Inactive [A] Need help with removing svchost.exe

Status
Not open for further replies.
C

chris789

Posts: 6   +0
Hello! Googled around and found techspot, hopefully someone here can help me. Looks like I picked up the trojan agent svchost.exe. Every time I boot up not in safe mood, I get a bsod and the system restarts only to get a bsod again and all this repeats.

Below are the malwarebytes log and dds logs. I did not get a log from gmer. Hopefully someone here can help me out. Thanks in advance!

Malware Bytes:

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.10.25.01


Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.7601.17514
Stanley :: STANLEY-PC [administrator]

10/24/2012 9:10:06 PM
mbam-log-2012-10-24 (21-14-08).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 227655
Time elapsed: 3 minute(s), 27 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 2952 -> No action taken.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> No action taken.

(end)






DDS:

DDS (Ver_2012-10-19.01) - NTFS_AMD64 NETWORK
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
Run by Stanley at 21:44:06 on 2012-10-24
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4095.3194 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\SysWOW64\ctfmon.exe
\\.\globalroot\systemroot\svchost.exe -netsvcs
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: SearchHook Class: {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files (x86)\DeviceVM\SmartView\AddressBarSearch.dll
mWinlogon: Userinit = userinit.exe,
BHO: SmartView VisualBookmark: {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - C:\Program Files (x86)\DeviceVM\SmartView\SmartView.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [ASRockOCTuner] <no file>
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [CTSyncService] C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe /StartRunKey
mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [SmartViewAgent] "C:\Program Files (x86)\DeviceVM\SmartView\SmartViewAgent.exe"
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{F7053F9B-9047-4B9A-B4AE-7E244F8A73B5} : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RunDLLEntry] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\AmbRunE.dll,RunDLLEntry
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Stanley\AppData\Roaming\Mozilla\Firefox\Profiles\5zqv5tqs.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\Stanley\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - ExtSQL: 2012-10-15 22:51; freehdsport@freehdsport.tv; C:\Users\Stanley\AppData\Roaming\Mozilla\Firefox\Profiles\5zqv5tqs.default\extensions\freehdsport@freehdsport.tv.xpi
FF - ExtSQL: 2012-10-15 22:51; plugin@yontoo.com; C:\Users\Stanley\AppData\Roaming\Mozilla\Firefox\Profiles\5zqv5tqs.default\extensions\plugin@yontoo.com
.
---- FIREFOX POLICIES ----
FF - user.js: extentions.y2layers.installId - f1b2cfa5-8615-415d-9924-47cfbc7ee532
FF - user.js: extentions.y2layers.defaultEnableAppsList - twittube,buzzdock,YontooNewOffers
.
FF - user.js: extensions.autoDisableScopes - 14
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-5-20 55856]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-5-3 236544]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-6 169408]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-3 136176]
S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-5-3 2218600]
S2 SmartViewService;SmartView service;C:\Program Files (x86)\DeviceVM\SmartView\SmartViewService.exe [2010-9-2 125216]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
S2 WCUService;SmartView Software Updater Service;C:\Program Files (x86)\DeviceVM\SmartView Software Updater\WCUService.exe [2010-9-2 456976]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-5-3 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-5-3 79360]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-3 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-2 115168]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2012-10-24 189288]
S3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2011-5-3 79360]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-4 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-5-10 51712]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2011-5-3 1250816]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-5-5 1255736]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys [2012-9-26 29288]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys [2012-9-26 29288]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys [2012-9-26 29288]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys [2012-9-26 29288]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys [2012-9-26 29288]
.
=============== Created Last 30 ================
.
2012-10-25 00:29:20 3536817 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-10-24 23:38:19 20480 ----a-w- C:\Windows\svchost.exe
2012-10-23 15:41:28 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BFB3ACC4-0EF7-41AA-85F4-CD779691EA91}\mpengine.dll
2012-10-23 01:21:38 -------- d-----w- C:\ProgramData\xsymhrjboxtvfjf
2012-10-23 00:53:47 5632 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\92F2.tmp
2012-10-23 00:53:47 5632 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\92E1.tmp
2012-10-16 02:51:19 -------- d-----w- C:\Program Files (x86)\Yontoo
2012-10-16 02:51:18 -------- d-----w- C:\ProgramData\Tarma Installer
2012-10-16 02:51:15 -------- d-----w- C:\Program Files (x86)\FirstRowSportApp.com
2012-10-02 17:15:52 430952 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-09-27 03:33:24 29288 ----a-w- C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys
2012-09-27 03:33:08 29288 ----a-w- C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys
2012-09-27 03:32:50 29288 ----a-w- C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys
2012-09-27 03:32:33 29288 ----a-w- C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys
2012-09-27 03:32:09 29288 ----a-w- C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys
2012-09-27 03:30:49 -------- d-----w- C:\Users\Stanley\AppData\Roaming\Aimersoft Video Converter Ultimate
2012-09-27 03:30:44 -------- d-----w- C:\Users\Stanley\AppData\Local\Aimersoft
2012-09-27 03:30:43 -------- d-----w- C:\Program Files (x86)\Common Files\Aimersoft
2012-09-27 03:30:38 892928 ----a-w- C:\Windows\SysWow64\iconv.dll
2012-09-27 03:30:38 675840 ----a-w- C:\Windows\SysWow64\ac3filter.ax
2012-09-27 03:30:38 496640 ----a-w- C:\Windows\SysWow64\xvid.ax
2012-09-27 03:30:36 -------- d-----w- C:\Program Files (x86)\Aimersoft
2012-09-27 03:21:30 255352 ----a-w- C:\Windows\SysWow64\awrdscdc.ax
2012-09-27 03:21:27 24576 ------w- C:\Windows\SysWow64\msxml3a.dll
2012-09-27 03:21:20 -------- d-----w- C:\Program Files (x86)\Audible
.
==================== Find3M ====================
.
2012-10-02 19:51:11 3293544 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-10-02 19:51:04 6200680 ----a-w- C:\Windows\System32\nvcpl.dll
2012-10-02 19:50:57 891240 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-10-02 19:50:57 63336 ----a-w- C:\Windows\System32\nvshext.dll
2012-10-02 19:50:57 118120 ----a-w- C:\Windows\System32\nvmctray.dll
2012-09-29 23:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-24 18:05:06 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 16:57:48 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-24 15:59:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 15:20:39 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-08-11 00:56:03 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-08-10 23:56:14 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
.
============= FINISH: 21:44:21.69 ===============





DDS Attach:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-19.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/3/2011 10:05:56 AM
System Uptime: 10/24/2012 9:02:24 PM (0 hours ago)
.
Motherboard: ASRock | | M3A770DE
Processor: AMD Athlon(tm) II X3 450 Processor | CPUSocket | 3192/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 139.719 GiB free.
D: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: ACPI\PNP0510\2
Manufacturer:
Name:
PNP Device ID: ACPI\PNP0510\2
Service:
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
==== System Restore Points ===================
.
RP199: 10/5/2012 4:54:14 PM - Windows Update
RP200: 10/9/2012 3:35:58 AM - Windows Update
RP201: 10/11/2012 3:00:15 AM - Windows Update
RP202: 10/16/2012 7:46:36 PM - Windows Update
RP203: 10/23/2012 11:41:09 AM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
Acrobat.com
Adobe AIR
Adobe Audition 1.5
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop.com Inspiration Browser
Adobe Premiere Elements 9
Adobe Reader 9
Aimersoft Video Converter Ultimate(Build 4.2.4.0)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASRock IES v2.0.84
ASRock InstantBoot v1.23
ASRock OC Tuner v2.3.77
ASUS nVidia Driver
ATI Catalyst Install Manager
Audacity 2.0
AudibleManager
Battlefield: Bad Company™ 2
BEHRINGER USB AUDIO DRIVER
Bioshock Demo
BlackBerry Desktop Software 6.1
Bonjour
Boris Graffiti
Brink
Bulletstorm Demo
Call of Duty Modern Warfare 2
Call of Duty: Black Ops
Cisco Connect
ConvertXtoDVD 4.0.9.322
creepy 0.1.93
Crysis® 2
Elements 9 Organizer
Elements STI Installer
energyXT2.5
Fallout New Vegas
FileZilla Client 3.5.0
FirstRowSportApp
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Half-Life(R) 2
iTunes
Java Auto Updater
Java(TM) 6 Update 31
Juice 2.2
Just Cause 2
Lord of the Rings - War in the North
Magic Bullet Looks Studio
Magicka - Demo
Malwarebytes Anti-Malware version 1.65.1.1000
Max Payne 3
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft XNA Framework Redistributable 3.1
mIRC
Mozilla Firefox 15.0 (x86 en-US)
Mozilla Firefox 16.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA 3D Vision Controller Driver
NVIDIA 3D Vision Controller Driver 306.97
NVIDIA 3D Vision Driver 306.97
NVIDIA Control Panel 306.97
NVIDIA Graphics Driver 306.97
NVIDIA HD Audio Driver 1.3.18.0
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.10.0514
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.1.34
NVIDIA Update Components
Pinnacle Studio 12
Pinnacle Studio 12 Ultimate Plugins
Pinnacle Video Driver
Platform
Podifier V 2.1
Portal 2
Portal: First Slice
PowerISO
proDAD Vitascene 1.0
QuickTime
RAD Video Tools
Realtek Ethernet Controller Driver
Rockstar Games Social Club
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
SmartSound Quicktracks for Premiere Elements 9.0
SmartView for IE
SmartView Software Updater
Sound Blaster X-Fi MB
Spec Ops The Line
Spotify
StarCraft II
Steam
StreamTorrent 1.0
Twinspires Pro
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
VIA Platform Device Manager
VLC media player 1.1.9
Winamp
Winamp Detector Plug-in
WinRAR 4.00 (64-bit)
World of Goo Demo
Yontoo 1.10.02
.
==== Event Viewer Messages From Past Week ========
.
10/24/2012 9:16:21 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
10/24/2012 9:03:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/24/2012 9:03:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/24/2012 9:03:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/24/2012 9:02:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
10/24/2012 9:02:51 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache SCDEmu spldr Wanarpv6
10/24/2012 9:02:45 PM, Error: Service Control Manager [7001] - The Creative Audio Service service depends on the Windows Audio service which failed to start because of the following error: The dependency service or group failed to start.
10/24/2012 9:00:53 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff800025cba71, 0xfffff88008dd7160, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 102412-24796-01.
10/24/2012 8:58:29 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000103e4d870, 0x0000000000000002, 0x0000000000000001, 0xfffff80002e75161). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 102412-25812-01.
10/24/2012 8:36:57 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
10/24/2012 8:36:57 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/24/2012 7:37:23 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff80002ef80c5). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 102412-21109-01.
10/24/2012 7:33:56 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800031c263a, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 102412-21515-01.
10/23/2012 8:53:35 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
10/23/2012 7:56:30 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
10/23/2012 7:56:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
10/23/2012 7:56:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
10/23/2012 7:56:10 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000000, 0x0000000000000002, 0x0000000000000000, 0xfffff80002ed8715). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 102312-23656-01.
10/23/2012 7:56:06 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss SCDEmu spldr tdx Wanarpv6 WfpLwf
10/23/2012 7:56:06 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/23/2012 7:56:06 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/23/2012 7:56:06 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
10/23/2012 7:56:06 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/23/2012 7:56:06 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/23/2012 7:56:06 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
10/23/2012 7:56:06 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/23/2012 7:56:06 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/23/2012 7:56:06 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/23/2012 7:56:06 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/23/2012 7:55:03 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SmartView service service to connect.
10/23/2012 7:52:36 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
10/23/2012 7:52:36 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/23/2012 7:52:06 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Font Cache Service service to connect.
10/23/2012 7:52:06 PM, Error: Service Control Manager [7000] - The Windows Font Cache Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/23/2012 7:48:36 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x000000000000010c, 0x0000000000000002, 0x0000000000000001, 0xfffff80002ec40c5). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 102312-14203-01.
10/19/2012 12:52:42 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.139.124.0).
.
==== End Of File ===========================
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===================================

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
TDDSKiller Log Part 1:

22:04:56.0426 0664 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
22:04:56.0567 0664 ============================================================
22:04:56.0567 0664 Current date / time: 2012/10/24 22:04:56.0567
22:04:56.0567 0664 SystemInfo:
22:04:56.0567 0664
22:04:56.0567 0664 OS Version: 6.1.7601 ServicePack: 1.0
22:04:56.0567 0664 Product type: Workstation
22:04:56.0567 0664 ComputerName: STANLEY-PC
22:04:56.0567 0664 UserName: Stanley
22:04:56.0567 0664 Windows directory: C:\Windows
22:04:56.0567 0664 System windows directory: C:\Windows
22:04:56.0567 0664 Running under WOW64
22:04:56.0567 0664 Processor architecture: Intel x64
22:04:56.0567 0664 Number of processors: 3
22:04:56.0567 0664 Page size: 0x1000
22:04:56.0567 0664 Boot type: Safe boot with network
22:04:56.0567 0664 ============================================================
22:04:57.0286 0664 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0x38080, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040
22:04:57.0286 0664 ============================================================
22:04:57.0286 0664 \Device\Harddisk0\DR0:
22:04:57.0286 0664 MBR partitions:
22:04:57.0286 0664 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
22:04:57.0286 0664 ============================================================
22:04:57.0317 0664 C: <-> \Device\Harddisk0\DR0\Partition1
22:04:57.0317 0664 ============================================================
22:04:57.0317 0664 Initialize success
22:04:57.0317 0664 ============================================================
22:04:58.0473 1204 ============================================================
22:04:58.0473 1204 Scan started
22:04:58.0473 1204 Mode: Manual;
22:04:58.0473 1204 ============================================================
22:04:58.0817 1204 ================ Scan system memory ========================
22:04:58.0817 1204 System memory - ok
22:04:58.0817 1204 ================ Scan services =============================
22:04:58.0926 1204 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
22:04:58.0926 1204 1394ohci - ok
22:04:58.0958 1204 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
22:04:58.0958 1204 ACPI - ok
22:04:58.0973 1204 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
22:04:58.0973 1204 AcpiPmi - ok
22:04:59.0036 1204 [ C004F38974F4D321B4C20A240E1175C0 ] AdobeActiveFileMonitor9.0 C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
22:04:59.0036 1204 AdobeActiveFileMonitor9.0 - ok
22:04:59.0067 1204 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
22:04:59.0067 1204 adp94xx - ok
22:04:59.0083 1204 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
22:04:59.0083 1204 adpahci - ok
22:04:59.0114 1204 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
22:04:59.0114 1204 adpu320 - ok
22:04:59.0145 1204 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:04:59.0145 1204 AeLookupSvc - ok
22:04:59.0176 1204 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
22:04:59.0176 1204 AFD - ok
22:04:59.0208 1204 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
22:04:59.0208 1204 agp440 - ok
22:04:59.0223 1204 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
22:04:59.0223 1204 ALG - ok
22:04:59.0254 1204 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
22:04:59.0254 1204 aliide - ok
22:04:59.0254 1204 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
22:04:59.0254 1204 amdide - ok
22:04:59.0286 1204 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
22:04:59.0286 1204 AmdK8 - ok
22:04:59.0301 1204 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
22:04:59.0301 1204 AmdPPM - ok
22:04:59.0317 1204 [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:04:59.0317 1204 amdsata - ok
22:04:59.0348 1204 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
22:04:59.0348 1204 amdsbs - ok
22:04:59.0364 1204 [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:04:59.0364 1204 amdxata - ok
22:04:59.0395 1204 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
22:04:59.0395 1204 AppID - ok
22:04:59.0411 1204 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:04:59.0411 1204 AppIDSvc - ok
22:04:59.0442 1204 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
22:04:59.0442 1204 Appinfo - ok
22:04:59.0551 1204 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:04:59.0551 1204 Apple Mobile Device - ok
22:04:59.0614 1204 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
22:04:59.0614 1204 AppMgmt - ok
22:04:59.0645 1204 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
22:04:59.0645 1204 arc - ok
22:04:59.0661 1204 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
22:04:59.0661 1204 arcsas - ok
22:04:59.0676 1204 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:04:59.0676 1204 AsyncMac - ok
22:04:59.0708 1204 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
22:04:59.0708 1204 atapi - ok
22:04:59.0739 1204 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
22:04:59.0739 1204 AtiPcie - ok
22:04:59.0770 1204 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:04:59.0786 1204 AudioEndpointBuilder - ok
22:04:59.0801 1204 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
22:04:59.0801 1204 AudioSrv - ok
22:04:59.0817 1204 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:04:59.0817 1204 AxInstSV - ok
22:04:59.0864 1204 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
22:04:59.0864 1204 b06bdrv - ok
22:04:59.0879 1204 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
22:04:59.0879 1204 b57nd60a - ok
22:04:59.0926 1204 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
22:04:59.0926 1204 BDESVC - ok
22:04:59.0942 1204 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
22:04:59.0942 1204 Beep - ok
22:04:59.0973 1204 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
22:04:59.0989 1204 BFE - ok
22:05:00.0004 1204 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
22:05:00.0020 1204 BITS - ok
22:05:00.0036 1204 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:05:00.0036 1204 blbdrive - ok
22:05:00.0098 1204 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:05:00.0098 1204 Bonjour Service - ok
22:05:00.0114 1204 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:05:00.0114 1204 bowser - ok
22:05:00.0129 1204 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:05:00.0145 1204 BrFiltLo - ok
22:05:00.0145 1204 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:05:00.0145 1204 BrFiltUp - ok
22:05:00.0176 1204 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
22:05:00.0176 1204 Browser - ok
22:05:00.0208 1204 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:05:00.0208 1204 Brserid - ok
22:05:00.0223 1204 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:05:00.0223 1204 BrSerWdm - ok
22:05:00.0239 1204 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:05:00.0239 1204 BrUsbMdm - ok
22:05:00.0254 1204 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:05:00.0254 1204 BrUsbSer - ok
22:05:00.0270 1204 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
22:05:00.0270 1204 BTHMODEM - ok
22:05:00.0286 1204 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
22:05:00.0286 1204 bthserv - ok
22:05:00.0301 1204 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:05:00.0301 1204 cdfs - ok
22:05:00.0348 1204 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
22:05:00.0348 1204 cdrom - ok
22:05:00.0379 1204 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
22:05:00.0379 1204 CertPropSvc - ok
22:05:00.0395 1204 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
22:05:00.0395 1204 circlass - ok
22:05:00.0411 1204 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
22:05:00.0426 1204 CLFS - ok
22:05:00.0458 1204 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:05:00.0458 1204 clr_optimization_v2.0.50727_32 - ok
22:05:00.0504 1204 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:05:00.0504 1204 clr_optimization_v2.0.50727_64 - ok
22:05:00.0536 1204 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:05:00.0536 1204 CmBatt - ok
22:05:00.0551 1204 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:05:00.0551 1204 cmdide - ok
22:05:00.0583 1204 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
22:05:00.0598 1204 CNG - ok
22:05:00.0614 1204 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:05:00.0614 1204 Compbatt - ok
22:05:00.0629 1204 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
22:05:00.0629 1204 CompositeBus - ok
22:05:00.0645 1204 COMSysApp - ok
22:05:00.0661 1204 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
22:05:00.0661 1204 crcdisk - ok
22:05:00.0692 1204 [ C8BD651E13895B93ED9EC5B4F1DF42BC ] Creative ALchemy AL6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
22:05:00.0692 1204 Creative ALchemy AL6 Licensing Service - ok
22:05:00.0708 1204 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
22:05:00.0708 1204 Creative Audio Engine Licensing Service - ok
22:05:00.0739 1204 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:05:00.0739 1204 CryptSvc - ok
22:05:00.0770 1204 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
22:05:00.0770 1204 CSC - ok
22:05:00.0786 1204 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
22:05:00.0801 1204 CscService - ok
22:05:00.0817 1204 [ 07BA6D17E66879018B30B6C3F976EBED ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
22:05:00.0817 1204 CTAudSvcService - ok
22:05:00.0864 1204 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
22:05:00.0864 1204 DcomLaunch - ok
22:05:00.0895 1204 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
22:05:00.0895 1204 defragsvc - ok
22:05:00.0926 1204 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:05:00.0926 1204 DfsC - ok
22:05:00.0958 1204 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
22:05:00.0958 1204 Dhcp - ok
22:05:01.0004 1204 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
22:05:01.0004 1204 discache - ok
22:05:01.0036 1204 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
22:05:01.0036 1204 Disk - ok
22:05:01.0051 1204 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:05:01.0051 1204 Dnscache - ok
22:05:01.0083 1204 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
22:05:01.0083 1204 dot3svc - ok
22:05:01.0098 1204 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
22:05:01.0098 1204 DPS - ok
22:05:01.0129 1204 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:05:01.0129 1204 drmkaud - ok
22:05:01.0161 1204 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:05:01.0176 1204 DXGKrnl - ok
22:05:01.0192 1204 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
22:05:01.0192 1204 EapHost - ok
22:05:01.0270 1204 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
22:05:01.0317 1204 ebdrv - ok
22:05:01.0333 1204 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
22:05:01.0348 1204 EFS - ok
22:05:01.0364 1204 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:05:01.0379 1204 ehRecvr - ok
22:05:01.0395 1204 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
22:05:01.0395 1204 ehSched - ok
22:05:01.0426 1204 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
22:05:01.0426 1204 elxstor - ok
22:05:01.0442 1204 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:05:01.0442 1204 ErrDev - ok
22:05:01.0473 1204 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
22:05:01.0489 1204 EventSystem - ok
22:05:01.0504 1204 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
22:05:01.0504 1204 exfat - ok
22:05:01.0520 1204 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:05:01.0520 1204 fastfat - ok
22:05:01.0567 1204 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
22:05:01.0583 1204 Fax - ok
22:05:01.0598 1204 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:05:01.0598 1204 fdc - ok
22:05:01.0614 1204 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
22:05:01.0614 1204 fdPHost - ok
22:05:01.0614 1204 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
22:05:01.0614 1204 FDResPub - ok
22:05:01.0629 1204 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:05:01.0629 1204 FileInfo - ok
22:05:01.0629 1204 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:05:01.0629 1204 Filetrace - ok
22:05:01.0645 1204 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:05:01.0645 1204 flpydisk - ok
22:05:01.0661 1204 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:05:01.0661 1204 FltMgr - ok
22:05:01.0692 1204 [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache C:\Windows\system32\FntCache.dll
22:05:01.0708 1204 FontCache - ok
22:05:01.0754 1204 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:05:01.0754 1204 FontCache3.0.0.0 - ok
22:05:01.0770 1204 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:05:01.0770 1204 FsDepends - ok
22:05:01.0786 1204 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:05:01.0801 1204 Fs_Rec - ok
22:05:01.0833 1204 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:05:01.0833 1204 fvevol - ok
22:05:01.0864 1204 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
22:05:01.0864 1204 gagp30kx - ok
22:05:01.0895 1204 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:05:01.0895 1204 GEARAspiWDM - ok
22:05:01.0911 1204 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
22:05:01.0926 1204 gpsvc - ok
22:05:01.0973 1204 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:05:01.0973 1204 gupdate - ok
22:05:02.0004 1204 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:05:02.0004 1204 gupdatem - ok
22:05:02.0036 1204 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
22:05:02.0036 1204 gusvc - ok
22:05:02.0067 1204 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:05:02.0067 1204 hcw85cir - ok
22:05:02.0098 1204 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:05:02.0098 1204 HdAudAddService - ok
22:05:02.0129 1204 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
22:05:02.0129 1204 HDAudBus - ok
22:05:02.0145 1204 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
22:05:02.0145 1204 HidBatt - ok
22:05:02.0176 1204 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
22:05:02.0176 1204 HidBth - ok
22:05:02.0176 1204 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
22:05:02.0176 1204 HidIr - ok
22:05:02.0208 1204 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
22:05:02.0208 1204 hidserv - ok
22:05:02.0239 1204 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:05:02.0239 1204 HidUsb - ok
22:05:02.0254 1204 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:05:02.0254 1204 hkmsvc - ok
22:05:02.0286 1204 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:05:02.0286 1204 HomeGroupListener - ok
22:05:02.0317 1204 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:05:02.0317 1204 HomeGroupProvider - ok
22:05:02.0333 1204 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
22:05:02.0333 1204 HpSAMD - ok
22:05:02.0364 1204 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:05:02.0364 1204 HTTP - ok
22:05:02.0379 1204 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:05:02.0379 1204 hwpolicy - ok
22:05:02.0395 1204 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
22:05:02.0395 1204 i8042prt - ok
22:05:02.0411 1204 [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:05:02.0426 1204 iaStorV - ok
22:05:02.0473 1204 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
22:05:02.0473 1204 IDriverT - ok
22:05:02.0504 1204 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:05:02.0520 1204 idsvc - ok
22:05:02.0536 1204 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
22:05:02.0536 1204 iirsp - ok
22:05:02.0583 1204 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
22:05:02.0583 1204 IKEEXT - ok
22:05:02.0598 1204 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
22:05:02.0598 1204 intelide - ok
22:05:02.0629 1204 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:05:02.0629 1204 intelppm - ok
22:05:02.0661 1204 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:05:02.0661 1204 IPBusEnum - ok
22:05:02.0676 1204 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:05:02.0676 1204 IpFilterDriver - ok
22:05:02.0708 1204 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:05:02.0723 1204 iphlpsvc - ok
22:05:02.0739 1204 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
22:05:02.0739 1204 IPMIDRV - ok
22:05:02.0754 1204 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:05:02.0754 1204 IPNAT - ok
22:05:02.0817 1204 [ 46D249F9DB7844CC01050A9345F0F61B ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
22:05:02.0817 1204 iPod Service - ok
22:05:02.0848 1204 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:05:02.0848 1204 IRENUM - ok
22:05:02.0848 1204 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:05:02.0864 1204 isapnp - ok
22:05:02.0864 1204 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
22:05:02.0879 1204 iScsiPrt - ok
22:05:02.0895 1204 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
22:05:02.0895 1204 kbdclass - ok
22:05:02.0911 1204 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
22:05:02.0911 1204 kbdhid - ok
22:05:02.0926 1204 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
22:05:02.0926 1204 KeyIso - ok
22:05:02.0958 1204 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:05:02.0958 1204 KSecDD - ok
22:05:02.0973 1204 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:05:02.0973 1204 KSecPkg - ok
22:05:02.0973 1204 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:05:02.0973 1204 ksthunk - ok
22:05:03.0004 1204 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
22:05:03.0004 1204 KtmRm - ok
22:05:03.0036 1204 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
22:05:03.0051 1204 LanmanServer - ok
22:05:03.0067 1204 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:05:03.0067 1204 LanmanWorkstation - ok
22:05:03.0098 1204 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:05:03.0098 1204 lltdio - ok
22:05:03.0145 1204 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:05:03.0145 1204 lltdsvc - ok
22:05:03.0161 1204 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:05:03.0161 1204 lmhosts - ok
22:05:03.0192 1204 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
22:05:03.0192 1204 LSI_FC - ok
22:05:03.0192 1204 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
22:05:03.0192 1204 LSI_SAS - ok
22:05:03.0208 1204 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:05:03.0208 1204 LSI_SAS2 - ok
22:05:03.0223 1204 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:05:03.0223 1204 LSI_SCSI - ok
22:05:03.0333 1204 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
22:05:03.0333 1204 luafv - ok
22:05:03.0364 1204 [ 024DA28053D57E9E32BEE52600576BBB ] MarvinBus C:\Windows\system32\DRIVERS\MarvinBus64.sys
22:05:03.0379 1204 MarvinBus - ok
22:05:03.0426 1204 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:05:03.0504 1204 Mcx2Svc - ok
22:05:03.0551 1204 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
22:05:03.0551 1204 megasas - ok
22:05:03.0567 1204 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
22:05:03.0567 1204 MegaSR - ok
22:05:03.0645 1204 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
22:05:03.0645 1204 Microsoft Office Groove Audit Service - ok
22:05:03.0661 1204 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
22:05:03.0661 1204 MMCSS - ok
22:05:03.0676 1204 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
22:05:03.0676 1204 Modem - ok
22:05:03.0692 1204 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:05:03.0692 1204 monitor - ok
22:05:03.0723 1204 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
22:05:03.0723 1204 mouclass - ok
22:05:03.0739 1204 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:05:03.0739 1204 mouhid - ok
22:05:03.0770 1204 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:05:03.0770 1204 mountmgr - ok
22:05:03.0833 1204 [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:05:03.0833 1204 MozillaMaintenance - ok
22:05:03.0848 1204 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
22:05:03.0848 1204 mpio - ok
22:05:03.0864 1204 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:05:03.0864 1204 mpsdrv - ok
22:05:03.0911 1204 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
22:05:03.0911 1204 MpsSvc - ok
22:05:03.0942 1204 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:05:03.0942 1204 MRxDAV - ok
22:05:03.0973 1204 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:05:03.0973 1204 mrxsmb - ok
22:05:04.0004 1204 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:05:04.0004 1204 mrxsmb10 - ok
22:05:04.0020 1204 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:05:04.0020 1204 mrxsmb20 - ok
22:05:04.0051 1204 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
22:05:04.0051 1204 msahci - ok
22:05:04.0083 1204 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:05:04.0083 1204 msdsm - ok
22:05:04.0098 1204 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
22:05:04.0098 1204 MSDTC - ok
22:05:04.0129 1204 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:05:04.0129 1204 Msfs - ok
22:05:04.0129 1204 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:05:04.0129 1204 mshidkmdf - ok
22:05:04.0145 1204 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:05:04.0161 1204 msisadrv - ok
22:05:04.0192 1204 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:05:04.0192 1204 MSiSCSI - ok
22:05:04.0192 1204 msiserver - ok
22:05:04.0223 1204 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:05:04.0223 1204 MSKSSRV - ok
22:05:04.0239 1204 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:05:04.0239 1204 MSPCLOCK - ok
22:05:04.0254 1204 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:05:04.0254 1204 MSPQM - ok
22:05:04.0286 1204 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:05:04.0286 1204 MsRPC - ok
22:05:04.0317 1204 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
 
TDDSKiller Log Part 2:

22:05:04.0317 1204 mssmbios - ok
22:05:04.0333 1204 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:05:04.0333 1204 MSTEE - ok
22:05:04.0348 1204 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
22:05:04.0348 1204 MTConfig - ok
22:05:04.0364 1204 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
22:05:04.0364 1204 Mup - ok
22:05:04.0395 1204 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
22:05:04.0395 1204 napagent - ok
22:05:04.0426 1204 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:05:04.0442 1204 NativeWifiP - ok
22:05:04.0458 1204 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
22:05:04.0473 1204 NDIS - ok
22:05:04.0473 1204 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:05:04.0473 1204 NdisCap - ok
22:05:04.0504 1204 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:05:04.0504 1204 NdisTapi - ok
22:05:04.0536 1204 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:05:04.0536 1204 Ndisuio - ok
22:05:04.0567 1204 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:05:04.0567 1204 NdisWan - ok
22:05:04.0598 1204 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:05:04.0598 1204 NDProxy - ok
22:05:04.0598 1204 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:05:04.0598 1204 NetBIOS - ok
22:05:04.0629 1204 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:05:04.0629 1204 NetBT - ok
22:05:04.0645 1204 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
22:05:04.0645 1204 Netlogon - ok
22:05:04.0676 1204 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
22:05:04.0692 1204 Netman - ok
22:05:04.0708 1204 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
22:05:04.0708 1204 netprofm - ok
22:05:04.0739 1204 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:05:04.0739 1204 NetTcpPortSharing - ok
22:05:04.0786 1204 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
22:05:04.0786 1204 nfrd960 - ok
22:05:04.0801 1204 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:05:04.0801 1204 NlaSvc - ok
22:05:04.0817 1204 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:05:04.0817 1204 Npfs - ok
22:05:04.0833 1204 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
22:05:04.0833 1204 nsi - ok
22:05:04.0833 1204 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:05:04.0833 1204 nsiproxy - ok
22:05:04.0879 1204 [ 05D78AA5CB5F3F5C31160BDB955D0B7C ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:05:04.0895 1204 Ntfs - ok
22:05:04.0926 1204 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
22:05:04.0926 1204 Null - ok
22:05:04.0973 1204 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
22:05:04.0973 1204 NVHDA - ok
22:05:05.0208 1204 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:05:05.0411 1204 nvlddmkm - ok
22:05:05.0442 1204 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:05:05.0442 1204 nvraid - ok
22:05:05.0473 1204 [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:05:05.0473 1204 nvstor - ok
22:05:05.0520 1204 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc C:\Windows\system32\nvvsvc.exe
22:05:05.0520 1204 nvsvc - ok
22:05:05.0598 1204 [ 4472183DE09F80CB1B56F217D8E0AB9B ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
22:05:05.0598 1204 nvUpdatusService - ok
22:05:05.0629 1204 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:05:05.0629 1204 nv_agp - ok
22:05:05.0692 1204 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:05:05.0708 1204 odserv - ok
22:05:05.0723 1204 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
22:05:05.0723 1204 ohci1394 - ok
22:05:05.0754 1204 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:05:05.0754 1204 ose - ok
22:05:05.0786 1204 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:05:05.0786 1204 p2pimsvc - ok
22:05:05.0817 1204 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
22:05:05.0833 1204 p2psvc - ok
22:05:05.0848 1204 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
22:05:05.0848 1204 Parport - ok
22:05:05.0879 1204 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:05:05.0879 1204 partmgr - ok
22:05:05.0895 1204 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:05:05.0895 1204 PcaSvc - ok
22:05:05.0911 1204 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
22:05:05.0911 1204 pci - ok
22:05:05.0926 1204 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
22:05:05.0926 1204 pciide - ok
22:05:05.0942 1204 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
22:05:05.0942 1204 pcmcia - ok
22:05:05.0989 1204 [ AF7CE12C4F3DC8CB2B07685C916BBCFE ] pcouffin C:\Windows\system32\Drivers\pcouffin.sys
22:05:05.0989 1204 pcouffin - ok
22:05:05.0989 1204 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
22:05:05.0989 1204 pcw - ok
22:05:06.0004 1204 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:05:06.0020 1204 PEAUTH - ok
22:05:06.0051 1204 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
22:05:06.0083 1204 PeerDistSvc - ok
22:05:06.0145 1204 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:05:06.0145 1204 PerfHost - ok
22:05:06.0161 1204 pfc - ok
22:05:06.0208 1204 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
22:05:06.0239 1204 pla - ok
22:05:06.0270 1204 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:05:06.0270 1204 PlugPlay - ok
22:05:06.0301 1204 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:05:06.0301 1204 PNRPAutoReg - ok
22:05:06.0317 1204 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:05:06.0317 1204 PNRPsvc - ok
22:05:06.0333 1204 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:05:06.0333 1204 PolicyAgent - ok
22:05:06.0364 1204 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
22:05:06.0364 1204 Power - ok
22:05:06.0379 1204 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:05:06.0395 1204 PptpMiniport - ok
22:05:06.0411 1204 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
22:05:06.0411 1204 Processor - ok
22:05:06.0426 1204 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
22:05:06.0426 1204 ProfSvc - ok
22:05:06.0442 1204 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:05:06.0442 1204 ProtectedStorage - ok
22:05:06.0473 1204 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:05:06.0473 1204 Psched - ok
22:05:06.0520 1204 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
22:05:06.0520 1204 PxHlpa64 - ok
22:05:06.0551 1204 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
22:05:06.0583 1204 ql2300 - ok
22:05:06.0629 1204 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
22:05:06.0629 1204 ql40xx - ok
22:05:06.0661 1204 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
22:05:06.0661 1204 QWAVE - ok
22:05:06.0676 1204 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:05:06.0676 1204 QWAVEdrv - ok
22:05:06.0676 1204 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:05:06.0676 1204 RasAcd - ok
22:05:06.0708 1204 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:05:06.0708 1204 RasAgileVpn - ok
22:05:06.0708 1204 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
22:05:06.0708 1204 RasAuto - ok
22:05:06.0739 1204 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:05:06.0739 1204 Rasl2tp - ok
22:05:06.0770 1204 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
22:05:06.0786 1204 RasMan - ok
22:05:06.0801 1204 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:05:06.0801 1204 RasPppoe - ok
22:05:06.0817 1204 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:05:06.0817 1204 RasSstp - ok
22:05:06.0833 1204 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:05:06.0833 1204 rdbss - ok
22:05:06.0848 1204 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
22:05:06.0848 1204 rdpbus - ok
22:05:06.0848 1204 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:05:06.0848 1204 RDPCDD - ok
22:05:06.0879 1204 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
22:05:06.0879 1204 RDPDR - ok
22:05:06.0895 1204 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:05:06.0895 1204 RDPENCDD - ok
22:05:06.0911 1204 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:05:06.0911 1204 RDPREFMP - ok
22:05:06.0942 1204 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:05:06.0942 1204 RDPWD - ok
22:05:06.0973 1204 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:05:06.0989 1204 rdyboost - ok
22:05:07.0004 1204 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:05:07.0004 1204 RemoteAccess - ok
22:05:07.0020 1204 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:05:07.0020 1204 RemoteRegistry - ok
22:05:07.0051 1204 [ AD42432D22940B4215177BE113E4919C ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys
22:05:07.0051 1204 RimUsb - ok
22:05:07.0098 1204 [ 4AAFFFA67AC4DFA3D9985D78573887E2 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
22:05:07.0098 1204 RimVSerPort - ok
22:05:07.0114 1204 [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
22:05:07.0114 1204 ROOTMODEM - ok
22:05:07.0129 1204 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:05:07.0129 1204 RpcEptMapper - ok
22:05:07.0161 1204 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
22:05:07.0161 1204 RpcLocator - ok
22:05:07.0176 1204 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
22:05:07.0192 1204 RpcSs - ok
22:05:07.0208 1204 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:05:07.0208 1204 rspndr - ok
22:05:07.0254 1204 [ F65F171165FBB613F7AA3CC78E8CAB42 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
22:05:07.0254 1204 RTL8167 - ok
22:05:07.0286 1204 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
22:05:07.0286 1204 s3cap - ok
22:05:07.0301 1204 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
22:05:07.0301 1204 SamSs - ok
22:05:07.0317 1204 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:05:07.0317 1204 sbp2port - ok
22:05:07.0333 1204 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:05:07.0333 1204 SCardSvr - ok
22:05:07.0379 1204 [ 6CE6F98EA3D07A9C2CE3CD0A5A86352D ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
22:05:07.0379 1204 SCDEmu - ok
22:05:07.0411 1204 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:05:07.0411 1204 scfilter - ok
22:05:07.0442 1204 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
22:05:07.0458 1204 Schedule - ok
22:05:07.0504 1204 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
22:05:07.0504 1204 SCPolicySvc - ok
22:05:07.0520 1204 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:05:07.0520 1204 SDRSVC - ok
22:05:07.0551 1204 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:05:07.0551 1204 secdrv - ok
22:05:07.0583 1204 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
22:05:07.0583 1204 seclogon - ok
22:05:07.0614 1204 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
22:05:07.0614 1204 SENS - ok
22:05:07.0614 1204 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:05:07.0614 1204 SensrSvc - ok
22:05:07.0645 1204 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:05:07.0645 1204 Serenum - ok
22:05:07.0661 1204 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:05:07.0661 1204 Serial - ok
22:05:07.0676 1204 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
22:05:07.0676 1204 sermouse - ok
22:05:07.0692 1204 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
22:05:07.0692 1204 SessionEnv - ok
22:05:07.0723 1204 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:05:07.0739 1204 sffdisk - ok
22:05:07.0739 1204 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:05:07.0739 1204 sffp_mmc - ok
22:05:07.0754 1204 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:05:07.0754 1204 sffp_sd - ok
22:05:07.0770 1204 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
22:05:07.0770 1204 sfloppy - ok
22:05:07.0786 1204 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:05:07.0801 1204 SharedAccess - ok
22:05:07.0833 1204 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:05:07.0833 1204 ShellHWDetection - ok
22:05:07.0864 1204 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:05:07.0864 1204 SiSRaid2 - ok
22:05:07.0879 1204 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
22:05:07.0879 1204 SiSRaid4 - ok
22:05:07.0926 1204 [ C337738BA4BD745E0983EC6EF262798D ] SmartViewService C:\Program Files (x86)\DeviceVM\SmartView\SmartViewService.exe
22:05:07.0926 1204 SmartViewService - ok
22:05:07.0942 1204 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:05:07.0942 1204 Smb - ok
22:05:07.0973 1204 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:05:07.0973 1204 SNMPTRAP - ok
22:05:07.0989 1204 [ FFC5F7ED77AA59AA0A6B70F3D7A22A93 ] Sound Blaster X-Fi MB Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
22:05:07.0989 1204 Sound Blaster X-Fi MB Licensing Service - ok
22:05:08.0004 1204 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
22:05:08.0004 1204 spldr - ok
22:05:08.0020 1204 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
22:05:08.0036 1204 Spooler - ok
22:05:08.0098 1204 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
22:05:08.0145 1204 sppsvc - ok
22:05:08.0161 1204 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:05:08.0161 1204 sppuinotify - ok
22:05:08.0192 1204 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
22:05:08.0192 1204 srv - ok
22:05:08.0208 1204 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:05:08.0208 1204 srv2 - ok
22:05:08.0223 1204 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:05:08.0223 1204 srvnet - ok
22:05:08.0254 1204 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:05:08.0254 1204 SSDPSRV - ok
22:05:08.0270 1204 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:05:08.0270 1204 SstpSvc - ok
22:05:08.0317 1204 Steam Client Service - ok
22:05:08.0395 1204 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
22:05:08.0395 1204 Stereo Service - ok
22:05:08.0426 1204 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
22:05:08.0426 1204 stexstor - ok
22:05:08.0458 1204 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
22:05:08.0473 1204 stisvc - ok
22:05:08.0489 1204 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
22:05:08.0504 1204 storflt - ok
22:05:08.0520 1204 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
22:05:08.0520 1204 StorSvc - ok
22:05:08.0536 1204 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
22:05:08.0598 1204 storvsc - ok
22:05:08.0614 1204 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
22:05:08.0614 1204 swenum - ok
22:05:08.0645 1204 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
22:05:08.0645 1204 swprv - ok
22:05:08.0692 1204 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
22:05:08.0723 1204 SysMain - ok
22:05:08.0739 1204 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:05:08.0739 1204 TabletInputService - ok
22:05:08.0754 1204 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
22:05:08.0754 1204 TapiSrv - ok
22:05:08.0770 1204 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
22:05:08.0770 1204 TBS - ok
22:05:08.0833 1204 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:05:08.0848 1204 Tcpip - ok
22:05:08.0879 1204 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:05:08.0895 1204 TCPIP6 - ok
22:05:08.0926 1204 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:05:08.0926 1204 tcpipreg - ok
22:05:08.0958 1204 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:05:08.0958 1204 TDPIPE - ok
22:05:08.0973 1204 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:05:08.0973 1204 TDTCP - ok
22:05:08.0989 1204 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:05:08.0989 1204 tdx - ok
22:05:09.0020 1204 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
22:05:09.0020 1204 TermDD - ok
22:05:09.0036 1204 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
22:05:09.0051 1204 TermService - ok
22:05:09.0067 1204 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
22:05:09.0067 1204 Themes - ok
22:05:09.0083 1204 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
22:05:09.0083 1204 THREADORDER - ok
22:05:09.0098 1204 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
22:05:09.0098 1204 TrkWks - ok
22:05:09.0145 1204 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:05:09.0145 1204 TrustedInstaller - ok
22:05:09.0176 1204 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:05:09.0176 1204 tssecsrv - ok
22:05:09.0208 1204 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
22:05:09.0208 1204 TsUsbFlt - ok
22:05:09.0254 1204 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:05:09.0254 1204 tunnel - ok
22:05:09.0286 1204 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
22:05:09.0286 1204 uagp35 - ok
22:05:09.0301 1204 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:05:09.0317 1204 udfs - ok
22:05:09.0333 1204 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:05:09.0348 1204 UI0Detect - ok
22:05:09.0364 1204 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:05:09.0364 1204 uliagpkx - ok
22:05:09.0379 1204 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
22:05:09.0379 1204 umbus - ok
22:05:09.0395 1204 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
22:05:09.0395 1204 UmPass - ok
22:05:09.0411 1204 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
22:05:09.0411 1204 UmRdpService - ok
22:05:09.0426 1204 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
22:05:09.0442 1204 upnphost - ok
22:05:09.0458 1204 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
22:05:09.0458 1204 USBAAPL64 - ok
22:05:09.0489 1204 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
22:05:09.0504 1204 usbaudio - ok
22:05:09.0504 1204 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:05:09.0504 1204 usbccgp - ok
22:05:09.0536 1204 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:05:09.0536 1204 usbcir - ok
22:05:09.0551 1204 [ 74EE782B1D9C241EFE425565854C661C ] usbehci C:\Windows\system32\drivers\usbehci.sys
22:05:09.0551 1204 usbehci - ok
22:05:09.0583 1204 [ DC96BD9CCB8403251BCF25047573558E ] usbhub C:\Windows\system32\drivers\usbhub.sys
22:05:09.0583 1204 usbhub - ok
22:05:09.0598 1204 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\drivers\usbohci.sys
22:05:09.0598 1204 usbohci - ok
22:05:09.0629 1204 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:05:09.0629 1204 usbprint - ok
22:05:09.0645 1204 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:05:09.0645 1204 USBSTOR - ok
22:05:09.0661 1204 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
22:05:09.0661 1204 usbuhci - ok
22:05:09.0692 1204 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
22:05:09.0692 1204 usbvideo - ok
22:05:09.0723 1204 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
22:05:09.0723 1204 UxSms - ok
22:05:09.0739 1204 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
22:05:09.0739 1204 VaultSvc - ok
22:05:09.0754 1204 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
22:05:09.0754 1204 vdrvroot - ok
22:05:09.0786 1204 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
22:05:09.0801 1204 vds - ok
22:05:09.0817 1204 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:05:09.0817 1204 vga - ok
22:05:09.0817 1204 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
22:05:09.0817 1204 VgaSave - ok
22:05:09.0848 1204 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
22:05:09.0848 1204 vhdmp - ok
22:05:09.0895 1204 [ 906A7C6B6659A650648CF21998270945 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
22:05:09.0911 1204 VIAHdAudAddService - ok
22:05:09.0942 1204 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
22:05:09.0942 1204 viaide - ok
22:05:09.0958 1204 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
22:05:09.0958 1204 vmbus - ok
22:05:09.0973 1204 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
22:05:09.0989 1204 VMBusHID - ok
22:05:09.0989 1204 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:05:09.0989 1204 volmgr - ok
22:05:10.0036 1204 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:05:10.0036 1204 volmgrx - ok
22:05:10.0051 1204 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:05:10.0051 1204 volsnap - ok
22:05:10.0098 1204 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
22:05:10.0114 1204 vsmraid - ok
22:05:10.0161 1204 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
22:05:10.0176 1204 VSS - ok
22:05:10.0192 1204 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
22:05:10.0192 1204 vwifibus - ok
22:05:10.0223 1204 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
22:05:10.0239 1204 W32Time - ok
22:05:10.0254 1204 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
22:05:10.0254 1204 WacomPen - ok
22:05:10.0270 1204 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:05:10.0286 1204 WANARP - ok
22:05:10.0301 1204 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:05:10.0301 1204 Wanarpv6 - ok
22:05:10.0364 1204 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
22:05:10.0379 1204 WatAdminSvc - ok
22:05:10.0426 1204 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
22:05:10.0442 1204 wbengine - ok
22:05:10.0458 1204 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:05:10.0458 1204 WbioSrvc - ok
22:05:10.0489 1204 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:05:10.0489 1204 wcncsvc - ok
22:05:10.0504 1204 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:05:10.0504 1204 WcsPlugInService - ok
22:05:10.0520 1204 [ 49496A86C042A681A81E1002412BED3E ] WCUService C:\Program Files (x86)\DeviceVM\SmartView Software Updater\WCUService.exe
22:05:10.0536 1204 WCUService - ok
22:05:10.0551 1204 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
22:05:10.0551 1204 Wd - ok
22:05:10.0583 1204 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:05:10.0583 1204 Wdf01000 - ok
22:05:10.0598 1204 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:05:10.0598 1204 WdiServiceHost - ok
22:05:10.0614 1204 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:05:10.0614 1204 WdiSystemHost - ok
22:05:10.0614 1204 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
22:05:10.0629 1204 WebClient - ok
22:05:10.0645 1204 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:05:10.0645 1204 Wecsvc - ok
22:05:10.0661 1204 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:05:10.0661 1204 wercplsupport - ok
22:05:10.0676 1204 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
22:05:10.0676 1204 WerSvc - ok
22:05:10.0708 1204 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:05:10.0708 1204 WfpLwf - ok
22:05:10.0723 1204 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:05:10.0723 1204 WIMMount - ok
22:05:10.0739 1204 WinDefend - ok
22:05:10.0739 1204 WinHttpAutoProxySvc - ok
22:05:10.0770 1204 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:05:10.0770 1204 Winmgmt - ok
22:05:10.0833 1204 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
22:05:10.0864 1204 WinRM - ok
22:05:10.0911 1204 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
22:05:10.0911 1204 WinUsb - ok
22:05:10.0942 1204 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
22:05:10.0958 1204 Wlansvc - ok
22:05:10.0973 1204 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
22:05:10.0973 1204 WmiAcpi - ok
22:05:11.0004 1204 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:05:11.0004 1204 wmiApSrv - ok
22:05:11.0036 1204 WMPNetworkSvc - ok
22:05:11.0051 1204 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:05:11.0051 1204 WPCSvc - ok
22:05:11.0083 1204 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:05:11.0083 1204 WPDBusEnum - ok
22:05:11.0114 1204 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:05:11.0114 1204 ws2ifsl - ok
22:05:11.0161 1204 [ AD12F5C7251BB8D575D560894E73CBBA ] WsAudio_DeviceS(1) C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys
22:05:11.0161 1204 WsAudio_DeviceS(1) - ok
22:05:11.0192 1204 [ AD12F5C7251BB8D575D560894E73CBBA ] WsAudio_DeviceS(2) C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys
22:05:11.0192 1204 WsAudio_DeviceS(2) - ok
22:05:11.0208 1204 [ AD12F5C7251BB8D575D560894E73CBBA ] WsAudio_DeviceS(3) C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys
22:05:11.0208 1204 WsAudio_DeviceS(3) - ok
22:05:11.0208 1204 [ AD12F5C7251BB8D575D560894E73CBBA ] WsAudio_DeviceS(4) C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys
22:05:11.0208 1204 WsAudio_DeviceS(4) - ok
22:05:11.0223 1204 [ AD12F5C7251BB8D575D560894E73CBBA ] WsAudio_DeviceS(5) C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys
22:05:11.0223 1204 WsAudio_DeviceS(5) - ok
22:05:11.0239 1204 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
22:05:11.0239 1204 wscsvc - ok
22:05:11.0254 1204 WSearch - ok
22:05:11.0301 1204 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
22:05:11.0333 1204 wuauserv - ok
22:05:11.0348 1204 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:05:11.0348 1204 WudfPf - ok
22:05:11.0395 1204 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:05:11.0395 1204 WUDFRd - ok
22:05:11.0426 1204 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:05:11.0426 1204 wudfsvc - ok
22:05:11.0442 1204 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
22:05:11.0458 1204 WwanSvc - ok
22:05:11.0473 1204 ================ Scan global ===============================
22:05:11.0489 1204 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:05:11.0520 1204 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
22:05:11.0520 1204 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
22:05:11.0551 1204 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:05:11.0583 1204 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:05:11.0583 1204 [Global] - ok
22:05:11.0583 1204 ================ Scan MBR ==================================
22:05:11.0598 1204 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:05:11.0598 1204 Suspicious mbr (Forged): \Device\Harddisk0\DR0
22:05:11.0645 1204 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
22:05:11.0645 1204 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
22:05:11.0645 1204 ================ Scan VBR ==================================
22:05:11.0661 1204 [ CE96FA940994394FC659CE4A576C1790 ] \Device\Harddisk0\DR0\Partition1
22:05:11.0661 1204 \Device\Harddisk0\DR0\Partition1 - ok
22:05:11.0661 1204 ============================================================
22:05:11.0661 1204 Scan finished
22:05:11.0661 1204 ============================================================
22:05:11.0661 2896 Detected object count: 1
22:05:11.0661 2896 Actual detected object count: 1
22:05:32.0614 2896 \Device\Harddisk0\DR0\# - copied to quarantine
22:05:32.0629 2896 \Device\Harddisk0\DR0 - copied to quarantine
22:05:32.0661 2896 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
22:05:32.0661 2896 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
22:05:32.0676 2896 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
22:05:32.0692 2896 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
22:05:32.0692 2896 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
22:05:32.0692 2896 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
22:05:32.0692 2896 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
22:05:32.0692 2896 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
22:05:32.0692 2896 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
22:05:32.0692 2896 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
22:05:32.0692 2896 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
22:05:32.0692 2896 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
22:05:32.0708 2896 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
22:05:32.0708 2896 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
22:05:32.0708 2896 \Device\Harddisk0\DR0 - ok
22:05:32.0708 2896 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
22:06:21.0567 2840 Deinitialize success
 
Good :)

See if you can start in normal mode and.....

Re-run MBAM. Post new log.

Next...

  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

=============================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 
Was able to restart into normal mode.

New MBAM Log:

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.10.25.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Stanley :: STANLEY-PC [administrator]

10/24/2012 10:38:42 PM
mbam-log-2012-10-24 (22-42-52).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 228610
Time elapsed: 3 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> No action taken.

(end)



RK Report 1:

RogueKiller V8.2.0 [10/22/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Stanley [Admin rights]
Mode : Scan -- Date : 10/24/2012 22:45:37

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] Sound_Blaster_X-Fi_MB_Cleanup.0001 -- C:\Users\Stanley\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001 -> KILLED [TermProc]

¤¤¤ Registry Entries : 4 ¤¤¤
[RUN][BLACKLIST DLL] HKLM\[...]\Run : RunDLLEntry (C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000AAKX-001CA0 ATA Device +++++
--- User ---
[MBR] 030184803bc62bf88cd1c5fb61ed058c
[BSP] 7bcaf7a05f0139ae0cad2e6b9bf5be64 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt




RK Report 2:

RogueKiller V8.2.0 [10/22/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Stanley [Admin rights]
Mode : Remove -- Date : 10/24/2012 22:45:54

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] Sound_Blaster_X-Fi_MB_Cleanup.0001 -- C:\Users\Stanley\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001 -> KILLED [TermProc]

¤¤¤ Registry Entries : 4 ¤¤¤
[RUN][BLACKLIST DLL] HKLM\[...]\Run : RunDLLEntry (C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry) -> DELETED
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000AAKX-001CA0 ATA Device +++++
--- User ---
[MBR] 030184803bc62bf88cd1c5fb61ed058c
[BSP] 7bcaf7a05f0139ae0cad2e6b9bf5be64 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt



aswMBR Log:


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-24 22:49:26
-----------------------------
22:49:26.806 OS Version: Windows x64 6.1.7601 Service Pack 1
22:49:26.806 Number of processors: 3 586 0x503
22:49:26.806 ComputerName: STANLEY-PC UserName: Stanley
22:49:28.291 Initialize success
22:51:19.031 AVAST engine defs: 12102500
22:51:23.449 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
22:51:23.449 Disk 0 Vendor: WDC_WD5000AAKX-001CA0 15.01H15 Size: 476940MB BusType: 3
22:51:23.464 Disk 0 MBR read successfully
22:51:23.472 Disk 0 MBR scan
22:51:23.472 Disk 0 Windows 7 default MBR code
22:51:23.488 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476838 MB offset 206848
22:51:23.511 Disk 0 scanning C:\Windows\system32\drivers
22:51:32.690 Service scanning
22:51:50.723 Modules scanning
22:51:50.739 Disk 0 trace - called modules:
22:51:50.754 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
22:51:50.762 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800492e6c0]
22:51:50.770 3 CLASSPNP.SYS[fffff880018e243f] -> nt!IofCallDriver -> [0xfffffa80048b9520]
22:51:50.786 5 ACPI.sys[fffff88000f6a7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa80048bb060]
22:51:52.052 AVAST engine scan C:\Windows
22:51:54.766 AVAST engine scan C:\Windows\system32
22:54:07.398 AVAST engine scan C:\Windows\system32\drivers
22:54:17.531 AVAST engine scan C:\Users\Stanley
23:09:20.840 AVAST engine scan C:\ProgramData
23:10:09.481 File: C:\ProgramData\Microsoft\Windows\DRM\92F2.tmp **INFECTED** Win32:Malware-gen
23:10:26.187 Scan finished successfully
23:10:39.412 Disk 0 MBR has been saved successfully to "C:\Users\Stanley\Desktop\MBR.dat"
23:10:39.419 The log file has been saved successfully to "C:\Users\Stanley\Desktop\aswMBR.txt"
 
Your MBAM log says "No action taken".
Re-run it, fix all issues and post new log.
 
Sorry about that, here's the new MBAM log:

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.10.25.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Stanley :: STANLEY-PC [administrator]

10/24/2012 11:21:32 PM
mbam-log-2012-10-24 (23-21-32).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 227652
Time elapsed: 2 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)
 
Good :)

Create new restore point before proceeding with the next step....
How to:
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

=================================

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
Here's the ComboFix log:

ComboFix 12-10-24.02 - Stanley 10/24/2012 23:44:07.1.3 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4095.2888 [GMT -4:00]
Running from: c:\users\Stanley\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\Microsoft\Windows\DRM\92E1.tmp
c:\programdata\Microsoft\Windows\DRM\92F2.tmp
c:\users\Stanley\AppData\Roaming\inst.exe
c:\users\Stanley\AppData\Roaming\vso_ts_preview.xml
c:\windows\SysWow64\tmp14F8.tmp
c:\windows\SysWow64\tmp14F9.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_nvsvc
.
.
((((((((((((((((((((((((( Files Created from 2012-09-25 to 2012-10-25 )))))))))))))))))))))))))))))))
.
.
2012-10-25 02:05 . 2012-10-25 02:05--------d-----w-C:\TDSSKiller_Quarantine
2012-10-25 00:29 . 2012-10-02 19:513536817----a-w-c:\windows\system32\nvcoproc.bin
2012-10-23 15:41 . 2012-10-12 07:199291768----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{BFB3ACC4-0EF7-41AA-85F4-CD779691EA91}\mpengine.dll
2012-10-23 01:21 . 2012-10-23 01:21--------d-----w-c:\programdata\xsymhrjboxtvfjf
2012-10-23 01:19 . 2012-10-23 01:19--------d-----w-c:\windows\Sun
2012-10-16 02:51 . 2012-10-16 02:51--------d-----w-c:\program files (x86)\Yontoo
2012-10-16 02:51 . 2012-10-16 02:51--------d-----w-c:\programdata\Tarma Installer
2012-10-16 02:51 . 2012-10-16 02:51--------d-----w-c:\program files (x86)\FirstRowSportApp.com
2012-10-02 17:15 . 2012-10-02 17:15430952----a-w-c:\windows\SysWow64\nvStreaming.exe
2012-09-27 03:33 . 2011-12-14 17:4329288----a-w-c:\windows\system32\drivers\WsAudio_DeviceS(5).sys
2012-09-27 03:33 . 2011-12-14 17:4329288----a-w-c:\windows\system32\drivers\WsAudio_DeviceS(4).sys
2012-09-27 03:32 . 2011-12-14 17:4329288----a-w-c:\windows\system32\drivers\WsAudio_DeviceS(3).sys
2012-09-27 03:32 . 2011-12-14 17:4329288----a-w-c:\windows\system32\drivers\WsAudio_DeviceS(2).sys
2012-09-27 03:32 . 2011-12-14 17:4329288----a-w-c:\windows\system32\drivers\WsAudio_DeviceS(1).sys
2012-09-27 03:30 . 2012-09-27 03:30--------d-----w-c:\users\Stanley\AppData\Roaming\Aimersoft Video Converter Ultimate
2012-09-27 03:30 . 2012-09-27 03:30--------d-----w-c:\users\Stanley\AppData\Local\Aimersoft
2012-09-27 03:30 . 2012-09-27 03:30--------d-----w-c:\program files (x86)\Common Files\Aimersoft
2012-09-27 03:30 . 2011-08-31 18:39892928----a-w-c:\windows\SysWow64\iconv.dll
2012-09-27 03:30 . 2011-08-31 18:39675840----a-w-c:\windows\SysWow64\ac3filter.ax
2012-09-27 03:30 . 2011-08-31 18:39496640----a-w-c:\windows\SysWow64\xvid.ax
2012-09-27 03:30 . 2012-09-27 03:30--------d-----w-c:\program files (x86)\Aimersoft
2012-09-27 03:21 . 2012-09-27 03:21255352----a-w-c:\windows\SysWow64\awrdscdc.ax
2012-09-27 03:21 . 2001-08-18 02:4324576------w-c:\windows\SysWow64\msxml3a.dll
2012-09-27 03:21 . 2012-09-27 03:21--------d-----w-c:\program files (x86)\Audible
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-11 07:03 . 2011-12-28 19:4465309168----a-w-c:\windows\system32\MRT.exe
2012-10-02 22:21 . 2011-05-04 03:072428776----a-w-c:\windows\SysWow64\nvapi.dll
2012-10-02 19:51 . 2011-04-08 03:193293544----a-w-c:\windows\system32\nvsvc64.dll
2012-10-02 19:51 . 2011-04-08 03:196200680----a-w-c:\windows\system32\nvcpl.dll
2012-10-02 19:50 . 2011-04-08 03:19118120----a-w-c:\windows\system32\nvmctray.dll
2012-10-02 19:50 . 2011-04-08 03:19891240----a-w-c:\windows\system32\nvvsvc.exe
2012-10-02 19:50 . 2010-08-19 12:4863336----a-w-c:\windows\system32\nvshext.dll
2012-09-29 23:54 . 2011-12-28 19:5325928----a-w-c:\windows\system32\drivers\mbam.sys
2012-08-24 18:05 . 2012-09-22 08:141188864----a-w-c:\windows\system32\wininet.dll
2012-08-24 18:05 . 2012-09-22 08:141494528----a-w-c:\windows\system32\urlmon.dll
2012-08-24 18:05 . 2012-09-22 08:14134144----a-w-c:\windows\system32\url.dll
2012-08-24 18:03 . 2012-09-22 08:149056256----a-w-c:\windows\system32\mshtml.dll
2012-08-24 18:03 . 2012-09-22 08:1497792----a-w-c:\windows\system32\mshtmled.dll
2012-08-24 18:03 . 2012-09-22 08:14735744----a-w-c:\windows\system32\msfeeds.dll
2012-08-24 18:03 . 2012-09-22 08:1464512----a-w-c:\windows\system32\jsproxy.dll
2012-08-24 18:02 . 2012-09-22 08:14247808----a-w-c:\windows\system32\ieui.dll
2012-08-24 18:02 . 2012-09-22 08:1412295680----a-w-c:\windows\system32\ieframe.dll
2012-08-24 18:02 . 2012-09-22 08:142453504----a-w-c:\windows\system32\iertutil.dll
2012-08-24 16:57 . 2012-09-22 08:14981504----a-w-c:\windows\SysWow64\wininet.dll
2012-08-24 15:59 . 2012-09-22 08:141638912----a-w-c:\windows\system32\mshtml.tlb
2012-08-24 15:20 . 2012-09-22 08:141638912----a-w-c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-12 04:301913200----a-w-c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 04:30376688----a-w-c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 04:30288624----a-w-c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0F3DC9E0-C459-4a40-BCF8-747BD9322E10}"= "c:\program files (x86)\DeviceVM\SmartView\AddressBarSearch.dll" [2010-09-02 162080]
.
[HKEY_CLASSES_ROOT\clsid\{0f3dc9e0-c459-4a40-bcf8-747bd9322e10}]
[HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E8E0178-00EF-413d-9324-E7B3E31572E3}]
[HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2012-10-12 20:57194928----a-w-c:\program files (x86)\Yontoo\YontooIEClient.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-05-04 39408]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-15 1353080]
"Spotify Web Helper"="c:\users\Stanley\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-08-23 1193176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-09-21 2583040]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"CTSyncService"="c:\program files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe" [2009-07-08 1233195]
"VolPanel"="c:\program files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" [2009-05-04 241789]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"SmartViewAgent"="c:\program files (x86)\DeviceVM\SmartView\SmartViewAgent.exe" [2010-09-02 948504]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-03-22 74752]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448]
"Aimersoft Helper Compact.exe"="c:\program files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe" [2012-02-20 1666560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-04 136176]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-05-03 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-05-03 79360]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-04 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-19 115168]
R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2011-05-03 79360]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-05 1255736]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-06 169408]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
S2 SmartViewService;SmartView service;c:\program files (x86)\DeviceVM\SmartView\SmartViewService.exe [2010-09-02 125216]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S2 WCUService;SmartView Software Updater Service;c:\program files (x86)\DeviceVM\SmartView Software Updater\WCUService.exe [2010-09-02 456976]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-07-03 189288]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2011-08-11 82816]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-07-30 236544]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-09-17 1250816]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2011-12-14 29288]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2011-12-14 29288]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2011-12-14 29288]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2011-12-14 29288]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2011-12-14 29288]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-04 02:28]
.
2012-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-04 02:28]
.
2012-10-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-752194725-100490190-2721381501-1000Core.job
- c:\users\Stanley\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-28 23:51]
.
2012-10-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-752194725-100490190-2721381501-1000UA.job
- c:\users\Stanley\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-28 23:51]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Stanley\AppData\Roaming\Mozilla\Firefox\Profiles\5zqv5tqs.default\
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-10-15 22:51; freehdsport@freehdsport.tv; c:\users\Stanley\AppData\Roaming\Mozilla\Firefox\Profiles\5zqv5tqs.default\extensions\freehdsport@freehdsport.tv.xpi
FF - ExtSQL: 2012-10-15 22:51; plugin@yontoo.com; c:\users\Stanley\AppData\Roaming\Mozilla\Firefox\Profiles\5zqv5tqs.default\extensions\plugin@yontoo.com
FF - user.js: extentions.y2layers.installId - f1b2cfa5-8615-415d-9924-47cfbc7ee532
FF - user.js: extentions.y2layers.defaultEnableAppsList - twittube,buzzdock,YontooNewOffers
FF - user.js: extensions.autoDisableScopes - 14
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-ASRockOCTuner - (no file)
Wow6432Node-HKCU-Run-ASRockIES - (no file)
Wow6432Node-HKCU-Run-zASRockInstantBoot - (no file)
SafeBoot-74932097.sys
AddRemove-Brink_is1 - c:\program files (x86)\Bethesda Softworks\Brink\unins000.exe
AddRemove-Fallout New Vegas_is1 - c:\program files (x86)\Bethesda Softworks\Fallout New Vegas\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-752194725-100490190-2721381501-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*7*Ž<=j]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-752194725-100490190-2721381501-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*7*Ž<=j\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-752194725-100490190-2721381501-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*7*Ž<=j]
"0"=hex:43,3a,5c,55,73,65,72,73,5c,53,74,61,6e,6c,65,79,5c,44,6f,77,6e,6c,6f,
61,64,73,5c,64,65,61,64,6c,69,65,73,74,2e,63,61,74,63,68,2e,73,30,37,65,31,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2012-10-24 23:54:08 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-25 03:54
.
Pre-Run: 157,039,833,088 bytes free
Post-Run: 186,674,847,744 bytes free
.
- - End Of File - - 284B5F40BDB446FBB2EC12D182057F6E
 
Looks good :)

Any current issues?

=================================

I don't see any AV program running.
Install ONE of these:
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
- free Microsoft Security Essentials: http://windows.microsoft.com/en-GB/windows/products/security-essentials
- free Comodo Antivirus: http://www.comodo.com/home/internet-security/antivirus.php
Update, run full scan, report on any findings.

==================================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
This topic is marked as abandoned and closed due to inactivity.
This member will NOT be eligible to receive any more help in malware removal forum.
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
792
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A

Latest posts

Back