C:\Windows\svchost Trojan after reinstallation

Solved
By Alex S
Nov 22, 2012
  1. Greetings! I am having difficulties removing a trojan. After reinstalling my Windows 7, I ran a Malwarebytes scan and detected a Trojan labeled as svchost. Malwarebytes remove does not work. I see other topics about the same trojan, but I have seen warnings against following instructions made for other users. Here are the requested logs:

    MBAM log:
    Malwarebytes Anti-Malware (Trial) 1.65.1.1000
    www.malwarebytes.org

    Database version: v2012.11.22.08

    Windows 7 x64 NTFS
    Internet Explorer 8.0.7600.16385
    Alex :: ALEX-PC [administrator]

    Protection: Enabled

    11/22/2012 1:26:56 PM
    mbam-log-2012-11-22 (13-26-56).txt

    Scan type: Full scan (C:\|E:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 298563
    Time elapsed: 4 minute(s), 34 second(s)

    Memory Processes Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> 1124 -> Delete on reboot.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

    (end)


    DDS LOG

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 8.0.7600.16385
    Run by Alex at 13:37:09 on 2012-11-22
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.16337.13557 [GMT -5:00]
    .
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\SysWOW64\ASGT.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Intel\iCLS Client\HeciServer.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
    C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
    e:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    e:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    e:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    e:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Windows\system32\msiexec.exe
    C:\Program Files\NVIDIA Corporation\Display\NvTray.exe
    E:\Downloads\LeagueofLegends(1).exe
    C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    mWinlogon: Userinit = userinit.exe
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
    mRun: [Super-Charger] C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{13DAF992-5B15-4BB3-B20C-3423E1ACBE4B} : DHCPNameServer = 192.168.1.1
    SSODL: WebCheck - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\xjzmhujg.default\
    FF - prefs.js: browser.startup.homepage - google.com
    FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
    FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-11-22 16152]
    R1 ElRawDisk;ElRawDisk;C:\Windows\System32\drivers\ElRawDsk.sys [2012-11-22 30752]
    R2 ASGT;ASGT;C:\Windows\SysWOW64\ASGT.exe [2012-1-17 55296]
    R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
    R2 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2012-11-22 1028464]
    R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-11-22 162648]
    R2 MBAMScheduler;MBAMScheduler;E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-8 399432]
    R2 MBAMService;MBAMService;E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-8 676936]
    R2 MSI_SuperCharger;MSI_SuperCharger;C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [2012-11-22 138768]
    R2 PDFsFilter;PDFsFilter;C:\Windows\System32\drivers\PDFsFilter.sys [2012-11-22 82160]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-11-22 362840]
    R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-11-22 356120]
    R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-11-22 788760]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-11-22 25928]
    R3 NTIOLib_1_0_3;NTIOLib_1_0_3;C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [2012-11-22 14136]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-11-22 676968]
    R4 IOMap;IOMap;C:\Windows\System32\drivers\IOMap64.sys [2012-11-22 23680]
    .
    =============== Created Last 30 ================
    .
    2012-11-22 20:49:58 -------- d-----w- C:\Windows\Panther
    2012-11-22 18:35:07 -------- d-----w- C:\Users\Alex\AppData\Local\Macromedia
    2012-11-22 18:34:38 -------- d-----w- C:\Users\Alex\AppData\Local\PMB Files
    2012-11-22 18:34:38 -------- d-----w- C:\ProgramData\PMB Files
    2012-11-22 18:34:32 -------- d-----w- C:\Program Files (x86)\Pando Networks
    2012-11-22 18:34:27 -------- d-----w- C:\Users\Alex\.swt
    2012-11-22 18:33:47 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-11-22 18:33:47 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-11-22 18:30:51 20480 ----a-w- C:\Windows\svchost.exe
    2012-11-22 18:26:43 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CF6DD7CA-0871-4656-8F02-8D8ED97EA5EC}\mpengine.dll
    2012-11-22 18:26:43 279656 ------w- C:\Windows\System32\MpSigStub.exe
    2012-11-22 18:25:18 -------- d-----w- C:\Users\Alex\AppData\Roaming\Malwarebytes
    2012-11-22 18:25:12 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-11-22 18:25:11 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-11-22 18:15:45 82160 ----a-w- C:\Windows\System32\drivers\PDFsFilter.sys
    2012-11-22 18:15:45 69000 ----a-w- C:\Windows\System32\offreg.dll
    2012-11-22 18:15:45 57144 ----a-w- C:\Windows\System32\iolobtdfg.exe
    2012-11-22 18:15:45 56200 ----a-w- C:\Windows\SysWow64\offreg.dll
    2012-11-22 18:15:45 25744 ----a-w- C:\Windows\System32\smrgdf.exe
    2012-11-22 18:15:45 2155248 ----a-w- C:\Windows\System32\Incinerator64.dll
    2012-11-22 18:15:45 2097032 ----a-w- C:\Windows\SysWow64\Incinerator32.dll
    2012-11-22 18:15:45 -------- d-----w- C:\Program Files (x86)\iolo
    2012-11-22 18:14:53 30752 ----a-w- C:\Windows\System32\drivers\ElRawDsk.sys
    2012-11-22 18:14:51 74703 ----a-w- C:\Windows\SysWow64\mfc45.dat
    2012-11-22 18:14:36 -------- d-----w- C:\Users\Alex\AppData\Roaming\iolo
    2012-11-22 18:14:36 -------- d-----w- C:\ProgramData\iolo
    2012-11-22 18:09:15 23680 ----a-w- C:\Windows\System32\drivers\IOMap64.sys
    2012-11-22 18:08:42 -------- d-----w- C:\Program Files (x86)\ASUS
    2012-11-22 18:08:36 -------- d-----w- C:\Windows\Downloaded Installations
    2012-11-22 18:06:58 364352 ----a-w- C:\Windows\System32\nvdecodemft.dll
    2012-11-22 18:06:58 301376 ----a-w- C:\Windows\SysWow64\nvdecodemft.dll
    2012-11-22 18:06:56 15322432 ----a-w- C:\Windows\SysWow64\SET2542.tmp
    2012-11-22 18:06:56 15309160 ----a-w- C:\Windows\SysWow64\nvd3dum.dll
    2012-11-22 18:06:38 2741568 ----a-w- C:\Windows\System32\SET1353.tmp
    2012-11-22 18:06:38 2731880 ----a-w- C:\Windows\System32\nvapi64.dll
    2012-11-22 18:06:38 2428776 ----a-w- C:\Windows\SysWow64\nvapi.dll
    2012-11-22 18:06:38 2368832 ----a-w- C:\Windows\SysWow64\SET1E4A.tmp
    2012-11-22 18:06:19 -------- d-----w- C:\Program Files\NVIDIA Corporation
    2012-11-22 18:00:16 -------- d-----w- C:\Program Files (x86)\MSI
    2012-11-22 18:00:03 16152 ----a-w- C:\Windows\System32\drivers\iusb3hcs.sys
    2012-11-22 17:59:53 788760 ----a-w- C:\Windows\System32\drivers\iusb3xhc.sys
    2012-11-22 17:59:52 356120 ----a-w- C:\Windows\System32\drivers\iusb3hub.sys
    2012-11-22 17:59:35 15128 ----a-r- C:\Windows\System32\drivers\IntelMEFWVer.dll
    2012-11-22 17:58:49 -------- d-sh--w- C:\Windows\Installer
    2012-11-22 17:58:31 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent
    .
    ==================== Find3M ====================
    .
    2012-10-02 19:51:15 3536817 ----a-w- C:\Windows\System32\nvcoproc.bin
    2012-10-02 19:51:11 3293544 ----a-w- C:\Windows\System32\nvsvc64.dll
    2012-10-02 19:51:04 6200680 ----a-w- C:\Windows\System32\nvcpl.dll
    2012-10-02 19:50:57 891240 ----a-w- C:\Windows\System32\nvvsvc.exe
    2012-10-02 19:50:57 63336 ----a-w- C:\Windows\System32\nvshext.dll
    2012-10-02 19:50:57 118120 ----a-w- C:\Windows\System32\nvmctray.dll
    2012-10-02 18:15:52 430952 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
    .
    ============= FINISH: 13:37:18.96 ===============
  2. Broni

    Broni Malware Annihilator Posts: 45,316   +243

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =================================

    I still need Attach.txt part of DDS.

    Next...

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  3. Alex S

    Alex S Newcomer, in training Topic Starter Posts: 16

    Attach.txt DDS

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 11/22/2012 12:54:16 PM
    System Uptime: 11/22/2012 1:09:05 PM (0 hours ago)
    .
    Motherboard: MSI | | Z77A-G45 (MS-7752)
    Processor: Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz | SOCKET 0 | 3401/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 60 GiB total, 13.233 GiB free.
    E: is FIXED (NTFS) - 293 GiB total, 237.549 GiB free.
    F: is CDROM (CDFS)
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP2: 11/22/2012 1:08:37 PM - Installed ASUS GPU Tweak
    RP3: 11/22/2012 1:10:30 PM - 1
    RP4: 11/22/2012 1:22:54 PM - iolo Designated Drivers Pre-Update Restore Point (2E03FD)
    RP5: 11/22/2012 1:22:58 PM - Windows Update
    RP6: 11/22/2012 1:26:38 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 11 Plugin
    ASUS GPU Tweak
    Intel(R) Management Engine Components
    Intel(R) USB 3.0 eXtensible Host Controller Driver
    Intel® Trusted Connect Service Client
    iolo technologies' System Mechanic
    Malwarebytes Anti-Malware version 1.65.1.1000
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Mozilla Firefox 17.0 (x86 en-US)
    Mozilla Maintenance Service
    NVIDIA 3D Vision Controller Driver 306.97
    NVIDIA 3D Vision Driver 306.97
    NVIDIA Control Panel 306.97
    NVIDIA Graphics Driver 306.97
    NVIDIA HD Audio Driver 1.3.18.0
    NVIDIA Install Application
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.12.0604
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update 1.10.8
    NVIDIA Update Components
    Pando Media Booster
    Realtek Ethernet Controller Driver
    Super-Charger
    Winki
    .
    ==== Event Viewer Messages From Past Week ========
    .
    11/22/2012 1:08:42 PM, Error: Service Control Manager [7030] - The ASGT service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    11/22/2012 1:08:36 PM, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {B3EDE298-AE75-4A1C-AB7E-1B9229B77BBE} as /. The error: "740" Happened while starting this command: C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe -Embedding
    11/22/2012 1:05:15 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    .
    ==== End Of File ===========================
  4. Alex S

    Alex S Newcomer, in training Topic Starter Posts: 16

    TDSSKILLER Part 1

    14:12:38.0122 2956 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
    14:12:38.0417 2956 ============================================================
    14:12:38.0417 2956 Current date / time: 2012/11/22 14:12:38.0417
    14:12:38.0417 2956 SystemInfo:
    14:12:38.0417 2956
    14:12:38.0417 2956 OS Version: 6.1.7600 ServicePack: 0.0
    14:12:38.0417 2956 Product type: Workstation
    14:12:38.0417 2956 ComputerName: ALEX-PC
    14:12:38.0417 2956 UserName: Alex
    14:12:38.0417 2956 Windows directory: C:\Windows
    14:12:38.0417 2956 System windows directory: C:\Windows
    14:12:38.0417 2956 Running under WOW64
    14:12:38.0417 2956 Processor architecture: Intel x64
    14:12:38.0417 2956 Number of processors: 8
    14:12:38.0417 2956 Page size: 0x1000
    14:12:38.0417 2956 Boot type: Normal boot
    14:12:38.0417 2956 ============================================================
    14:12:38.0610 2956 Drive \Device\Harddisk0\DR0 - Size: 0xEE8156000 (59.63 Gb), SectorSize: 0x200, Cylinders: 0x1E67, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    14:12:38.0635 2956 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    14:12:38.0637 2956 ============================================================
    14:12:38.0637 2956 \Device\Harddisk0\DR0:
    14:12:38.0638 2956 MBR partitions:
    14:12:38.0638 2956 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    14:12:38.0638 2956 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x770D800
    14:12:38.0638 2956 \Device\Harddisk1\DR1:
    14:12:38.0638 2956 MBR partitions:
    14:12:38.0638 2956 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x249F0000
    14:12:38.0638 2956 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x249F0800, BlocksNum 0x32000
    14:12:38.0638 2956 ============================================================
    14:12:38.0639 2956 C: <-> \Device\Harddisk0\DR0\Partition2
    14:12:38.0664 2956 E: <-> \Device\Harddisk1\DR1\Partition1
    14:12:38.0664 2956 ============================================================
    14:12:38.0664 2956 Initialize success
    14:12:38.0664 2956 ============================================================
    14:12:39.0972 3392 ============================================================
    14:12:39.0972 3392 Scan started
    14:12:39.0972 3392 Mode: Manual;
    14:12:39.0972 3392 ============================================================
    14:12:40.0762 3392 ================ Scan system memory ========================
    14:12:40.0762 3392 System memory - ok
    14:12:40.0762 3392 ================ Scan services =============================
    14:12:40.0822 3392 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
    14:12:40.0822 3392 1394ohci - ok
    14:12:40.0832 3392 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
    14:12:40.0832 3392 ACPI - ok
    14:12:40.0832 3392 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
    14:12:40.0832 3392 AcpiPmi - ok
    14:12:40.0842 3392 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    14:12:40.0842 3392 adp94xx - ok
    14:12:40.0842 3392 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    14:12:40.0852 3392 adpahci - ok
    14:12:40.0852 3392 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    14:12:40.0852 3392 adpu320 - ok
    14:12:40.0862 3392 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    14:12:40.0862 3392 AeLookupSvc - ok
    14:12:40.0862 3392 [ B9384E03479D2506BC924C16A3DB87BC ] AFD C:\Windows\system32\drivers\afd.sys
    14:12:40.0862 3392 AFD - ok
    14:12:40.0872 3392 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
    14:12:40.0872 3392 agp440 - ok
    14:12:40.0872 3392 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    14:12:40.0872 3392 ALG - ok
    14:12:40.0872 3392 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
    14:12:40.0872 3392 aliide - ok
    14:12:40.0882 3392 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
    14:12:40.0882 3392 amdide - ok
    14:12:40.0882 3392 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    14:12:40.0882 3392 AmdK8 - ok
    14:12:40.0882 3392 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    14:12:40.0882 3392 AmdPPM - ok
    14:12:40.0882 3392 [ 7A4B413614C055935567CF88A9734D38 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
    14:12:40.0892 3392 amdsata - ok
    14:12:40.0892 3392 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    14:12:40.0892 3392 amdsbs - ok
    14:12:40.0892 3392 [ B4AD0CACBAB298671DD6F6EF7E20679D ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
    14:12:40.0892 3392 amdxata - ok
    14:12:40.0902 3392 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
    14:12:40.0902 3392 AppID - ok
    14:12:40.0902 3392 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    14:12:40.0902 3392 AppIDSvc - ok
    14:12:40.0902 3392 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
    14:12:40.0902 3392 Appinfo - ok
    14:12:40.0912 3392 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
    14:12:40.0912 3392 AppMgmt - ok
    14:12:40.0912 3392 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
    14:12:40.0912 3392 arc - ok
    14:12:40.0912 3392 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    14:12:40.0912 3392 arcsas - ok
    14:12:40.0932 3392 [ E536856E96A7605EBF580D62A868E5FE ] ASGT C:\Windows\SysWOW64\ASGT.exe
    14:12:40.0932 3392 ASGT - ok
    14:12:40.0932 3392 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    14:12:40.0932 3392 AsyncMac - ok
    14:12:40.0932 3392 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
    14:12:40.0932 3392 atapi - ok
    14:12:40.0942 3392 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    14:12:40.0942 3392 AudioEndpointBuilder - ok
    14:12:40.0952 3392 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
    14:12:40.0952 3392 AudioSrv - ok
    14:12:40.0952 3392 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
    14:12:40.0962 3392 AxInstSV - ok
    14:12:40.0962 3392 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
    14:12:40.0962 3392 b06bdrv - ok
    14:12:40.0972 3392 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    14:12:40.0972 3392 b57nd60a - ok
    14:12:40.0982 3392 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    14:12:40.0982 3392 BDESVC - ok
    14:12:40.0982 3392 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    14:12:40.0982 3392 Beep - ok
    14:12:40.0992 3392 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
    14:12:40.0992 3392 BFE - ok
    14:12:41.0002 3392 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\System32\qmgr.dll
    14:12:41.0012 3392 BITS - ok
    14:12:41.0012 3392 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    14:12:41.0012 3392 blbdrive - ok
    14:12:41.0012 3392 [ 91CE0D3DC57DD377E690A2D324022B08 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    14:12:41.0012 3392 bowser - ok
    14:12:41.0012 3392 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
    14:12:41.0022 3392 BrFiltLo - ok
    14:12:41.0022 3392 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
    14:12:41.0022 3392 BrFiltUp - ok
    14:12:41.0022 3392 [ 94FBC06F294D58D02361918418F996E3 ] Browser C:\Windows\System32\browser.dll
    14:12:41.0022 3392 Browser - ok
    14:12:41.0032 3392 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    14:12:41.0032 3392 Brserid - ok
    14:12:41.0032 3392 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    14:12:41.0032 3392 BrSerWdm - ok
    14:12:41.0032 3392 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    14:12:41.0032 3392 BrUsbMdm - ok
    14:12:41.0042 3392 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    14:12:41.0042 3392 BrUsbSer - ok
    14:12:41.0042 3392 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
    14:12:41.0042 3392 BTHMODEM - ok
    14:12:41.0042 3392 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    14:12:41.0042 3392 bthserv - ok
    14:12:41.0052 3392 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    14:12:41.0052 3392 cdfs - ok
    14:12:41.0052 3392 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    14:12:41.0052 3392 cdrom - ok
    14:12:41.0052 3392 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
    14:12:41.0052 3392 CertPropSvc - ok
    14:12:41.0062 3392 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    14:12:41.0062 3392 circlass - ok
    14:12:41.0062 3392 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    14:12:41.0062 3392 CLFS - ok
    14:12:41.0072 3392 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    14:12:41.0072 3392 clr_optimization_v2.0.50727_32 - ok
    14:12:41.0082 3392 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    14:12:41.0082 3392 clr_optimization_v2.0.50727_64 - ok
    14:12:41.0082 3392 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    14:12:41.0082 3392 CmBatt - ok
    14:12:41.0082 3392 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
    14:12:41.0082 3392 cmdide - ok
    14:12:41.0092 3392 [ F95FD4CB7DA00BA2A63CE9F6B5C053E1 ] CNG C:\Windows\system32\Drivers\cng.sys
    14:12:41.0092 3392 CNG - ok
    14:12:41.0092 3392 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    14:12:41.0092 3392 Compbatt - ok
    14:12:41.0092 3392 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
    14:12:41.0092 3392 CompositeBus - ok
    14:12:41.0102 3392 COMSysApp - ok
    14:12:41.0102 3392 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
    14:12:41.0102 3392 crcdisk - ok
    14:12:41.0102 3392 [ 8C57411B66282C01533CB776F98AD384 ] CryptSvc C:\Windows\system32\cryptsvc.dll
    14:12:41.0112 3392 CryptSvc - ok
    14:12:41.0112 3392 [ 4A6173C2279B498CD8F57CAE504564CB ] CSC C:\Windows\system32\drivers\csc.sys
    14:12:41.0122 3392 CSC - ok
    14:12:41.0122 3392 [ 873FBF927C06E5CEE04DEC617502F8FD ] CscService C:\Windows\System32\cscsvc.dll
    14:12:41.0132 3392 CscService - ok
    14:12:41.0132 3392 [ 7AF9DAC504FBD047CBC3E64AE52C92BF ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
    14:12:41.0132 3392 dc3d - ok
    14:12:41.0142 3392 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
    14:12:41.0142 3392 DcomLaunch - ok
    14:12:41.0152 3392 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    14:12:41.0152 3392 defragsvc - ok
    14:12:41.0152 3392 [ 3F1DC527070ACB87E40AFE46EF6DA749 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    14:12:41.0152 3392 DfsC - ok
    14:12:41.0162 3392 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
    14:12:41.0162 3392 Dhcp - ok
    14:12:41.0162 3392 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    14:12:41.0162 3392 discache - ok
    14:12:41.0162 3392 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
    14:12:41.0162 3392 Disk - ok
    14:12:41.0172 3392 [ 676108C4E3AA6F6B34633748BD0BEBD9 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    14:12:41.0172 3392 Dnscache - ok
    14:12:41.0172 3392 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
    14:12:41.0182 3392 dot3svc - ok
    14:12:41.0182 3392 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
    14:12:41.0182 3392 DPS - ok
    14:12:41.0182 3392 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    14:12:41.0182 3392 drmkaud - ok
    14:12:41.0192 3392 [ 7CB7D2B73813CE05C7BC0F5F95D27CEC ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    14:12:41.0202 3392 DXGKrnl - ok
    14:12:41.0202 3392 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    14:12:41.0202 3392 EapHost - ok
    14:12:41.0232 3392 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
    14:12:41.0252 3392 ebdrv - ok
    14:12:41.0252 3392 [ 0793F40B9B8A1BDD266296409DBD91EA ] EFS C:\Windows\System32\lsass.exe
    14:12:41.0252 3392 EFS - ok
    14:12:41.0262 3392 [ B91D81B3B54A54CCAFC03733DBC2E29E ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    14:12:41.0262 3392 ehRecvr - ok
    14:12:41.0272 3392 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    14:12:41.0272 3392 ehSched - ok
    14:12:41.0272 3392 [ 627350A11295D82BF78D155B12FFD0EF ] ElRawDisk C:\Windows\system32\drivers\ElRawDsk.sys
    14:12:41.0272 3392 ElRawDisk - ok
    14:12:41.0272 3392 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    14:12:41.0282 3392 elxstor - ok
    14:12:41.0282 3392 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
    14:12:41.0282 3392 ErrDev - ok
    14:12:41.0292 3392 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    14:12:41.0292 3392 EventSystem - ok
    14:12:41.0292 3392 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    14:12:41.0292 3392 exfat - ok
    14:12:41.0302 3392 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    14:12:41.0302 3392 fastfat - ok
    14:12:41.0312 3392 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
    14:12:41.0312 3392 Fax - ok
    14:12:41.0312 3392 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    14:12:41.0312 3392 fdc - ok
    14:12:41.0322 3392 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    14:12:41.0322 3392 fdPHost - ok
    14:12:41.0322 3392 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    14:12:41.0322 3392 FDResPub - ok
    14:12:41.0322 3392 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    14:12:41.0322 3392 FileInfo - ok
    14:12:41.0322 3392 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    14:12:41.0322 3392 Filetrace - ok
    14:12:41.0332 3392 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    14:12:41.0332 3392 flpydisk - ok
    14:12:41.0332 3392 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    14:12:41.0332 3392 FltMgr - ok
    14:12:41.0342 3392 [ 8AC4CB4EA61E41009FAE9AE7B2B5DA3A ] FontCache C:\Windows\system32\FntCache.dll
    14:12:41.0352 3392 FontCache - ok
    14:12:41.0352 3392 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    14:12:41.0352 3392 FontCache3.0.0.0 - ok
    14:12:41.0362 3392 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    14:12:41.0362 3392 FsDepends - ok
    14:12:41.0362 3392 [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    14:12:41.0362 3392 Fs_Rec - ok
    14:12:41.0362 3392 [ B8B2A6E1558F8F5DE5CE431C5B2C7B09 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    14:12:41.0372 3392 fvevol - ok
    14:12:41.0372 3392 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    14:12:41.0372 3392 gagp30kx - ok
    14:12:41.0382 3392 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
    14:12:41.0382 3392 gpsvc - ok
    14:12:41.0382 3392 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    14:12:41.0382 3392 hcw85cir - ok
    14:12:41.0392 3392 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    14:12:41.0392 3392 HdAudAddService - ok
    14:12:41.0402 3392 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
    14:12:41.0402 3392 HDAudBus - ok
    14:12:41.0402 3392 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    14:12:41.0402 3392 HidBatt - ok
    14:12:41.0402 3392 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    14:12:41.0402 3392 HidBth - ok
    14:12:41.0412 3392 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    14:12:41.0412 3392 HidIr - ok
    14:12:41.0412 3392 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
    14:12:41.0412 3392 hidserv - ok
    14:12:41.0412 3392 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    14:12:41.0412 3392 HidUsb - ok
    14:12:41.0422 3392 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
    14:12:41.0422 3392 hkmsvc - ok
    14:12:41.0422 3392 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    14:12:41.0422 3392 HomeGroupListener - ok
    14:12:41.0432 3392 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    14:12:41.0432 3392 HomeGroupProvider - ok
    14:12:41.0432 3392 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
    14:12:41.0432 3392 HpSAMD - ok
    14:12:41.0442 3392 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    14:12:41.0452 3392 HTTP - ok
    14:12:41.0452 3392 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    14:12:41.0452 3392 hwpolicy - ok
    14:12:41.0452 3392 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
    14:12:41.0452 3392 i8042prt - ok
    14:12:41.0462 3392 [ D83EFB6FD45DF9D55E9A1AFC63640D50 ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys
    14:12:41.0462 3392 iaStorV - ok
    14:12:41.0472 3392 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    14:12:41.0472 3392 idsvc - ok
    14:12:41.0482 3392 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    14:12:41.0482 3392 iirsp - ok
    14:12:41.0482 3392 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
    14:12:41.0492 3392 IKEEXT - ok
    14:12:41.0502 3392 [ 832CE330DD987227B7DEA8C03F22AEFA ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
    14:12:41.0502 3392 Intel(R) Capability Licensing Service Interface - ok
    14:12:41.0502 3392 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
    14:12:41.0502 3392 intelide - ok
    14:12:41.0512 3392 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    14:12:41.0512 3392 intelppm - ok
    14:12:41.0522 3392 [ D0929AB037C900558E46C168DD40E709 ] ioloSystemService C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
    14:12:41.0522 3392 ioloSystemService - ok
    14:12:41.0522 3392 [ A01C412699B6F21645B2885C2BAE4454 ] IOMap C:\Windows\system32\drivers\IOMap64.sys
    14:12:41.0522 3392 IOMap - ok
    14:12:41.0532 3392 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    14:12:41.0532 3392 IPBusEnum - ok
    14:12:41.0532 3392 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    14:12:41.0532 3392 IpFilterDriver - ok
    14:12:41.0542 3392 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    14:12:41.0542 3392 iphlpsvc - ok
    14:12:41.0542 3392 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
    14:12:41.0542 3392 IPMIDRV - ok
    14:12:41.0552 3392 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    14:12:41.0552 3392 IPNAT - ok
    14:12:41.0552 3392 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    14:12:41.0552 3392 IRENUM - ok
    14:12:41.0552 3392 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
    14:12:41.0552 3392 isapnp - ok
    14:12:41.0562 3392 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
    14:12:41.0562 3392 iScsiPrt - ok
    14:12:41.0562 3392 [ 846354992EBB373F452EB9182D501B08 ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys
    14:12:41.0562 3392 iusb3hcs - ok
    14:12:41.0572 3392 [ 1D88A23853387D34D52CC8F9DDBFC56C ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys
    14:12:41.0572 3392 iusb3hub - ok
    14:12:41.0582 3392 [ FC5EFD7C797DF19DFB999F0605A7924E ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys
    14:12:41.0582 3392 iusb3xhc - ok
    14:12:41.0592 3392 [ 13E838EA8652F8451F29301D3B56B17B ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    14:12:41.0592 3392 jhi_service - ok
    14:12:41.0592 3392 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    14:12:41.0592 3392 kbdclass - ok
    14:12:41.0592 3392 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    14:12:41.0602 3392 kbdhid - ok
    14:12:41.0602 3392 [ 0793F40B9B8A1BDD266296409DBD91EA ] KeyIso C:\Windows\system32\lsass.exe
    14:12:41.0602 3392 KeyIso - ok
    14:12:41.0602 3392 [ E8B6FCC9C83535C67F835D407620BD27 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    14:12:41.0602 3392 KSecDD - ok
    14:12:41.0602 3392 [ BBE1BF6D9B661C354D4857D5FADB943B ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    14:12:41.0612 3392 KSecPkg - ok
    14:12:41.0612 3392 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    14:12:41.0612 3392 ksthunk - ok
    14:12:41.0612 3392 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    14:12:41.0622 3392 KtmRm - ok
    14:12:41.0622 3392 [ C926920B8978DE6ACFE9E15C709E9B57 ] LanmanServer C:\Windows\system32\srvsvc.dll
    14:12:41.0622 3392 LanmanServer - ok
    14:12:41.0622 3392 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    14:12:41.0632 3392 LanmanWorkstation - ok
    14:12:41.0632 3392 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    14:12:41.0632 3392 lltdio - ok
    14:12:41.0632 3392 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    14:12:41.0642 3392 lltdsvc - ok
    14:12:41.0642 3392 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    14:12:41.0642 3392 lmhosts - ok
    14:12:41.0642 3392 [ BD9457699AC9C1A0FE43398043617279 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    14:12:41.0652 3392 LMS - ok
    14:12:41.0652 3392 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    14:12:41.0652 3392 LSI_FC - ok
    14:12:41.0652 3392 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    14:12:41.0662 3392 LSI_SAS - ok
    14:12:41.0662 3392 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    14:12:41.0662 3392 LSI_SAS2 - ok
    14:12:41.0662 3392 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    14:12:41.0662 3392 LSI_SCSI - ok
    14:12:41.0672 3392 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    14:12:41.0672 3392 luafv - ok
    14:12:41.0672 3392 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
    14:12:41.0672 3392 MBAMProtector - ok
    14:12:41.0742 3392 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler e:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    14:12:41.0742 3392 MBAMScheduler - ok
    14:12:41.0752 3392 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService e:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    14:12:41.0762 3392 MBAMService - ok
    14:12:41.0762 3392 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    14:12:41.0762 3392 Mcx2Svc - ok
    14:12:41.0772 3392 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
  5. Alex S

    Alex S Newcomer, in training Topic Starter Posts: 16

    TDSSKILLER part 2

    14:12:41.0772 3392 megasas - ok
    14:12:41.0772 3392 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    14:12:41.0772 3392 MegaSR - ok
    14:12:41.0782 3392 [ 6B01B7414A105B9E51652089A03027CF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
    14:12:41.0782 3392 MEIx64 - ok
    14:12:41.0782 3392 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    14:12:41.0792 3392 MMCSS - ok
    14:12:41.0792 3392 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    14:12:41.0802 3392 Modem - ok
    14:12:41.0812 3392 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    14:12:41.0812 3392 monitor - ok
    14:12:41.0812 3392 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    14:12:41.0812 3392 mouclass - ok
    14:12:41.0822 3392 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    14:12:41.0822 3392 mouhid - ok
    14:12:41.0822 3392 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    14:12:41.0822 3392 mountmgr - ok
    14:12:41.0822 3392 [ 313265CF4F5F02ED927774DA1DB3FE00 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    14:12:41.0822 3392 MozillaMaintenance - ok
    14:12:41.0832 3392 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
    14:12:41.0832 3392 mpio - ok
    14:12:41.0832 3392 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    14:12:41.0832 3392 mpsdrv - ok
    14:12:41.0842 3392 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
    14:12:41.0852 3392 MpsSvc - ok
    14:12:41.0852 3392 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    14:12:41.0852 3392 MRxDAV - ok
    14:12:41.0852 3392 [ CFDCD8CA87C2A657DEBC150AC35B5E08 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    14:12:41.0852 3392 mrxsmb - ok
    14:12:41.0862 3392 [ 1BEE517B220B7F024F411AEC1571DD5A ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    14:12:41.0862 3392 mrxsmb10 - ok
    14:12:41.0862 3392 [ 6B2D5FEF385828B6E485C1C90AFB8195 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    14:12:41.0862 3392 mrxsmb20 - ok
    14:12:41.0872 3392 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
    14:12:41.0872 3392 msahci - ok
    14:12:41.0872 3392 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
    14:12:41.0872 3392 msdsm - ok
    14:12:41.0872 3392 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    14:12:41.0882 3392 MSDTC - ok
    14:12:41.0882 3392 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    14:12:41.0882 3392 Msfs - ok
    14:12:41.0882 3392 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    14:12:41.0882 3392 mshidkmdf - ok
    14:12:41.0882 3392 MSICDSetup - ok
    14:12:41.0892 3392 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
    14:12:41.0892 3392 msisadrv - ok
    14:12:41.0892 3392 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    14:12:41.0892 3392 MSiSCSI - ok
    14:12:41.0902 3392 msiserver - ok
    14:12:41.0902 3392 [ C72ADF8436182E12B1B7E04390CE4C5B ] MSI_SuperCharger C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
    14:12:41.0902 3392 MSI_SuperCharger - ok
    14:12:41.0902 3392 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    14:12:41.0902 3392 MSKSSRV - ok
    14:12:41.0912 3392 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    14:12:41.0912 3392 MSPCLOCK - ok
    14:12:41.0912 3392 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    14:12:41.0912 3392 MSPQM - ok
    14:12:41.0912 3392 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    14:12:41.0922 3392 MsRPC - ok
    14:12:41.0922 3392 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
    14:12:41.0922 3392 mssmbios - ok
    14:12:41.0922 3392 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    14:12:41.0922 3392 MSTEE - ok
    14:12:41.0922 3392 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    14:12:41.0922 3392 MTConfig - ok
    14:12:41.0932 3392 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    14:12:41.0942 3392 Mup - ok
    14:12:41.0942 3392 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
    14:12:41.0952 3392 napagent - ok
    14:12:41.0952 3392 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    14:12:41.0952 3392 NativeWifiP - ok
    14:12:41.0962 3392 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
    14:12:41.0972 3392 NDIS - ok
    14:12:41.0972 3392 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    14:12:41.0972 3392 NdisCap - ok
    14:12:41.0972 3392 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    14:12:41.0972 3392 NdisTapi - ok
    14:12:41.0982 3392 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    14:12:41.0982 3392 Ndisuio - ok
    14:12:41.0982 3392 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    14:12:41.0982 3392 NdisWan - ok
    14:12:41.0982 3392 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    14:12:41.0982 3392 NDProxy - ok
    14:12:41.0992 3392 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    14:12:41.0992 3392 NetBIOS - ok
    14:12:41.0992 3392 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    14:12:41.0992 3392 NetBT - ok
    14:12:41.0992 3392 [ 0793F40B9B8A1BDD266296409DBD91EA ] Netlogon C:\Windows\system32\lsass.exe
    14:12:42.0002 3392 Netlogon - ok
    14:12:42.0002 3392 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    14:12:42.0002 3392 Netman - ok
    14:12:42.0012 3392 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    14:12:42.0012 3392 netprofm - ok
    14:12:42.0012 3392 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    14:12:42.0012 3392 NetTcpPortSharing - ok
    14:12:42.0022 3392 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    14:12:42.0022 3392 nfrd960 - ok
    14:12:42.0022 3392 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
    14:12:42.0022 3392 NlaSvc - ok
    14:12:42.0032 3392 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    14:12:42.0032 3392 Npfs - ok
    14:12:42.0032 3392 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    14:12:42.0032 3392 nsi - ok
    14:12:42.0032 3392 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    14:12:42.0032 3392 nsiproxy - ok
    14:12:42.0052 3392 [ 356698A13C4630D5B31C37378D469196 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    14:12:42.0062 3392 Ntfs - ok
    14:12:42.0062 3392 [ 3F39F013168428C8E505A7B9E6CBA8A2 ] NTIOLib_1_0_3 C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys
    14:12:42.0062 3392 NTIOLib_1_0_3 - ok
    14:12:42.0062 3392 NTIOLib_1_0_C - ok
    14:12:42.0062 3392 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    14:12:42.0062 3392 Null - ok
    14:12:42.0072 3392 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
    14:12:42.0072 3392 NVHDA - ok
    14:12:42.0162 3392 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
    14:12:42.0242 3392 nvlddmkm - ok
    14:12:42.0242 3392 [ 3E38712941E9BB4DDBEE00AFFE3FED3D ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys
    14:12:42.0252 3392 nvraid - ok
    14:12:42.0252 3392 [ 477DC4D6DEB99BE37084C9AC6D013DA1 ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys
    14:12:42.0252 3392 nvstor - ok
    14:12:42.0262 3392 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc C:\Windows\system32\nvvsvc.exe
    14:12:42.0262 3392 nvsvc - ok
    14:12:42.0272 3392 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    14:12:42.0282 3392 nvUpdatusService - ok
    14:12:42.0282 3392 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
    14:12:42.0282 3392 nv_agp - ok
    14:12:42.0292 3392 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
    14:12:42.0292 3392 ohci1394 - ok
    14:12:42.0292 3392 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    14:12:42.0292 3392 p2pimsvc - ok
    14:12:42.0302 3392 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    14:12:42.0302 3392 p2psvc - ok
    14:12:42.0312 3392 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    14:12:42.0312 3392 Parport - ok
    14:12:42.0312 3392 [ 7DAA117143316C4A1537E074A5A9EAF0 ] partmgr C:\Windows\system32\drivers\partmgr.sys
    14:12:42.0312 3392 partmgr - ok
    14:12:42.0322 3392 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    14:12:42.0322 3392 PcaSvc - ok
    14:12:42.0322 3392 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
    14:12:42.0322 3392 pci - ok
    14:12:42.0322 3392 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
    14:12:42.0332 3392 pciide - ok
    14:12:42.0332 3392 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    14:12:42.0332 3392 pcmcia - ok
    14:12:42.0332 3392 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    14:12:42.0332 3392 pcw - ok
    14:12:42.0342 3392 [ 8570C04D9DBFDDD2CCF655DEB4D84715 ] PDFsFilter C:\Windows\system32\DRIVERS\PDFsFilter.sys
    14:12:42.0342 3392 PDFsFilter - ok
    14:12:42.0342 3392 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    14:12:42.0352 3392 PEAUTH - ok
    14:12:42.0362 3392 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
    14:12:42.0372 3392 PeerDistSvc - ok
    14:12:42.0382 3392 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    14:12:42.0382 3392 PerfHost - ok
    14:12:42.0402 3392 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
    14:12:42.0412 3392 pla - ok
    14:12:42.0412 3392 [ 23157D583244400E1D7FBAEE2E4B31B7 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    14:12:42.0422 3392 PlugPlay - ok
    14:12:42.0422 3392 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    14:12:42.0422 3392 PNRPAutoReg - ok
    14:12:42.0422 3392 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    14:12:42.0422 3392 PNRPsvc - ok
    14:12:42.0432 3392 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    14:12:42.0432 3392 PolicyAgent - ok
    14:12:42.0442 3392 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    14:12:42.0442 3392 Power - ok
    14:12:42.0442 3392 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    14:12:42.0442 3392 PptpMiniport - ok
    14:12:42.0452 3392 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
    14:12:42.0452 3392 Processor - ok
    14:12:42.0452 3392 [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc C:\Windows\system32\profsvc.dll
    14:12:42.0452 3392 ProfSvc - ok
    14:12:42.0452 3392 [ 0793F40B9B8A1BDD266296409DBD91EA ] ProtectedStorage C:\Windows\system32\lsass.exe
    14:12:42.0462 3392 ProtectedStorage - ok
    14:12:42.0462 3392 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    14:12:42.0462 3392 Psched - ok
    14:12:42.0472 3392 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    14:12:42.0482 3392 ql2300 - ok
    14:12:42.0482 3392 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    14:12:42.0482 3392 ql40xx - ok
    14:12:42.0492 3392 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    14:12:42.0492 3392 QWAVE - ok
    14:12:42.0492 3392 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    14:12:42.0492 3392 QWAVEdrv - ok
    14:12:42.0502 3392 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    14:12:42.0502 3392 RasAcd - ok
    14:12:42.0502 3392 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    14:12:42.0502 3392 RasAgileVpn - ok
    14:12:42.0502 3392 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    14:12:42.0502 3392 RasAuto - ok
    14:12:42.0512 3392 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    14:12:42.0512 3392 Rasl2tp - ok
    14:12:42.0512 3392 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
    14:12:42.0512 3392 RasMan - ok
    14:12:42.0522 3392 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    14:12:42.0522 3392 RasPppoe - ok
    14:12:42.0522 3392 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    14:12:42.0522 3392 RasSstp - ok
    14:12:42.0532 3392 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    14:12:42.0532 3392 rdbss - ok
    14:12:42.0532 3392 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    14:12:42.0532 3392 rdpbus - ok
    14:12:42.0532 3392 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    14:12:42.0532 3392 RDPCDD - ok
    14:12:42.0542 3392 [ 9706B84DBABFC4B4CA46C5A82B14DFA3 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
    14:12:42.0542 3392 RDPDR - ok
    14:12:42.0542 3392 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    14:12:42.0542 3392 RDPENCDD - ok
    14:12:42.0542 3392 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    14:12:42.0542 3392 RDPREFMP - ok
    14:12:42.0542 3392 [ 8A3E6BEA1C53EA6177FE2B6EBA2C80D7 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    14:12:42.0552 3392 RDPWD - ok
    14:12:42.0552 3392 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    14:12:42.0552 3392 rdyboost - ok
    14:12:42.0552 3392 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    14:12:42.0552 3392 RemoteAccess - ok
    14:12:42.0562 3392 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    14:12:42.0562 3392 RemoteRegistry - ok
    14:12:42.0562 3392 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    14:12:42.0562 3392 RpcEptMapper - ok
    14:12:42.0562 3392 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    14:12:42.0572 3392 RpcLocator - ok
    14:12:42.0572 3392 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
    14:12:42.0572 3392 RpcSs - ok
    14:12:42.0582 3392 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    14:12:42.0582 3392 rspndr - ok
    14:12:42.0582 3392 [ 39A719875F572241C585A629EE62EB14 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
    14:12:42.0592 3392 RTL8167 - ok
    14:12:42.0592 3392 [ 88AF6E02AB19DF7FD07ECDF9C91E9AF6 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
    14:12:42.0592 3392 s3cap - ok
    14:12:42.0592 3392 [ 0793F40B9B8A1BDD266296409DBD91EA ] SamSs C:\Windows\system32\lsass.exe
    14:12:42.0592 3392 SamSs - ok
    14:12:42.0602 3392 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
    14:12:42.0602 3392 sbp2port - ok
    14:12:42.0602 3392 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    14:12:42.0602 3392 SCardSvr - ok
    14:12:42.0602 3392 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    14:12:42.0602 3392 scfilter - ok
    14:12:42.0612 3392 [ EC56B171F85C7E855E7B0588AC503EEA ] Schedule C:\Windows\system32\schedsvc.dll
    14:12:42.0622 3392 Schedule - ok
    14:12:42.0622 3392 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
    14:12:42.0622 3392 SCPolicySvc - ok
    14:12:42.0632 3392 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    14:12:42.0632 3392 SDRSVC - ok
    14:12:42.0632 3392 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    14:12:42.0632 3392 secdrv - ok
    14:12:42.0632 3392 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
    14:12:42.0642 3392 seclogon - ok
    14:12:42.0642 3392 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
    14:12:42.0642 3392 SENS - ok
    14:12:42.0642 3392 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    14:12:42.0642 3392 SensrSvc - ok
    14:12:42.0642 3392 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    14:12:42.0652 3392 Serenum - ok
    14:12:42.0652 3392 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    14:12:42.0652 3392 Serial - ok
    14:12:42.0652 3392 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    14:12:42.0652 3392 sermouse - ok
    14:12:42.0662 3392 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
    14:12:42.0662 3392 SessionEnv - ok
    14:12:42.0662 3392 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
    14:12:42.0662 3392 sffdisk - ok
    14:12:42.0662 3392 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
    14:12:42.0662 3392 sffp_mmc - ok
    14:12:42.0662 3392 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
    14:12:42.0662 3392 sffp_sd - ok
    14:12:42.0672 3392 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    14:12:42.0672 3392 sfloppy - ok
    14:12:42.0672 3392 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
    14:12:42.0672 3392 SharedAccess - ok
    14:12:42.0682 3392 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    14:12:42.0682 3392 ShellHWDetection - ok
    14:12:42.0682 3392 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    14:12:42.0682 3392 SiSRaid2 - ok
    14:12:42.0692 3392 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    14:12:42.0692 3392 SiSRaid4 - ok
    14:12:42.0692 3392 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    14:12:42.0692 3392 Smb - ok
    14:12:42.0692 3392 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    14:12:42.0692 3392 SNMPTRAP - ok
    14:12:42.0702 3392 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    14:12:42.0702 3392 spldr - ok
    14:12:42.0702 3392 [ 89E8550C5862999FCF482EA562B0E98E ] Spooler C:\Windows\System32\spoolsv.exe
    14:12:42.0712 3392 Spooler - ok
    14:12:42.0732 3392 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
    14:12:42.0752 3392 sppsvc - ok
    14:12:42.0762 3392 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    14:12:42.0762 3392 sppuinotify - ok
    14:12:42.0762 3392 [ EC8F67289105BF270498095F14963464 ] srv C:\Windows\system32\DRIVERS\srv.sys
    14:12:42.0772 3392 srv - ok
    14:12:42.0772 3392 [ F773D2ED090B7BAA1C1A034F3CA476C8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    14:12:42.0772 3392 srv2 - ok
    14:12:42.0782 3392 [ 26E84D3649019C3244622E654DFCD75B ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    14:12:42.0782 3392 srvnet - ok
    14:12:42.0782 3392 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    14:12:42.0782 3392 SSDPSRV - ok
    14:12:42.0792 3392 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    14:12:42.0792 3392 SstpSvc - ok
    14:12:42.0792 3392 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    14:12:42.0792 3392 Stereo Service - ok
    14:12:42.0802 3392 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    14:12:42.0802 3392 stexstor - ok
    14:12:42.0802 3392 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
    14:12:42.0812 3392 stisvc - ok
    14:12:42.0812 3392 [ FFD7A6F15B14234B5B0E5D49E7961895 ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
    14:12:42.0812 3392 storflt - ok
    14:12:42.0812 3392 [ 8FCCBEFC5C440B3C23454656E551B09A ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
    14:12:42.0812 3392 storvsc - ok
    14:12:42.0822 3392 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
    14:12:42.0822 3392 swenum - ok
    14:12:42.0822 3392 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    14:12:42.0832 3392 swprv - ok
    14:12:42.0842 3392 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
    14:12:42.0852 3392 SysMain - ok
    14:12:42.0852 3392 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
    14:12:42.0852 3392 TabletInputService - ok
    14:12:42.0862 3392 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
    14:12:42.0862 3392 TapiSrv - ok
    14:12:42.0862 3392 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    14:12:42.0872 3392 TBS - ok
    14:12:42.0882 3392 [ 912107716BAB424C7870E8E6AF5E07E1 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    14:12:42.0892 3392 Tcpip - ok
    14:12:42.0902 3392 [ 912107716BAB424C7870E8E6AF5E07E1 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    14:12:42.0912 3392 TCPIP6 - ok
    14:12:42.0912 3392 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    14:12:42.0912 3392 tcpipreg - ok
    14:12:42.0922 3392 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    14:12:42.0922 3392 TDPIPE - ok
    14:12:42.0922 3392 [ E4245BDA3190A582D55ED09E137401A9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    14:12:42.0922 3392 TDTCP - ok
    14:12:42.0922 3392 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    14:12:42.0922 3392 tdx - ok
    14:12:42.0932 3392 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
    14:12:42.0932 3392 TermDD - ok
    14:12:42.0932 3392 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
    14:12:42.0942 3392 TermService - ok
    14:12:42.0942 3392 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    14:12:42.0942 3392 Themes - ok
    14:12:42.0942 3392 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    14:12:42.0952 3392 THREADORDER - ok
    14:12:42.0952 3392 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    14:12:42.0962 3392 TrkWks - ok
    14:12:42.0972 3392 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    14:12:42.0972 3392 TrustedInstaller - ok
    14:12:42.0972 3392 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    14:12:42.0972 3392 tssecsrv - ok
    14:12:42.0982 3392 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    14:12:42.0982 3392 tunnel - ok
    14:12:42.0982 3392 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    14:12:42.0982 3392 uagp35 - ok
    14:12:42.0982 3392 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    14:12:42.0992 3392 udfs - ok
    14:12:42.0992 3392 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    14:12:42.0992 3392 UI0Detect - ok
    14:12:42.0992 3392 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
    14:12:42.0992 3392 uliagpkx - ok
    14:12:43.0002 3392 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    14:12:43.0002 3392 umbus - ok
    14:12:43.0002 3392 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    14:12:43.0002 3392 UmPass - ok
    14:12:43.0002 3392 [ AF0AC98EE5077EB844413EB54287FDE3 ] UmRdpService C:\Windows\System32\umrdp.dll
    14:12:43.0002 3392 UmRdpService - ok
    14:12:43.0012 3392 [ F76057596EF65049869098677AB72C30 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    14:12:43.0012 3392 UNS - ok
    14:12:43.0022 3392 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    14:12:43.0022 3392 upnphost - ok
    14:12:43.0022 3392 [ B26AFB54A534D634523C4FB66765B026 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    14:12:43.0022 3392 usbccgp - ok
    14:12:43.0022 3392 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
    14:12:43.0032 3392 usbcir - ok
    14:12:43.0032 3392 [ 2EA4AFF7BE7EB4632E3AA8595B0803B5 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    14:12:43.0032 3392 usbehci - ok
    14:12:43.0032 3392 [ 4C9042B8DF86C1E8E6240C218B99B39B ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    14:12:43.0032 3392 usbhub - ok
    14:12:43.0042 3392 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
    14:12:43.0042 3392 usbohci - ok
    14:12:43.0052 3392 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    14:12:43.0052 3392 usbprint - ok
    14:12:43.0062 3392 [ 080D3820DA6C046BE82FC8B45A893E83 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    14:12:43.0062 3392 USBSTOR - ok
    14:12:43.0072 3392 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
    14:12:43.0072 3392 usbuhci - ok
    14:12:43.0072 3392 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    14:12:43.0082 3392 UxSms - ok
    14:12:43.0082 3392 [ 0793F40B9B8A1BDD266296409DBD91EA ] VaultSvc C:\Windows\system32\lsass.exe
    14:12:43.0082 3392 VaultSvc - ok
    14:12:43.0082 3392 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
    14:12:43.0082 3392 vdrvroot - ok
    14:12:43.0092 3392 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
    14:12:43.0092 3392 vds - ok
    14:12:43.0092 3392 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    14:12:43.0092 3392 vga - ok
    14:12:43.0092 3392 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    14:12:43.0102 3392 VgaSave - ok
    14:12:43.0102 3392 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
    14:12:43.0102 3392 vhdmp - ok
    14:12:43.0102 3392 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
    14:12:43.0102 3392 viaide - ok
    14:12:43.0112 3392 [ 1501699D7EDA984ABC4155A7DA5738D1 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
    14:12:43.0112 3392 vmbus - ok
    14:12:43.0112 3392 [ AE10C35761889E65A6F7176937C5592C ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
    14:12:43.0112 3392 VMBusHID - ok
    14:12:43.0112 3392 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
    14:12:43.0112 3392 volmgr - ok
    14:12:43.0122 3392 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    14:12:43.0122 3392 volmgrx - ok
    14:12:43.0132 3392 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
    14:12:43.0132 3392 volsnap - ok
    14:12:43.0132 3392 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    14:12:43.0132 3392 vsmraid - ok
    14:12:43.0142 3392 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
    14:12:43.0152 3392 VSS - ok
    14:12:43.0162 3392 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
    14:12:43.0162 3392 vwifibus - ok
    14:12:43.0162 3392 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    14:12:43.0162 3392 W32Time - ok
    14:12:43.0172 3392 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    14:12:43.0172 3392 WacomPen - ok
    14:12:43.0172 3392 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    14:12:43.0172 3392 WANARP - ok
    14:12:43.0172 3392 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    14:12:43.0172 3392 Wanarpv6 - ok
    14:12:43.0182 3392 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
    14:12:43.0192 3392 wbengine - ok
    14:12:43.0202 3392 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    14:12:43.0202 3392 WbioSrvc - ok
    14:12:43.0212 3392 [ 8321C2CA3B62B61B293CDA3451984468 ] wcncsvc C:\Windows\System32\wcncsvc.dll
    14:12:43.0212 3392 wcncsvc - ok
    14:12:43.0212 3392 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    14:12:43.0212 3392 WcsPlugInService - ok
    14:12:43.0212 3392 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
    14:12:43.0212 3392 Wd - ok
    14:12:43.0222 3392 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    14:12:43.0222 3392 Wdf01000 - ok
    14:12:43.0232 3392 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    14:12:43.0232 3392 WdiServiceHost - ok
    14:12:43.0232 3392 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    14:12:43.0232 3392 WdiSystemHost - ok
    14:12:43.0242 3392 [ 8A438CBB8C032A0C798B0C642FFBE572 ] WebClient C:\Windows\System32\webclnt.dll
    14:12:43.0242 3392 WebClient - ok
    14:12:43.0242 3392 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    14:12:43.0242 3392 Wecsvc - ok
    14:12:43.0252 3392 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    14:12:43.0252 3392 wercplsupport - ok
    14:12:43.0252 3392 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    14:12:43.0252 3392 WerSvc - ok
    14:12:43.0252 3392 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    14:12:43.0252 3392 WfpLwf - ok
    14:12:43.0262 3392 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    14:12:43.0262 3392 WIMMount - ok
    14:12:43.0262 3392 WinDefend - ok
    14:12:43.0262 3392 WinHttpAutoProxySvc - ok
    14:12:43.0272 3392 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    14:12:43.0272 3392 Winmgmt - ok
    14:12:43.0282 3392 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
    14:12:43.0302 3392 WinRM - ok
    14:12:43.0312 3392 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    14:12:43.0312 3392 Wlansvc - ok
    14:12:43.0312 3392 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
    14:12:43.0312 3392 WmiAcpi - ok
    14:12:43.0322 3392 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    14:12:43.0322 3392 wmiApSrv - ok
    14:12:43.0322 3392 WMPNetworkSvc - ok
    14:12:43.0322 3392 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    14:12:43.0332 3392 WPCSvc - ok
    14:12:43.0332 3392 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    14:12:43.0332 3392 WPDBusEnum - ok
    14:12:43.0332 3392 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    14:12:43.0332 3392 ws2ifsl - ok
    14:12:43.0332 3392 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
    14:12:43.0342 3392 wscsvc - ok
    14:12:43.0342 3392 WSearch - ok
    14:12:43.0362 3392 [ 38340204A2D0228F1E87740FC5E554A7 ] wuauserv C:\Windows\system32\wuaueng.dll
    14:12:43.0372 3392 wuauserv - ok
    14:12:43.0372 3392 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    14:12:43.0372 3392 WudfPf - ok
    14:12:43.0382 3392 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    14:12:43.0382 3392 wudfsvc - ok
    14:12:43.0382 3392 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    14:12:43.0382 3392 WwanSvc - ok
    14:12:43.0392 3392 ================ Scan global ===============================
    14:12:43.0392 3392 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    14:12:43.0392 3392 [ 457B44AB6D502E55F64A867D4F35C76C ] C:\Windows\system32\winsrv.dll
    14:12:43.0402 3392 [ 457B44AB6D502E55F64A867D4F35C76C ] C:\Windows\system32\winsrv.dll
    14:12:43.0402 3392 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    14:12:43.0402 3392 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    14:12:43.0412 3392 [Global] - ok
    14:12:43.0412 3392 ================ Scan MBR ==================================
    14:12:43.0412 3392 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    14:12:43.0412 3392 Suspicious mbr (Forged): \Device\Harddisk0\DR0
    14:12:43.0412 3392 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
    14:12:43.0412 3392 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
    14:12:43.0412 3392 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
    14:12:43.0522 3392 \Device\Harddisk1\DR1 - ok
    14:12:43.0522 3392 ================ Scan VBR ==================================
    14:12:43.0522 3392 [ 6197972F2E37AE4E88D046AFA7AEA105 ] \Device\Harddisk0\DR0\Partition1
    14:12:43.0522 3392 \Device\Harddisk0\DR0\Partition1 - ok
    14:12:43.0522 3392 [ CF65ECF4D98FF802068CDDD5F15C0A5A ] \Device\Harddisk0\DR0\Partition2
    14:12:43.0522 3392 \Device\Harddisk0\DR0\Partition2 - ok
    14:12:43.0532 3392 [ 66C027ED150FF3EA9B5D6832D310EE93 ] \Device\Harddisk1\DR1\Partition1
    14:12:43.0532 3392 \Device\Harddisk1\DR1\Partition1 - ok
    14:12:43.0532 3392 [ 2C2237AB4826940AF1AF6D69F302997A ] \Device\Harddisk1\DR1\Partition2
    14:12:43.0532 3392 \Device\Harddisk1\DR1\Partition2 - ok
    14:12:43.0532 3392 ============================================================
    14:12:43.0532 3392 Scan finished
    14:12:43.0532 3392 ============================================================
    14:12:43.0542 3500 Detected object count: 1
    14:12:43.0542 3500 Actual detected object count: 1
    14:13:08.0610 3500 \Device\Harddisk0\DR0\# - copied to quarantine
    14:13:08.0610 3500 \Device\Harddisk0\DR0 - copied to quarantine
    14:13:08.0657 3500 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
    14:13:08.0657 3500 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
    14:13:08.0672 3500 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
    14:13:08.0688 3500 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
    14:13:08.0688 3500 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
    14:13:08.0688 3500 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
    14:13:08.0688 3500 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
    14:13:08.0688 3500 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
    14:13:08.0688 3500 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
    14:13:08.0688 3500 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
    14:13:08.0703 3500 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
    14:13:08.0703 3500 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
    14:13:08.0703 3500 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
    14:13:08.0703 3500 \Device\Harddisk0\DR0 - ok
    14:13:08.0844 3500 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
    14:13:10.0076 3792 Deinitialize success
  6. Broni

    Broni Malware Annihilator Posts: 45,316   +243

    Good :)

    Re-run MBAM and post new log.

    Next....

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ===============================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
  7. Alex S

    Alex S Newcomer, in training Topic Starter Posts: 16

    MBAM

    Malwarebytes Anti-Malware (Trial) 1.65.1.1000
    www.malwarebytes.org

    Database version: v2012.11.22.09

    Windows 7 x64 NTFS
    Internet Explorer 8.0.7600.16385
    Alex :: ALEX-PC [administrator]

    Protection: Enabled

    11/22/2012 3:00:59 PM
    mbam-log-2012-11-22 (15-06-34).txt

    Scan type: Full scan (C:\|E:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 318424
    Time elapsed: 4 minute(s), 49 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\TDSSKiller_Quarantine\22.11.2012_14.12.38\mbr0000\tdlfs0000\tsk0002.dta (Trojan.Agent.MRGGen) -> No action taken.

    (end)

    Rogue Killer

    RogueKiller V8.3.1 [Nov 22 2012] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System: Windows 7 (6.1.7600 ) 64 bits version
    Started in : Normal mode
    User : Alex [Admin rights]
    Mode : Scan -- Date : 11/22/2012 15:07:13

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 2 ¤¤¤
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts



    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: M4-CT064M4SSD2 ATA Device +++++
    --- User ---
    [MBR] 6c19300056483f2afe423fd3dcde27d9
    [BSP] 046b6dc81e7199556b9cb914887a6015 : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 60955 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: WDC WD5000AAKX-00ERMA0 ATA Device +++++
    --- User ---
    [MBR] 4015854fccac8ddb89cd5172f2eb9b6b
    [BSP] 27eace912b215209a73edb9c7a21c975 : Windows 7/8 MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 300000 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 614402048 | Size: 100 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1]_S_11222012_02d1507.txt >>
    RKreport[1]_S_11222012_02d1507.txt

    aswMBR

    aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
    Run date: 2012-11-22 15:09:55
    -----------------------------
    15:09:55.720 OS Version: Windows x64 6.1.7600
    15:09:55.720 Number of processors: 8 586 0x2A07
    15:09:55.720 ComputerName: ALEX-PC UserName: Alex
    15:09:56.280 Initialize success
    15:10:36.194 AVAST engine defs: 12112201
    15:11:22.068 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
    15:11:22.068 Disk 0 Vendor: M4-CT064M4SSD2 000F Size: 61057MB BusType: 11
    15:11:22.068 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-2
    15:11:22.068 Disk 1 Vendor: WDC_WD5000AAKX-00ERMA0 15.01H15 Size: 476940MB BusType: 11
    15:11:22.068 Disk 0 MBR read successfully
    15:11:22.068 Disk 0 MBR scan
    15:11:22.084 Disk 0 Windows 7 default MBR code
    15:11:22.084 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    15:11:22.084 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 60955 MB offset 206848
    15:11:22.099 Disk 0 scanning C:\Windows\system32\drivers
    15:11:23.948 Service scanning
    15:11:28.547 Modules scanning
    15:11:28.547 Disk 0 trace - called modules:
    15:11:28.547 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
    15:11:28.563 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800d963060]
    15:11:28.563 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa800d5df680]
    15:11:29.047 AVAST engine scan C:\Windows
    15:11:29.281 AVAST engine scan C:\Windows\system32
    15:12:04.322 AVAST engine scan C:\Windows\system32\drivers
    15:12:06.436 AVAST engine scan C:\Users\Alex
    15:12:08.667 AVAST engine scan C:\ProgramData
    15:12:09.041 Scan finished successfully
    15:12:34.303 Disk 0 MBR has been saved successfully to "C:\Users\Alex\Desktop\MBR.dat"
    15:12:34.303 The log file has been saved successfully to "C:\Users\Alex\Desktop\aswMBR.txt"
  8. Broni

    Broni Malware Annihilator Posts: 45,316   +243

    Good :)

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    ===============================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
  9. Alex S

    Alex S Newcomer, in training Topic Starter Posts: 16

    ComboFox

    ComboFix 12-11-22.03 - Alex 11/22/2012 15:25:37.1.8 - x64
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.16337.13010 [GMT -5:00]
    Running from: e:\downloads\ComboFix.exe
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    E:\install.exe
    E:\setup.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-10-22 to 2012-11-22 )))))))))))))))))))))))))))))))
    .
    .
    2012-11-22 20:49 . 2012-11-22 17:54 -------- d-----w- c:\windows\Panther
    2012-11-22 20:26 . 2012-11-22 20:26 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-11-22 19:13 . 2012-11-22 19:13 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-11-22 19:11 . 2008-07-31 15:41 68616 ----a-w- c:\windows\SysWow64\XAPOFX1_1.dll
    2012-11-22 19:11 . 2008-07-31 15:40 509448 ----a-w- c:\windows\SysWow64\XAudio2_2.dll
    2012-11-22 19:11 . 2008-07-12 13:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
    2012-11-22 19:11 . 2008-07-12 13:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
    2012-11-22 19:11 . 2008-07-12 13:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
    2012-11-22 18:34 . 2012-11-22 18:36 -------- d-----w- c:\programdata\PMB Files
    2012-11-22 18:34 . 2012-11-22 18:34 -------- d-----w- c:\program files (x86)\Pando Networks
    2012-11-22 18:33 . 2012-11-22 18:33 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-11-22 18:33 . 2012-11-22 18:33 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-11-22 18:33 . 2012-11-22 18:33 -------- d-----w- c:\windows\SysWow64\Macromed
    2012-11-22 18:33 . 2012-11-22 18:33 -------- d-----w- c:\windows\system32\Macromed
    2012-11-22 18:26 . 2012-11-19 06:01 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CF6DD7CA-0871-4656-8F02-8D8ED97EA5EC}\mpengine.dll
    2012-11-22 18:26 . 2012-05-31 17:25 279656 ------w- c:\windows\system32\MpSigStub.exe
    2012-11-22 18:25 . 2012-11-22 18:25 -------- d-----w- c:\programdata\Malwarebytes
    2012-11-22 18:25 . 2012-09-30 00:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-11-22 18:15 . 2012-11-22 18:15 -------- d-----w- c:\program files (x86)\iolo
    2012-11-22 18:15 . 2012-10-19 15:01 57144 ----a-w- c:\windows\system32\iolobtdfg.exe
    2012-11-22 18:15 . 2012-10-19 15:01 25744 ----a-w- c:\windows\system32\smrgdf.exe
    2012-11-22 18:15 . 2012-10-19 14:43 2155248 ----a-w- c:\windows\system32\Incinerator64.dll
    2012-11-22 18:15 . 2012-10-19 14:43 2097032 ----a-w- c:\windows\SysWow64\Incinerator32.dll
    2012-11-22 18:15 . 2012-10-19 14:38 82160 ----a-w- c:\windows\system32\drivers\PDFsFilter.sys
    2012-11-22 18:15 . 2012-10-19 14:38 69000 ----a-w- c:\windows\system32\offreg.dll
    2012-11-22 18:15 . 2012-10-19 14:38 56200 ----a-w- c:\windows\SysWow64\offreg.dll
    2012-11-22 18:14 . 2012-10-19 14:38 30752 ----a-w- c:\windows\system32\drivers\ElRawDsk.sys
    2012-11-22 18:14 . 2012-11-22 18:14 74703 ----a-w- c:\windows\SysWow64\mfc45.dat
    2012-11-22 18:14 . 2012-11-22 19:13 -------- d-----w- c:\programdata\iolo
    2012-11-22 18:12 . 2012-11-22 18:12 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
    2012-11-22 18:09 . 2010-02-23 12:46 23680 ----a-w- c:\windows\system32\drivers\IOMap64.sys
    2012-11-22 18:08 . 2012-11-22 18:08 -------- d-----w- c:\program files (x86)\ASUS
    2012-11-22 18:08 . 2012-11-22 18:08 -------- d-----w- c:\windows\Downloaded Installations
    2012-11-22 18:06 . 2012-05-15 10:48 364352 ----a-w- c:\windows\system32\nvdecodemft.dll
    2012-11-22 18:06 . 2012-05-15 10:48 301376 ----a-w- c:\windows\SysWow64\nvdecodemft.dll
    2012-11-22 18:06 . 2012-10-02 22:21 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll
    2012-11-22 18:06 . 2012-10-02 22:21 2731880 ----a-w- c:\windows\system32\nvapi64.dll
    2012-11-22 18:06 . 2012-10-02 22:21 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll
    2012-11-22 18:06 . 2012-11-22 18:29 -------- d-----w- c:\program files\NVIDIA Corporation
    2012-11-22 18:00 . 2012-11-22 18:00 -------- d-----w- c:\program files (x86)\MSI
    2012-11-22 18:00 . 2012-02-26 19:01 16152 ----a-w- c:\windows\system32\drivers\iusb3hcs.sys
    2012-11-22 17:59 . 2012-02-26 19:01 788760 ----a-w- c:\windows\system32\drivers\iusb3xhc.sys
    2012-11-22 17:59 . 2012-02-26 19:01 356120 ----a-w- c:\windows\system32\drivers\iusb3hub.sys
    2012-11-22 17:57 . 2011-12-06 20:55 53248 ----a-w- c:\windows\SysWow64\CSVer.dll
    2012-11-22 17:54 . 2012-11-22 18:34 -------- d-----w- c:\users\Alex
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-10-02 18:15 . 2012-10-02 18:15 430952 ----a-w- c:\windows\SysWow64\nvStreaming.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
    "Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2012-11-22 3093624]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-26 291608]
    "Super-Charger"="c:\program files (x86)\MSI\Super-Charger\Super-Charger.exe" [2012-01-03 502288]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
    @="Service"
    .
    R2 ASGT;ASGT;c:\windows\SysWOW64\ASGT.exe [2012-01-17 55296]
    R2 MBAMService;MBAMService;e:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]
    R3 MSICDSetup;MSICDSetup;F:\CDriver64.sys [x]
    R3 NTIOLib_1_0_C;NTIOLib_1_0_C;F:\NTIOLib_X64.sys [x]
    S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-02-26 16152]
    S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2012-10-19 30752]
    S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-03 628448]
    S2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2012-10-19 1028464]
    S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-03-15 162648]
    S2 MBAMScheduler;MBAMScheduler;e:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]
    S2 MSI_SuperCharger;MSI_SuperCharger;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe [2012-01-03 138768]
    S2 PDFsFilter;PDFsFilter;c:\windows\system32\DRIVERS\PDFsFilter.sys [2012-10-19 82160]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-03-15 362840]
    S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]
    S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-02-26 356120]
    S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-02-26 788760]
    S3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [2010-01-18 14136]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-02-16 676968]
    S4 IOMap;IOMap;c:\windows\system32\drivers\IOMap64.sys [2010-02-23 23680]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - 49871409
    *NewlyCreated* - ASWMBR
    *Deregistered* - 49871409
    *Deregistered* - aswMBR
    .
    .
    --------- X64 Entries -----------
    .
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\xjzmhujg.default\
    FF - prefs.js: browser.startup.homepage - google.com
    .
    - - - - ORPHANS REMOVED - - - -
    .
    SafeBoot-49871409.sys
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-11-22 15:28:24
    ComboFix-quarantined-files.txt 2012-11-22 20:28
    .
    Pre-Run: 11,475,820,544 bytes free
    Post-Run: 13,456,850,944 bytes free
    .
    - - End Of File - - 5744B378492E50BB8C8D948856636E99
  10. Broni

    Broni Malware Annihilator Posts: 45,316   +243

    Looks good.

    Any current issues?

    ============================

    I don't see any AV program running.
    Install ONE of these:

    - Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html

    - free Microsoft Security Essentials: http://windows.microsoft.com/en-GB/windows/products/security-essentials
    Note for Windows 8 users: Microsoft Security Essentials comes preinstalled and renamed as Windows Defender.
    You can keep it or you have to disable it before installing another AV program. How to...

    - free Comodo Antivirus: http://www.comodo.com/home/internet-security/antivirus.php

    ==============================

    Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    Next...

    • Double click on adwcleaner.exe to run the tool.
    • Click on Uninstall.
    • Confirm with yes.

    ================================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  11. Alex S

    Alex S Newcomer, in training Topic Starter Posts: 16

    AdwCleaner

    # AdwCleaner v2.008 - Logfile created 11/22/2012 at 15:52:54
    # Updated 17/11/2012 by Xplode
    # Operating system : Windows 7 Ultimate (64 bits)
    # User : Alex - ALEX-PC
    # Boot Mode : Normal
    # Running from : E:\Downloads\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****


    ***** [Registry] *****


    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.7600.16385

    [OK] Registry is clean.

    -\\ Mozilla Firefox v17.0 (en-US)

    Profile name : default
    File : C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\xjzmhujg.default\prefs.js

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [661 octets] - [22/11/2012 15:52:54]

    ########## EOF - C:\AdwCleaner[S1].txt - [720 octets] ##########
  12. Alex S

    Alex S Newcomer, in training Topic Starter Posts: 16

    OTL

    OTL logfile created on: 11/22/2012 3:55:30 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = E:\Downloads
    64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    15.95 Gb Total Physical Memory | 14.30 Gb Available Physical Memory | 89.62% Memory free
    31.91 Gb Paging File | 30.23 Gb Available in Paging File | 94.74% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 59.53 Gb Total Space | 12.04 Gb Free Space | 20.22% Space Free | Partition Type: NTFS
    Drive E: | 292.97 Gb Total Space | 237.08 Gb Free Space | 80.92% Space Free | Partition Type: NTFS
    Drive F: | 917.13 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: ALEX-PC | User Name: Alex | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/11/22 15:54:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\Downloads\OTL.exe
    PRC - [2012/11/22 13:34:36 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    PRC - [2012/10/30 18:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2012/10/30 18:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2012/10/19 09:41:16 | 001,028,464 | ---- | M] (iolo technologies, LLC) -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
    PRC - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- e:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- e:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- e:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    PRC - [2012/03/14 23:48:06 | 000,162,648 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
    PRC - [2012/02/26 14:01:56 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    PRC - [2012/01/17 11:24:10 | 000,055,296 | ---- | M] () -- C:\Windows\SysWOW64\ASGT.exe
    PRC - [2012/01/03 13:34:20 | 000,138,768 | ---- | M] (MSI) -- C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
    PRC - [2012/01/03 13:34:16 | 000,502,288 | ---- | M] (MSI) -- C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/11/22 13:34:36 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe


    ========== Services (SafeList) ==========

    SRV:64bit: - [2012/10/30 18:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV:64bit: - [2012/02/02 22:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
    SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2012/11/20 01:17:34 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/10/19 09:41:16 | 001,028,464 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
    SRV - [2012/10/02 17:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- e:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- e:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2012/03/14 23:48:22 | 000,362,840 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2012/03/14 23:48:20 | 000,276,824 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2012/03/14 23:48:06 | 000,162,648 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
    SRV - [2012/01/17 11:24:10 | 000,055,296 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\ASGT.exe -- (ASGT)
    SRV - [2012/01/03 13:34:20 | 000,138,768 | ---- | M] (MSI) [Auto | Running] -- C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe -- (MSI_SuperCharger)
    SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/10/30 18:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
    DRV:64bit: - [2012/10/30 18:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
    DRV:64bit: - [2012/10/30 18:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
    DRV:64bit: - [2012/10/30 18:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2012/10/30 18:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV:64bit: - [2012/10/19 09:38:26 | 000,082,160 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\PDFsFilter.sys -- (PDFsFilter)
    DRV:64bit: - [2012/10/19 09:38:24 | 000,030,752 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElRawDsk.sys -- (ElRawDisk)
    DRV:64bit: - [2012/10/15 11:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
    DRV:64bit: - [2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/07/03 10:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
    DRV:64bit: - [2012/02/26 14:01:00 | 000,788,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
    DRV:64bit: - [2012/02/26 14:01:00 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
    DRV:64bit: - [2012/02/26 14:01:00 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
    DRV:64bit: - [2012/02/16 00:42:00 | 000,676,968 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2011/11/09 13:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
    DRV:64bit: - [2011/05/18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
    DRV:64bit: - [2010/02/23 07:46:36 | 000,023,680 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | Disabled | Running] -- C:\Windows\SysNative\drivers\IOMap64.sys -- (IOMap)
    DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009/07/13 20:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2010/01/18 10:36:44 | 000,014,136 | ---- | M] (MSI) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys -- (NTIOLib_1_0_3)
    DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-2241952542-3978117324-1811684901-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-2241952542-3978117324-1811684901-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 07 D9 56 C7 DC C8 CD 01 [binary data]
    IE - HKU\S-1-5-21-2241952542-3978117324-1811684901-1000\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-2241952542-3978117324-1811684901-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-2241952542-3978117324-1811684901-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-2241952542-3978117324-1811684901-1001\..\SearchScopes,DefaultScope =

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "google.com"
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
    FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/11/22 15:50:37 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/22 13:12:11 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

    [2012/11/22 13:12:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Extensions
    [2012/11/22 13:12:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/11/20 01:17:52 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/11/20 01:17:14 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/11/20 01:17:14 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2012/11/22 15:26:59 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [Super-Charger] C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe (MSI)
    O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
    O4 - HKU\S-1-5-21-2241952542-3978117324-1811684901-1000..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
    O4 - HKU\S-1-5-21-2241952542-3978117324-1811684901-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-2241952542-3978117324-1811684901-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2241952542-3978117324-1811684901-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2241952542-3978117324-1811684901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-2241952542-3978117324-1811684901-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O13 - gopher Prefix: missing
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{13DAF992-5B15-4BB3-B20C-3423E1ACBE4B}: DhcpNameServer = 192.168.1.1
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2009/07/12 11:29:36 | 000,000,050 | R--- | M] () - F:\AutoRun.inf -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/11/22 15:53:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/11/22 15:50:45 | 000,984,144 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
    [2012/11/22 15:50:45 | 000,370,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
    [2012/11/22 15:50:45 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
    [2012/11/22 15:50:45 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
    [2012/11/22 15:50:45 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
    [2012/11/22 15:50:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
    [2012/11/22 15:50:44 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
    [2012/11/22 15:50:44 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2012/11/22 15:50:39 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
    [2012/11/22 15:50:33 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
    [2012/11/22 15:50:33 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
    [2012/11/22 15:50:25 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2012/11/22 15:50:25 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2012/11/22 15:49:58 | 000,000,000 | ---D | C] -- C:\Windows\Panther
    [2012/11/22 15:25:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/11/22 15:25:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/11/22 15:25:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/11/22 15:24:42 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/11/22 15:24:37 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/11/22 15:01:51 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\RK_Quarantine
    [2012/11/22 14:13:08 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/11/22 14:12:13 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\LolClient
    [2012/11/22 14:11:28 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\tdsskiller
    [2012/11/22 14:09:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
    [2012/11/22 13:37:02 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Alex\Desktop\dds.com
    [2012/11/22 13:36:49 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\League of Legends
    [2012/11/22 13:35:07 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Macromedia
    [2012/11/22 13:35:07 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\Macromedia
    [2012/11/22 13:35:07 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Adobe
    [2012/11/22 13:34:38 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\PMB Files
    [2012/11/22 13:34:38 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
    [2012/11/22 13:34:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
    [2012/11/22 13:34:27 | 000,000,000 | ---D | C] -- C:\Users\Alex\.swt
    [2012/11/22 13:33:46 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
    [2012/11/22 13:33:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
    [2012/11/22 13:29:06 | 000,000,000 | ---D | C] -- C:\NVIDIA
    [2012/11/22 13:25:18 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Malwarebytes
    [2012/11/22 13:25:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/11/22 13:25:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/11/22 13:25:11 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/11/22 13:15:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Mechanic
    [2012/11/22 13:15:45 | 002,155,248 | ---- | C] (iolo technologies, LLC) -- C:\Windows\SysNative\Incinerator64.dll
    [2012/11/22 13:15:45 | 002,097,032 | ---- | C] (iolo technologies, LLC) -- C:\Windows\SysWow64\Incinerator32.dll
    [2012/11/22 13:15:45 | 000,082,160 | ---- | C] (Raxco Software, Inc.) -- C:\Windows\SysNative\drivers\PDFsFilter.sys
    [2012/11/22 13:15:45 | 000,057,144 | ---- | C] (iolo technologies, LLC) -- C:\Windows\SysNative\iolobtdfg.exe
    [2012/11/22 13:15:45 | 000,025,744 | ---- | C] (iolo technologies, LLC) -- C:\Windows\SysNative\smrgdf.exe
    [2012/11/22 13:15:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iolo
    [2012/11/22 13:14:53 | 000,030,752 | ---- | C] (EldoS Corporation) -- C:\Windows\SysNative\drivers\ElRawDsk.sys
    [2012/11/22 13:14:36 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\iolo
    [2012/11/22 13:14:36 | 000,000,000 | ---D | C] -- C:\ProgramData\iolo
    [2012/11/22 13:12:15 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Mozilla
    [2012/11/22 13:12:15 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\Mozilla
    [2012/11/22 13:12:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
    [2012/11/22 13:12:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
    [2012/11/22 13:12:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2012/11/22 13:09:49 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\Random
    [2012/11/22 13:09:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
    [2012/11/22 13:09:15 | 000,023,680 | ---- | C] (ASUSTeK Computer Inc.) -- C:\Windows\SysNative\drivers\IOMap64.sys
    [2012/11/22 13:08:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
    [2012/11/22 13:08:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS
    [2012/11/22 13:08:41 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASUS
    [2012/11/22 13:08:36 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
    [2012/11/22 13:07:41 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
    [2012/11/22 13:07:18 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
    [2012/11/22 13:07:18 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
    [2012/11/22 13:07:16 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
    [2012/11/22 13:07:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
    [2012/11/22 13:06:19 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
    [2012/11/22 13:00:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI
    [2012/11/22 13:00:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSI
    [2012/11/22 12:59:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
    [2012/11/22 12:59:05 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
    [2012/11/22 12:58:49 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
    [2012/11/22 12:58:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent
    [2012/11/22 12:57:40 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
    [2012/11/22 12:57:36 | 000,676,968 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
    [2012/11/22 12:57:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
    [2012/11/22 12:57:28 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
    [2012/11/22 12:57:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
    [2012/11/22 12:57:07 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
    [2012/11/22 12:57:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
    [2012/11/22 12:56:36 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
    [2012/11/22 12:54:43 | 000,000,000 | R--D | C] -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    [2012/11/22 12:54:43 | 000,000,000 | R--D | C] -- C:\Users\Alex\Searches
    [2012/11/22 12:54:43 | 000,000,000 | R--D | C] -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
    [2012/11/22 12:54:43 | 000,000,000 | -H-D | C] -- C:\Users\Alex\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
    [2012/11/22 12:54:38 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Identities
    [2012/11/22 12:54:37 | 000,000,000 | R--D | C] -- C:\Users\Alex\Contacts
    [2012/11/22 12:54:36 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\VirtualStore
    [2012/11/22 12:54:34 | 000,000,000 | --SD | C] -- C:\Users\Alex\AppData\Roaming\Microsoft
    [2012/11/22 12:54:34 | 000,000,000 | R--D | C] -- C:\Users\Alex\Videos
    [2012/11/22 12:54:34 | 000,000,000 | R--D | C] -- C:\Users\Alex\Saved Games
    [2012/11/22 12:54:34 | 000,000,000 | R--D | C] -- C:\Users\Alex\Pictures
    [2012/11/22 12:54:34 | 000,000,000 | R--D | C] -- C:\Users\Alex\Music
    [2012/11/22 12:54:34 | 000,000,000 | R--D | C] -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    [2012/11/22 12:54:34 | 000,000,000 | R--D | C] -- C:\Users\Alex\Links
    [2012/11/22 12:54:34 | 000,000,000 | R--D | C] -- C:\Users\Alex\Favorites
    [2012/11/22 12:54:34 | 000,000,000 | R--D | C] -- C:\Users\Alex\Downloads
    [2012/11/22 12:54:34 | 000,000,000 | R--D | C] -- C:\Users\Alex\Documents
    [2012/11/22 12:54:34 | 000,000,000 | R--D | C] -- C:\Users\Alex\Desktop
    [2012/11/22 12:54:34 | 000,000,000 | R--D | C] -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    [2012/11/22 12:54:34 | 000,000,000 | -HSD | C] -- C:\Users\Alex\AppData\Local\Temporary Internet Files
    [2012/11/22 12:54:34 | 000,000,000 | -HSD | C] -- C:\Users\Alex\Templates
    [2012/11/22 12:54:34 | 000,000,000 | -HSD | C] -- C:\Users\Alex\Start Menu
    [2012/11/22 12:54:34 | 000,000,000 | -HSD | C] -- C:\Users\Alex\SendTo
    [2012/11/22 12:54:34 | 000,000,000 | -HSD | C] -- C:\Users\Alex\Recent
    [2012/11/22 12:54:34 | 000,000,000 | -HSD | C] -- C:\Users\Alex\PrintHood
    [2012/11/22 12:54:34 | 000,000,000 | -HSD | C] -- C:\Users\Alex\NetHood
    [2012/11/22 12:54:34 | 000,000,000 | -HSD | C] -- C:\Users\Alex\Documents\My Videos
    [2012/11/22 12:54:34 | 000,000,000 | -HSD | C] -- C:\Users\Alex\Documents\My Pictures
    [2012/11/22 12:54:34 | 000,000,000 | -HSD | C] -- C:\Users\Alex\Documents\My Music
    [2012/11/22 12:54:34 | 000,000,000 | -HSD | C] -- C:\Users\Alex\My Documents
    [2012/11/22 12:54:34 | 000,000,000 | -HSD | C] -- C:\Users\Alex\Local Settings
    [2012/11/22 12:54:34 | 000,000,000 | -HSD | C] -- C:\Users\Alex\AppData\Local\History
    [2012/11/22 12:54:34 | 000,000,000 | -HSD | C] -- C:\Users\Alex\Cookies
    [2012/11/22 12:54:34 | 000,000,000 | -HSD | C] -- C:\Users\Alex\Application Data
    [2012/11/22 12:54:34 | 000,000,000 | -HSD | C] -- C:\Users\Alex\AppData\Local\Application Data
    [2012/11/22 12:54:34 | 000,000,000 | -H-D | C] -- C:\Users\Alex\AppData
    [2012/11/22 12:54:34 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\Temp
    [2012/11/22 12:54:34 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\Microsoft
    [2012/11/22 12:54:34 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Media Center Programs
    [2012/10/29 10:19:40 | 000,000,000 | ---D | C] -- C:\Config.Msi

    ========== Files - Modified Within 30 Days ==========

    [2012/11/22 15:53:35 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/11/22 15:53:35 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/11/22 15:53:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/11/22 15:53:27 | 4258,131,966 | -HS- | M] () -- C:\hiberfil.sys
    [2012/11/22 15:52:24 | 000,274,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/11/22 15:51:43 | 000,042,045 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
    [2012/11/22 15:51:43 | 000,042,045 | ---- | M] () -- C:\Windows\SysNative\license.rtf
    [2012/11/22 15:50:45 | 000,001,958 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2012/11/22 15:50:44 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
    [2012/11/22 15:26:59 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/11/22 15:12:34 | 000,000,512 | ---- | M] () -- C:\Users\Alex\Desktop\MBR.dat
    [2012/11/22 14:20:04 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/11/22 14:20:04 | 000,615,122 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/11/22 14:20:04 | 000,103,496 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/11/22 14:11:52 | 000,001,720 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
    [2012/11/22 14:11:02 | 002,195,061 | ---- | M] () -- C:\Users\Alex\Desktop\tdsskiller.zip
    [2012/11/22 13:36:30 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Alex\Desktop\dds.com
    [2012/11/22 13:25:12 | 000,000,786 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/11/22 13:23:10 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf
    [2012/11/22 13:17:44 | 000,000,406 | ---- | M] () -- C:\Windows\SysNative\ioloBootDefrag.cfg
    [2012/11/22 13:15:46 | 000,002,223 | ---- | M] () -- C:\Users\Alex\Desktop\System Mechanic.lnk
    [2012/11/22 13:14:51 | 000,074,703 | ---- | M] () -- C:\Windows\SysWow64\mfc45.dat
    [2012/11/22 13:12:12 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2012/11/22 13:00:08 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iusb3hcs_01009.Wdf
    [2012/11/22 12:54:57 | 000,001,441 | ---- | M] () -- C:\Users\Alex\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2012/10/30 18:51:56 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
    [2012/10/30 18:51:55 | 000,984,144 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
    [2012/10/30 18:51:55 | 000,370,288 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
    [2012/10/30 18:51:55 | 000,071,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2012/10/30 18:51:53 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
    [2012/10/30 18:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2012/10/30 18:50:59 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
    [2012/10/30 18:50:30 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe

    ========== Files Created - No Company Name ==========

    [2012/11/22 15:52:20 | 4258,131,966 | -HS- | C] () -- C:\hiberfil.sys
    [2012/11/22 15:51:39 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
    [2012/11/22 15:51:37 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
    [2012/11/22 15:50:45 | 000,001,958 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2012/11/22 15:50:44 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
    [2012/11/22 15:25:10 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/11/22 15:25:10 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/11/22 15:25:10 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/11/22 15:25:10 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/11/22 15:25:10 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/11/22 15:12:34 | 000,000,512 | ---- | C] () -- C:\Users\Alex\Desktop\MBR.dat
    [2012/11/22 14:11:52 | 000,001,720 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
    [2012/11/22 14:11:22 | 002,195,061 | ---- | C] () -- C:\Users\Alex\Desktop\tdsskiller.zip
    [2012/11/22 13:25:12 | 000,000,786 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/11/22 13:23:10 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf
    [2012/11/22 13:17:44 | 000,000,406 | ---- | C] () -- C:\Windows\SysNative\ioloBootDefrag.cfg
    [2012/11/22 13:15:46 | 000,002,223 | ---- | C] () -- C:\Users\Alex\Desktop\System Mechanic.lnk
    [2012/11/22 13:14:51 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dat
    [2012/11/22 13:12:12 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2012/11/22 13:12:12 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2012/11/22 13:07:24 | 003,536,817 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
    [2012/11/22 13:07:11 | 000,016,127 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
    [2012/11/22 13:00:08 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iusb3hcs_01009.Wdf
    [2012/11/22 12:59:35 | 000,015,128 | R--- | C] () -- C:\Windows\SysNative\drivers\IntelMEFWVer.dll
    [2012/11/22 12:54:57 | 000,001,441 | ---- | C] () -- C:\Users\Alex\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2012/11/22 12:54:47 | 000,001,413 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
    [2012/11/22 12:54:44 | 000,001,447 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    [2012/11/22 12:54:34 | 000,000,290 | ---- | C] () -- C:\Users\Alex\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
    [2012/11/22 12:54:34 | 000,000,272 | ---- | C] () -- C:\Users\Alex\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
    [2012/02/02 22:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
    [2012/01/17 11:24:10 | 000,055,296 | ---- | C] () -- C:\Windows\SysWow64\ASGT.exe

    ========== ZeroAccess Check ==========

    [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2009/07/13 20:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2009/07/13 20:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 20:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2012/11/22 13:17:39 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\iolo
    [2012/11/22 14:12:13 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\LolClient

    ========== Purity Check ==========



    < End of report >
  13. Alex S

    Alex S Newcomer, in training Topic Starter Posts: 16

    Extras

    OTL Extras logfile created on: 11/22/2012 3:55:30 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = E:\Downloads
    64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    15.95 Gb Total Physical Memory | 14.30 Gb Available Physical Memory | 89.62% Memory free
    31.91 Gb Paging File | 30.23 Gb Available in Paging File | 94.74% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 59.53 Gb Total Space | 12.04 Gb Free Space | 20.22% Space Free | Partition Type: NTFS
    Drive E: | 292.97 Gb Total Space | 237.08 Gb Free Space | 80.92% Space Free | Partition Type: NTFS
    Drive F: | 917.13 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: ALEX-PC | User Name: Alex | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-2241952542-3978117324-1811684901-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{438ED80B-190A-4E61-84F3-650AF2F49908}" = lport=56978 | protocol=6 | dir=in | name=pando media booster |
    "{8473BFD3-AB0E-4065-AB71-EBA9681277F6}" = lport=56978 | protocol=6 | dir=in | name=pando media booster |
    "{95BDF573-FDE3-43B5-A5EB-82DE0BC20E7D}" = lport=56978 | protocol=17 | dir=in | name=pando media booster |
    "{B0443277-237E-4AB0-963F-99ABF5C1BD34}" = lport=56978 | protocol=17 | dir=in | name=pando media booster |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{361E0318-2E9F-454A-B804-97E711AB7218}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{7DD02B52-8CE2-44FE-B3F3-3E26BE3FA20A}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{890438BE-F153-4F61-B7E9-DDA7C9437798}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{A895CA1F-7B06-4F55-B2B1-D12C9607FE6B}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{CE65E9BB-0F6A-4BF7-A72D-24E872E8B65B}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 306.97
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.97
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.97
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 306.97
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0604
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.18.0
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
    "{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
    "{532F6E8A-AF97-41C3-915F-39F718EC07D1}" = ASUS GPU Tweak
    "{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1" = iolo technologies' System Mechanic
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1" = Super-Charger
    "{81CF5153-38CF-41e2-AC3C-3D477C987D96}_is1" = Winki
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
    "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "avast" = avast! Free Antivirus
    "InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}" = ASUS GPU Tweak
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
    "Mozilla Firefox 17.0 (x86 en-US)" = Mozilla Firefox 17.0 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 11/22/2012 2:29:57 PM | Computer Name = Alex-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc3c5 Faulting module name: ntdll.dll, version: 6.1.7600.16385, time
    stamp: 0x4a5bdb3b Exception code: 0xc0000005 Fault offset: 0x000327c1 Faulting process
    id: 0x464 Faulting application start time: 0x01cdc8dc9e818572 Faulting application
    path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
    Report
    Id: 9d55ec7e-34d2-11e2-ad10-8c89a5e17ecc

    Error - 11/22/2012 3:11:13 PM | Computer Name = Alex-PC | Source = SideBySide | ID = 16842832
    Description = Activation context generation failed for "E:\Downloads\SoftonicDownloader_for_bitzipper.exe".Error
    in manifest or policy file "" on line . A component version required by the application
    conflicts with another component version already active. Conflicting components
    are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.

    [ System Events ]
    Error - 11/22/2012 2:05:15 PM | Computer Name = Alex-PC | Source = volsnap | ID = 393252
    Description = The shadow copies of volume C: were aborted because the shadow copy
    storage could not grow due to a user imposed limit.

    Error - 11/22/2012 2:08:36 PM | Computer Name = Alex-PC | Source = DCOM | ID = 10001
    Description =

    Error - 11/22/2012 2:08:42 PM | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7030
    Description = The ASGT service is marked as an interactive service. However, the
    system is configured to not allow interactive services. This service may not function
    properly.

    Error - 11/22/2012 4:25:36 PM | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7034
    Description = The ASGT service terminated unexpectedly. It has done this 1 time(s).

    Error - 11/22/2012 4:26:15 PM | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 11/22/2012 4:26:51 PM | Computer Name = Alex-PC | Source = Application Popup | ID = 1060
    Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
    with this system. Please contact your software vendor for a compatible version
    of the driver.

    Error - 11/22/2012 4:27:00 PM | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 11/22/2012 4:28:17 PM | Computer Name = Alex-PC | Source = volsnap | ID = 393252
    Description = The shadow copies of volume C: were aborted because the shadow copy
    storage could not grow due to a user imposed limit.


    < End of report >
     
  14. Alex S

    Alex S Newcomer, in training Topic Starter Posts: 16

    Currently, I don't see any issues, but I am not running anything but browsers at the moment.
  15. Broni

    Broni Malware Annihilator Posts: 45,316   +243

    [​IMG]

    OTL logs are clean.

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    3. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  16. Alex S

    Alex S Newcomer, in training Topic Starter Posts: 16

    Security Check

    Results of screen317's Security Check version 0.99.54
    Windows 7 x64 (UAC is enabled)
    Out of date service pack!!
    Internet Explorer 8 Out of date!
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    avast! Antivirus
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.65.1.1000
    Adobe Flash Player 11.5.502.110
    Mozilla Firefox (17.0)
    ````````Process Check: objlist.exe by Laurent````````
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbamgui.exe
    Malwarebytes' Anti-Malware mbamscheduler.exe
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast AvastUI.exe
    iolo Common Lib ioloServiceManager.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 14% Defragment your hard drive soon! (Do NOT defrag if SSD!)
    ````````````````````End of Log``````````````````````

    FSS

    Farbar Service Scanner Version: 09-11-2012
    Ran by Alex (administrator) on 22-11-2012 at 17:36:01
    Running from "E:\Downloads"
    Windows 7 Ultimate (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============

    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys
    [2009-07-13 18:25] - [2009-07-13 20:45] - 1898576 ____A (Microsoft Corporation) 912107716BAB424C7870E8E6AF5E07E1

    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****

  17. Alex S

    Alex S Newcomer, in training Topic Starter Posts: 16

  18. Alex S

    Alex S Newcomer, in training Topic Starter Posts: 16

    Sorry it double posted. Currently the ESET scan found 9 infected files, but I won't be home to post the logs until later tonight. Thank you for the help so far. I will post the logs when I come back.
  19. Alex S

    Alex S Newcomer, in training Topic Starter Posts: 16

    C:\TDSSKiller_Quarantine\22.11.2012_14.12.38\mbr0000\tdlfs0000\tsk0000.dta a variant of Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\22.11.2012_14.12.38\mbr0000\tdlfs0000\tsk0001.dta a variant of Win64/Olmarik.AM trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\22.11.2012_14.12.38\mbr0000\tdlfs0000\tsk0002.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\22.11.2012_14.12.38\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AN trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\22.11.2012_14.12.38\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\22.11.2012_14.12.38\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
    E:\Downloads\SoftonicDownloader_for_bitzipper.exe a variant of Win32/SoftonicDownloader.E application cleaned by deleting - quarantined
    E:\Downloads\Tufte.Visual.and.Statistical.Thinking.pdf_FULL_downloader.exe Win32/Adware.MediaFinder application cleaned by deleting - quarantined
    E:\Downloads\WinZip165.exe a variant of Win32/OpenInstall application cleaned by deleting - quarantined
  20. Broni

    Broni Malware Annihilator Posts: 45,316   +243

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

    6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    8. Run Temporary File Cleaner (TFC) weekly.

    9. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    11. (Windows XP only) Run defrag at your convenience.

    12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    13. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

    14. Please, let me know, how your computer is doing.
  21. Alex S

    Alex S Newcomer, in training Topic Starter Posts: 16

    OTL LOG

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Alex
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 2711693 bytes
    ->FireFox cache emptied: 90507947 bytes
    ->Flash cache emptied: 1119 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 312603 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50132 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 89.00 mb


    [EMPTYFLASH]

    User: Alex
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: UpdatusUser

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: Alex

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: UpdatusUser

    Total Java Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.69.0 log created on 11232012_130642

    Files\Folders moved on Reboot...
    C:\Users\Alex\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File\Folder C:\Windows\temp\fb_1508.lck not found!

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
  22. Alex S

    Alex S Newcomer, in training Topic Starter Posts: 16

    Everything seems to be working fine. I scanned the PC again and nothing was found. Thank you for all of your help!
  23. Broni

    Broni Malware Annihilator Posts: 45,316   +243

    Way to go!! [​IMG]
    Good luck and stay safe :)


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.