Inactive [A] SVChost.exe trojan

[Koniving]

Mbam log
Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.10.29.13

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Kalon LaChevet :: KALONLACHEVET [administrator]

Protection: Enabled

10/29/2012 8:33:29 PM
mbam-log-2012-10-29 (20-46-44).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 389120
Time elapsed: 13 minute(s), 3 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 3132 -> No action taken.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 7
C:\TDSSKiller_Quarantine\29.10.2012_20.07.05\mbr0000\tdlfs0000\tsk0002.dta (Trojan.Agent.MRGGen) -> No action taken.
C:\TDSSKiller_Quarantine\29.10.2012_20.11.22\mbr0000\tdlfs0000\tsk0002.dta (Trojan.Agent.MRGGen) -> No action taken.
C:\TDSSKiller_Quarantine\29.10.2012_20.13.08\mbr0000\tdlfs0000\tsk0002.dta (Trojan.Agent.MRGGen) -> No action taken.
C:\TDSSKiller_Quarantine\29.10.2012_20.17.44\mbr0000\tdlfs0000\tsk0002.dta (Trojan.Agent.MRGGen) -> No action taken.
C:\TDSSKiller_Quarantine\29.10.2012_20.17.44\mbr0001\tdlfs0000\tsk0002.dta (Trojan.Agent.MRGGen) -> No action taken.
C:\TDSSKiller_Quarantine\29.10.2012_20.17.44\tdlfs0000\tsk0002.dta (Trojan.Agent.MRGGen) -> No action taken.
C:\Windows\svchost.exe (Trojan.Agent) -> No action taken.

(end)
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-10-29 20:53:55
Windows 6.1.7601 Service Pack 1
Running: ulkpnbkl.exe
---- Services - GMER 1.0.15 ----
Service system32\drivers\12080275.sys (*** hidden *** ) [BOOT] 55906284 <-- ROOTKIT !!!
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\55906284@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\55906284@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\55906284@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\services\55906284@ImagePath system32\drivers\12080275.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\55906284@Group System Reserved
---- EOF - GMER 1.0.15 ----

 

[Koniving]

DDS log

DDS (Ver_2012-10-19.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Kalon LaChevet at 21:19:36 on 2012-10-29
#Option Extended Search is enabled.
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16381.13023 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Kalon LaChevet\AppData\Local\Temp\91B018D6-536C-4EC9-9B49-77C018071343.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\DllHost.exe
C:\Windows\notepad.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uWindow Title = Internet Explorer, optimized for Bing and MSN
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Messenger (Yahoo!)] "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [TuneUp Utilities - Start Center] C:\Program Files (x86)\TuneUp Utilities 2012\Integrator.exe
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [MarbleStation] E:\NetmarbleGlobal\MarbleStation\GlbMSLauncher.exe
uRun: [RadeonPro] ""
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - C:\Users\Kalon LaChevet\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - C:\Users\Kalon LaChevet\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} - hxxps://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.66.2.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab
TCP: NameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{6CFB12AD-50A2-48B6-9668-8F0818D05389} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{9AFD0E65-EE7A-4385-BD48-AA7FBDBD2151} : DHCPNameServer = 65.32.5.111 65.32.5.112
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} -
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kalon LaChevet\AppData\Roaming\Mozilla\Firefox\Profiles\evshe54g.default\
FF - prefs.js: browser.startup.homepage - hxxp://dayzdb.com/map
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\GameSpy\Comrade\npcomrade.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Kalon LaChevet\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\Kalon LaChevet\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Kalon LaChevet\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Kalon LaChevet\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
FF - plugin: E:\Acrobat Reader Pro\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - ExtSQL: 2012-09-30 20:43; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; C:\Users\Kalon LaChevet\AppData\Roaming\Mozilla\Firefox\Profiles\evshe54g.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-12-17 969200]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-12-17 359464]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-10-29 283200]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-7-27 239616]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-8-6 361984]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-12-17 25232]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-12-17 71600]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-8-28 44808]
R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2012-10-11 21992]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-29 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-29 676936]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-5-15 1153368]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-5-29 2143072]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-12-5 46136]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2012-7-28 10278912]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2012-7-27 368640]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2011-7-28 56960]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2011-7-28 79104]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-10-29 25928]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-12-5 413800]
R3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2009-12-1 38992]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-12-12 11856]
S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-29 250808]
S3 arusb_win7x;Service For TP-LINK Wireless N Adapter;C:\Windows\System32\drivers\arusb_win7x.sys [2012-2-12 769024]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-9-28 115168]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-19 1255736]
S3 xsherlock;xsherlock;C:\Windows\System32\xsherlock.xem --> C:\Windows\System32\xsherlock.xem [?]
S4 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-2-18 462632]
S4 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-1-6 2984832]
.
=============== Created Last 60 ================
.
2012-10-30 01:05:31283200----a-w-C:\Windows\System32\drivers\dtsoftbus01.sys
2012-10-30 00:58:24--------d-sh--w-C:\$RECYCLE.BIN
2012-10-30 00:13:2798816----a-w-C:\Windows\sed.exe
2012-10-30 00:13:27256000----a-w-C:\Windows\PEV.exe
2012-10-30 00:13:27208896----a-w-C:\Windows\MBR.exe
2012-10-30 00:13:23--------d-s---w-C:\ComboFix
2012-10-30 00:10:56--------d-----w-C:\TDSSKiller_Quarantine
2012-10-29 23:14:19--------d-----w-C:\Users\Kalon LaChevet\AppData\Roaming\Malwarebytes
2012-10-29 23:10:11--------d-----w-C:\ProgramData\Malwarebytes
2012-10-29 23:10:1025928----a-w-C:\Windows\System32\drivers\mbam.sys
2012-10-29 23:10:10--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-10-29 14:01:27--------d-----w-C:\Program Files (x86)\TARS
2012-10-29 04:12:11--------d-----w-C:\Program Files (x86)\Common Files\Wrye Bash
2012-10-27 09:15:16--------d-----w-C:\Users\Kalon LaChevet\AppData\Local\{7F3C2DE6-F21C-4509-A957-E97312574CCB}
2012-10-27 05:03:309291768----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C0ACBAEC-5BE7-4EAA-B516-3D146A0F45AB}\mpengine.dll
2012-10-26 21:45:32159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-10-26 21:45:32159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-10-26 21:45:31159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-10-26 21:45:31159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-10-26 21:45:31159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-10-26 21:45:31159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-10-26 21:45:31159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-10-25 20:58:33--------d-----w-C:\Users\Kalon LaChevet\AppData\Local\{9C5E0B09-C6E6-44A9-898D-969770C6512E}
2012-10-24 13:27:58--------d-----w-C:\Users\Kalon LaChevet\AppData\Local\{5884B7B3-8B30-4942-8747-3A770BF3E15C}
2012-10-20 05:40:10--------d-----w-C:\Users\Kalon LaChevet\AppData\Roaming\FaceGen
2012-10-19 18:28:22--------d-----w-C:\Program Files (x86)\FaceGen
2012-10-19 18:26:02--------d-----w-C:\Program Files (x86)\Singular Inversions
2012-10-15 10:24:56--------d-----w-C:\Program Files (x86)\Mozilla Firefox.bak
2012-10-12 20:06:10--------d-----w-C:\Windows\8A809006C25A4A3A9DAB94659BCDB107.TMP
2012-10-12 14:31:21--------d-----w-C:\Users\Kalon LaChevet\AppData\Local\{2D19C8BC-85CC-45FC-AAB0-001649AE254A}
2012-10-12 00:26:3221992----a-w-C:\Windows\System32\drivers\cpuz135_x64.sys
2012-10-11 23:02:16--------d-----w-C:\Users\Kalon LaChevet\AppData\Local\Unity
2012-10-11 14:34:59--------d-----w-C:\Users\Kalon LaChevet\AppData\Local\{7EE32488-46CB-403D-8462-2BEF48257B45}
2012-10-11 04:40:27--------d-----w-C:\Users\Kalon LaChevet\AppData\Roaming\RadeonPro
2012-10-11 04:36:45--------d-----w-C:\Program Files (x86)\RadeonPro
2012-10-11 03:46:52--------d-----w-C:\Program Files\ATI
2012-10-11 03:41:50--------d-----w-C:\Program Files (x86)\ATI Technologies
2012-10-10 17:51:56--------d-----w-C:\Users\Kalon LaChevet\AppData\Local\{ED85F21B-16AF-4D37-A30D-BFDE009D2915}
2012-10-10 17:19:58514560----a-w-C:\Windows\SysWow64\qdvd.dll
2012-10-10 17:19:58366592----a-w-C:\Windows\System32\qdvd.dll
2012-10-10 16:09:35220160----a-w-C:\Windows\System32\wintrust.dll
2012-10-10 16:09:35172544----a-w-C:\Windows\SysWow64\wintrust.dll
2012-10-10 16:09:312048----a-w-C:\Windows\SysWow64\tzres.dll
2012-10-10 16:09:312048----a-w-C:\Windows\System32\tzres.dll
2012-10-10 16:09:16715776----a-w-C:\Windows\System32\kerberos.dll
2012-10-10 16:09:16542208----a-w-C:\Windows\SysWow64\kerberos.dll
2012-10-10 16:09:141464320----a-w-C:\Windows\System32\crypt32.dll
2012-10-10 16:09:13184320----a-w-C:\Windows\System32\cryptsvc.dll
2012-10-10 16:09:13140288----a-w-C:\Windows\SysWow64\cryptsvc.dll
2012-10-10 16:09:13140288----a-w-C:\Windows\System32\cryptnet.dll
2012-10-10 16:09:131159680----a-w-C:\Windows\SysWow64\crypt32.dll
2012-10-10 16:09:13103936----a-w-C:\Windows\SysWow64\cryptnet.dll
2012-10-10 05:51:21--------d-----w-C:\Users\Kalon LaChevet\AppData\Local\{A34F6E79-3F75-40F6-ACCF-C9D0664CD985}
2012-10-08 23:39:49--------d-----w-C:\Users\Kalon LaChevet\AppData\Local\{2D10E8B7-60A1-4942-9CAE-7F96734D3621}
2012-10-07 00:34:35--------d-----w-C:\Users\Kalon LaChevet\AppData\Local\{EF76716D-1BCB-43D8-8B6E-A75F7D4EB1BD}
2012-10-07 00:32:57--------d-----w-C:\Users\Kalon LaChevet\AppData\Local\{C465A988-EA6E-482A-BF29-4966383E73AD}
2012-10-06 04:40:47--------d-----w-C:\MicroProse
2012-10-06 04:36:32--------d-----w-C:\Users\Kalon LaChevet\AppData\Local\Apple
2012-10-06 04:31:37--------d-----w-C:\Program Files (x86)\Project1
2012-10-06 04:31:3173216----a-w-C:\Windows\ST6UNST.EXE
2012-10-06 04:31:31286720------w-C:\Windows\Setup1.exe
2012-10-06 04:16:54--------d-----w-C:\ProgramData\AVS4YOU
2012-10-06 04:16:49--------d-----w-C:\Users\Kalon LaChevet\AppData\Roaming\AVS4YOU
2012-10-06 04:16:34--------d-----w-C:\Program Files (x86)\AVS4YOU
2012-10-06 04:15:5411137024----a-w-C:\Windows\SysWow64\libmfxsw32.dll
2012-10-06 04:15:51--------d-----w-C:\Users\Kalon LaChevet\Moviestorm
2012-10-06 04:15:50--------d-----w-C:\Program Files (x86)\Common Files\AVSMedia
2012-10-06 04:15:4724576----a-w-C:\Windows\SysWow64\msxml3a.dll
2012-10-06 04:15:471700352----a-w-C:\Windows\SysWow64\GdiPlus.dll
2012-10-06 04:00:04--------d-----w-C:\Users\Kalon LaChevet\AppData\Local\Apple Computer
2012-10-06 03:57:39--------d-----w-C:\ProgramData\SmartSound Software Inc
2012-10-06 03:57:39--------d-----w-C:\Program Files (x86)\SmartSound Software
2012-10-06 03:56:461409----a-w-C:\Windows\QTFont.for
2012-10-06 03:56:4381920----a-w-C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
2012-10-06 03:56:43368640----a-w-C:\Program Files (x86)\Common Files\InstallShield\UpdateService\_isusres.dll
2012-10-06 03:56:43278528----a-w-C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISDM.exe
2012-10-06 03:56:42--------d-----w-C:\Program Files (x86)\Windows Media Components
2012-10-06 03:56:10618496----a-w-C:\Program Files (x86)\Common Files\InstallShield\UpdateService\agent.exe
2012-10-06 03:56:10--------d-----w-C:\Program Files (x86)\Common Files\Ulead Systems
2012-10-06 03:53:5257344----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2012-10-06 03:53:52237568----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2012-10-06 03:53:52155648----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2012-10-06 03:53:51696320----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2012-10-06 03:53:515632----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2012-10-06 03:53:51282756----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2012-10-06 03:53:51163972----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2012-10-06 02:36:16565760------w-C:\Windows\SysWow64\MSVCP50.DLL
2012-10-05 16:08:43--------d-----w-C:\Users\Kalon LaChevet\AppData\Local\{8854C389-A2ED-4D96-8BE3-5CB254792595}
2012-10-01 20:48:34--------d-----w-C:\Users\Kalon LaChevet\AppData\Local\{C33C2BB0-A385-4E7B-A6B1-811C4B84856F}
2012-10-01 00:44:03--------d-----w-C:\Users\Kalon LaChevet\dwhelper
2012-09-30 23:13:43--------d-----w-C:\Users\Kalon LaChevet\AppData\Local\{DF1A35C3-EB39-4147-8456-EDDFDB1E4C7B}
2012-09-30 15:19:14--------d-----w-C:\Users\Kalon LaChevet\AppData\Local\Vivox
2012-09-30 15:15:472849336----a-r-C:\Users\Kalon LaChevet\AppData\Roaming\Microsoft\Installer\{3BDDFDBC-29CC-4EB7-AA5A-6C6332A1CD38}\Icon_2.exe
2012-09-30 15:15:472849336----a-r-C:\Users\Kalon LaChevet\AppData\Roaming\Microsoft\Installer\{3BDDFDBC-29CC-4EB7-AA5A-6C6332A1CD38}\Icon_1.exe
2012-09-30 15:15:45--------d-----w-C:\Program Files (x86)\Vivox
2012-09-29 17:25:27--------d-----w-C:\Users\Kalon LaChevet\AppData\Local\{4E1FCE6E-4834-411E-BA79-B13EE154C93F}
2012-09-28 22:13:48--------d-----w-C:\Program Files (x86)\Mozilla Maintenance Service
2012-09-28 22:00:00--------d-----w-C:\Users\Kalon LaChevet\AppData\Local\Macromedia
2012-09-28 19:54:08--------d-----w-C:\Users\Kalon LaChevet\AppData\Local\Solid State Networks
2012-09-28 17:34:46--------d-----w-C:\Users\Kalon LaChevet\AppData\Local\{E091ADA8-CF11-4A58-941E-6D75DE6009D9}
2012-09-27 18:52:08--------d-----w-C:\Users\Kalon LaChevet\AppData\Local\{B131CA1C-6F0E-4BA4-82CF-B00465DB63F1}
2012-09-26 16:52:58--------d-----w-C:\Users\Kalon LaChevet\AppData\Local\{33B6BB96-DA33-42B0-A99F-DF1894526ED1}
2012-09-26 12:38:46245760----a-w-C:\Windows\System32\OxpsConverter.exe
2012-09-25 04:24:19--------d-----w-C:\Users\Kalon LaChevet\AppData\Local\{A8EF5697-7F7B-4EDF-BFFD-FEE05ACEDF53}
2012-09-24 00:45:150----a-w-C:\Windows\ativpsrm.bin
2012-09-23 14:49:43--------d-----w-C:\Users\Kalon LaChevet\AppData\Local\{56C703E8-BAF4-4A16-A646-2A115F98811C}
2012-09-21 18:04:44--------d-----w-C:\Users\Kalon LaChevet\AppData\Local\{8CF89748-2D7B-42DB-B003-4154F9C4780E}
2012-09-21 00:32:57--------d-----w-C:\Users\Kalon LaChevet\.swt
2012-09-20 20:36:56--------d-----w-C:\Users\Kalon LaChevet\AppData\Local\{FE848469-1A13-4CBE-AB93-26D5E30C8CAA}
2012-09-19 03:37:50--------d-----w-C:\Users\Kalon LaChevet\AppData\Local\Package Cache
2012-09-19 02:08:51--------d-----w-C:\Users\Kalon LaChevet\AppData\Local\{89968FF9-A450-4DA8-8C45-97844A22A341}
2012-09-17 17:00:37--------d-----w-C:\Users\Kalon LaChevet\AppData\Local\{C82FD0A6-81FB-45D8-9ABD-9D7D6B4C1285}
2012-09-17 04:17:38--------d-----w-C:\Program Files (x86)\DAEMON Tools Lite
2012-09-16 21:09:34--------d-----w-C:\Users\Kalon LaChevet\AppData\Local\{4433F82C-85AB-430F-9B43-761BB54A8EC0}
2012-09-16 08:01:18--------d-----w-C:\Users\Kalon LaChevet\AppData\Local\{426DAECC-850C-4AB9-BD87-D6BDFDEB6E2C}
2012-09-15 20:00:43--------d-----w-C:\Users\Kalon LaChevet\AppData\Local\{8B3DBD35-938E-4E60-9B65-E0CA92485783}
2012-09-12 21:50:25--------d-----w-C:\ProgramData\Blizzard Entertainment
2012-09-12 21:50:25--------d-----w-C:\Program Files (x86)\Common Files\Blizzard Entertainment
2012-09-12 21:45:43--------d-----w-C:\ProgramData\Battle.net
2012-09-12 10:42:47--------d-----w-C:\Users\Kalon LaChevet\AppData\Local\{084BA302-071C-4FDB-A164-494018866BB9}
2012-09-12 01:24:46950128----a-w-C:\Windows\System32\drivers\ndis.sys
2012-09-12 01:24:46574464----a-w-C:\Windows\System32\d3d10level9.dll
2012-09-12 01:24:46490496----a-w-C:\Windows\SysWow64\d3d10level9.dll
2012-09-12 01:24:4641472----a-w-C:\Windows\System32\drivers\RNDISMP.sys
2012-09-12 01:24:45376688----a-w-C:\Windows\System32\drivers\netio.sys
2012-09-12 01:24:45288624----a-w-C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-09-12 01:24:451913200----a-w-C:\Windows\System32\drivers\tcpip.sys
2012-09-11 22:42:13--------d-----w-C:\Users\Kalon LaChevet\AppData\Local\{6432C04D-7189-4292-884C-06502E9EA42A}
2012-09-11 04:31:36--------d-----w-C:\Users\Kalon LaChevet\AppData\Roaming\wargaming.net
2012-09-11 01:05:40--------d-----w-C:\Users\Kalon LaChevet\AppData\Local\{5491180E-EE4E-4CFD-AECD-48FA0354BBA5}
2012-09-10 20:44:01--------d-----w-C:\Users\Kalon LaChevet\AppData\Local\Chromium
2012-09-10 20:43:56--------d-----w-C:\Users\Kalon LaChevet\AppData\Local\CrashRpt
2012-09-10 20:43:56--------d-----w-C:\Users\Kalon LaChevet\AppData\Local\Arktos
2012-09-10 10:22:33--------d-----w-C:\Users\Kalon LaChevet\AppData\Local\{7178D8C5-E85F-4AD3-95ED-BF1685911E42}
2012-09-09 17:07:41--------d-----w-C:\Users\Kalon LaChevet\AppData\Local\{EBA47222-8026-464B-A751-9F85CBBE54DB}
2012-09-08 13:38:15--------d-----w-C:\Users\Kalon LaChevet\AppData\Local\{516DFD0A-7DAF-4CBE-B2CA-F829A9FD71DF}
2012-09-06 16:15:24--------d-----w-C:\Users\Kalon LaChevet\AppData\Local\{9522043F-BBB7-47DF-AAC7-D6922F31FAB2}
2012-09-04 20:27:34--------d-----w-C:\Users\Kalon LaChevet\AppData\Local\{956685E0-363E-4BDA-BADA-6A67A84F980E}
2012-09-04 19:01:21--------d-----w-C:\Users\Kalon LaChevet\AppData\Roaming\PDAppFlex
2012-09-04 18:58:33--------d-----w-C:\Users\Kalon LaChevet\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-09-04 08:26:59--------d-----w-C:\Users\Kalon LaChevet\AppData\Local\{71E120F1-BD2F-4AC4-8042-D75DD2D0DA11}
2012-09-02 02:07:50--------d-----w-C:\Users\Kalon LaChevet\AppData\Local\{C212F9B7-0383-4017-B0BF-B3F39B3850C2}
2012-08-31 02:30:53--------d-----w-C:\Users\Kalon LaChevet\AppData\Local\{2C176AF4-3D92-4E2F-B5B6-E21857436483}
.
==================== Find6M ====================
.
2012-10-23 22:58:17280600----a-w-C:\Windows\SysWow64\PnkBstrB.xtr
2012-10-23 22:58:17280600----a-w-C:\Windows\SysWow64\PnkBstrB.exe
2012-10-23 22:48:06280600----a-w-C:\Windows\SysWow64\PnkBstrB.ex0
2012-10-23 22:07:2776888----a-w-C:\Windows\SysWow64\PnkBstrA.exe
2012-10-09 06:13:0873656----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 06:13:08696760----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-31 18:19:351659760----a-w-C:\Windows\System32\drivers\ntfs.sys
2012-08-30 18:03:455559664----a-w-C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:12:023968880----a-w-C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:023914096----a-w-C:\Windows\SysWow64\ntoskrnl.exe
2012-08-24 10:31:322312704----a-w-C:\Windows\System32\jscript9.dll
2012-08-24 10:21:181392128----a-w-C:\Windows\System32\wininet.dll
2012-08-24 10:20:111494528----a-w-C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45173056----a-w-C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29599040----a-w-C:\Windows\System32\vbscript.dll
2012-08-24 10:09:422382848----a-w-C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:171800704----a-w-C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:271129472----a-w-C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:021427968----a-w-C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26142848----a-w-C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12420864----a-w-C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:582382848----a-w-C:\Windows\SysWow64\mshtml.tlb
2012-08-21 09:13:13969200----a-w-C:\Windows\System32\drivers\aswSnx.sys
2012-08-21 09:13:1271600----a-w-C:\Windows\System32\drivers\aswMonFlt.sys
2012-08-21 09:13:1254072----a-w-C:\Windows\System32\drivers\aswRdr2.sys
2012-08-21 09:12:3341224----a-w-C:\Windows\avastSS.scr
2012-08-20 18:48:44362496----a-w-C:\Windows\System32\wow64win.dll
2012-08-20 18:48:44243200----a-w-C:\Windows\System32\wow64.dll
2012-08-20 18:48:4413312----a-w-C:\Windows\System32\wow64cpu.dll
2012-08-20 18:48:43215040----a-w-C:\Windows\System32\winsrv.dll
2012-08-20 18:48:3716384----a-w-C:\Windows\System32\ntvdm64.dll
2012-08-20 18:48:35424448----a-w-C:\Windows\System32\KernelBase.dll
2012-08-20 18:46:22338432----a-w-C:\Windows\System32\conhost.exe
2012-08-20 17:40:2114336----a-w-C:\Windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:4444032----a-w-C:\Windows\apppatch\acwow64.dll
2012-08-20 17:38:2625600----a-w-C:\Windows\SysWow64\setup16.exe
2012-08-20 17:37:195120----a-w-C:\Windows\SysWow64\wow32.dll
2012-08-20 17:37:18274944----a-w-C:\Windows\SysWow64\KernelBase.dll
2012-08-20 15:38:217680----a-w-C:\Windows\SysWow64\instnm.exe
2012-08-20 15:38:202048----a-w-C:\Windows\SysWow64\user.exe
2012-08-20 15:33:286144---ha-w-C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:284608---ha-w-C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:283584---ha-w-C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:283072---ha-w-C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-07-28 04:09:205538984----a-w-C:\Windows\SysWow64\atiumdag.dll
2012-07-28 04:07:4410278912----a-w-C:\Windows\System32\drivers\atikmdag.sys
2012-07-28 03:43:1270144----a-w-C:\Windows\System32\coinst_8.982.dll
2012-07-28 03:19:3424935424----a-w-C:\Windows\System32\atio6axx.dll
2012-07-28 02:50:1020546560----a-w-C:\Windows\SysWow64\atioglxx.dll
2012-07-28 02:47:40187392----a-w-C:\Windows\System32\clinfo.exe
2012-07-28 02:47:2475776----a-w-C:\Windows\System32\OpenVideo64.dll
2012-07-28 02:47:1665024----a-w-C:\Windows\SysWow64\OpenVideo.dll
2012-07-28 02:47:1063488----a-w-C:\Windows\System32\OVDecode64.dll
2012-07-28 02:47:0656320----a-w-C:\Windows\SysWow64\OVDecode.dll
2012-07-28 02:46:5616464896----a-w-C:\Windows\System32\amdocl64.dll
2012-07-28 02:46:0613013504----a-w-C:\Windows\SysWow64\amdocl.dll
2012-07-28 02:15:50163840----a-w-C:\Windows\System32\atiapfxx.exe
2012-07-28 02:15:42931328----a-w-C:\Windows\SysWow64\aticfx32.dll
2012-07-28 02:13:561100288----a-w-C:\Windows\System32\aticfx64.dll
2012-07-28 02:10:40442368----a-w-C:\Windows\System32\ATIDEMGX.dll
2012-07-28 02:10:34534528----a-w-C:\Windows\System32\atieclxx.exe
2012-07-28 02:09:44239616----a-w-C:\Windows\System32\atiesrxx.exe
2012-07-28 02:08:20120320----a-w-C:\Windows\System32\atitmm64.dll
2012-07-28 02:08:0421504----a-w-C:\Windows\System32\atimuixx.dll
2012-07-28 02:07:5859392----a-w-C:\Windows\System32\atiedu64.dll
2012-07-28 02:07:5243520----a-w-C:\Windows\SysWow64\ati2edxx.dll
2012-07-28 02:07:106430208----a-w-C:\Windows\SysWow64\atidxx32.dll
2012-07-28 01:51:127052288----a-w-C:\Windows\System32\atidxx64.dll
2012-07-28 01:41:324266496----a-w-C:\Windows\System32\atiumd6a.dll
2012-07-28 01:35:1051200----a-w-C:\Windows\System32\aticalrt64.dll
2012-07-28 01:35:0846080----a-w-C:\Windows\SysWow64\aticalrt.dll
2012-07-28 01:35:0244544----a-w-C:\Windows\System32\aticalcl64.dll
2012-07-28 01:35:0044032----a-w-C:\Windows\SysWow64\aticalcl.dll
2012-07-28 01:34:4816034304----a-w-C:\Windows\System32\aticaldd64.dll
2012-07-28 01:32:324751872----a-w-C:\Windows\SysWow64\atiumdva.dll
2012-07-28 01:30:1013605888----a-w-C:\Windows\SysWow64\aticaldd.dll
2012-07-28 01:25:526676480----a-w-C:\Windows\System32\atiumd64.dll
2012-07-28 01:15:32540160----a-w-C:\Windows\System32\atiadlxx.dll
2012-07-28 01:15:22368640----a-w-C:\Windows\SysWow64\atiadlxy.dll
2012-07-28 01:15:1217920----a-w-C:\Windows\System32\atig6pxx.dll
2012-07-28 01:15:0814848----a-w-C:\Windows\SysWow64\atiglpxx.dll
2012-07-28 01:15:0814848----a-w-C:\Windows\System32\atiglpxx.dll
2012-07-28 01:15:0441984----a-w-C:\Windows\System32\atig6txx.dll
2012-07-28 01:14:5633280----a-w-C:\Windows\SysWow64\atigktxx.dll
2012-07-28 01:14:46368640----a-w-C:\Windows\System32\drivers\atikmpag.sys
2012-07-28 01:13:54129536----a-w-C:\Windows\System32\atiuxp64.dll
2012-07-28 01:13:48109568----a-w-C:\Windows\SysWow64\atiuxpag.dll
2012-07-28 01:13:40103936----a-w-C:\Windows\System32\atiu9p64.dll
2012-07-28 01:13:3283456----a-w-C:\Windows\SysWow64\atiu9pag.dll
2012-07-28 01:12:5453248----a-w-C:\Windows\System32\drivers\ati2erec.dll
2012-07-28 01:08:4256320----a-w-C:\Windows\System32\atimpc64.dll
2012-07-28 01:08:4256320----a-w-C:\Windows\System32\amdpcom64.dll
2012-07-28 01:08:3656832----a-w-C:\Windows\SysWow64\atimpc32.dll
2012-07-28 01:08:3656832----a-w-C:\Windows\SysWow64\amdpcom32.dll
2012-07-18 18:15:063148800----a-w-C:\Windows\System32\win32k.sys
2012-07-08 22:33:363360624----a-w-C:\Windows\SysWow64\pbsvc.exe
2012-07-08 21:51:16466456----a-w-C:\Windows\System32\wrap_oal.dll
2012-07-08 21:51:16444952----a-w-C:\Windows\SysWow64\wrap_oal.dll
2012-07-08 21:51:16122904----a-w-C:\Windows\System32\OpenAL32.dll
2012-07-08 21:51:16109080----a-w-C:\Windows\SysWow64\OpenAL32.dll
.
============= FINISH: 21:19:45.52 ===============

 

[Koniving]

Attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-19.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/16/2011 2:38:22 PM
System Uptime: 10/29/2012 9:00:42 PM (0 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | GA-970A-D3
Processor: AMD Phenom(tm) II X4 975 Processor | Socket M2 | 3600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 60 GiB total, 7.335 GiB free.
D: is FIXED (NTFS) - 932 GiB total, 55.842 GiB free.
E: is FIXED (NTFS) - 931 GiB total, 92.325 GiB free.
F: is FIXED (NTFS) - 466 GiB total, 249.844 GiB free.
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP338: 10/29/2012 8:17:56 PM - Device Driver Package Install: DT Soft Ltd System devices
RP339: 10/29/2012 9:05:32 PM - Device Driver Package Install: DT Soft Ltd System devices
.
==== Installed Programs ======================
.
7-Zip 9.20 (x64 edition)
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe After Effects CS5.5
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Download Assistant
Adobe ExtendScript Toolkit 2
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Help Manager
Adobe Help Viewer CS3
Adobe Illustrator CS5.1
Adobe Illustrator CS6
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop CS6
Adobe Reader X (10.1.4)
Adobe Setup
Adobe Shockwave Player 11.6
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Alan Wake
Alan Wake's American Nightmare
AlternativA
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Fuel
AMD Media Foundation Decoders
AMD Steady Video Plug-In
AMD VISION Engine Control Center
America's Army 3
Apple Application Support
Apple Software Update
Application Profiles
ARMA 2
ARMA 2: British Armed Forces
ARMA 2: British Armed Forces - Data cache removal
ARMA 2: Operation Arrowhead
ARMA 2: Private Military Company
ARMA 2: Private Military Company - Data cache removal
ARMA: Combat Operations
Audacity 2.0.2
avast! Free Antivirus
AVS Screen Capture version 2.0.1
AVS Update Manager 1.0
AVS Video Editor 6
AVS Video Recorder 2.5
AVS4YOU Software Navigator 1.4
Bandisoft MPEG-1 Decoder
Battlefield 1942
Battlefield 1942: Secret Weapons of WWII
Battlefield 1942: The Road To Rome
Battlefield 2
Battlefield 2142 Deluxe Edition
Battlefield 3™
Battlefield Play4Free
BattlEye for OA Uninstall
BitTorrent
BOSS
Bridge Commander MW
C3
Call of Duty: Modern Warfare 2 - Multiplayer
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Combat Arms
Convergence
Corel PaintShop Pro X4
Counter-Strike: Global Offensive Beta
Counter-Strike: Source
CPUID CPU-Z 1.59
Creation Kit
Crysis
Crysis Warhead
Crysis Wars
D3DX10
DAEMON Tools Lite
DayZ Commander
Dead Island
Deep Space Nine The Fallen
Diner Dash™
District 187
Dungeons & Dragons Online®
EA Shared Game Component: Activation
EAX(tm) Unified (SHELL)
Endless Space
ESN Sonar
Etron USB3.0 Host Controller
EverQuest II
Exporter DG Demo
FaceGen Modeller 3.5 Free
Fallen Earth
Fallout 3
Fallout New Vegas
Far Cry
FINAL FANTASY VIII
FINAL FANTASY XI: Ultimate Collection - Abyssea Edition
Fraps (remove only)
Free Studio version 5.7.4.918
Frozen Synapse - Demo
GameSpy Arcade
GameSpy Comrade
Google Chrome
Google Talk Plugin
Grand Theft Auto IV
Grand Theft Auto: Episodes from Liberty City
Harbinger
Hawken
Hewlett-Packard ACLM.NET v1.1.0.0
High-Definition Video Playback 10
HP Deskjet 2050 J510 series Basic Device Software
HP Deskjet 2050 J510 series Help
HP Photo Creations
HP Product Detection
HP Update
HydraVision
ICA
IPM_PSP_COM
IrfanView (remove only)
J2SE Runtime Environment 5.0
Java Auto Updater
Java(TM) 6 Update 31
K-Lite Codec Pack 7.6.0 (Basic)
Left 4 Dead
Left 4 Dead 2
Malwarebytes Anti-Malware version 1.65.1.1000
Mass Effect 2
Mass Effect™ 3
Mech 3 Sound Browser
MechWarrior Online
Medal of Honor™ Warfighter
Media Player Classic - Home Cinema v1.5.2.3456 x64
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft MechCommander 2
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 3.1
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Microsoft_VC90_MFCLOC_x86
MicroVolts
MorphVOX Junior
Moviestorm
Mozilla Firefox 16.0.2 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB973688)
MTX
MTXExtractor
Nero 10 ClipartPack
Nero 10 Menu TemplatePack 1
Nero 10 Menu TemplatePack 2
Nero 10 Menu TemplatePack 3
Nero 10 Menu TemplatePack Basic
Nero 10 Movie ThemePack 1
Nero 10 Movie ThemePack 2
Nero 10 Movie ThemePack Basic
Nero 10 Sample ImagePack
Nero 10 Sample Videos
Nero BackItUp 10
Nero BackItUp 10 Help (CHM)
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero Core Components 10
Nero CoverDesigner 10
Nero CoverDesigner 10 Help (CHM)
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Dolby Files 10
Nero Express 10
Nero Express 10 Help (CHM)
Nero InfoTool 10
Nero InfoTool 10 Help (CHM)
Nero MediaHub 10
Nero MediaHub 10 Help (CHM)
Nero Multimedia Suite 10
Nero Recode 10
Nero Recode 10 Help (CHM)
Nero RescueAgent 10
Nero RescueAgent 10 Help (CHM)
Nero SoundTrax 10
Nero SoundTrax 10 Help (CHM)
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
Nero Vision 10
Nero Vision 10 Help (CHM)
Nero WaveEditor 10
Nero WaveEditor 10 Help (CHM)
Nexon Game Manager
Nexus Mod Manager
Notepad++
NVIDIA PhysX
OpenAL
OpenOffice.org 3.4
Operation Flashpoint: Red River
Origin
Pando Media Booster
Pandora Saga: Weapons of Balance
PCSX2 - Playstation 2 Emulator
PDF Settings
PDF Settings CS5
PDF Settings CS6
Pidgin
PSPPContent
PSPPHelp
PSPPro64
PunkBuster for Battlefield 1942
PunkBuster Services
QuickTime
RadeonPro 1.0 (Build 1.1.0.6)
Realtek Ethernet Controller Driver
Realtek HDMI Audio Driver for ATI
Realtek High Definition Audio Driver
Resident Evil 5
Resident Evil: Operation Raccoon City
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Setup
Silent Hill Homecoming
Singularity (remove only)
SingularityViewer (remove only)
Six Updater
Skype™ 5.10
SmartSound Quicktracks Plugin
Source Filmmaker
SpeedFan (remove only)
Spybot - Search & Destroy
Starsiege Complete
Steam
SuddenAttack
swMSM
TARS
Team Fortress 2
TeamSpeak 3 Client
TeamViewer 7
The Elder Scrolls IV: Oblivion
The Elder Scrolls V: Skyrim
The War Z version alpha
Tom Clancy's Rainbow Six: Lockdown
Tom Clancy's Rainbow Six: Vegas
TP-LINK Wireless Client Utility
TuneUp Utilities 2012
TuneUp Utilities Language Pack (en-US)
Ubisoft Game Launcher
Ulead VideoStudio 10
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
VC80CRTRedist - 8.0.50727.6195
VitalSource Bookshelf
War Inc Battlezone version 1.0.0
WinAce Archiver
Winamp
Winamp Detector Plug-in
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Wings 3D 1.4.1
WinZip 15.5
WordWeb
World of Tanks
World of Warcraft
Wrye Bash
XBMC
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
48084051 cdrom
10/29/2012 9:00:59 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
10/29/2012 9:00:57 PM, Error: Service Control Manager [7000] - The AODDriver4.1 service failed to start due to the following error: The system cannot find the file specified.
10/29/2012 9:00:03 PM, Error: Service Control Manager [7034] - The AMD FUEL Service service terminated unexpectedly. It has done this 1 time(s).
10/29/2012 8:15:49 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load:
10/29/2012 8:15:42 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147014847
10/29/2012 7:54:57 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
10/29/2012 7:53:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
10/29/2012 7:53:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
10/29/2012 7:53:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/29/2012 7:53:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
10/29/2012 7:53:04 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi cdrom DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr sptd tdx vwififlt Wanarpv6 WfpLwf
10/29/2012 7:53:04 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/29/2012 7:53:04 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/29/2012 7:53:04 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
10/29/2012 7:53:04 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/29/2012 7:53:04 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/29/2012 7:53:04 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
10/29/2012 7:53:04 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/29/2012 7:53:04 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/29/2012 7:53:04 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/29/2012 7:53:04 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/29/2012 7:52:54 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
10/29/2012 7:03:04 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070422'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
10/29/2012 6:40:22 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
10/29/2012 6:40:22 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.
10/29/2012 6:40:22 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.
10/29/2012 6:40:13 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Network Store Interface Service service, but this action failed with the following error: An instance of the service is already running.
10/29/2012 6:39:50 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DHCP Client service, but this action failed with the following error: An instance of the service is already running.
10/29/2012 6:38:57 PM, Error: Service Control Manager [7034] - The ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## service terminated unexpectedly. It has done this 1 time(s).
10/29/2012 6:38:50 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the HomeGroup Provider service, but this action failed with the following error: An instance of the service is already running.
10/29/2012 6:38:47 PM, Error: Service Control Manager [7034] - The Ulead Burning Helper service terminated unexpectedly. It has done this 1 time(s).
10/29/2012 6:38:26 PM, Error: Service Control Manager [7031] - The Windows Defender service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/29/2012 6:38:22 PM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).
10/29/2012 6:38:22 PM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/29/2012 6:38:22 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/29/2012 6:38:22 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/29/2012 6:38:22 PM, Error: Service Control Manager [7031] - The TuneUp Theme Extension service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/29/2012 6:38:22 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/29/2012 6:38:22 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/29/2012 6:38:22 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/29/2012 6:38:22 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/29/2012 6:38:22 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/29/2012 6:38:22 PM, Error: Service Control Manager [7031] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/29/2012 6:38:22 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/29/2012 6:38:22 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/29/2012 6:38:22 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/29/2012 6:38:22 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/29/2012 6:38:22 PM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/29/2012 6:38:22 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/29/2012 6:38:13 PM, Error: Service Control Manager [7034] - The Function Discovery Provider Host service terminated unexpectedly. It has done this 1 time(s).
10/29/2012 6:38:13 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Network List Service service, but this action failed with the following error: An instance of the service is already running.
10/29/2012 6:38:13 PM, Error: Service Control Manager [7031] - The WinHTTP Web Proxy Auto-Discovery Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
10/29/2012 6:38:13 PM, Error: Service Control Manager [7031] - The Secure Socket Tunneling Protocol Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/29/2012 6:38:13 PM, Error: Service Control Manager [7031] - The Network Store Interface Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/29/2012 6:38:13 PM, Error: Service Control Manager [7031] - The Network List Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
10/29/2012 6:38:13 PM, Error: Service Control Manager [7031] - The COM+ Event System service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
10/29/2012 6:38:08 PM, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
10/29/2012 6:38:08 PM, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
10/29/2012 6:37:58 PM, Error: Service Control Manager [7031] - The Windows Firewall service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/29/2012 6:37:58 PM, Error: Service Control Manager [7031] - The Diagnostic Policy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/29/2012 6:37:58 PM, Error: Service Control Manager [7031] - The Base Filtering Engine service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/29/2012 6:37:54 PM, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/29/2012 6:37:54 PM, Error: Service Control Manager [7031] - The Telephony service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/29/2012 6:37:54 PM, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
10/29/2012 6:37:54 PM, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/29/2012 6:37:54 PM, Error: Service Control Manager [7031] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/29/2012 6:37:50 PM, Error: Service Control Manager [7031] - The Windows Event Log service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/29/2012 6:37:50 PM, Error: Service Control Manager [7031] - The Windows Audio service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/29/2012 6:37:50 PM, Error: Service Control Manager [7031] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
10/29/2012 6:37:50 PM, Error: Service Control Manager [7031] - The Security Center service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/29/2012 6:37:50 PM, Error: Service Control Manager [7031] - The HomeGroup Provider service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/29/2012 6:37:50 PM, Error: Service Control Manager [7031] - The DHCP Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/29/2012 11:05:56 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
10/28/2012 12:59:35 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {5EF1CF5D-87A9-434B-8786-2A08E1C30F6C} and APPID {51F2A986-73E1-4C23-85F2-690C7828CC11} to the user KalonLaChevet\Kalon LaChevet SID (S-1-5-21-3037209755-3096288702-2822592213-1002) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
10/26/2012 12:20:48 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
10/26/2012 11:16:35 AM, Error: Service Control Manager [7001] - The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
10/23/2012 10:55:19 AM, Error: volmgr [46] - Crash dump initialization failed!
10/22/2012 1:16:01 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR3.
.
==== End Of File ===========================

 

[Koniving]

I have run these programs a few times; systematically going from avast, to mbam, to checking google and following some of the steps on here. It seemed as if I had solved it.

It stopped randomly trying to pull up sites. It is behaving much better, but the svchost.exe file wound up reappearing in c:\windows after a third check and restart when I thought I finally had it all over and done with.

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

============================================

Download TDSSKiller and save it to your desktop.

• Extract (unzip) its contents to your desktop.
• Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

 

[Koniving]

11:09:04.0494 2884 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
11:09:04.0882 2884 ============================================================
11:09:04.0882 2884 Current date / time: 2012/10/31 11:09:04.0882
11:09:04.0882 2884 SystemInfo:
11:09:04.0882 2884
11:09:04.0882 2884 OS Version: 6.1.7601 ServicePack: 1.0
11:09:04.0882 2884 Product type: Workstation
11:09:04.0882 2884 ComputerName: KALONLACHEVET
11:09:04.0882 2884 UserName: Kalon LaChevet
11:09:04.0882 2884 Windows directory: C:\Windows
11:09:04.0882 2884 System windows directory: C:\Windows
11:09:04.0882 2884 Running under WOW64
11:09:04.0882 2884 Processor architecture: Intel x64
11:09:04.0882 2884 Number of processors: 4
11:09:04.0882 2884 Page size: 0x1000
11:09:04.0882 2884 Boot type: Normal boot
11:09:04.0882 2884 ============================================================
11:09:11.0131 2884 Drive \Device\Harddisk0\DR0 - Size: 0xEE8156000 (59.63 Gb), SectorSize: 0x200, Cylinders: 0x204E, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
11:09:11.0147 2884 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:09:11.0161 2884 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:09:11.0171 2884 Drive \Device\Harddisk3\DR3 - Size: 0xE8E0DB5A00 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:09:14.0262 2884 ============================================================
11:09:14.0262 2884 \Device\Harddisk0\DR0:
11:09:14.0754 2884 MBR partitions:
11:09:14.0754 2884 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
11:09:14.0754 2884 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x770D800
11:09:14.0754 2884 \Device\Harddisk1\DR1:
11:09:14.0764 2884 MBR partitions:
11:09:14.0765 2884 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
11:09:14.0765 2884 \Device\Harddisk2\DR2:
11:09:14.0770 2884 GPT partitions:
11:09:14.0770 2884 \Device\Harddisk2\DR2\Partition1: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {C8161971-98B0-4AA1-A762-E879FF758AB1}, Name: Microsoft reserved partition, StartLBA 0x22, BlocksNum 0x40000
11:09:14.0770 2884 \Device\Harddisk2\DR2\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {7F3D8BC6-24B0-4296-BC2C-A7123D1D0BBB}, Name: Basic data partition, StartLBA 0x40800, BlocksNum 0x746C6000
11:09:14.0770 2884 MBR partitions:
11:09:14.0770 2884 \Device\Harddisk3\DR3:
11:09:14.0775 2884 MBR partitions:
11:09:14.0775 2884 \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705DAD
11:09:14.0775 2884 ============================================================
11:09:14.0777 2884 C: <-> \Device\Harddisk0\DR0\Partition2
11:09:14.0810 2884 E: <-> \Device\Harddisk2\DR2\Partition2
11:09:14.0819 2884 F: <-> \Device\Harddisk1\DR1\Partition1
11:09:14.0896 2884 D: <-> \Device\Harddisk3\DR3\Partition1
11:09:14.0896 2884 ============================================================
11:09:14.0896 2884 Initialize success
11:09:14.0896 2884 ============================================================
11:09:23.0272 4568 ============================================================
11:09:23.0272 4568 Scan started
11:09:23.0272 4568 Mode: Manual;
11:09:23.0272 4568 ============================================================
11:09:23.0890 4568 ================ Scan system memory ========================
11:09:23.0890 4568 System memory - ok
11:09:23.0890 4568 ================ Scan services =============================
11:09:23.0927 4568 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
11:09:23.0930 4568 1394ohci - ok
11:09:23.0936 4568 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
11:09:23.0939 4568 ACPI - ok
11:09:23.0942 4568 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
11:09:23.0944 4568 AcpiPmi - ok
11:09:23.0951 4568 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:09:23.0952 4568 AdobeARMservice - ok
11:09:23.0975 4568 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:09:23.0977 4568 AdobeFlashPlayerUpdateSvc - ok
11:09:23.0984 4568 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
11:09:23.0988 4568 adp94xx - ok
11:09:23.0995 4568 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
11:09:23.0999 4568 adpahci - ok
11:09:24.0003 4568 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
11:09:24.0006 4568 adpu320 - ok
11:09:24.0010 4568 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
11:09:24.0011 4568 AeLookupSvc - ok
11:09:24.0019 4568 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
11:09:24.0023 4568 AFD - ok
11:09:24.0027 4568 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
11:09:24.0028 4568 agp440 - ok
11:09:24.0031 4568 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
11:09:24.0033 4568 ALG - ok
11:09:24.0035 4568 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
11:09:24.0037 4568 aliide - ok
11:09:24.0042 4568 [ B3B263B419FC9E7B1D41E61FDAE45BD9 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
11:09:24.0044 4568 AMD External Events Utility - ok
11:09:24.0048 4568 AMD FUEL Service - ok
11:09:24.0051 4568 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
11:09:24.0051 4568 amdide - ok
11:09:24.0054 4568 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
11:09:24.0055 4568 amdiox64 - ok
11:09:24.0058 4568 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
11:09:24.0060 4568 AmdK8 - ok
11:09:24.0145 4568 [ 9A6E9363F7A5E5A06629D9DDC76EE6B5 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
11:09:24.0226 4568 amdkmdag - ok
11:09:24.0234 4568 [ 957A4C13E1981B1701E600EF1E823C68 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
11:09:24.0236 4568 amdkmdap - ok
11:09:24.0239 4568 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
11:09:24.0240 4568 AmdPPM - ok
11:09:24.0243 4568 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
11:09:24.0245 4568 amdsata - ok
11:09:24.0250 4568 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
11:09:24.0252 4568 amdsbs - ok
11:09:24.0255 4568 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
11:09:24.0255 4568 amdxata - ok
11:09:24.0258 4568 [ 5B25D1A753CC3A3EDB909BB759AC1098 ] AODDriver4.01 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
11:09:24.0259 4568 AODDriver4.01 - ok
11:09:24.0261 4568 [ 5B25D1A753CC3A3EDB909BB759AC1098 ] AODDriver4.1 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
11:09:24.0262 4568 AODDriver4.1 - ok
11:09:24.0265 4568 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
11:09:24.0267 4568 AppID - ok
11:09:24.0269 4568 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
11:09:24.0270 4568 AppIDSvc - ok
11:09:24.0274 4568 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
11:09:24.0275 4568 Appinfo - ok
11:09:24.0279 4568 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
11:09:24.0281 4568 arc - ok
11:09:24.0284 4568 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
11:09:24.0286 4568 arcsas - ok
11:09:24.0295 4568 [ FF9DAEF5CCDB6082C30CE151B768EA28 ] arusb_win7x C:\Windows\system32\DRIVERS\arusb_win7x.sys
11:09:24.0302 4568 arusb_win7x - ok
11:09:24.0317 4568 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
11:09:24.0319 4568 aspnet_state - ok
11:09:24.0322 4568 [ 55142B4F7A7E4C9C151C6000A6BF7809 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
11:09:24.0323 4568 aswFsBlk - ok
11:09:24.0326 4568 [ AA9FDE3D630160B47DAB21BF8250111C ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
11:09:24.0327 4568 aswMonFlt - ok
11:09:24.0330 4568 [ 2A6675C24DF5159A9506CD13ECE5ABE9 ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
11:09:24.0330 4568 aswRdr - ok
11:09:24.0343 4568 [ 4E38475BDB51A867CCBA7D5DF7FDFC0C ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
11:09:24.0347 4568 aswSnx - ok
11:09:24.0354 4568 [ 9A49D80D65451AF22913AEF772CC3DA9 ] aswSP C:\Windows\system32\drivers\aswSP.sys
11:09:24.0356 4568 aswSP - ok
11:09:24.0359 4568 [ C3EC420451AC5300A22190AE38418FBA ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
11:09:24.0360 4568 aswTdi - ok
11:09:24.0363 4568 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
11:09:24.0364 4568 AsyncMac - ok
11:09:24.0366 4568 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
11:09:24.0367 4568 atapi - ok
11:09:24.0377 4568 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:09:24.0383 4568 AudioEndpointBuilder - ok
11:09:24.0391 4568 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
11:09:24.0394 4568 AudioSrv - ok
11:09:24.0400 4568 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
11:09:24.0401 4568 avast! Antivirus - ok
11:09:24.0405 4568 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
11:09:24.0406 4568 AxInstSV - ok
11:09:24.0413 4568 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
11:09:24.0418 4568 b06bdrv - ok
11:09:24.0424 4568 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
11:09:24.0427 4568 b57nd60a - ok
11:09:24.0432 4568 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
11:09:24.0434 4568 BDESVC - ok
11:09:24.0437 4568 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
11:09:24.0437 4568 Beep - ok
11:09:24.0446 4568 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
11:09:24.0453 4568 BFE - ok
11:09:24.0463 4568 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
11:09:24.0472 4568 BITS - ok
11:09:24.0476 4568 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
11:09:24.0477 4568 blbdrive - ok
11:09:24.0480 4568 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
11:09:24.0481 4568 bowser - ok
11:09:24.0484 4568 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
11:09:24.0485 4568 BrFiltLo - ok
11:09:24.0487 4568 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
11:09:24.0488 4568 BrFiltUp - ok
11:09:24.0492 4568 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
11:09:24.0493 4568 BridgeMP - ok
11:09:24.0497 4568 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
11:09:24.0500 4568 Browser - ok
11:09:24.0505 4568 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
11:09:24.0508 4568 Brserid - ok
11:09:24.0512 4568 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
11:09:24.0513 4568 BrSerWdm - ok
11:09:24.0516 4568 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
11:09:24.0517 4568 BrUsbMdm - ok
11:09:24.0519 4568 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
11:09:24.0520 4568 BrUsbSer - ok
11:09:24.0524 4568 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
11:09:24.0525 4568 BTHMODEM - ok
11:09:24.0530 4568 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
11:09:24.0531 4568 bthserv - ok
11:09:24.0535 4568 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
11:09:24.0536 4568 cdfs - ok
11:09:24.0540 4568 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
11:09:24.0542 4568 cdrom - ok
11:09:24.0546 4568 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
11:09:24.0547 4568 CertPropSvc - ok
11:09:24.0550 4568 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
11:09:24.0551 4568 circlass - ok
11:09:24.0559 4568 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
11:09:24.0563 4568 CLFS - ok
11:09:24.0570 4568 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:09:24.0572 4568 clr_optimization_v2.0.50727_32 - ok
11:09:24.0578 4568 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:09:24.0580 4568 clr_optimization_v2.0.50727_64 - ok
11:09:24.0591 4568 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:09:24.0597 4568 clr_optimization_v4.0.30319_32 - ok
11:09:24.0601 4568 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:09:24.0604 4568 clr_optimization_v4.0.30319_64 - ok
11:09:24.0607 4568 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
11:09:24.0609 4568 CmBatt - ok
11:09:24.0611 4568 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
11:09:24.0612 4568 cmdide - ok
11:09:24.0619 4568 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
11:09:24.0623 4568 CNG - ok
11:09:24.0626 4568 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
11:09:24.0627 4568 Compbatt - ok
11:09:24.0631 4568 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
11:09:24.0632 4568 CompositeBus - ok
11:09:24.0634 4568 COMSysApp - ok
11:09:24.0638 4568 [ C08063F052308B6F5882482615387F30 ] cpuz135 C:\Windows\system32\drivers\cpuz135_x64.sys
11:09:24.0638 4568 cpuz135 - ok
11:09:24.0641 4568 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
11:09:24.0642 4568 crcdisk - ok
11:09:24.0647 4568 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
11:09:24.0650 4568 CryptSvc - ok
11:09:24.0658 4568 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
11:09:24.0665 4568 DcomLaunch - ok
11:09:24.0671 4568 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
11:09:24.0675 4568 defragsvc - ok
11:09:24.0678 4568 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
11:09:24.0680 4568 DfsC - ok
11:09:24.0685 4568 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
11:09:24.0689 4568 Dhcp - ok
11:09:24.0692 4568 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
11:09:24.0693 4568 discache - ok
11:09:24.0696 4568 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
11:09:24.0697 4568 Disk - ok
11:09:24.0702 4568 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
11:09:24.0705 4568 Dnscache - ok
11:09:24.0710 4568 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
11:09:24.0713 4568 dot3svc - ok
11:09:24.0718 4568 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
11:09:24.0721 4568 DPS - ok
11:09:24.0724 4568 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
11:09:24.0725 4568 drmkaud - ok
11:09:24.0731 4568 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
11:09:24.0732 4568 dtsoftbus01 - ok
11:09:24.0743 4568 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
11:09:24.0747 4568 DXGKrnl - ok
11:09:24.0750 4568 EagleX64 - ok
11:09:24.0754 4568 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
11:09:24.0756 4568 EapHost - ok
11:09:24.0786 4568 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
11:09:24.0812 4568 ebdrv - ok
11:09:24.0816 4568 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
11:09:24.0818 4568 EFS - ok
11:09:24.0827 4568 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
11:09:24.0830 4568 ehRecvr - ok
11:09:24.0834 4568 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
11:09:24.0834 4568 ehSched - ok
11:09:24.0842 4568 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
11:09:24.0847 4568 elxstor - ok
11:09:24.0850 4568 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
11:09:24.0851 4568 ErrDev - ok
11:09:24.0856 4568 [ DB6AEC32FAF5BD002D9ED6C38692D42B ] EtronHub3 C:\Windows\system32\Drivers\EtronHub3.sys
11:09:24.0857 4568 EtronHub3 - ok
11:09:24.0860 4568 [ 9CC2F24274741E12F9DF92125EA6D6D8 ] EtronXHCI C:\Windows\system32\Drivers\EtronXHCI.sys
11:09:24.0862 4568 EtronXHCI - ok
11:09:24.0869 4568 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
11:09:24.0874 4568 EventSystem - ok
11:09:24.0878 4568 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
11:09:24.0881 4568 exfat - ok
11:09:24.0886 4568 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
11:09:24.0888 4568 fastfat - ok
11:09:24.0897 4568 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
11:09:24.0903 4568 Fax - ok
11:09:24.0906 4568 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
11:09:24.0908 4568 fdc - ok
11:09:24.0910 4568 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
11:09:24.0912 4568 fdPHost - ok
11:09:24.0914 4568 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
11:09:24.0916 4568 FDResPub - ok
11:09:24.0919 4568 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
11:09:24.0920 4568 FileInfo - ok
11:09:24.0923 4568 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
11:09:24.0924 4568 Filetrace - ok
11:09:24.0926 4568 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
11:09:24.0927 4568 flpydisk - ok
11:09:24.0933 4568 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
11:09:24.0936 4568 FltMgr - ok
11:09:24.0948 4568 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
11:09:24.0959 4568 FontCache - ok
11:09:24.0963 4568 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:09:24.0964 4568 FontCache3.0.0.0 - ok
11:09:24.0966 4568 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
11:09:24.0968 4568 FsDepends - ok
11:09:24.0971 4568 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
11:09:24.0971 4568 Fs_Rec - ok
11:09:24.0976 4568 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
11:09:24.0978 4568 fvevol - ok
11:09:24.0982 4568 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
11:09:24.0983 4568 gagp30kx - ok
11:09:24.0985 4568 gdrv - ok
11:09:24.0999 4568 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
11:09:25.0006 4568 gpsvc - ok
11:09:25.0009 4568 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
11:09:25.0010 4568 hcw85cir - ok
11:09:25.0016 4568 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:09:25.0021 4568 HdAudAddService - ok
11:09:25.0024 4568 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
11:09:25.0026 4568 HDAudBus - ok
11:09:25.0029 4568 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
11:09:25.0030 4568 HidBatt - ok
11:09:25.0033 4568 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
11:09:25.0035 4568 HidBth - ok
11:09:25.0038 4568 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
11:09:25.0040 4568 HidIr - ok
11:09:25.0043 4568 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
11:09:25.0045 4568 hidserv - ok
11:09:25.0048 4568 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
11:09:25.0048 4568 HidUsb - ok
11:09:25.0052 4568 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
11:09:25.0054 4568 hkmsvc - ok
11:09:25.0059 4568 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:09:25.0063 4568 HomeGroupListener - ok
11:09:25.0068 4568 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:09:25.0070 4568 HomeGroupProvider - ok
11:09:25.0074 4568 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
11:09:25.0075 4568 HpSAMD - ok
11:09:25.0084 4568 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
11:09:25.0091 4568 HTTP - ok
11:09:25.0094 4568 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
11:09:25.0094 4568 hwpolicy - ok
11:09:25.0098 4568 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
11:09:25.0099 4568 i8042prt - ok
11:09:25.0105 4568 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
11:09:25.0110 4568 iaStorV - ok
11:09:25.0120 4568 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:09:25.0124 4568 idsvc - ok
11:09:25.0128 4568 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
11:09:25.0129 4568 iirsp - ok
11:09:25.0139 4568 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
11:09:25.0147 4568 IKEEXT - ok
11:09:25.0176 4568 [ 4BBB5A55EEB5EC11B20FCBB4CBB49357 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
11:09:25.0188 4568 IntcAzAudAddService - ok
11:09:25.0191 4568 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
11:09:25.0192 4568 intelide - ok
11:09:25.0196 4568 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
11:09:25.0197 4568 intelppm - ok
11:09:25.0200 4568 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
11:09:25.0202 4568 IPBusEnum - ok
11:09:25.0205 4568 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:09:25.0207 4568 IpFilterDriver - ok
11:09:25.0214 4568 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
11:09:25.0220 4568 iphlpsvc - ok
11:09:25.0224 4568 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
11:09:25.0225 4568 IPMIDRV - ok
11:09:25.0229 4568 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
11:09:25.0230 4568 IPNAT - ok
11:09:25.0233 4568 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
11:09:25.0234 4568 IRENUM - ok
11:09:25.0237 4568 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
11:09:25.0238 4568 isapnp - ok
11:09:25.0243 4568 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
11:09:25.0247 4568 iScsiPrt - ok
11:09:25.0250 4568 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
11:09:25.0251 4568 kbdclass - ok
11:09:25.0253 4568 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
11:09:25.0254 4568 kbdhid - ok
11:09:25.0257 4568 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
11:09:25.0258 4568 KeyIso - ok
11:09:25.0262 4568 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
11:09:25.0263 4568 KSecDD - ok
11:09:25.0267 4568 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
11:09:25.0269 4568 KSecPkg - ok
11:09:25.0272 4568 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
11:09:25.0273 4568 ksthunk - ok
11:09:25.0279 4568 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
11:09:25.0284 4568 KtmRm - ok
11:09:25.0289 4568 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
11:09:25.0294 4568 LanmanServer - ok
11:09:25.0297 4568 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:09:25.0301 4568 LanmanWorkstation - ok
11:09:25.0305 4568 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
11:09:25.0306 4568 lltdio - ok
11:09:25.0312 4568 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
11:09:25.0316 4568 lltdsvc - ok
11:09:25.0319 4568 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
11:09:25.0321 4568 lmhosts - ok
11:09:25.0326 4568 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
11:09:25.0328 4568 LSI_FC - ok
11:09:25.0331 4568 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
11:09:25.0333 4568 LSI_SAS - ok
11:09:25.0336 4568 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
11:09:25.0338 4568 LSI_SAS2 - ok
11:09:25.0341 4568 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
11:09:25.0343 4568 LSI_SCSI - ok
11:09:25.0347 4568 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
11:09:25.0348 4568 luafv - ok
11:09:25.0351 4568 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
11:09:25.0351 4568 MBAMProtector - ok
11:09:25.0360 4568 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
11:09:25.0361 4568 MBAMScheduler - ok
11:09:25.0369 4568 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
11:09:25.0372 4568 MBAMService - ok
11:09:25.0376 4568 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
11:09:25.0378 4568 Mcx2Svc - ok
11:09:25.0381 4568 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
11:09:25.0382 4568 megasas - ok
11:09:25.0388 4568 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
11:09:25.0391 4568 MegaSR - ok
11:09:25.0394 4568 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
11:09:25.0396 4568 MMCSS - ok
11:09:25.0399 4568 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
11:09:25.0400 4568 Modem - ok
11:09:25.0403 4568 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
11:09:25.0404 4568 monitor - ok
11:09:25.0407 4568 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
11:09:25.0407 4568 mouclass - ok
11:09:25.0410 4568 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
11:09:25.0411 4568 mouhid - ok
11:09:25.0414 4568 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
11:09:25.0415 4568 mountmgr - ok
11:09:25.0419 4568 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
11:09:25.0419 4568 MozillaMaintenance - ok
11:09:25.0423 4568 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
11:09:25.0426 4568 mpio - ok
11:09:25.0429 4568 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
11:09:25.0430 4568 mpsdrv - ok
11:09:25.0440 4568 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
11:09:25.0448 4568 MpsSvc - ok
11:09:25.0453 4568 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
11:09:25.0455 4568 MRxDAV - ok
11:09:25.0459 4568 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
11:09:25.0462 4568 mrxsmb - ok
11:09:25.0467 4568 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:09:25.0470 4568 mrxsmb10 - ok
11:09:25.0474 4568 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:09:25.0476 4568 mrxsmb20 - ok
11:09:25.0479 4568 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
11:09:25.0480 4568 msahci - ok
11:09:25.0484 4568 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
11:09:25.0486 4568 msdsm - ok
11:09:25.0490 4568 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
11:09:25.0493 4568 MSDTC - ok
11:09:25.0499 4568 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
11:09:25.0500 4568 Msfs - ok


SPLIT due to size.

 

[Koniving]

Remainder

11:09:25.0502 4568 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
11:09:25.0503 4568 mshidkmdf - ok
11:09:25.0506 4568 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
11:09:25.0507 4568 msisadrv - ok
11:09:25.0511 4568 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
11:09:25.0514 4568 MSiSCSI - ok
11:09:25.0516 4568 msiserver - ok
11:09:25.0519 4568 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
11:09:25.0520 4568 MSKSSRV - ok
11:09:25.0522 4568 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
11:09:25.0523 4568 MSPCLOCK - ok
11:09:25.0525 4568 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
11:09:25.0526 4568 MSPQM - ok
11:09:25.0532 4568 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
11:09:25.0536 4568 MsRPC - ok
11:09:25.0540 4568 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
11:09:25.0540 4568 mssmbios - ok
11:09:25.0543 4568 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
11:09:25.0544 4568 MSTEE - ok
11:09:25.0546 4568 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
11:09:25.0547 4568 MTConfig - ok
11:09:25.0550 4568 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
11:09:25.0551 4568 Mup - ok
11:09:25.0558 4568 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
11:09:25.0564 4568 napagent - ok
11:09:25.0570 4568 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
11:09:25.0574 4568 NativeWifiP - ok
11:09:25.0581 4568 [ 9AE6509862DE96416CA9AD54440A861B ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
11:09:25.0583 4568 NAUpdate - ok
11:09:25.0596 4568 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
11:09:25.0604 4568 NDIS - ok
11:09:25.0607 4568 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
11:09:25.0609 4568 NdisCap - ok
11:09:25.0611 4568 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
11:09:25.0613 4568 NdisTapi - ok
11:09:25.0615 4568 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
11:09:25.0617 4568 Ndisuio - ok
11:09:25.0621 4568 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
11:09:25.0623 4568 NdisWan - ok
11:09:25.0626 4568 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
11:09:25.0627 4568 NDProxy - ok
11:09:25.0630 4568 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
11:09:25.0631 4568 NetBIOS - ok
11:09:25.0636 4568 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
11:09:25.0639 4568 NetBT - ok
11:09:25.0642 4568 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
11:09:25.0644 4568 Netlogon - ok
11:09:25.0650 4568 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
11:09:25.0655 4568 Netman - ok
11:09:25.0659 4568 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:09:25.0662 4568 NetMsmqActivator - ok
11:09:25.0665 4568 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:09:25.0665 4568 NetPipeActivator - ok
11:09:25.0675 4568 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
11:09:25.0680 4568 netprofm - ok
11:09:25.0684 4568 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:09:25.0685 4568 NetTcpActivator - ok
11:09:25.0688 4568 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:09:25.0689 4568 NetTcpPortSharing - ok
11:09:25.0692 4568 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
11:09:25.0693 4568 nfrd960 - ok
11:09:25.0699 4568 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
11:09:25.0704 4568 NlaSvc - ok
11:09:25.0707 4568 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
11:09:25.0708 4568 Npfs - ok
11:09:25.0711 4568 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
11:09:25.0713 4568 nsi - ok
11:09:25.0716 4568 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
11:09:25.0717 4568 nsiproxy - ok
11:09:25.0734 4568 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
11:09:25.0748 4568 Ntfs - ok
11:09:25.0751 4568 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
11:09:25.0752 4568 Null - ok
11:09:25.0756 4568 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
11:09:25.0759 4568 nvraid - ok
11:09:25.0763 4568 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
11:09:25.0765 4568 nvstor - ok
11:09:25.0768 4568 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
11:09:25.0770 4568 nv_agp - ok
11:09:25.0773 4568 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
11:09:25.0775 4568 ohci1394 - ok
11:09:25.0780 4568 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
11:09:25.0785 4568 p2pimsvc - ok
11:09:25.0792 4568 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
11:09:25.0797 4568 p2psvc - ok
11:09:25.0801 4568 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
11:09:25.0803 4568 Parport - ok
11:09:25.0806 4568 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
11:09:25.0807 4568 partmgr - ok
11:09:25.0812 4568 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
11:09:25.0815 4568 PcaSvc - ok
11:09:25.0820 4568 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
11:09:25.0822 4568 pci - ok
11:09:25.0825 4568 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
11:09:25.0826 4568 pciide - ok
11:09:25.0830 4568 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
11:09:25.0833 4568 pcmcia - ok
11:09:25.0836 4568 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
11:09:25.0837 4568 pcw - ok
11:09:25.0844 4568 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
11:09:25.0850 4568 PEAUTH - ok
11:09:25.0872 4568 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
11:09:25.0874 4568 PerfHost - ok
11:09:25.0892 4568 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
11:09:25.0905 4568 pla - ok
11:09:25.0912 4568 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
11:09:25.0918 4568 PlugPlay - ok
11:09:25.0920 4568 PnkBstrA - ok
11:09:25.0924 4568 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
11:09:25.0926 4568 PNRPAutoReg - ok
11:09:25.0932 4568 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
11:09:25.0934 4568 PNRPsvc - ok
11:09:25.0941 4568 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
11:09:25.0947 4568 PolicyAgent - ok
11:09:25.0953 4568 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
11:09:25.0957 4568 Power - ok
11:09:25.0960 4568 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
11:09:25.0962 4568 PptpMiniport - ok
11:09:25.0965 4568 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
11:09:25.0966 4568 Processor - ok
11:09:25.0971 4568 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
11:09:25.0975 4568 ProfSvc - ok
11:09:25.0977 4568 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
11:09:25.0979 4568 ProtectedStorage - ok
11:09:25.0983 4568 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
11:09:25.0984 4568 Psched - ok
11:09:25.0988 4568 [ 543A4EF0923BF70D126625B034EF25AF ] PSI_SVC_2 c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
11:09:25.0989 4568 PSI_SVC_2 - ok
11:09:26.0004 4568 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
11:09:26.0017 4568 ql2300 - ok
11:09:26.0022 4568 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
11:09:26.0024 4568 ql40xx - ok
11:09:26.0029 4568 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
11:09:26.0033 4568 QWAVE - ok
11:09:26.0036 4568 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
11:09:26.0037 4568 QWAVEdrv - ok
11:09:26.0040 4568 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
11:09:26.0041 4568 RasAcd - ok
11:09:26.0044 4568 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
11:09:26.0045 4568 RasAgileVpn - ok
11:09:26.0049 4568 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
11:09:26.0051 4568 RasAuto - ok
11:09:26.0055 4568 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
11:09:26.0057 4568 Rasl2tp - ok
11:09:26.0062 4568 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
11:09:26.0067 4568 RasMan - ok
11:09:26.0071 4568 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
11:09:26.0072 4568 RasPppoe - ok
11:09:26.0076 4568 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
11:09:26.0077 4568 RasSstp - ok
11:09:26.0082 4568 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
11:09:26.0086 4568 rdbss - ok
11:09:26.0089 4568 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
11:09:26.0090 4568 rdpbus - ok
11:09:26.0092 4568 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
11:09:26.0093 4568 RDPCDD - ok
11:09:26.0096 4568 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
11:09:26.0097 4568 RDPENCDD - ok
11:09:26.0101 4568 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
11:09:26.0102 4568 RDPREFMP - ok
11:09:26.0106 4568 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
11:09:26.0109 4568 RDPWD - ok
11:09:26.0114 4568 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
11:09:26.0117 4568 rdyboost - ok
11:09:26.0120 4568 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
11:09:26.0123 4568 RemoteAccess - ok
11:09:26.0127 4568 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
11:09:26.0131 4568 RemoteRegistry - ok
11:09:26.0134 4568 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
11:09:26.0137 4568 RpcEptMapper - ok
11:09:26.0139 4568 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
11:09:26.0141 4568 RpcLocator - ok
11:09:26.0148 4568 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
11:09:26.0152 4568 RpcSs - ok
11:09:26.0155 4568 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
11:09:26.0157 4568 rspndr - ok
11:09:26.0163 4568 [ 2E7D1CA91D62501713C9D6E6704395C6 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
11:09:26.0164 4568 RTHDMIAzAudService - ok
11:09:26.0171 4568 [ 6D3C7E7D82D3DC92DC2A8B0DF9F20F8A ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
11:09:26.0173 4568 RTL8167 - ok
11:09:26.0176 4568 RTL8187 - ok
11:09:26.0179 4568 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
11:09:26.0181 4568 SamSs - ok
11:09:26.0184 4568 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
11:09:26.0186 4568 sbp2port - ok
11:09:26.0198 4568 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
11:09:26.0203 4568 SBSDWSCService - ok
11:09:26.0208 4568 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
11:09:26.0212 4568 SCardSvr - ok
11:09:26.0215 4568 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
11:09:26.0216 4568 scfilter - ok
11:09:26.0228 4568 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
11:09:26.0239 4568 Schedule - ok
11:09:26.0243 4568 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
11:09:26.0243 4568 SCPolicySvc - ok
11:09:26.0246 4568 [ 490B0B68BB938D5C628EC4A67277BE75 ] ScreamBAudioSvc C:\Windows\system32\drivers\ScreamingBAudio64.sys
11:09:26.0247 4568 ScreamBAudioSvc - ok
11:09:26.0251 4568 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
11:09:26.0255 4568 SDRSVC - ok
11:09:26.0258 4568 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
11:09:26.0259 4568 secdrv - ok
11:09:26.0262 4568 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
11:09:26.0265 4568 seclogon - ok
11:09:26.0268 4568 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
11:09:26.0271 4568 SENS - ok
11:09:26.0283 4568 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
11:09:26.0285 4568 SensrSvc - ok
11:09:26.0288 4568 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
11:09:26.0289 4568 Serenum - ok
11:09:26.0292 4568 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
11:09:26.0294 4568 Serial - ok
11:09:26.0297 4568 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
11:09:26.0298 4568 sermouse - ok
11:09:26.0305 4568 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
11:09:26.0309 4568 SessionEnv - ok
11:09:26.0311 4568 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
11:09:26.0312 4568 sffdisk - ok
11:09:26.0315 4568 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
11:09:26.0316 4568 sffp_mmc - ok
11:09:26.0319 4568 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
11:09:26.0320 4568 sffp_sd - ok
11:09:26.0322 4568 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
11:09:26.0323 4568 sfloppy - ok
11:09:26.0329 4568 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
11:09:26.0334 4568 SharedAccess - ok
11:09:26.0342 4568 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:09:26.0347 4568 ShellHWDetection - ok
11:09:26.0350 4568 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
11:09:26.0352 4568 SiSRaid2 - ok
11:09:26.0355 4568 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
11:09:26.0357 4568 SiSRaid4 - ok
11:09:26.0361 4568 [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
11:09:26.0362 4568 SkypeUpdate - ok
11:09:26.0365 4568 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
11:09:26.0366 4568 Smb - ok
11:09:26.0372 4568 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
11:09:26.0374 4568 SNMPTRAP - ok
11:09:26.0377 4568 [ 12583AF6CBE0050651EAF2723B3AD7B3 ] speedfan C:\Windows\syswow64\speedfan.sys
11:09:26.0379 4568 speedfan - ok
11:09:26.0382 4568 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
11:09:26.0382 4568 spldr - ok
11:09:26.0389 4568 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
11:09:26.0396 4568 Spooler - ok
11:09:26.0428 4568 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
11:09:26.0457 4568 sppsvc - ok
11:09:26.0461 4568 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
11:09:26.0464 4568 sppuinotify - ok
11:09:26.0471 4568 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
11:09:26.0476 4568 srv - ok
11:09:26.0482 4568 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
11:09:26.0487 4568 srv2 - ok
11:09:26.0491 4568 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
11:09:26.0494 4568 srvnet - ok
11:09:26.0499 4568 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
11:09:26.0503 4568 SSDPSRV - ok
11:09:26.0507 4568 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
11:09:26.0510 4568 SstpSvc - ok
11:09:26.0512 4568 Steam Client Service - ok
11:09:26.0515 4568 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
11:09:26.0516 4568 stexstor - ok
11:09:26.0524 4568 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
11:09:26.0531 4568 stisvc - ok
11:09:26.0534 4568 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
11:09:26.0535 4568 swenum - ok
11:09:26.0542 4568 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
11:09:26.0549 4568 swprv - ok
11:09:26.0566 4568 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
11:09:26.0582 4568 SysMain - ok
11:09:26.0586 4568 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:09:26.0589 4568 TabletInputService - ok
11:09:26.0595 4568 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
11:09:26.0600 4568 TapiSrv - ok
11:09:26.0604 4568 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
11:09:26.0606 4568 TBS - ok
11:09:26.0624 4568 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
11:09:26.0640 4568 Tcpip - ok
11:09:26.0659 4568 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
11:09:26.0666 4568 TCPIP6 - ok
11:09:26.0671 4568 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
11:09:26.0672 4568 tcpipreg - ok
11:09:26.0676 4568 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
11:09:26.0678 4568 TDPIPE - ok
11:09:26.0680 4568 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
11:09:26.0681 4568 TDTCP - ok
11:09:26.0685 4568 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
11:09:26.0687 4568 tdx - ok
11:09:26.0717 4568 [ 33966A658FF37E0C65D46E59F37E2380 ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
11:09:26.0728 4568 TeamViewer7 - ok
11:09:26.0732 4568 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
11:09:26.0733 4568 TermDD - ok
11:09:26.0741 4568 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
11:09:26.0749 4568 TermService - ok
11:09:26.0753 4568 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
11:09:26.0756 4568 Themes - ok
11:09:26.0759 4568 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
11:09:26.0761 4568 THREADORDER - ok
11:09:26.0764 4568 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
11:09:26.0768 4568 TrkWks - ok
11:09:26.0772 4568 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:09:26.0773 4568 TrustedInstaller - ok
11:09:26.0777 4568 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
11:09:26.0778 4568 tssecsrv - ok
11:09:26.0783 4568 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
11:09:26.0784 4568 TsUsbFlt - ok
11:09:26.0787 4568 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
11:09:26.0788 4568 TsUsbGD - ok
11:09:26.0812 4568 [ 8DD1F81749A966EA5A96CB2D89C9670C ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
11:09:26.0820 4568 TuneUp.UtilitiesSvc - ok
11:09:26.0823 4568 [ DCC94C51D27C7EC0DADECA8F64C94FCF ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys
11:09:26.0824 4568 TuneUpUtilitiesDrv - ok
11:09:26.0828 4568 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
11:09:26.0830 4568 tunnel - ok
11:09:26.0833 4568 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
11:09:26.0834 4568 uagp35 - ok
11:09:26.0840 4568 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
11:09:26.0844 4568 udfs - ok
11:09:26.0849 4568 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
11:09:26.0852 4568 UI0Detect - ok
11:09:26.0855 4568 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
11:09:26.0856 4568 uliagpkx - ok
11:09:26.0859 4568 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
11:09:26.0860 4568 umbus - ok
11:09:26.0863 4568 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
11:09:26.0864 4568 UmPass - ok
11:09:26.0870 4568 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
11:09:26.0876 4568 upnphost - ok
11:09:26.0879 4568 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
11:09:26.0881 4568 usbaudio - ok
11:09:26.0885 4568 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
11:09:26.0887 4568 usbccgp - ok
11:09:26.0890 4568 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
11:09:26.0892 4568 usbcir - ok
11:09:26.0895 4568 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
11:09:26.0896 4568 usbehci - ok
11:09:26.0902 4568 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
11:09:26.0905 4568 usbhub - ok
11:09:26.0908 4568 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
11:09:26.0909 4568 usbohci - ok
11:09:26.0912 4568 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
11:09:26.0913 4568 usbprint - ok
11:09:26.0916 4568 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
11:09:26.0918 4568 usbscan - ok
11:09:26.0921 4568 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:09:26.0923 4568 USBSTOR - ok
11:09:26.0925 4568 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
11:09:26.0926 4568 usbuhci - ok
11:09:26.0931 4568 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
11:09:26.0933 4568 usbvideo - ok
11:09:26.0936 4568 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
11:09:26.0939 4568 UxSms - ok
11:09:26.0942 4568 [ 1CA2321789A7188A36F376905DAF9C0A ] UxTuneUp C:\Windows\System32\uxtuneup.dll
11:09:26.0945 4568 UxTuneUp - ok
11:09:26.0947 4568 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
11:09:26.0949 4568 VaultSvc - ok
11:09:26.0952 4568 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
11:09:26.0952 4568 vdrvroot - ok
11:09:26.0960 4568 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
11:09:26.0967 4568 vds - ok
11:09:26.0970 4568 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
11:09:26.0971 4568 vga - ok
11:09:26.0974 4568 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
11:09:26.0975 4568 VgaSave - ok
11:09:26.0979 4568 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
11:09:26.0982 4568 vhdmp - ok
11:09:26.0985 4568 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
11:09:26.0986 4568 viaide - ok
11:09:26.0989 4568 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
11:09:26.0990 4568 volmgr - ok
11:09:26.0996 4568 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
11:09:27.0000 4568 volmgrx - ok
11:09:27.0006 4568 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
11:09:27.0009 4568 volsnap - ok
11:09:27.0013 4568 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
11:09:27.0016 4568 vsmraid - ok
11:09:27.0031 4568 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
11:09:27.0046 4568 VSS - ok
11:09:27.0049 4568 vtany - ok
11:09:27.0052 4568 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
11:09:27.0053 4568 vwifibus - ok
11:09:27.0057 4568 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
11:09:27.0058 4568 vwififlt - ok
11:09:27.0064 4568 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
11:09:27.0070 4568 W32Time - ok
11:09:27.0074 4568 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
11:09:27.0075 4568 WacomPen - ok
11:09:27.0078 4568 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
11:09:27.0080 4568 WANARP - ok
11:09:27.0082 4568 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
11:09:27.0083 4568 Wanarpv6 - ok
11:09:27.0096 4568 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
11:09:27.0107 4568 WatAdminSvc - ok
11:09:27.0122 4568 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
11:09:27.0136 4568 wbengine - ok
11:09:27.0141 4568 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
11:09:27.0146 4568 WbioSrvc - ok
11:09:27.0152 4568 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
11:09:27.0158 4568 wcncsvc - ok
11:09:27.0161 4568 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:09:27.0165 4568 WcsPlugInService - ok
11:09:27.0167 4568 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
11:09:27.0169 4568 Wd - ok
11:09:27.0176 4568 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
11:09:27.0183 4568 Wdf01000 - ok
11:09:27.0186 4568 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
11:09:27.0189 4568 WdiServiceHost - ok
11:09:27.0192 4568 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
11:09:27.0194 4568 WdiSystemHost - ok
11:09:27.0199 4568 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
11:09:27.0204 4568 WebClient - ok
11:09:27.0210 4568 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
11:09:27.0214 4568 Wecsvc - ok
11:09:27.0218 4568 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
11:09:27.0221 4568 wercplsupport - ok
11:09:27.0225 4568 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
11:09:27.0228 4568 WerSvc - ok
11:09:27.0230 4568 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
11:09:27.0231 4568 WfpLwf - ok
11:09:27.0234 4568 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
11:09:27.0235 4568 WIMMount - ok
11:09:27.0237 4568 WinDefend - ok
11:09:27.0242 4568 WinHttpAutoProxySvc - ok
11:09:27.0252 4568 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
11:09:27.0255 4568 Winmgmt - ok
11:09:27.0275 4568 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
11:09:27.0294 4568 WinRM - ok
11:09:27.0307 4568 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
11:09:27.0317 4568 Wlansvc - ok
11:09:27.0340 4568 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:09:27.0349 4568 wlidsvc - ok
11:09:27.0352 4568 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
11:09:27.0353 4568 WmiAcpi - ok
11:09:27.0359 4568 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
11:09:27.0361 4568 wmiApSrv - ok
11:09:27.0364 4568 WMPNetworkSvc - ok
11:09:27.0367 4568 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
11:09:27.0370 4568 WPCSvc - ok
11:09:27.0373 4568 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
11:09:27.0376 4568 WPDBusEnum - ok
11:09:27.0379 4568 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
11:09:27.0380 4568 ws2ifsl - ok
11:09:27.0383 4568 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
11:09:27.0387 4568 wscsvc - ok
11:09:27.0389 4568 WSearch - ok
11:09:27.0413 4568 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
11:09:27.0435 4568 wuauserv - ok
11:09:27.0439 4568 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
11:09:27.0441 4568 WudfPf - ok
11:09:27.0445 4568 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
11:09:27.0448 4568 WUDFRd - ok
11:09:27.0451 4568 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
11:09:27.0455 4568 wudfsvc - ok
11:09:27.0460 4568 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
11:09:27.0465 4568 WwanSvc - ok
11:09:27.0468 4568 xsherlock - ok
11:09:27.0470 4568 xspirit - ok
11:09:27.0474 4568 ================ Scan global ===============================
11:09:27.0477 4568 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
11:09:27.0482 4568 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
11:09:27.0491 4568 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
11:09:27.0496 4568 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
11:09:27.0504 4568 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
11:09:27.0509 4568 [Global] - ok
11:09:27.0509 4568 ================ Scan MBR ==================================
11:09:27.0511 4568 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
11:09:27.0572 4568 \Device\Harddisk0\DR0 - ok
11:09:27.0588 4568 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
11:09:27.0598 4568 \Device\Harddisk1\DR1 - ok
11:09:27.0611 4568 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
11:09:27.0638 4568 \Device\Harddisk2\DR2 - ok
11:09:27.0645 4568 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk3\DR3
11:09:27.0653 4568 \Device\Harddisk3\DR3 - ok
11:09:27.0654 4568 ================ Scan VBR ==================================
11:09:27.0656 4568 [ B07487867EA6CA90BC3A4EE40F08A267 ] \Device\Harddisk0\DR0\Partition1
11:09:27.0657 4568 \Device\Harddisk0\DR0\Partition1 - ok
11:09:27.0659 4568 [ 26CBD2445D889C2105D680D3181B879B ] \Device\Harddisk0\DR0\Partition2
11:09:27.0660 4568 \Device\Harddisk0\DR0\Partition2 - ok
11:09:27.0662 4568 [ 928FC7E67609852F0F08428D7918ABC0 ] \Device\Harddisk1\DR1\Partition1
11:09:27.0663 4568 \Device\Harddisk1\DR1\Partition1 - ok
11:09:27.0664 4568 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk2\DR2\Partition1
11:09:27.0665 4568 \Device\Harddisk2\DR2\Partition1 - ok
11:09:27.0677 4568 [ F563B4925E1A2CB09458806A506CA586 ] \Device\Harddisk2\DR2\Partition2
11:09:27.0678 4568 \Device\Harddisk2\DR2\Partition2 - ok
11:09:27.0682 4568 [ 5618DB5D1F0905897C0A42C0DF5706E5 ] \Device\Harddisk3\DR3\Partition1
11:09:27.0687 4568 \Device\Harddisk3\DR3\Partition1 - ok
11:09:27.0687 4568 ============================================================
11:09:27.0687 4568 Scan finished
11:09:27.0687 4568 ============================================================
11:09:27.0693 0404 Detected object count: 0
11:09:27.0693 0404 Actual detected object count: 0

 

[Koniving]

I'm not certain if it's 100% gone, but I had been running Mbam, DDS, Gmer, TDSSkiller, and an avast full scan and boot scan systematically and in random order throughout that night and eventually stopped getting any detections.

All original symptoms are gone, nothing appears fishy in the processes for all users either. However a new symptom of occasional 1 to 3 second freezes have been occurring in games and video, even when the video is completely buffered.

At the time I posted this, it was looking bad because 2 infections jumped to 8, then 16, then 24. But now they are not showing on any of the above mentioned scans.

 

[Broni]

Good news but make sure you observe my rules:

Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.

Next...

• Download RogueKiller on the desktop
• Close all the running programs
• Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

=================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

 

[Broni]

Still with me?

 

[Broni]

This topic is marked as abandoned and closed due to inactivity.
This member will NOT be eligible to receive any more help in malware removal forum.