdmdfl.sys

10:37:12.0003 2696 sscdmdfl - ok

10:37:12.0034 2696 [ 06DB3D5EB2444083C7F5AF7874765505 ] sscdmdm C:\Windows\system32\DRIVERS\sscdmdm.sys

10:37:12.0034 2696 sscdmdm - ok

10:37:12.0065 2696 [ 23EBB395609D9CDB8B1074A12254119B ] sscdserd C:\Windows\system32\DRIVERS\sscdserd.sys

10:37:12.0081 2696 sscdserd - ok

10:37:12.0128 2696 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

10:37:12.0128 2696 SSDPSRV - ok

10:37:12.0143 2696 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

10:37:12.0159 2696 SstpSvc - ok

10:37:12.0174 2696 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

10:37:12.0190 2696 stexstor - ok

10:37:12.0237 2696 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

10:37:12.0252 2696 stisvc - ok

10:37:12.0284 2696 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys

10:37:12.0284 2696 swenum - ok

10:37:12.0330 2696 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

10:37:12.0330 2696 swprv - ok

10:37:12.0424 2696 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

10:37:12.0455 2696 SysMain - ok

10:37:12.0486 2696 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

10:37:12.0502 2696 TabletInputService - ok

10:37:12.0533 2696 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

10:37:12.0549 2696 TapiSrv - ok

10:37:12.0580 2696 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

10:37:12.0580 2696 TBS - ok

10:37:12.0689 2696 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys

10:37:12.0720 2696 Tcpip - ok

10:37:12.0798 2696 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

10:37:12.0830 2696 TCPIP6 - ok

10:37:12.0861 2696 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

10:37:12.0861 2696 tcpipreg - ok

10:37:12.0923 2696 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

10:37:12.0923 2696 TDPIPE - ok

10:37:12.0954 2696 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

10:37:12.0954 2696 TDTCP - ok

10:37:13.0001 2696 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

10:37:13.0001 2696 tdx - ok

10:37:13.0032 2696 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys

10:37:13.0032 2696 TermDD - ok

10:37:13.0064 2696 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

10:37:13.0079 2696 TermService - ok

10:37:13.0110 2696 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

10:37:13.0126 2696 Themes - ok

10:37:13.0142 2696 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

10:37:13.0142 2696 THREADORDER - ok

10:37:13.0157 2696 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

10:37:13.0173 2696 TrkWks - ok

10:37:13.0235 2696 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

10:37:13.0235 2696 TrustedInstaller - ok

10:37:13.0282 2696 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

10:37:13.0282 2696 tssecsrv - ok

10:37:13.0329 2696 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

10:37:13.0329 2696 TsUsbFlt - ok

10:37:13.0407 2696 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

10:37:13.0407 2696 tunnel - ok

10:37:13.0438 2696 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

10:37:13.0438 2696 uagp35 - ok

10:37:13.0500 2696 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

10:37:13.0516 2696 udfs - ok

10:37:13.0547 2696 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

10:37:13.0547 2696 UI0Detect - ok

10:37:13.0610 2696 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

10:37:13.0610 2696 uliagpkx - ok

10:37:13.0672 2696 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys

10:37:13.0672 2696 umbus - ok

10:37:13.0719 2696 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

10:37:13.0719 2696 UmPass - ok

10:37:13.0875 2696 [ EB79C6C91A99930015EF29AE7FA802D1 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

10:37:13.0906 2696 UNS - ok

10:37:13.0953 2696 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

10:37:13.0968 2696 upnphost - ok

10:37:14.0015 2696 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys

10:37:14.0015 2696 USBAAPL64 - ok

10:37:14.0062 2696 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys

10:37:14.0062 2696 usbaudio - ok

10:37:14.0093 2696 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

10:37:14.0093 2696 usbccgp - ok

10:37:14.0140 2696 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

10:37:14.0140 2696 usbcir - ok

10:37:14.0171 2696 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys

10:37:14.0171 2696 usbehci - ok

10:37:14.0218 2696 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

10:37:14.0218 2696 usbhub - ok

10:37:14.0249 2696 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys

10:37:14.0265 2696 usbohci - ok

10:37:14.0312 2696 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

10:37:14.0312 2696 usbprint - ok

10:37:14.0343 2696 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

10:37:14.0343 2696 usbscan - ok

10:37:14.0358 2696 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

10:37:14.0358 2696 USBSTOR - ok

10:37:14.0374 2696 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

10:37:14.0374 2696 usbuhci - ok

10:37:14.0436 2696 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys

10:37:14.0436 2696 usbvideo - ok

10:37:14.0483 2696 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

10:37:14.0499 2696 UxSms - ok

10:37:14.0530 2696 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

10:37:14.0530 2696 VaultSvc - ok

10:37:14.0592 2696 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

10:37:14.0592 2696 vdrvroot - ok

10:37:14.0639 2696 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

10:37:14.0655 2696 vds - ok

10:37:14.0702 2696 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

10:37:14.0717 2696 vga - ok

10:37:14.0733 2696 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

10:37:14.0733 2696 VgaSave - ok

10:37:14.0764 2696 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

10:37:14.0764 2696 vhdmp - ok

10:37:14.0795 2696 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

10:37:14.0811 2696 viaide - ok

10:37:14.0842 2696 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

10:37:14.0842 2696 volmgr - ok

10:37:14.0904 2696 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

10:37:14.0904 2696 volmgrx - ok

10:37:14.0936 2696 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

10:37:14.0951 2696 volsnap - ok

10:37:15.0029 2696 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

10:37:15.0029 2696 vsmraid - ok

10:37:15.0123 2696 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

10:37:15.0154 2696 VSS - ok

10:37:15.0185 2696 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

10:37:15.0185 2696 vwifibus - ok

10:37:15.0216 2696 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

10:37:15.0216 2696 vwififlt - ok

10:37:15.0279 2696 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

10:37:15.0294 2696 W32Time - ok

10:37:15.0326 2696 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

10:37:15.0326 2696 WacomPen - ok

10:37:15.0388 2696 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

10:37:15.0388 2696 WANARP - ok

10:37:15.0404 2696 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

10:37:15.0404 2696 Wanarpv6 - ok

10:37:15.0513 2696 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

10:37:15.0544 2696 WatAdminSvc - ok

10:37:15.0622 2696 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

10:37:15.0653 2696 wbengine - ok

10:37:15.0684 2696 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

10:37:15.0684 2696 WbioSrvc - ok

10:37:15.0747 2696 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

10:37:15.0747 2696 wcncsvc - ok

10:37:15.0778 2696 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

10:37:15.0778 2696 WcsPlugInService - ok

10:37:15.0809 2696 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys

10:37:15.0809 2696 Wd - ok

10:37:15.0856 2696 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

10:37:15.0872 2696 Wdf01000 - ok

10:37:15.0872 2696 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

10:37:15.0887 2696 WdiServiceHost - ok

10:37:15.0887 2696 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

10:37:15.0903 2696 WdiSystemHost - ok

10:37:15.0934 2696 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

10:37:15.0950 2696 WebClient - ok

10:37:15.0981 2696 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

10:37:15.0996 2696 Wecsvc - ok

10:37:16.0012 2696 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

10:37:16.0012 2696 wercplsupport - ok

10:37:16.0059 2696 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

10:37:16.0059 2696 WerSvc - ok

10:37:16.0090 2696 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

10:37:16.0090 2696 WfpLwf - ok

10:37:16.0152 2696 [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys

10:37:16.0152 2696 WimFltr - ok

10:37:16.0168 2696 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

10:37:16.0184 2696 WIMMount - ok

10:37:16.0199 2696 WinDefend - ok

10:37:16.0215 2696 WinHttpAutoProxySvc - ok

10:37:16.0277 2696 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

10:37:16.0277 2696 Winmgmt - ok

10:37:16.0386 2696 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

10:37:16.0418 2696 WinRM - ok

10:37:16.0511 2696 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

10:37:16.0511 2696 WinUsb - ok

10:37:16.0605 2696 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

10:37:16.0620 2696 Wlansvc - ok

10:37:16.0714 2696 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

10:37:16.0714 2696 wlcrasvc - ok

10:37:16.0808 2696 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

10:37:16.0854 2696 wlidsvc - ok

10:37:16.0901 2696 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

10:37:16.0901 2696 WmiAcpi - ok

10:37:16.0948 2696 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

10:37:16.0948 2696 wmiApSrv - ok

10:37:16.0979 2696 WMPNetworkSvc - ok

10:37:17.0010 2696 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

10:37:17.0026 2696 WPCSvc - ok

10:37:17.0073 2696 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

10:37:17.0073 2696 WPDBusEnum - ok

10:37:17.0104 2696 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

10:37:17.0104 2696 ws2ifsl - ok

10:37:17.0135 2696 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll

10:37:17.0135 2696 wscsvc - ok

10:37:17.0135 2696 WSearch - ok

10:37:17.0260 2696 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

10:37:17.0307 2696 wuauserv - ok

10:37:17.0338 2696 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

10:37:17.0338 2696 WudfPf - ok

10:37:17.0385 2696 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

10:37:17.0400 2696 WUDFRd - ok

10:37:17.0432 2696 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

10:37:17.0447 2696 wudfsvc - ok

10:37:17.0478 2696 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

10:37:17.0478 2696 WwanSvc - ok

10:37:17.0525 2696 ================ Scan global ===============================

10:37:17.0556 2696 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

10:37:17.0603 2696 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll

10:37:17.0619 2696 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll

10:37:17.0650 2696 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

10:37:17.0697 2696 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

10:37:17.0712 2696 [Global] - ok

10:37:17.0712 2696 ================ Scan MBR ==================================

10:37:17.0712 2696 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

10:37:17.0712 2696 Suspicious mbr (Forged): \Device\Harddisk0\DR0

10:37:17.0775 2696 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected

10:37:17.0775 2696 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)

10:37:17.0775 2696 ================ Scan VBR ==================================

10:37:17.0775 2696 [ 2A57E7637956AB4F66B50A01D8C310E0 ] \Device\Harddisk0\DR0\Partition1

10:37:17.0775 2696 \Device\Harddisk0\DR0\Partition1 - ok

10:37:17.0806 2696 [ A9DC61F490CCF928793631B231721B7D ] \Device\Harddisk0\DR0\Partition2

10:37:17.0853 2696 \Device\Harddisk0\DR0\Partition2 - ok

10:37:17.0853 2696 ============================================================

10:37:17.0853 2696 Scan finished

10:37:17.0853 2696 ============================================================

10:37:17.0884 0940 Detected object count: 1

10:37:17.0884 0940 Actual detected object count: 1

10:37:58.0679 0940 \Device\Harddisk0\DR0\# - copied to quarantine

10:37:58.0882 0940 \Device\Harddisk0\DR0 - copied to quarantine

10:38:05.0996 0940 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine

10:38:06.0120 0940 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine

10:38:06.0242 0940 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

10:38:06.0302 0940 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

10:38:06.0372 0940 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine

10:38:09.0753 0940 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine

10:38:09.0833 0940 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine

10:38:09.0843 0940 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine

10:38:09.0853 0940 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine

10:38:10.0413 0940 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine

10:38:10.0533 0940 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine

10:38:10.0563 0940 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine

10:38:10.0573 0940 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine

10:38:10.0803 0940 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine

10:38:10.0823 0940 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

10:38:11.0093 0940 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot

10:38:11.0103 0940 \Device\Harddisk0\DR0 - ok

10:38:11.0183 0940 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure

Here is the ComboFix log:

ComboFix 12-09-27.03 - Murdock 09/28/2012 10:58:17.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3874.2538 [GMT -5:00]

Running from: c:\users\Murdock\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\windows\svchost.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-08-28 to 2012-09-28 )))))))))))))))))))))))))))))))

.

.

2012-09-28 16:08 . 2012-09-28 16:08 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-09-28 15:40 . 2012-09-28 15:40 35664 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C0622623-079C-405F-957F-6D7D77BDD764}\MpKsl8b429888.sys

2012-09-28 15:38 . 2012-09-28 15:38 208216 ----a-w- c:\windows\system32\drivers\66810697.sys

2012-09-28 15:37 . 2012-09-28 15:37 -------- d-----w- C:\TDSSKiller_Quarantine

2012-09-28 15:27 . 2012-09-28 15:40 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C0622623-079C-405F-957F-6D7D77BDD764}\offreg.dll

2012-09-28 01:30 . 2012-08-30 05:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C0622623-079C-405F-957F-6D7D77BDD764}\mpengine.dll

2012-09-26 02:41 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe

2012-09-25 02:46 . 2012-08-30 05:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-09-22 19:43 . 2012-09-22 19:43 -------- d-----w- c:\users\Murdock\AppData\Roaming\Malwarebytes

2012-09-22 19:38 . 2012-09-22 19:38 -------- d-----w- c:\programdata\Malwarebytes

2012-09-22 19:38 . 2012-09-07 22:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-22 19:38 . 2012-09-22 19:38 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-09-22 04:05 . 2012-08-24 10:21 1392128 ----a-w- c:\windows\system32\wininet.dll

2012-09-19 20:18 . 2012-08-28 06:49 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{58D562F8-6F52-4418-8A25-3CF47F4C5DD1}\mpengine.dll

2012-09-17 07:16 . 2012-09-22 23:05 -------- d-----w- c:\windows\Microsoft Antimalware

2012-09-14 19:49 . 2012-09-14 19:49 -------- d-----w- c:\program files (x86)\Common Files\Skype

2012-09-14 19:48 . 2012-09-14 19:49 -------- d-----r- c:\program files (x86)\Skype

2012-09-12 15:16 . 2012-02-11 01:42 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{06247F73-5B9A-46DA-828D-7DD2260E63E5}\gapaengine.dll

2012-09-12 14:31 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll

2012-09-12 14:31 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll

2012-09-12 14:31 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-09-12 14:31 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys

2012-09-12 14:31 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2012-09-12 14:31 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys

2012-09-12 14:31 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys

2012-09-01 02:44 . 2012-09-01 02:44 -------- d-----w- C:\MATS

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-09-28 15:40 . 2011-09-13 17:42 45056 ----a-w- c:\windows\system32\acovcnt.exe

2012-09-21 03:00 . 2012-04-02 04:34 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-09-21 03:00 . 2011-09-29 04:08 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-09-12 14:32 . 2011-09-22 00:07 64462936 ----a-w- c:\windows\system32\MRT.exe

2012-07-18 18:15 . 2012-08-15 00:05 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-07-06 20:07 . 2012-08-16 02:08 552960 ----a-w- c:\windows\system32\drivers\bthport.sys

2012-07-04 22:16 . 2012-08-15 00:06 73216 ----a-w- c:\windows\system32\netapi32.dll

2012-07-04 22:13 . 2012-08-15 00:06 136704 ----a-w- c:\windows\system32\browser.dll

2012-07-04 22:13 . 2012-08-15 00:06 59392 ----a-w- c:\windows\system32\browcli.dll

2012-07-04 21:14 . 2012-08-15 00:06 41984 ----a-w- c:\windows\SysWow64\browcli.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"Spotify Web Helper"="c:\users\Murdock\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-28 932528]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]

"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]

"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-10-19 2319536]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-4 113664]

AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-2-3 549040]

FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe [2011-9-21 12862]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R0 38600536;38600536;c:\windows\system32\drivers\66810697.sys [2012-09-28 208216]

R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-04 98304]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-04 118784]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 250288]

R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2011-03-18 74840]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-09 114144]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-22 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]

S1 MpKsl8b429888;MpKsl8b429888;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C0622623-079C-405F-957F-6D7D77BDD764}\MpKsl8b429888.sys [2012-09-28 35664]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]

S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-01-25 379520]

S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-12-31 138024]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-08-24 76912]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-09-21 56344]

S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2010-11-23 1103976]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MPKSL8B429888

.

Contents of the 'Scheduled Tasks' folder

.

2012-09-28 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 03:00]

.

2012-09-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3051550082-882093396-715400175-1001Core.job

- c:\users\Murdock\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-24 03:56]

.

2012-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3051550082-882093396-715400175-1001UA.job

- c:\users\Murdock\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-24 03:56]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]

@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"

[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]

2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]

@="{64174815-8D98-4CE6-8646-4C039977D808}"

[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]

2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]

"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-03-21 361984]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]

"snp2uvc"="c:\windows\vsnp2uvc.exe" [2010-01-21 909824]

"LifeChat"="c:\program files\Microsoft LifeChat\LifeChat.exe" [2009-09-24 371712]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-07-28 167704]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-07-28 392472]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-07-28 416024]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://asus.msn.com

mStart Page = hxxp://asus.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{6C243FF1-705F-4545-B908-2A6942263D97}\44169737F594E6E6: NameServer = 4.2.2.0,4.2.2.2

DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} - hxxps://r6mail2.r06tok.epa.gov/dwa85W.cab

FF - ProfilePath - c:\users\Murdock\AppData\Roaming\Mozilla\Firefox\Profiles\j7peecky.default\

FF - prefs.js: browser.search.selectedEngine - YouTube Video Search

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-Syncables - c:\program files (x86)\syncables\syncables desktop\Syncables.exe

SafeBoot-38600536.sys

Toolbar-Locked - (no file)

HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe

HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,

d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,

57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b

"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,

76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,

9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,

2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85

"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,

fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17

"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,

b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:34,ca,a4,4b,ce,78,cd,01

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-09-28 11:16:33

ComboFix-quarantined-files.txt 2012-09-28 16:16

.

Pre-Run: 56,365,846,528 bytes free

Post-Run: 56,538,832,896 bytes free

.

- - End Of File - - 16A3B8BE235A72EFC1FD96877FA12FF4

Link to post
Share on other sites

Well done :)

I notice you have Malwarebytes' Anti-Malware installed on your machine. Please launch the program and select the update tab, then click on the check for updates button.

  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Save it to your desktop.

Note: Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply.

Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and let me know how things are now.

How is your system behaving now ?

Link to post
Share on other sites

Here is the MBAM log:

Malwarebytes Anti-Malware (Trial) 1.65.0.1400

www.malwarebytes.org

Database version: v2012.09.29.04

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Murdock :: ASUS-NOTEBOOK [administrator]

Protection: Enabled

9/29/2012 5:19:30 PM

mbam-log-2012-09-29 (17-19-30).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 204110

Time elapsed: 3 minute(s), 29 second(s)

Memory Processes Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> 5360 -> Delete on reboot.

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)

Here is the ESET log:

C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip Win32/Bagle.gen.zip worm

C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip Win32/Bagle.gen.zip worm

C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip Win32/Bagle.gen.zip worm

C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric3.zip Win32/Bagle.gen.zip worm

C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric4.zip Win32/Bagle.gen.zip worm

C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric5.zip Win32/Bagle.gen.zip worm

C:\TDSSKiller_Quarantine\28.09.2012_10.36.27\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AYI trojan

C:\TDSSKiller_Quarantine\28.09.2012_10.36.27\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AK trojan

C:\TDSSKiller_Quarantine\28.09.2012_10.36.27\mbr0000\tdlfs0000\tsk0002.dta Win32/Olmarik.AYH trojan

C:\TDSSKiller_Quarantine\28.09.2012_10.36.27\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AL trojan

C:\TDSSKiller_Quarantine\28.09.2012_10.36.27\mbr0000\tdlfs0000\tsk0004.dta Win32/Olmarik.AWO trojan

C:\TDSSKiller_Quarantine\28.09.2012_10.36.27\mbr0000\tdlfs0000\tsk0005.dta Win64/Olmarik.AK trojan

C:\TDSSKiller_Quarantine\28.09.2012_10.36.27\mbr0000\tdlfs0000\tsk0009.dta Win32/Olmarik.AFK trojan

C:\TDSSKiller_Quarantine\28.09.2012_10.36.27\mbr0000\tdlfs0000\tsk0010.dta Win64/Olmarik.AK trojan

C:\TDSSKiller_Quarantine\28.09.2012_10.36.27\mbr0000\tdlfs0000\tsk0014.dta Win32/Olmarik.AYI trojan

C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip Win32/Bagle.gen.zip worm

C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip Win32/Bagle.gen.zip worm

C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip Win32/Bagle.gen.zip worm

C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric3.zip Win32/Bagle.gen.zip worm

C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric4.zip Win32/Bagle.gen.zip worm

C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric5.zip Win32/Bagle.gen.zip worm

D:\ASUS-NOTEBOOK\Backup Set 2012-01-22 201620\Backup Files 2012-01-22 201620\Backup files 4.zip a variant of Java/TrojanDownloader.Agent.NDJ trojan

D:\ASUS-NOTEBOOK\Backup Set 2012-02-05 220201\Backup Files 2012-02-05 220201\Backup files 4.zip a variant of Java/TrojanDownloader.Agent.NDJ trojan

D:\ASUS-NOTEBOOK\Backup Set 2012-02-05 220201\Backup Files 2012-03-04 190002\Backup files 3.zip HTML/ScrInject.B.Gen virus

D:\ASUS-NOTEBOOK\Backup Set 2012-03-11 204253\Backup Files 2012-03-18 224716\Backup files 5.zip HTML/ScrInject.B.Gen virus

D:\ASUS-NOTEBOOK\Backup Set 2012-09-02 230645\Backup Files 2012-09-16 220158\Backup files 2.zip HTML/ScrInject.B.Gen virus

So far I do not notice any change in laptop performance. MBAM and MSE still detect threats upon startup.

Link to post
Share on other sites

Download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:


    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst64 and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]It will make a log ( FRST.txt ) on the flash drive. Please copy and paste it to your reply.

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-09-2012 01

Ran by SYSTEM at 30-09-2012 13:07:04

Running from F:\

Windows 7 Home Premium (X64) OS Language: English(US)

The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-15] ()

HKLM\...\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe [2587944 2010-12-31] (ELAN Microelectronics Corp.)

HKLM\...\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.)

HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3 [2188904 2011-01-17] (Realtek Semiconductor)

HKLM\...\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe [909824 2010-01-20] (Sonix Technology Co., Ltd.)

HKLM\...\Run: [setwallpaper] c:\programdata\SetWallpaper.cmd [x]

HKLM\...\Run: [LifeChat] "C:\Program Files\Microsoft LifeChat\LifeChat.exe" [371712 2009-09-24] (Microsoft Corporation)

HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)

HKLM-x32\...\Run: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [222504 2009-05-19] (CyberLink Corp.)

HKLM-x32\...\Run: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [222504 2009-05-19] (CyberLink Corp.)

HKLM-x32\...\Run: [sonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-09] (Virage Logic Corporation / Sonic Focus)

HKLM-x32\...\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)

HKLM-x32\...\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)

HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-10-09] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)

HKLM-x32\...\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2319536 2011-10-18] (ASUS)

HKU\Murdock\...\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)

HKU\Murdock\...\Run: [spotify Web Helper] "C:\Users\Murdock\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [932528 2012-05-27] ()

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

Startup: C:\Users\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk

ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

Startup: C:\Users\All Users\Start Menu\Programs\Startup\AsusVibeLauncher.lnk

ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)

Startup: C:\Users\All Users\Start Menu\Programs\Startup\FancyStart daemon.lnk

ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe ()

==================== Services (Whitelisted) ===================

2 AdobeActiveFileMonitor; C:\Program Files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [98304 2004-10-04] ()

2 ATKGFNEXSrv; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2009-12-15] (ASUS)

2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-07] (Malwarebytes Corporation)

2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-07] (Malwarebytes Corporation)

2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)

3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)

2 PhotoshopElementsDeviceConnect; C:\Program Files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [118784 2004-10-04] ()

==================== Drivers (Whitelisted) =====================

1 ATKWMIACPIIO; \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17024 2010-07-26] (ASUS)

3 kbfiltr; C:\Windows\System32\Drivers\kbfiltr.sys [15416 2009-07-20] ( )

3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [25928 2012-09-07] (Malwarebytes Corporation)

3 SNP2UVC; C:\Windows\System32\Drivers\SNP2UVC.sys [1800832 2010-09-07] (Sonix Technology Co., Ltd.)

3 sscdserd; C:\Windows\System32\Drivers\sscdserd.sys [114856 2007-07-03] (MCCI Corporation)

3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========

2012-09-29 20:25 - 2009-07-13 17:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe

2012-09-29 19:25 - 2012-09-29 19:25 - 00002785 ____A C:\Users\Murdock\Desktop\eset_online_scanner_results.txt

2012-09-29 14:42 - 2012-09-29 14:42 - 00000000 ____D C:\Program Files (x86)\ESET

2012-09-28 08:16 - 2012-09-28 08:16 - 00021045 ____A C:\ComboFix.txt

2012-09-28 07:54 - 2012-09-28 08:16 - 00000000 ____D C:\Qoobox

2012-09-28 07:54 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe

2012-09-28 07:54 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe

2012-09-28 07:54 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe

2012-09-28 07:54 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe

2012-09-28 07:54 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe

2012-09-28 07:54 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe

2012-09-28 07:54 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe

2012-09-28 07:54 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe

2012-09-28 07:53 - 2012-09-28 08:11 - 00000000 ____D C:\Windows\erdnt

2012-09-28 07:44 - 2012-09-28 07:44 - 04757745 ____R (Swearware) C:\Users\Murdock\Desktop\ComboFix.exe

2012-09-28 07:39 - 2012-09-28 07:39 - 00266288 ____A C:\Windows\Minidump\092812-34413-01.dmp

2012-09-28 07:37 - 2012-09-28 07:37 - 00000000 ____D C:\TDSSKiller_Quarantine

2012-09-28 06:07 - 2012-09-28 06:07 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\Murdock\Desktop\tdsskiller.exe

2012-09-27 18:04 - 2012-09-27 18:04 - 00017169 ____A C:\Users\Murdock\Desktop\Attach.txt

2012-09-27 18:03 - 2012-09-27 18:03 - 00022025 ____A C:\Users\Murdock\Desktop\DDS.txt

2012-09-27 17:43 - 2012-09-27 17:43 - 00607260 ____R (Swearware) C:\Users\Murdock\Desktop\dds.scr

2012-09-25 18:41 - 2012-08-21 13:01 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe

2012-09-22 11:43 - 2012-09-22 11:43 - 00000000 ____D C:\Users\Murdock\AppData\Roaming\Malwarebytes

2012-09-22 11:38 - 2012-09-22 11:38 - 00000000 ____D C:\Users\All Users\Malwarebytes

2012-09-22 11:38 - 2012-09-22 11:38 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-09-22 11:38 - 2012-09-07 14:04 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-09-22 09:46 - 2012-09-22 09:46 - 00262144 ____A C:\Windows\Minidump\092212-30139-01.dmp

2012-09-21 20:06 - 2012-08-24 02:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-09-21 20:06 - 2012-08-24 02:22 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-09-21 20:06 - 2012-08-24 02:20 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-09-21 20:06 - 2012-08-24 02:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-09-21 20:06 - 2012-08-24 02:14 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-09-21 20:06 - 2012-08-24 02:11 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2012-09-21 20:06 - 2012-08-24 02:10 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-09-21 20:06 - 2012-08-24 02:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-09-21 20:06 - 2012-08-24 02:04 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-09-21 20:06 - 2012-08-23 22:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-09-21 20:06 - 2012-08-23 22:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-09-21 20:06 - 2012-08-23 22:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-09-21 20:06 - 2012-08-23 22:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2012-09-21 20:06 - 2012-08-23 22:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-09-21 20:06 - 2012-08-23 22:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2012-09-21 20:06 - 2012-08-23 22:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-09-21 20:06 - 2012-08-23 22:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-09-21 20:06 - 2012-08-23 22:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-09-21 20:05 - 2012-08-24 03:15 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-09-21 20:05 - 2012-08-24 02:39 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-09-21 20:05 - 2012-08-24 02:21 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-09-21 20:05 - 2012-08-24 02:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-09-21 20:05 - 2012-08-24 02:14 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-09-21 20:05 - 2012-08-24 02:13 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2012-09-21 20:05 - 2012-08-24 02:12 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-09-21 20:05 - 2012-08-23 23:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-09-21 20:05 - 2012-08-23 23:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-09-21 20:05 - 2012-08-23 22:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-09-21 20:05 - 2012-08-23 22:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-09-21 20:05 - 2012-08-23 22:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-09-21 20:05 - 2012-08-23 22:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-09-21 20:05 - 2012-08-23 22:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-09-16 23:16 - 2012-09-22 15:05 - 00000000 ____D C:\Windows\Microsoft Antimalware

2012-09-15 20:39 - 2012-09-15 20:39 - 00007604 ____A C:\Users\Murdock\AppData\Local\Resmon.ResmonCfg

2012-09-14 11:48 - 2012-09-14 11:49 - 00000000 ___RD C:\Program Files (x86)\Skype

2012-09-12 06:31 - 2012-08-22 10:12 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys

2012-09-12 06:31 - 2012-08-22 10:12 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys

2012-09-12 06:31 - 2012-08-22 10:12 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys

2012-09-12 06:31 - 2012-08-22 10:12 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS

2012-09-12 06:31 - 2012-08-02 09:58 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll

2012-09-12 06:31 - 2012-08-02 08:57 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll

2012-09-12 06:31 - 2012-07-04 12:26 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys

2012-09-09 10:23 - 2012-09-09 10:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2012-09-02 20:34 - 2012-09-02 20:34 - 00262144 ____A C:\Windows\Minidump\090212-23275-01.dmp

2012-08-31 18:44 - 2012-08-31 18:44 - 00000000 ____D C:\MATS

2012-08-31 18:40 - 2012-08-31 18:40 - 00347424 ____A (Microsoft Corporation) C:\Users\Murdock\Downloads\MicrosoftFixit.ProgramInstallUninstall.MATSKB.Run.exe

==================== 3 Months Modified Files ==================

2012-09-30 10:02 - 2011-09-13 09:18 - 01778954 ____A C:\Windows\WindowsUpdate.log

2012-09-30 10:00 - 2009-07-13 21:13 - 00749348 ____A C:\Windows\System32\PerfStringBackup.INI

2012-09-30 09:59 - 2012-04-01 20:34 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-09-30 09:56 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-09-30 09:56 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-09-30 09:55 - 2009-07-13 20:51 - 00097956 ____A C:\Windows\setupact.log

2012-09-30 09:48 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-09-29 20:06 - 2011-09-23 19:56 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3051550082-882093396-715400175-1001UA.job

2012-09-29 19:25 - 2012-09-29 19:25 - 00002785 ____A C:\Users\Murdock\Desktop\eset_online_scanner_results.txt

2012-09-29 14:33 - 2011-09-13 09:42 - 00045056 ____A C:\Windows\System32\acovcnt.exe

2012-09-29 05:46 - 2011-09-13 09:14 - 00340858 ____A C:\Windows\PFRO.log

2012-09-28 08:16 - 2012-09-28 08:16 - 00021045 ____A C:\ComboFix.txt

2012-09-28 08:09 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini

2012-09-28 07:44 - 2012-09-28 07:44 - 04757745 ____R (Swearware) C:\Users\Murdock\Desktop\ComboFix.exe

2012-09-28 07:39 - 2012-09-28 07:39 - 00266288 ____A C:\Windows\Minidump\092812-34413-01.dmp

2012-09-28 07:39 - 2011-12-18 10:55 - 587673484 ____A C:\Windows\MEMORY.DMP

2012-09-28 06:07 - 2012-09-28 06:07 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\Murdock\Desktop\tdsskiller.exe

2012-09-27 18:04 - 2012-09-27 18:04 - 00017169 ____A C:\Users\Murdock\Desktop\Attach.txt

2012-09-27 18:03 - 2012-09-27 18:03 - 00022025 ____A C:\Users\Murdock\Desktop\DDS.txt

2012-09-27 17:43 - 2012-09-27 17:43 - 00607260 ____R (Swearware) C:\Users\Murdock\Desktop\dds.scr

2012-09-25 15:19 - 2011-09-23 19:56 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3051550082-882093396-715400175-1001Core.job

2012-09-22 16:40 - 2011-09-13 09:40 - 00001288 ____A C:\Windows\System32\ServiceFilter.ini

2012-09-22 09:46 - 2012-09-22 09:46 - 00262144 ____A C:\Windows\Minidump\092212-30139-01.dmp

2012-09-20 19:00 - 2012-04-01 20:34 - 00696240 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-09-20 19:00 - 2011-09-28 20:08 - 00073136 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2012-09-17 07:51 - 2012-07-05 11:16 - 00005924 ____A C:\Windows\wininit.ini

2012-09-17 06:37 - 2011-09-21 16:46 - 00762846 ____A C:\Windows\SysWOW64\PerfStringBackup.INI

2012-09-15 20:39 - 2012-09-15 20:39 - 00007604 ____A C:\Users\Murdock\AppData\Local\Resmon.ResmonCfg

2012-09-12 06:36 - 2012-08-15 16:56 - 00000129 ____A C:\Windows\System32\MRT.INI

2012-09-12 06:32 - 2011-09-21 16:07 - 64462936 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2012-09-09 14:04 - 2011-09-21 16:46 - 00002198 ____A C:\Windows\epplauncher.mif

2012-09-07 14:04 - 2012-09-22 11:38 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-09-02 20:34 - 2012-09-02 20:34 - 00262144 ____A C:\Windows\Minidump\090212-23275-01.dmp

2012-08-31 18:46 - 2009-07-13 18:34 - 00444272 ___RA C:\Windows\System32\Drivers\etc\hosts.20120915-215506.backup

2012-08-31 18:40 - 2012-08-31 18:40 - 00347424 ____A (Microsoft Corporation) C:\Users\Murdock\Downloads\MicrosoftFixit.ProgramInstallUninstall.MATSKB.Run.exe

2012-08-27 11:53 - 2009-07-13 21:08 - 00032596 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2012-08-24 03:15 - 2012-09-21 20:05 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-08-24 02:39 - 2012-09-21 20:05 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-08-24 02:31 - 2012-09-21 20:06 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-08-24 02:22 - 2012-09-21 20:06 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-08-24 02:21 - 2012-09-21 20:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-08-24 02:20 - 2012-09-21 20:06 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-08-24 02:18 - 2012-09-21 20:06 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-08-24 02:17 - 2012-09-21 20:05 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-08-24 02:14 - 2012-09-21 20:06 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-08-24 02:14 - 2012-09-21 20:05 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-08-24 02:13 - 2012-09-21 20:05 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2012-08-24 02:12 - 2012-09-21 20:05 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-08-24 02:11 - 2012-09-21 20:06 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2012-08-24 02:10 - 2012-09-21 20:06 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-08-24 02:09 - 2012-09-21 20:06 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-08-24 02:04 - 2012-09-21 20:06 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-08-23 23:27 - 2012-09-21 20:05 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-08-23 23:03 - 2012-09-21 20:05 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-08-23 22:59 - 2012-09-21 20:05 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-08-23 22:51 - 2012-09-21 20:06 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-08-23 22:51 - 2012-09-21 20:06 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-08-23 22:51 - 2012-09-21 20:05 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-08-23 22:49 - 2012-09-21 20:06 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-08-23 22:48 - 2012-09-21 20:05 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-08-23 22:47 - 2012-09-21 20:06 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2012-08-23 22:47 - 2012-09-21 20:06 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-08-23 22:47 - 2012-09-21 20:05 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-08-23 22:45 - 2012-09-21 20:06 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2012-08-23 22:44 - 2012-09-21 20:06 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-08-23 22:44 - 2012-09-21 20:05 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-08-23 22:43 - 2012-09-21 20:06 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-08-23 22:40 - 2012-09-21 20:06 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-08-22 10:12 - 2012-09-12 06:31 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys

2012-08-22 10:12 - 2012-09-12 06:31 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys

2012-08-22 10:12 - 2012-09-12 06:31 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys

2012-08-22 10:12 - 2012-09-12 06:31 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS

2012-08-21 13:01 - 2012-09-25 18:41 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe

2012-08-15 18:28 - 2009-07-13 20:45 - 00422080 ____A C:\Windows\System32\FNTCACHE.DAT

2012-08-13 16:05 - 2009-07-13 18:34 - 00444102 ___RA C:\Windows\System32\Drivers\etc\hosts.20120831-214657.backup

2012-08-13 13:27 - 2012-08-13 13:26 - 00262144 ____A C:\Windows\Minidump\081312-22230-01.dmp

2012-08-12 12:37 - 2012-08-12 12:37 - 00262144 ____A C:\Windows\Minidump\081212-31621-01.dmp

2012-08-02 09:58 - 2012-09-12 06:31 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll

2012-08-02 08:57 - 2012-09-12 06:31 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll

2012-07-21 19:08 - 2009-07-13 18:34 - 00443619 ___RA C:\Windows\System32\Drivers\etc\hosts.20120813-190507.backup

2012-07-18 10:15 - 2012-08-14 16:05 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-07-12 11:43 - 2012-07-12 11:42 - 00264364 ____A C:\Windows\msxml4-KB2721691-enu.LOG

2012-07-12 11:43 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini

2012-07-06 12:07 - 2012-08-15 18:08 - 00552960 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys

2012-07-05 09:01 - 2009-07-13 18:34 - 00443089 ___RA C:\Windows\System32\Drivers\etc\hosts.20120721-220832.backup

2012-07-04 14:16 - 2012-08-14 16:06 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll

2012-07-04 14:13 - 2012-08-14 16:06 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll

2012-07-04 14:13 - 2012-08-14 16:06 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll

2012-07-04 13:16 - 2012-08-14 16:06 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll

2012-07-04 13:14 - 2012-08-14 16:06 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll

2012-07-04 12:26 - 2012-09-12 06:31 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys

ATTENTION: ========> Check for possible partition/boot infection:

C:\Windows\svchost.exe

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

TDL4: custom:26000022 <===== ATTENTION!

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-09-12 05:55:26

Restore point made on: 2012-09-12 06:31:51

Restore point made on: 2012-09-14 11:46:03

Restore point made on: 2012-09-16 19:02:44

Restore point made on: 2012-09-17 17:38:25

Restore point made on: 2012-09-20 18:46:08

Restore point made on: 2012-09-21 20:05:18

Restore point made on: 2012-09-23 18:06:06

Restore point made on: 2012-09-27 17:25:02

==================== Memory info ===========================

Percentage of memory in use: 14%

Total physical RAM: 3874.21 MB

Available physical RAM: 3305.24 MB

Total Pagefile: 3872.36 MB

Available Pagefile: 3299.22 MB

Total Virtual: 8192 MB

Available Virtual: 8191.88 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:125.03 GB) (Free:52.01 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

2 Drive d: (Data) (Fixed) (Total:148.06 GB) (Free:53.81 GB) NTFS

4 Drive f: (UDISK 2.0) (Removable) (Total:0.24 GB) (Free:0.24 GB) FAT

5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 298 GB 1024 KB

Disk 1 Online 246 MB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 25 GB 1024 KB

Partition 2 Primary 125 GB 25 GB

Partition 0 Extended 148 GB 150 GB

Partition 3 Logical 148 GB 150 GB

==================================================================================

Disk: 0

Partition 1

Type : 1C

Hidden: Yes

Active: No

There is no volume associated with this partition.

=========================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 C OS NTFS Partition 125 GB Healthy

=========================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 D Data NTFS Partition 148 GB Healthy

=========================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 245 MB 16 KB

==================================================================================

Disk: 1

Partition 1

Type : 0E

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 F UDISK 2.0 FAT Removable 245 MB Healthy

=========================================================

Last Boot: 2012-08-31 15:00

==================== End Of Log =============================

Link to post
Share on other sites

Hy there.

I need to dig a little bit deeper in your Masterbootrecord ( MBR )

Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer

  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK
  • Select the DiskImage option then click the browse button located on the right side of the textbox field.
  • Browse to and select the xpud-0.9.2.iso file you downloaded
  • Verify the correct drive letter is selected for your USB device then click OK
  • It will install a little bootable OS on your USB device
  • Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
  • After it has completed do not choose to reboot the clean computer simply close the installer.

  • Download xPUDtestdisk.exe and save it to the USB device.
  • Double click xPUDtestdisk.exe to extract the contents to your USB device
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Press Tool at the top
  • Choose Open Terminal
  • Type in: dd if=/dev/sda of=MBRbackup.zip bs=512 count=1 and hit Enter.

MBRbackup.zip should be created on your flash drive, please attach it to your next reply.

Link to post
Share on other sites

Tried again with a different USB and got the same results. More specifically, the later half of the text says the following:

fatal server error:

no screens found

Please consult the The X.Org Foundation support at http://wiki.x.org for help

Please also check the log file at "/var/log/xorg.o.log" for additional information

ddxSigGiveUp: Closing log

[ 6.906985] sd 6:0:0:0: [sdb] assuming drive cache: write through

[ 6.909468] sd 6:0:0:0: [sdb] assuming drive cache: write through

[ 6.912080] sd 6:0:0:0: [sdb] assuming drive cache: write through

giving up.

xinit: no such file or directory (errno 3): server error.

xauth: (argv):1: bad display name "(none):0" in "remove" command

sh: no job control in this shell

sh-4.0#

I thought I had an old Linux disk handy but no such luck.

Link to post
Share on other sites

Hy there.Sorry for the delay. Had to try this with ubuntu by myself.

Please boot from the Ubuntu Flashdrive. Choose Try Ubuntu.

In the top left corner you will find a the Ubuntu Icon. Click on it and in the searchline type Terminal

Next, please type in the following command.

sudo dd if=/dev/sda of=MBRbackup.zip bs=512 count=1

When done, click on the Home Icon ( Called Personal Files or similar. I have German version ). If possible, try to connect to the forum using ubuntu and attach the file in your next reply.

If you dont have a internet connection with ubuntu,

Copy the MBRbackup.zip to one of your hard drives.

Reboot into Windows and please attach the file here.

Link to post
Share on other sites

Found it :)

Lets make it a little bit easier for you. If you are able to connect with ubuntu to this topic, please do so.

Please download the attached MBR.zip File and safe it in Ubuntu's Home Folder.

Next, open the terminal again and type in the command below.

sudo dd if=mbr.zip of=/dev/sda bs=512 count=1

Reboot your PC into Windows and let me know if it worked. :)

Note for all readers: The attached MBR is for this machine only !!

MBR.zip

Link to post
Share on other sites

Apologies as I did not receive email notification that you replied. I am currently viewing this topic in Ubuntu. I downloaded mbr.zip and saved it into the home folder. I then opened a terminal and typed in the requested command. It came back with the following reply:

dd: opening "mbr.zip": No such file or directory

I'm not sure why it does not see the file in the home folder.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.