Solved Help w/Removal; trojan.agent.MRGGen

[Donny1994]

Hi,

My laptop was constantly crashing on me this AM, bluescreen dumpcrash. I ran Malware Bytes that found two files and one registry infected with this trojan. I have tried to remove but can not, one software program I installed seemed to have worked but I still get problems.

Only in safemode will the laptop not crash so all tests and scans have been in safemode. This trojan doesn't appear when I run scans anymore, however, I still get the bluescreen dumpcrash after roughly 5 or 10 minutes when not in safemode. I think the laptop is still infected and hope you can assist me in having it 100% removed.

The malware bytes log, the DDS, and attach logs are attached.

Thank you in advance.

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==================================

Please re-read forum rules: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/

 

[Donny1994]

OK, thanks.

I will start a new thread

 

[Broni]

No. Don't start any new topic.

You're not reading carefully:

Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it into a couple of replies.

 

[Donny1994]

Oh, sorry........ I read
"If your computer cannot stay running, as in it either cannot boot, or, it is automatically restarting after a certain amount of time, then just start a new thread and ask for help.

I will post the logs, again from safemode;

DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.7.2
Run by Donny at 16:15:55 on 2012-11-28
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3318.2204 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://forums.nasioc.com/forums/forumdisplay.php?f=24/
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [RestoreDesktop] c:\program files\restore desktop\RestoreDesktop.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [tvncontrol] "c:\program files\tightvnc\tvnserver.exe" -controlservice -slave
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRunOnce: [GrpConv] grpconv -o
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{b0bf7057-6869-4e4b-920c-ea2a58da07f0}\Icon3E5562ED7.ico
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Locate Spot on Map by GPS - c:\program files\opanda\iexif 2.3\IExifMap.htm
IE: Lookup on Merriam Webster - c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - c:\program files\iespell\wikipedia.HTM
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: View Exif/GPS/IPTC with IExif - c:\program files\opanda\iexif 2.3\IExifCom.htm
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{1C5145C5-8F58-4A12-A64E-478A1339A82B} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{1C5145C5-8F58-4A12-A64E-478A1339A82B}\1323332656163686 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{1C5145C5-8F58-4A12-A64E-478A1339A82B}\16474777966696 : DHCPNameServer = 192.168.6.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{1C5145C5-8F58-4A12-A64E-478A1339A82B}\75169707F62747F5143636563737 : DHCPNameServer = 192.168.5.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{1C5145C5-8F58-4A12-A64E-478A1339A82B}\B4F6F6C602245616E6 : DHCPNameServer = 192.168.1.1
SSODL: WebCheck - <orphaned>
Hosts: 192.168.1.51 ftpholt
Hosts: 70.91.155.101 holtftp
Hosts: 72.84.128.253 ftp
Hosts: 70.91.155.101 HELPME
============= SERVICES / DRIVERS ===============
.
R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2012-8-13 47616]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [2012-8-13 42672]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2012-8-13 214696]
R3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [2012-8-16 13312]
S0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\users\donny\desktop\run\a2ddax86.sys [2012-11-4 17904]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-11-28 738504]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-11-28 361032]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_111ae7bb7f222578\AEstSrv.exe [2012-8-13 81920]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-11-28 21256]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-11-28 58680]
S2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-11-28 44808]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-9 399432]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-8-14 676936]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 99272]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-5-10 382272]
S2 tvnserver;TightVNC Server;c:\program files\tightvnc\tvnserver.exe [2010-7-8 815704]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2012-8-13 274472]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-12-18 29472]
S3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [2012-8-13 33832]
S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2012-8-13 132480]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-7-13 229888]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-8-14 22856]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-11-28 40776]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-9-12 287824]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-8-16 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-8-14 1343400]
.
=============== Created Last 30 ================
.
2012-11-28 20:33:49 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-11-28 20:33:47 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-11-28 20:33:46 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-11-28 20:33:24 41224 ----a-w- c:\windows\avastSS.scr
2012-11-28 20:33:12 -------- d-----w- c:\programdata\AVAST Software
2012-11-28 20:33:12 -------- d-----w- c:\program files\AVAST Software
2012-11-28 20:22:59 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-11-28 19:24:30 -------- d-----w- C:\rei
2012-11-28 19:24:27 -------- d-----w- c:\program files\Reimage
2012-11-28 18:57:27 -------- d-----w- c:\program files\PC Tools
2012-11-28 18:54:50 202280 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-11-28 18:54:50 -------- d-----w- c:\program files\common files\PC Tools
2012-11-28 18:54:31 -------- d-----w- c:\users\donny\appdata\roaming\TestApp
2012-11-28 18:54:31 -------- d-----w- c:\programdata\PC Tools
2012-11-28 14:00:17 -------- d-----w- c:\program files\Enigma Software Group
2012-11-28 14:00:06 -------- d-----w- c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP
2012-11-28 14:00:04 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2012-11-27 12:33:48 6812136 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{c57219cc-9522-4fc4-baa1-2c04a4a9aab3}\mpengine.dll
2012-11-26 12:24:16 6812136 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-11-25 03:06:17 -------- d-----w- c:\users\donny\appdata\roaming\System
2012-11-15 08:01:29 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-15 08:01:29 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-15 08:01:29 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-15 08:01:05 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-15 08:01:05 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-15 08:01:05 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-15 08:01:04 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-15 08:01:03 613888 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-15 08:01:03 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-15 08:01:03 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-14 11:51:49 78336 ----a-w- c:\windows\system32\synceng.dll
2012-11-14 11:51:48 156672 ----a-w- c:\windows\system32\ncsi.dll
2012-11-14 11:51:48 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-11-14 11:51:47 52224 ----a-w- c:\windows\system32\nlaapi.dll
2012-11-14 11:51:47 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-11-14 11:51:47 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-11-14 11:51:47 242176 ----a-w- c:\windows\system32\nlasvc.dll
2012-11-14 11:51:47 18944 ----a-w- c:\windows\system32\netevent.dll
2012-11-14 11:51:47 175104 ----a-w- c:\windows\system32\netcorehc.dll
2012-11-14 11:51:39 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-11-14 11:51:38 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-11-14 11:51:38 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
.
==================== Find3M ====================
.
2012-10-09 00:55:16 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 00:55:16 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-08 07:56:24 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-10-08 07:47:44 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-10-08 07:44:05 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-10-08 07:40:56 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-09-30 00:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-14 18:28:53 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-06 15:51:06 103272 ----a-w- c:\users\donny\GoToAssistDownloadHelper.exe
2012-09-02 20:52:31 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-02 20:52:28 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-02 20:52:28 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-31 17:18:09 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-31 02:03:50 99272 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-31 02:03:50 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
.
============= FINISH: 16:17:32.57 ===============

 

[Donny1994]

And the malware bytes, this is the one when it first found the trojan;

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Database version: v2012.11.28.04
Windows 7 Service Pack 1 x86 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Donny :: DONNY-PC [administrator]
11/28/2012 7:24:36 AM
mbam-log-2012-11-28 (07-24-36).txt
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 286462
Time elapsed: 26 minute(s), 16 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Windows Services Host (Trojan.Agent) -> Data: "C:\Users\Donny\AppData\Roaming\System\svchost.exe" 3 -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
C:\Users\Donny\AppData\Roaming\System\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Donny\AppData\Local\Temp\EC76.tmp (Trojan.Agent.MRGGen) -> Quarantined and deleted successfully.
(end)

 

[Donny1994]

And the most recent malware bytes log after the quarantine and removal


Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Database version: v2012.11.28.04
Windows 7 Service Pack 1 x86 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Donny :: DONNY-PC [administrator]
11/28/2012 2:30:27 PM
mbam-log-2012-11-28 (14-30-27).txt
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 289289
Time elapsed: 27 minute(s), 27 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

 

[Broni]

Download TDSSKiller and save it to your desktop.

• Extract (unzip) its contents to your desktop.
• Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

 

[Donny1994]

Thanks for the help, it did require a reboot.

Here is the log, in a few parts due to size.

18:45:20.0079 3036 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
18:45:20.0376 3036 ============================================================
18:45:20.0376 3036 Current date / time: 2012/11/28 18:45:20.0376
18:45:20.0376 3036 SystemInfo:
18:45:20.0376 3036
18:45:20.0376 3036 OS Version: 6.1.7601 ServicePack: 1.0
18:45:20.0376 3036 Product type: Workstation
18:45:20.0376 3036 ComputerName: DONNY-PC
18:45:20.0376 3036 UserName: Donny
18:45:20.0376 3036 Windows directory: C:\Windows
18:45:20.0376 3036 System windows directory: C:\Windows
18:45:20.0376 3036 Processor architecture: Intel x86
18:45:20.0376 3036 Number of processors: 1
18:45:20.0376 3036 Page size: 0x1000
18:45:20.0376 3036 Boot type: Safe boot with network
18:45:20.0376 3036 ============================================================
18:45:20.0781 3036 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:45:20.0797 3036 ============================================================
18:45:20.0797 3036 \Device\Harddisk0\DR0:
18:45:20.0797 3036 MBR partitions:
18:45:20.0797 3036 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800
18:45:20.0797 3036 ============================================================
18:45:20.0813 3036 C: <-> \Device\Harddisk0\DR0\Partition1
18:45:20.0813 3036 ============================================================
18:45:20.0813 3036 Initialize success
18:45:20.0813 3036 ============================================================
18:45:25.0149 2148 ============================================================
18:45:25.0149 2148 Scan started
18:45:25.0149 2148 Mode: Manual;
18:45:25.0149 2148 ============================================================
18:45:25.0321 2148 ================ Scan system memory ========================
18:45:25.0321 2148 System memory - ok
18:45:25.0321 2148 ================ Scan services =============================
18:45:25.0586 2148 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
18:45:25.0586 2148 1394ohci - ok
18:45:25.0695 2148 [ F7EABCA8375EA2DC6F35C4BCA4757515 ] A2DDA C:\Users\Donny\Desktop\Run\a2ddax86.sys
18:45:25.0695 2148 A2DDA - ok
18:45:25.0711 2148 [ AF1F178B0218B44876E63BF0B019E96B ] Acceler C:\Windows\system32\DRIVERS\Accelern.sys
18:45:25.0711 2148 Acceler - ok
18:45:25.0789 2148 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:45:25.0789 2148 ACPI - ok
18:45:25.0836 2148 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:45:25.0836 2148 AcpiPmi - ok
18:45:25.0914 2148 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:45:25.0914 2148 AdobeFlashPlayerUpdateSvc - ok
18:45:25.0976 2148 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
18:45:25.0976 2148 adp94xx - ok
18:45:26.0039 2148 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
18:45:26.0039 2148 adpahci - ok
18:45:26.0085 2148 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
18:45:26.0085 2148 adpu320 - ok
18:45:26.0163 2148 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:45:26.0163 2148 AeLookupSvc - ok
18:45:26.0335 2148 [ 827DBC22C96EECF6D36A13162FABAFD3 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_111ae7bb7f222578\aestsrv.exe
18:45:26.0335 2148 AESTFilters - ok
18:45:26.0413 2148 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
18:45:26.0413 2148 AFD - ok
18:45:26.0444 2148 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
18:45:26.0460 2148 agp440 - ok
18:45:26.0538 2148 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
18:45:26.0538 2148 aic78xx - ok
18:45:26.0616 2148 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
18:45:26.0616 2148 ALG - ok
18:45:26.0647 2148 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
18:45:26.0647 2148 aliide - ok
18:45:26.0694 2148 [ B19505648F033393E907E2E419FDE8B3 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
18:45:26.0709 2148 AMD External Events Utility - ok
18:45:26.0725 2148 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
18:45:26.0725 2148 amdagp - ok
18:45:26.0772 2148 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
18:45:26.0772 2148 amdide - ok
18:45:26.0819 2148 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
18:45:26.0834 2148 AmdK8 - ok
18:45:26.0834 2148 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
18:45:26.0834 2148 AmdPPM - ok
18:45:26.0850 2148 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:45:26.0850 2148 amdsata - ok
18:45:26.0897 2148 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
18:45:26.0897 2148 amdsbs - ok
18:45:26.0897 2148 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:45:26.0897 2148 amdxata - ok
18:45:26.0959 2148 [ E8A8E6072CB7E2032E85E7735DAA511F ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
18:45:26.0959 2148 ApfiltrService - ok
18:45:27.0006 2148 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
18:45:27.0006 2148 AppID - ok
18:45:27.0068 2148 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:45:27.0068 2148 AppIDSvc - ok
18:45:27.0099 2148 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
18:45:27.0099 2148 Appinfo - ok
18:45:27.0240 2148 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:45:27.0240 2148 Apple Mobile Device - ok
18:45:27.0255 2148 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
18:45:27.0271 2148 AppMgmt - ok
18:45:27.0287 2148 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
18:45:27.0318 2148 arc - ok
18:45:27.0333 2148 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
18:45:27.0333 2148 arcsas - ok
18:45:27.0396 2148 [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
18:45:27.0396 2148 aswFsBlk - ok
18:45:27.0411 2148 [ 62F9DCEC95F91B8E0203E85D344A7E65 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
18:45:27.0411 2148 aswMonFlt - ok
18:45:27.0458 2148 [ 81F638A2DD94ABBF0B43880AB38D8DBD ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
18:45:27.0458 2148 aswRdr - ok
18:45:27.0505 2148 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
18:45:27.0521 2148 aswSnx - ok
18:45:27.0567 2148 [ 67B558895695545FB0568B7541F3BCA7 ] aswSP C:\Windows\system32\drivers\aswSP.sys
18:45:27.0567 2148 aswSP - ok
18:45:27.0630 2148 [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
18:45:27.0630 2148 aswTdi - ok
18:45:27.0645 2148 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:45:27.0645 2148 AsyncMac - ok
18:45:27.0708 2148 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\DRIVERS\atapi.sys
18:45:27.0708 2148 atapi - ok
18:45:27.0817 2148 [ 04F09923A393E4E0E8453A8F78361E73 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
18:45:27.0864 2148 atikmdag - ok
18:45:27.0911 2148 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:45:27.0942 2148 AudioEndpointBuilder - ok
18:45:27.0957 2148 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
18:45:27.0957 2148 Audiosrv - ok
18:45:28.0082 2148 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
18:45:28.0082 2148 avast! Antivirus - ok
18:45:28.0160 2148 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:45:28.0160 2148 AxInstSV - ok
18:45:28.0223 2148 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
18:45:28.0223 2148 b06bdrv - ok
18:45:28.0285 2148 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
18:45:28.0285 2148 b57nd60x - ok
18:45:28.0441 2148 [ DF1835935B312EFCAA5EBFD1A5CE6711 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
18:45:28.0457 2148 BCM43XX - ok
18:45:28.0503 2148 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
18:45:28.0503 2148 BDESVC - ok
18:45:28.0535 2148 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
18:45:28.0535 2148 Beep - ok
18:45:28.0597 2148 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
18:45:28.0597 2148 BFE - ok
18:45:28.0644 2148 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
18:45:28.0722 2148 BITS - ok
18:45:28.0722 2148 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:45:28.0753 2148 blbdrive - ok
18:45:28.0831 2148 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:45:28.0831 2148 Bonjour Service - ok
18:45:28.0878 2148 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:45:28.0878 2148 bowser - ok
18:45:28.0909 2148 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:45:28.0909 2148 BrFiltLo - ok
18:45:28.0940 2148 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:45:28.0940 2148 BrFiltUp - ok
18:45:28.0971 2148 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
18:45:28.0971 2148 Browser - ok
18:45:29.0003 2148 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:45:29.0003 2148 Brserid - ok
18:45:29.0034 2148 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:45:29.0034 2148 BrSerWdm - ok
18:45:29.0049 2148 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:45:29.0049 2148 BrUsbMdm - ok
18:45:29.0065 2148 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:45:29.0065 2148 BrUsbSer - ok
18:45:29.0127 2148 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
18:45:29.0127 2148 BthEnum - ok
18:45:29.0143 2148 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
18:45:29.0143 2148 BTHMODEM - ok
18:45:29.0190 2148 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
18:45:29.0190 2148 BthPan - ok
18:45:29.0205 2148 [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
18:45:29.0221 2148 BTHPORT - ok
18:45:29.0268 2148 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
18:45:29.0268 2148 bthserv - ok
18:45:29.0283 2148 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
18:45:29.0315 2148 BTHUSB - ok
18:45:29.0377 2148 [ F73511FDEF84BDCCC1BCEC4B0CDDF03C ] btwampfl C:\Windows\system32\drivers\btwampfl.sys
18:45:29.0393 2148 btwampfl - ok
18:45:29.0439 2148 [ D57D29132EFE13A83133D9BD449E0CF1 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
18:45:29.0439 2148 btwaudio - ok
18:45:29.0455 2148 [ D282C14A69357D0E1BAFAECC2CA98C3A ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
18:45:29.0455 2148 btwavdt - ok
18:45:29.0533 2148 [ B758BA8C61B34C44929725A325E5C104 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
18:45:29.0533 2148 btwdins - ok
18:45:29.0595 2148 [ AAFD7CB76BA61FBB08E302DA208C974A ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
18:45:29.0595 2148 btwl2cap - ok
18:45:29.0627 2148 [ 02EB4D2B05967DF2D32F29C84AB1FB17 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
18:45:29.0627 2148 btwrchid - ok
18:45:29.0658 2148 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:45:29.0658 2148 cdfs - ok
18:45:29.0705 2148 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:45:29.0720 2148 cdrom - ok
18:45:29.0767 2148 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
18:45:29.0767 2148 CertPropSvc - ok
18:45:29.0829 2148 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
18:45:29.0829 2148 circlass - ok
18:45:29.0876 2148 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
18:45:29.0876 2148 CLFS - ok

 

[Donny1994]

18:45:30.0001 2148 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:45:30.0001 2148 clr_optimization_v2.0.50727_32 - ok
18:45:30.0079 2148 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:45:30.0095 2148 clr_optimization_v4.0.30319_32 - ok
18:45:30.0141 2148 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:45:30.0141 2148 CmBatt - ok
18:45:30.0157 2148 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:45:30.0157 2148 cmdide - ok
18:45:30.0204 2148 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
18:45:30.0204 2148 CNG - ok
18:45:30.0251 2148 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:45:30.0251 2148 Compbatt - ok
18:45:30.0329 2148 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
18:45:30.0329 2148 CompositeBus - ok
18:45:30.0344 2148 COMSysApp - ok
18:45:30.0375 2148 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
18:45:30.0375 2148 crcdisk - ok
18:45:30.0438 2148 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:45:30.0438 2148 CryptSvc - ok
18:45:30.0485 2148 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
18:45:30.0485 2148 CSC - ok
18:45:30.0563 2148 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
18:45:30.0578 2148 CscService - ok
18:45:30.0594 2148 [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA C:\Windows\system32\DRIVERS\CVirtA.sys
18:45:30.0594 2148 CVirtA - ok
18:45:30.0719 2148 [ 66257CB4E4FB69887CDDC71663741435 ] CVPND C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
18:45:30.0734 2148 CVPND - ok
18:45:30.0843 2148 [ 18994842386FD3039279D7865740ABBD ] CVPNDRVA C:\Windows\system32\Drivers\CVPNDRVA.sys
18:45:30.0875 2148 CVPNDRVA - ok
18:45:30.0906 2148 [ D1697063E2CDB6575AA46D668FFEE825 ] cvusbdrv C:\Windows\system32\Drivers\cvusbdrv.sys
18:45:30.0906 2148 cvusbdrv - ok
18:45:30.0968 2148 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
18:45:30.0968 2148 DcomLaunch - ok
18:45:31.0015 2148 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
18:45:31.0015 2148 defragsvc - ok
18:45:31.0062 2148 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:45:31.0062 2148 DfsC - ok
18:45:31.0124 2148 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
18:45:31.0124 2148 Dhcp - ok
18:45:31.0155 2148 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
18:45:31.0155 2148 discache - ok
18:45:31.0218 2148 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
18:45:31.0218 2148 Disk - ok
18:45:31.0280 2148 [ B5AA5AA5AC327BD7C1AEC0C58F0C1144 ] DNE C:\Windows\system32\DRIVERS\dne2000.sys
18:45:31.0280 2148 DNE - ok
18:45:31.0327 2148 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:45:31.0327 2148 Dnscache - ok
18:45:31.0374 2148 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
18:45:31.0374 2148 dot3svc - ok
18:45:31.0389 2148 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
18:45:31.0405 2148 DPS - ok
18:45:31.0452 2148 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:45:31.0452 2148 drmkaud - ok
18:45:31.0514 2148 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:45:31.0530 2148 DXGKrnl - ok
18:45:31.0577 2148 [ A13F07A0422E4A04E7FF6F6F3B05E729 ] e1kexpress C:\Windows\system32\DRIVERS\e1k6232.sys
18:45:31.0577 2148 e1kexpress - ok
18:45:31.0623 2148 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
18:45:31.0639 2148 EapHost - ok
18:45:31.0733 2148 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
18:45:31.0779 2148 ebdrv - ok
18:45:31.0826 2148 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
18:45:31.0826 2148 EFS - ok
18:45:31.0889 2148 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:45:31.0904 2148 ehRecvr - ok
18:45:31.0951 2148 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
18:45:31.0951 2148 ehSched - ok
18:45:32.0013 2148 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
18:45:32.0029 2148 elxstor - ok
18:45:32.0076 2148 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:45:32.0076 2148 ErrDev - ok
18:45:32.0123 2148 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
18:45:32.0123 2148 EventSystem - ok
18:45:32.0138 2148 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
18:45:32.0154 2148 exfat - ok
18:45:32.0185 2148 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:45:32.0185 2148 fastfat - ok
18:45:32.0263 2148 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
18:45:32.0279 2148 Fax - ok
18:45:32.0310 2148 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:45:32.0310 2148 fdc - ok
18:45:32.0325 2148 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
18:45:32.0325 2148 fdPHost - ok
18:45:32.0341 2148 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
18:45:32.0341 2148 FDResPub - ok
18:45:32.0372 2148 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:45:32.0372 2148 FileInfo - ok
18:45:32.0388 2148 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:45:32.0388 2148 Filetrace - ok
18:45:32.0403 2148 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:45:32.0403 2148 flpydisk - ok
18:45:32.0450 2148 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:45:32.0450 2148 FltMgr - ok
18:45:32.0528 2148 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
18:45:32.0528 2148 FontCache - ok
18:45:32.0622 2148 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:45:32.0622 2148 FontCache3.0.0.0 - ok
18:45:32.0653 2148 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:45:32.0653 2148 FsDepends - ok
18:45:32.0700 2148 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:45:32.0700 2148 Fs_Rec - ok
18:45:32.0762 2148 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:45:32.0762 2148 fvevol - ok
18:45:32.0809 2148 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
18:45:32.0809 2148 gagp30kx - ok
18:45:32.0840 2148 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:45:32.0840 2148 GEARAspiWDM - ok
18:45:32.0871 2148 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
18:45:32.0887 2148 gpsvc - ok
18:45:32.0903 2148 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:45:32.0903 2148 hcw85cir - ok
18:45:32.0981 2148 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:45:32.0981 2148 HdAudAddService - ok
18:45:33.0012 2148 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
18:45:33.0012 2148 HDAudBus - ok
18:45:33.0012 2148 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
18:45:33.0012 2148 HidBatt - ok
18:45:33.0027 2148 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
18:45:33.0027 2148 HidBth - ok
18:45:33.0074 2148 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
18:45:33.0074 2148 HidIr - ok
18:45:33.0121 2148 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
18:45:33.0121 2148 hidserv - ok
18:45:33.0183 2148 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\drivers\hidusb.sys
18:45:33.0183 2148 HidUsb - ok
18:45:33.0215 2148 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:45:33.0215 2148 hkmsvc - ok
18:45:33.0261 2148 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:45:33.0261 2148 HomeGroupListener - ok
18:45:33.0308 2148 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:45:33.0308 2148 HomeGroupProvider - ok
18:45:33.0339 2148 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:45:33.0339 2148 HpSAMD - ok
18:45:33.0417 2148 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:45:33.0417 2148 HTTP - ok
18:45:33.0433 2148 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:45:33.0433 2148 hwpolicy - ok
18:45:33.0464 2148 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
18:45:33.0464 2148 i8042prt - ok
18:45:33.0511 2148 [ 39F7C9AEEE865FE8E98CF3EDD2B4BB4A ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
18:45:33.0527 2148 iaStor - ok
18:45:33.0573 2148 [ 934AF4D7C5F457B9F0743F4299B77B67 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:45:33.0589 2148 iaStorV - ok
18:45:33.0667 2148 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:45:33.0683 2148 idsvc - ok
18:45:33.0698 2148 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
18:45:33.0698 2148 iirsp - ok
18:45:33.0745 2148 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
18:45:33.0761 2148 IKEEXT - ok
18:45:33.0823 2148 [ E3C36AC5AE87EC970AE8EA2A93D59AE1 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
18:45:33.0823 2148 Impcd - ok
18:45:33.0870 2148 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
18:45:33.0870 2148 intelide - ok
18:45:33.0901 2148 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:45:33.0932 2148 intelppm - ok
18:45:33.0963 2148 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:45:33.0963 2148 IPBusEnum - ok
18:45:33.0995 2148 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:45:33.0995 2148 IpFilterDriver - ok
18:45:34.0026 2148 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:45:34.0057 2148 iphlpsvc - ok
18:45:34.0104 2148 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:45:34.0104 2148 IPMIDRV - ok
18:45:34.0119 2148 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:45:34.0119 2148 IPNAT - ok
18:45:34.0151 2148 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:45:34.0197 2148 iPod Service - ok
18:45:34.0213 2148 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:45:34.0213 2148 IRENUM - ok
18:45:34.0260 2148 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:45:34.0260 2148 isapnp - ok
18:45:34.0275 2148 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
18:45:34.0307 2148 iScsiPrt - ok
18:45:34.0385 2148 [ 165EB52D1C64C1E561E2D93D846AC72D ] itecir C:\Windows\system32\DRIVERS\itecir.sys
18:45:34.0385 2148 itecir - ok
18:45:34.0400 2148 [ C4C95805B85BCE1EB9D20F4A02FC5F9B ] k57nd60x C:\Windows\system32\DRIVERS\k57nd60x.sys
18:45:34.0431 2148 k57nd60x - ok
18:45:34.0463 2148 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
18:45:34.0463 2148 kbdclass - ok
18:45:34.0509 2148 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
18:45:34.0509 2148 kbdhid - ok
18:45:34.0509 2148 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
18:45:34.0509 2148 KeyIso - ok
18:45:34.0556 2148 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:45:34.0556 2148 KSecDD - ok
18:45:34.0572 2148 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:45:34.0572 2148 KSecPkg - ok
18:45:34.0634 2148 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
18:45:34.0634 2148 KtmRm - ok
18:45:34.0650 2148 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
18:45:34.0681 2148 LanmanServer - ok
18:45:34.0728 2148 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:45:34.0743 2148 LanmanWorkstation - ok
18:45:34.0775 2148 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:45:34.0775 2148 lltdio - ok
18:45:34.0821 2148 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:45:34.0837 2148 lltdsvc - ok
18:45:34.0868 2148 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
18:45:34.0868 2148 lmhosts - ok
18:45:34.0899 2148 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
18:45:34.0899 2148 LSI_FC - ok
18:45:34.0931 2148 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
18:45:34.0931 2148 LSI_SAS - ok
18:45:34.0946 2148 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:45:34.0946 2148 LSI_SAS2 - ok
18:45:34.0962 2148 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:45:34.0962 2148 LSI_SCSI - ok
18:45:35.0009 2148 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
18:45:35.0009 2148 luafv - ok
18:45:35.0071 2148 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
18:45:35.0071 2148 MBAMProtector - ok
18:45:35.0180 2148 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
18:45:35.0196 2148 MBAMScheduler - ok
18:45:35.0243 2148 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
18:45:35.0258 2148 MBAMService - ok
18:45:35.0305 2148 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:45:35.0305 2148 Mcx2Svc - ok
18:45:35.0336 2148 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
18:45:35.0352 2148 megasas - ok
18:45:35.0367 2148 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
18:45:35.0383 2148 MegaSR - ok
18:45:35.0399 2148 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
18:45:35.0399 2148 MMCSS - ok
18:45:35.0445 2148 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
18:45:35.0445 2148 Modem - ok
18:45:35.0492 2148 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:45:35.0492 2148 monitor - ok
18:45:35.0555 2148 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\drivers\mouclass.sys
18:45:35.0555 2148 mouclass - ok
18:45:35.0570 2148 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:45:35.0570 2148 mouhid - ok
18:45:35.0617 2148 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:45:35.0617 2148 mountmgr - ok
18:45:35.0695 2148 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
18:45:35.0695 2148 MpFilter - ok
18:45:35.0742 2148 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
18:45:35.0742 2148 mpio - ok
18:45:35.0773 2148 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:45:35.0773 2148 mpsdrv - ok
18:45:35.0820 2148 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:45:35.0835 2148 MpsSvc - ok
18:45:35.0882 2148 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:45:35.0882 2148 MRxDAV - ok
18:45:35.0898 2148 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:45:35.0929 2148 mrxsmb - ok
18:45:35.0960 2148 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:45:35.0960 2148 mrxsmb10 - ok
18:45:36.0007 2148 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:45:36.0007 2148 mrxsmb20 - ok
18:45:36.0054 2148 [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci C:\Windows\system32\drivers\msahci.sys
18:45:36.0054 2148 msahci - ok
18:45:36.0085 2148 [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:45:36.0085 2148 msdsm - ok
18:45:36.0116 2148 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
18:45:36.0116 2148 MSDTC - ok
18:45:36.0147 2148 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:45:36.0147 2148 Msfs - ok
18:45:36.0147 2148 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:45:36.0147 2148 mshidkmdf - ok
18:45:36.0225 2148 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:45:36.0225 2148 msisadrv - ok
18:45:36.0257 2148 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:45:36.0257 2148 MSiSCSI - ok
18:45:36.0257 2148 msiserver - ok
18:45:36.0319 2148 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:45:36.0319 2148 MSKSSRV - ok
18:45:36.0381 2148 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
18:45:36.0381 2148 MsMpSvc - ok
18:45:36.0428 2148 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:45:36.0428 2148 MSPCLOCK - ok
18:45:36.0459 2148 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:45:36.0459 2148 MSPQM - ok
18:45:36.0491 2148 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:45:36.0491 2148 MsRPC - ok
18:45:36.0506 2148 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
18:45:36.0506 2148 mssmbios - ok
18:45:36.0522 2148 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:45:36.0522 2148 MSTEE - ok
18:45:36.0522 2148 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
18:45:36.0522 2148 MTConfig - ok
18:45:36.0569 2148 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
18:45:36.0569 2148 Mup - ok
18:45:36.0615 2148 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
18:45:36.0631 2148 napagent - ok
18:45:36.0678 2148 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:45:36.0678 2148 NativeWifiP - ok
18:45:36.0740 2148 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:45:36.0756 2148 NDIS - ok
18:45:36.0771 2148 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:45:36.0803 2148 NdisCap - ok
18:45:36.0834 2148 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:45:36.0834 2148 NdisTapi - ok
18:45:36.0865 2148 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:45:36.0881 2148 Ndisuio - ok
18:45:36.0896 2148 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:45:36.0896 2148 NdisWan - ok
18:45:36.0943 2148 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:45:36.0943 2148 NDProxy - ok
18:45:36.0959 2148 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:45:36.0959 2148 NetBIOS - ok
18:45:37.0037 2148 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:45:37.0037 2148 NetBT - ok
18:45:37.0052 2148 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
18:45:37.0052 2148 Netlogon - ok
18:45:37.0146 2148 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
18:45:37.0146 2148 Netman - ok
18:45:37.0146 2148 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
18:45:37.0177 2148 netprofm - ok
18:45:37.0208 2148 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:45:37.0208 2148 NetTcpPortSharing - ok
18:45:37.0271 2148 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
18:45:37.0271 2148 nfrd960 - ok
18:45:37.0317 2148 [ 2CD24A6AF497D0E9B9BF3DA924ED05E6 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:45:37.0317 2148 NisDrv - ok
18:45:37.0364 2148 [ 3B846434055F80D9E89D0742F3ADAD34 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
18:45:37.0364 2148 NisSrv - ok
18:45:37.0395 2148 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
18:45:37.0427 2148 NlaSvc - ok
18:45:37.0442 2148 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:45:37.0442 2148 Npfs - ok
18:45:37.0458 2148 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
18:45:37.0458 2148 nsi - ok
18:45:37.0489 2148 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:45:37.0489 2148 nsiproxy - ok
18:45:37.0551 2148 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:45:37.0583 2148 Ntfs - ok
18:45:37.0629 2148 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
18:45:37.0629 2148 Null - ok
18:45:37.0676 2148 [ 3D7FB57354703809B5F0C23287FAC1D6 ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
18:45:37.0676 2148 NVHDA - ok
18:45:37.0895 2148 [ 73BB691871BBD8F700E992A8EEF662FC ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:45:38.0082 2148 nvlddmkm - ok
18:45:38.0144 2148 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:45:38.0144 2148 nvraid - ok
18:45:38.0191 2148 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:45:38.0191 2148 nvstor - ok
18:45:38.0238 2148 [ DE0EB9336067162C9DA0222CE1039919 ] nvsvc C:\Windows\system32\nvvsvc.exe
18:45:38.0253 2148 nvsvc - ok
18:45:38.0269 2148 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:45:38.0269 2148 nv_agp - ok
18:45:38.0316 2148 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:45:38.0316 2148 ohci1394 - ok
18:45:38.0378 2148 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:45:38.0378 2148 ose - ok
18:45:38.0425 2148 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:45:38.0441 2148 p2pimsvc - ok
18:45:38.0456 2148 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
18:45:38.0487 2148 p2psvc - ok
18:45:38.0565 2148 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
18:45:38.0565 2148 Parport - ok
18:45:38.0612 2148 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:45:38.0612 2148 partmgr - ok
18:45:38.0628 2148 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
18:45:38.0628 2148 Parvdm - ok
18:45:38.0675 2148 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:45:38.0675 2148 PcaSvc - ok
18:45:38.0706 2148 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
18:45:38.0706 2148 pci - ok
18:45:38.0768 2148 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
18:45:38.0768 2148 pciide - ok
18:45:38.0799 2148 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
18:45:38.0799 2148 pcmcia - ok
18:45:38.0815 2148 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
18:45:38.0815 2148 pcw - ok
18:45:38.0862 2148 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:45:38.0877 2148 PEAUTH - ok
18:45:38.0940 2148 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
18:45:38.0955 2148 PeerDistSvc - ok
18:45:39.0065 2148 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
18:45:39.0080 2148 pla - ok
18:45:39.0127 2148 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:45:39.0127 2148 PlugPlay - ok
18:45:39.0189 2148 [ 28460E94FFDF40BB28EFDB3D97E959E8 ] pneteth C:\Windows\system32\DRIVERS\pneteth.sys
18:45:39.0189 2148 pneteth - ok
18:45:39.0205 2148 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:45:39.0205 2148 PNRPAutoReg - ok
18:45:39.0236 2148 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:45:39.0236 2148 PNRPsvc - ok
18:45:39.0267 2148 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:45:39.0299 2148 PolicyAgent - ok
18:45:39.0345 2148 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
18:45:39.0345 2148 Power - ok
18:45:39.0377 2148 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:45:39.0377 2148 PptpMiniport - ok
18:45:39.0392 2148 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
18:45:39.0392 2148 Processor - ok
18:45:39.0470 2148 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
18:45:39.0470 2148 ProfSvc - ok
18:45:39.0486 2148 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:45:39.0486 2148 ProtectedStorage - ok
18:45:39.0517 2148 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:45:39.0517 2148 Psched - ok
18:45:39.0564 2148 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
18:45:39.0595 2148 ql2300 - ok
18:45:39.0611 2148 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
18:45:39.0611 2148 ql40xx - ok
18:45:39.0673 2148 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
18:45:39.0673 2148 QWAVE - ok
18:45:39.0689 2148 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:45:39.0689 2148 QWAVEdrv - ok
18:45:39.0704 2148 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:45:39.0704 2148 RasAcd - ok
18:45:39.0751 2148 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:45:39.0767 2148 RasAgileVpn - ok
18:45:39.0767 2148 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
18:45:39.0767 2148 RasAuto - ok
18:45:39.0798 2148 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:45:39.0829 2148 Rasl2tp - ok
18:45:39.0891 2148 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
18:45:39.0891 2148 RasMan - ok
18:45:39.0923 2148 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:45:39.0923 2148 RasPppoe - ok
18:45:39.0938 2148 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:45:39.0938 2148 RasSstp - ok
18:45:39.0985 2148 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:45:39.0985 2148 rdbss - ok

 

[Donny1994]

18:45:40.0001 2148 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
18:45:40.0001 2148 rdpbus - ok
18:45:40.0047 2148 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:45:40.0047 2148 RDPCDD - ok
18:45:40.0063 2148 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
18:45:40.0063 2148 RDPDR - ok
18:45:40.0110 2148 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:45:40.0110 2148 RDPENCDD - ok
18:45:40.0125 2148 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:45:40.0125 2148 RDPREFMP - ok
18:45:40.0172 2148 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:45:40.0172 2148 RDPWD - ok
18:45:40.0266 2148 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:45:40.0266 2148 rdyboost - ok
18:45:40.0297 2148 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
18:45:40.0297 2148 RemoteAccess - ok
18:45:40.0328 2148 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:45:40.0328 2148 RemoteRegistry - ok
18:45:40.0375 2148 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
18:45:40.0375 2148 RFCOMM - ok
18:45:40.0437 2148 [ D853D35F792A3A44726A794BF9A0BBC3 ] risdpcie C:\Windows\system32\DRIVERS\risdpe86.sys
18:45:40.0437 2148 risdpcie - ok
18:45:40.0484 2148 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:45:40.0484 2148 RpcEptMapper - ok
18:45:40.0531 2148 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
18:45:40.0531 2148 RpcLocator - ok
18:45:40.0547 2148 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
18:45:40.0562 2148 RpcSs - ok
18:45:40.0578 2148 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:45:40.0578 2148 rspndr - ok
18:45:40.0625 2148 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
18:45:40.0625 2148 s3cap - ok
18:45:40.0640 2148 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
18:45:40.0640 2148 SamSs - ok
18:45:40.0687 2148 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:45:40.0687 2148 sbp2port - ok
18:45:40.0703 2148 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:45:40.0734 2148 SCardSvr - ok
18:45:40.0749 2148 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:45:40.0749 2148 scfilter - ok
18:45:40.0812 2148 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
18:45:40.0827 2148 Schedule - ok
18:45:40.0827 2148 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:45:40.0827 2148 SCPolicySvc - ok
18:45:40.0890 2148 [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus C:\Windows\system32\drivers\sdbus.sys
18:45:40.0890 2148 sdbus - ok
18:45:40.0968 2148 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:45:40.0968 2148 SDRSVC - ok
18:45:40.0983 2148 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:45:40.0983 2148 secdrv - ok
18:45:40.0999 2148 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
18:45:41.0015 2148 seclogon - ok
18:45:41.0061 2148 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
18:45:41.0061 2148 SENS - ok
18:45:41.0077 2148 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:45:41.0077 2148 SensrSvc - ok
18:45:41.0077 2148 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
18:45:41.0077 2148 Serenum - ok
18:45:41.0124 2148 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
18:45:41.0124 2148 Serial - ok
18:45:41.0171 2148 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
18:45:41.0171 2148 sermouse - ok
18:45:41.0202 2148 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
18:45:41.0233 2148 SessionEnv - ok
18:45:41.0249 2148 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:45:41.0249 2148 sffdisk - ok
18:45:41.0264 2148 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:45:41.0264 2148 sffp_mmc - ok
18:45:41.0295 2148 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:45:41.0295 2148 sffp_sd - ok
18:45:41.0342 2148 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
18:45:41.0342 2148 sfloppy - ok
18:45:41.0373 2148 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:45:41.0373 2148 SharedAccess - ok
18:45:41.0420 2148 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:45:41.0436 2148 ShellHWDetection - ok
18:45:41.0451 2148 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
18:45:41.0451 2148 sisagp - ok
18:45:41.0498 2148 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:45:41.0498 2148 SiSRaid2 - ok
18:45:41.0514 2148 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
18:45:41.0514 2148 SiSRaid4 - ok
18:45:41.0607 2148 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:45:41.0607 2148 Smb - ok
18:45:41.0639 2148 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:45:41.0639 2148 SNMPTRAP - ok
18:45:41.0685 2148 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
18:45:41.0701 2148 spldr - ok
18:45:41.0763 2148 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
18:45:41.0779 2148 Spooler - ok
18:45:41.0873 2148 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
18:45:41.0904 2148 sppsvc - ok
18:45:41.0935 2148 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:45:41.0935 2148 sppuinotify - ok
18:45:41.0951 2148 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
18:45:41.0982 2148 srv - ok
18:45:41.0997 2148 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:45:42.0013 2148 srv2 - ok
18:45:42.0060 2148 [ E00FDFAFF025E94F9821153750C35A6D ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL3.SYS
18:45:42.0060 2148 SrvHsfHDA - ok
18:45:42.0107 2148 [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV3.SYS
18:45:42.0122 2148 SrvHsfV92 - ok
18:45:42.0169 2148 [ BC0C7EA89194C299F051C24119000E17 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
18:45:42.0185 2148 SrvHsfWinac - ok
18:45:42.0231 2148 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:45:42.0231 2148 srvnet - ok
18:45:42.0294 2148 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:45:42.0294 2148 SSDPSRV - ok
18:45:42.0309 2148 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:45:42.0325 2148 SstpSvc - ok
18:45:42.0434 2148 [ 90F4AB6DEDE1D075FC9656675D95C03B ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_111ae7bb7f222578\STacSV.exe
18:45:42.0434 2148 STacSV - ok
18:45:42.0528 2148 [ 02A7183FEBD44D54BFC98D166D091FF5 ] Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
18:45:42.0528 2148 Stereo Service - ok
18:45:42.0575 2148 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
18:45:42.0575 2148 stexstor - ok
18:45:42.0621 2148 [ 4E5C74BD3244139ECAA73CC2C0F8B86B ] STHDA C:\Windows\system32\DRIVERS\stwrt.sys
18:45:42.0637 2148 STHDA - ok
18:45:42.0684 2148 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
18:45:42.0699 2148 StiSvc - ok
18:45:42.0731 2148 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
18:45:42.0731 2148 storflt - ok
18:45:42.0762 2148 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
18:45:42.0762 2148 StorSvc - ok
18:45:42.0809 2148 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
18:45:42.0809 2148 storvsc - ok
18:45:42.0809 2148 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
18:45:42.0809 2148 swenum - ok
18:45:42.0855 2148 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
18:45:42.0871 2148 swprv - ok
18:45:42.0918 2148 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
18:45:42.0933 2148 SysMain - ok
18:45:42.0949 2148 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:45:42.0980 2148 TabletInputService - ok
18:45:43.0011 2148 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
18:45:43.0011 2148 TapiSrv - ok
18:45:43.0043 2148 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
18:45:43.0058 2148 TBS - ok
18:45:43.0121 2148 [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:45:43.0136 2148 Tcpip - ok
18:45:43.0183 2148 [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:45:43.0199 2148 TCPIP6 - ok
18:45:43.0230 2148 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:45:43.0230 2148 tcpipreg - ok
18:45:43.0261 2148 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:45:43.0261 2148 TDPIPE - ok
18:45:43.0292 2148 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:45:43.0292 2148 TDTCP - ok
18:45:43.0355 2148 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:45:43.0355 2148 tdx - ok
18:45:43.0370 2148 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
18:45:43.0370 2148 TermDD - ok
18:45:43.0417 2148 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
18:45:43.0433 2148 TermService - ok
18:45:43.0479 2148 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
18:45:43.0479 2148 Themes - ok
18:45:43.0495 2148 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
18:45:43.0495 2148 THREADORDER - ok
18:45:43.0542 2148 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
18:45:43.0542 2148 TrkWks - ok
18:45:43.0635 2148 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:45:43.0635 2148 TrustedInstaller - ok
18:45:43.0682 2148 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:45:43.0682 2148 tssecsrv - ok
18:45:43.0745 2148 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:45:43.0745 2148 TsUsbFlt - ok
18:45:43.0807 2148 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:45:43.0807 2148 tunnel - ok
18:45:43.0869 2148 [ 711561440FDC396CB6E4C69C13375A38 ] tvnserver C:\Program Files\TightVNC\tvnserver.exe
18:45:43.0885 2148 tvnserver - ok
18:45:43.0932 2148 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
18:45:43.0932 2148 uagp35 - ok
18:45:43.0979 2148 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:45:43.0979 2148 udfs - ok
18:45:44.0041 2148 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:45:44.0041 2148 UI0Detect - ok
18:45:44.0057 2148 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:45:44.0072 2148 uliagpkx - ok
18:45:44.0119 2148 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
18:45:44.0119 2148 umbus - ok
18:45:44.0135 2148 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
18:45:44.0135 2148 UmPass - ok
18:45:44.0181 2148 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
18:45:44.0181 2148 UmRdpService - ok
18:45:44.0197 2148 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
18:45:44.0228 2148 upnphost - ok
18:45:44.0275 2148 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:45:44.0275 2148 usbccgp - ok
18:45:44.0291 2148 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:45:44.0291 2148 usbcir - ok
18:45:44.0306 2148 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\drivers\usbehci.sys
18:45:44.0306 2148 usbehci - ok
18:45:44.0353 2148 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:45:44.0353 2148 usbhub - ok
18:45:44.0369 2148 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:45:44.0369 2148 usbohci - ok
18:45:44.0431 2148 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:45:44.0431 2148 usbprint - ok
18:45:44.0447 2148 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:45:44.0478 2148 USBSTOR - ok
18:45:44.0509 2148 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
18:45:44.0509 2148 usbuhci - ok
18:45:44.0556 2148 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
18:45:44.0556 2148 usbvideo - ok
18:45:44.0571 2148 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
18:45:44.0571 2148 UxSms - ok
18:45:44.0618 2148 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
18:45:44.0618 2148 VaultSvc - ok
18:45:44.0634 2148 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:45:44.0634 2148 vdrvroot - ok
18:45:44.0727 2148 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
18:45:44.0743 2148 vds - ok
18:45:44.0790 2148 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:45:44.0790 2148 vga - ok
18:45:44.0805 2148 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
18:45:44.0805 2148 VgaSave - ok
18:45:44.0821 2148 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
18:45:44.0852 2148 vhdmp - ok
18:45:44.0868 2148 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
18:45:44.0868 2148 viaagp - ok
18:45:44.0883 2148 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
18:45:44.0915 2148 ViaC7 - ok
18:45:44.0930 2148 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
18:45:44.0930 2148 viaide - ok
18:45:44.0946 2148 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
18:45:44.0946 2148 vmbus - ok
18:45:44.0977 2148 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
18:45:44.0977 2148 VMBusHID - ok
18:45:44.0993 2148 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:45:44.0993 2148 volmgr - ok
18:45:45.0008 2148 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:45:45.0039 2148 volmgrx - ok
18:45:45.0071 2148 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:45:45.0071 2148 volsnap - ok
18:45:45.0133 2148 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
18:45:45.0133 2148 vsmraid - ok
18:45:45.0195 2148 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
18:45:45.0211 2148 VSS - ok
18:45:45.0227 2148 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
18:45:45.0227 2148 vwifibus - ok
18:45:45.0242 2148 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
18:45:45.0242 2148 vwififlt - ok
18:45:45.0320 2148 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
18:45:45.0320 2148 vwifimp - ok
18:45:45.0367 2148 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
18:45:45.0367 2148 W32Time - ok
18:45:45.0383 2148 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
18:45:45.0383 2148 WacomPen - ok
18:45:45.0445 2148 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:45:45.0461 2148 WANARP - ok
18:45:45.0461 2148 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:45:45.0461 2148 Wanarpv6 - ok
18:45:45.0507 2148 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
18:45:45.0539 2148 WatAdminSvc - ok
18:45:45.0601 2148 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
18:45:45.0617 2148 wbengine - ok
18:45:45.0663 2148 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:45:45.0663 2148 WbioSrvc - ok
18:45:45.0695 2148 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:45:45.0695 2148 wcncsvc - ok
18:45:45.0726 2148 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:45:45.0726 2148 WcsPlugInService - ok
18:45:45.0757 2148 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
18:45:45.0757 2148 Wd - ok
18:45:45.0819 2148 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:45:45.0819 2148 Wdf01000 - ok
18:45:45.0851 2148 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:45:45.0851 2148 WdiServiceHost - ok
18:45:45.0866 2148 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:45:45.0866 2148 WdiSystemHost - ok
18:45:45.0913 2148 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
18:45:45.0913 2148 WebClient - ok
18:45:45.0944 2148 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:45:45.0944 2148 Wecsvc - ok
18:45:45.0975 2148 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:45:45.0975 2148 wercplsupport - ok
18:45:46.0038 2148 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
18:45:46.0038 2148 WerSvc - ok
18:45:46.0069 2148 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:45:46.0069 2148 WfpLwf - ok
18:45:46.0069 2148 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:45:46.0069 2148 WIMMount - ok
18:45:46.0163 2148 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
18:45:46.0178 2148 WinDefend - ok
18:45:46.0194 2148 WinHttpAutoProxySvc - ok
18:45:46.0256 2148 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:45:46.0272 2148 Winmgmt - ok
18:45:46.0319 2148 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
18:45:46.0350 2148 WinRM - ok
18:45:46.0428 2148 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
18:45:46.0428 2148 WinUsb - ok
18:45:46.0490 2148 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
18:45:46.0506 2148 Wlansvc - ok
18:45:46.0553 2148 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:45:46.0553 2148 WmiAcpi - ok
18:45:46.0599 2148 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:45:46.0599 2148 wmiApSrv - ok
18:45:46.0709 2148 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
18:45:46.0724 2148 WMPNetworkSvc - ok
18:45:46.0740 2148 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:45:46.0740 2148 WPCSvc - ok
18:45:46.0787 2148 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:45:46.0787 2148 WPDBusEnum - ok
18:45:46.0818 2148 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:45:46.0818 2148 ws2ifsl - ok
18:45:46.0849 2148 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
18:45:46.0849 2148 wscsvc - ok
18:45:46.0865 2148 WSearch - ok
18:45:46.0927 2148 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
18:45:46.0989 2148 wuauserv - ok
18:45:47.0005 2148 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:45:47.0005 2148 WudfPf - ok
18:45:47.0036 2148 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:45:47.0052 2148 WUDFRd - ok
18:45:47.0067 2148 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:45:47.0067 2148 wudfsvc - ok
18:45:47.0114 2148 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
18:45:47.0130 2148 WwanSvc - ok

 

[Donny1994]

18:45:47.0192 2148 ================ Scan global ===============================
18:45:47.0255 2148 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
18:45:47.0301 2148 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
18:45:47.0317 2148 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
18:45:47.0364 2148 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
18:45:47.0379 2148 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
18:45:47.0379 2148 [Global] - ok
18:45:47.0379 2148 ================ Scan MBR ==================================
18:45:47.0426 2148 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
18:45:47.0426 2148 Suspicious mbr (Forged): \Device\Harddisk0\DR0
18:45:47.0442 2148 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
18:45:47.0442 2148 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
18:45:47.0442 2148 ================ Scan VBR ==================================
18:45:47.0504 2148 [ F847B1A1A12BE5DC2D00164FB1AAD711 ] \Device\Harddisk0\DR0\Partition1
18:45:47.0504 2148 \Device\Harddisk0\DR0\Partition1 - ok
18:45:47.0504 2148 ============================================================
18:45:47.0504 2148 Scan finished
18:45:47.0504 2148 ============================================================
18:45:47.0504 2452 Detected object count: 1
18:45:47.0504 2452 Actual detected object count: 1
18:46:22.0901 2452 \Device\Harddisk0\DR0\# - copied to quarantine
18:46:22.0901 2452 \Device\Harddisk0\DR0 - copied to quarantine
18:46:22.0947 2452 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
18:46:22.0963 2452 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
18:46:22.0963 2452 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
18:46:22.0994 2452 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
18:46:23.0010 2452 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
18:46:23.0010 2452 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
18:46:23.0010 2452 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
18:46:23.0010 2452 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
18:46:23.0010 2452 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
18:46:23.0010 2452 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
18:46:23.0010 2452 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
18:46:23.0010 2452 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
18:46:23.0025 2452 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
18:46:23.0025 2452 \Device\Harddisk0\DR0 - ok
18:46:23.0244 2452 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
18:46:54.0013 3112 Deinitialize success

 

[Broni]

Very good

See if you can operate in normal mode now.

=============================

• Download RogueKiller on the desktop
• Close all the running programs
• Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

==============================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

 

[Donny1994]

Here is the Rouge Killer report, I will re-boot in normal mode and perform the other steps. Thanks

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

RogueKiller V8.3.1 [Nov 26 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Safe mode with network support
User : Donny [Admin rights]
Mode : Remove -- Date : 11/28/2012 19:27:23
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 7 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\RunOnce : E71E0AF4-DA83-44A8-BE96-13B481FE65D2 (cmd.exe /C start /D "C:\Users\Donny\AppData\Local\Temp" /B E71E0AF4-DA83-44A8-BE96-13B481FE65D2.exe -postboot) -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
192.168.1.51 ftpholt
70.91.155.101 holtftp
72.84.128.253 ftp
70.91.155.101 HELPME

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS723232L9A360 +++++
--- User ---
[MBR] dc7b61d5d0cb632a9d41a4f2f78edc7a
[BSP] 0808efaa127d68da511a9764ea2c989a : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 305243 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[2]_D_11282012_02d1927.txt >>
RKreport[1]_S_11282012_02d1926.txt ; RKreport[2]_D_11282012_02d1927.txt

 

[Donny1994]

aswMBR report;

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-28 19:42:23
-----------------------------
19:42:23.429 OS Version: Windows 6.1.7601 Service Pack 1
19:42:23.429 Number of processors: 1 586 0x2505
19:42:23.429 ComputerName: DONNY-PC UserName: Donny
19:42:31.510 Initialize success
19:42:32.914 AVAST engine defs: 12103100
19:42:50.839 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:42:50.839 Disk 0 Vendor: Hitachi_ FC4O Size: 305245MB BusType: 8
19:42:50.839 Disk 0 MBR read successfully
19:42:50.854 Disk 0 MBR scan
19:42:51.291 Disk 0 Windows VISTA default MBR code
19:42:51.307 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305243 MB offset 2048
19:42:51.759 Disk 0 scanning sectors +625139712
19:42:52.071 Disk 0 scanning C:\Windows\system32\drivers
19:43:06.876 Service scanning
19:43:24.316 Modules scanning
19:43:31.758 Disk 0 trace - called modules:
19:43:31.789 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
19:43:31.804 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86964460]
19:43:32.319 3 CLASSPNP.SYS[8bd8259e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85eab028]
19:43:33.770 AVAST engine scan C:\Windows
19:43:36.094 AVAST engine scan C:\Windows\system32
19:45:32.798 AVAST engine scan C:\Windows\system32\drivers
19:45:43.500 AVAST engine scan C:\Users\Donny
19:47:09.128 AVAST engine scan C:\ProgramData
19:47:21.343 Scan finished successfully
19:47:37.864 Disk 0 MBR has been saved successfully to "C:\Users\Donny\Desktop\MBR.dat"
19:47:37.864 The log file has been saved successfully to "C:\Users\Donny\Desktop\aswMBR.txt"

 

[Broni]

Good

Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

===============================

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  If the connection is not there use restore point you created prior to running Combofix.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

 

[Donny1994]

On a sidenote I booted up normally, however explorer didn't open any web pages. Didn't get an error, just got the circular thing but the page never loaded. Waited a while and tried multiple sites, rebooted in safe to access the web in order to download the aswMBR program.

Weird.

 

[Broni]

Go ahead with Combofix.

 

[Donny1994]

Should I create the restore with explorer not working properly?

 

[Broni]

Yes.

 

[Donny1994]

OK, just want to make sure.

I have to bounce back and forth. Safemode I can't create a restore point (option isn't there) and normal mode I can't access the web, can't access a VPN for work. I just want to make sure these issues will be fix ed, web browser windows will open but if I click a favorite then nothing reacts and everything freezes (except the circle on the blank web pages)

 

[Broni]

Download and install Firefox: http://www.mozilla.org/en-US/firefox/new/
See if it works fine in normal mode.
If so we'll fix IE later.

 

[Donny1994]

Mozilla works, I think the VPN issue was from earlier with infection, will have it reconfigured by employer. I disabled all anti-virus and will now run Combofix.

 

[Donny1994]

The ComboFix report.............. please let me know if there is another report or download, I think this was it so far?

ComboFix 12-11-28.02 - Donny 11/28/2012 20:36:25.1.1 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3318.2424 [GMT -5:00]
Running from: c:\users\Donny\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Donny\GoToAssistDownloadHelper.exe
c:\windows\system32\spool\prtprocs\w32x86\xpdpp.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-10-28 to 2012-11-29 )))))))))))))))))))))))))))))))
.
.
2012-11-29 01:41 . 2012-11-29 01:41 -------- d-----w- c:\users\Donny\AppData\Local\temp
2012-11-29 01:41 . 2012-11-29 01:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-29 01:23 . 2012-11-29 01:23 -------- d-----w- c:\users\Donny\AppData\Local\Mozilla
2012-11-29 01:23 . 2012-11-29 01:23 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-11-28 23:46 . 2012-11-28 23:46 -------- d-----w- C:\TDSSKiller_Quarantine
2012-11-28 21:52 . 2012-11-28 21:52 60872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C57219CC-9522-4FC4-BAA1-2C04A4A9AAB3}\offreg.dll
2012-11-28 20:33 . 2012-10-30 23:51 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-11-28 20:33 . 2012-10-30 23:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-11-28 20:33 . 2012-10-30 23:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-11-28 20:33 . 2012-10-15 16:59 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-11-28 20:33 . 2012-10-30 23:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-11-28 20:33 . 2012-10-30 23:51 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-11-28 20:33 . 2012-10-30 23:51 41224 ----a-w- c:\windows\avastSS.scr
2012-11-28 20:33 . 2012-10-30 23:50 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-11-28 20:33 . 2012-11-28 20:33 -------- d-----w- c:\programdata\AVAST Software
2012-11-28 20:33 . 2012-11-28 20:33 -------- d-----w- c:\program files\AVAST Software
2012-11-28 19:24 . 2012-11-28 19:25 -------- d-----w- C:\rei
2012-11-28 19:24 . 2012-11-28 19:24 -------- d-----w- c:\program files\Reimage
2012-11-28 18:57 . 2012-11-28 18:57 -------- d-----w- c:\program files\PC Tools
2012-11-28 18:54 . 2012-11-28 19:07 -------- d-----w- c:\program files\Common Files\PC Tools
2012-11-28 18:54 . 2012-11-01 20:35 202280 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-11-28 18:54 . 2012-11-28 19:04 -------- d-----w- c:\programdata\PC Tools
2012-11-28 18:54 . 2012-11-28 18:54 -------- d-----w- c:\users\Donny\AppData\Roaming\TestApp
2012-11-28 14:00 . 2012-11-28 14:00 -------- d-----w- c:\program files\Enigma Software Group
2012-11-28 14:00 . 2012-11-28 19:03 -------- d-----w- c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP
2012-11-28 14:00 . 2012-11-28 14:00 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-11-27 12:33 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C57219CC-9522-4FC4-BAA1-2C04A4A9AAB3}\mpengine.dll
2012-11-26 12:24 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-25 03:06 . 2012-11-28 12:53 -------- d-----w- c:\users\Donny\AppData\Roaming\System
2012-11-15 08:01 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-15 08:01 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-15 08:01 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-15 08:01 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-15 08:01 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-15 08:01 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-15 08:01 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-15 08:01 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-15 08:01 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-15 08:01 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-14 11:51 . 2012-09-25 22:47 78336 ----a-w- c:\windows\system32\synceng.dll
2012-11-14 11:51 . 2012-10-03 16:58 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-11-14 11:51 . 2012-10-03 16:42 156672 ----a-w- c:\windows\system32\ncsi.dll
2012-11-14 11:51 . 2012-10-03 16:42 52224 ----a-w- c:\windows\system32\nlaapi.dll
2012-11-14 11:51 . 2012-10-03 16:42 242176 ----a-w- c:\windows\system32\nlasvc.dll
2012-11-14 11:51 . 2012-10-03 16:42 18944 ----a-w- c:\windows\system32\netevent.dll
2012-11-14 11:51 . 2012-10-03 16:42 175104 ----a-w- c:\windows\system32\netcorehc.dll
2012-11-14 11:51 . 2012-10-03 16:40 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-11-14 11:51 . 2012-10-03 15:21 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-11-14 11:51 . 2012-10-18 17:59 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-11-14 11:51 . 2012-10-09 17:40 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-11-14 11:51 . 2012-10-09 17:40 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 00:55 . 2012-08-14 19:57 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 00:55 . 2012-08-14 19:57 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-02 10:28 . 2012-10-20 02:50 740784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8FE073F0-9027-4CB7-961C-EEAD9F29C868}\gapaengine.dll
2012-10-02 10:28 . 2012-10-02 10:28 740784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-09-30 00:54 . 2012-08-14 19:55 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-14 18:28 . 2012-10-10 10:55 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-02 20:52 . 2012-09-02 20:52 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-02 20:52 . 2012-09-02 20:52 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-02 20:52 . 2012-09-02 20:52 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-31 17:18 . 2012-10-10 10:55 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-31 02:03 . 2012-08-31 02:03 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-31 02:03 . 2012-03-21 00:44 99272 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-11-20 06:17 . 2012-11-29 01:23 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 23:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RestoreDesktop"="c:\program files\Restore Desktop\RestoreDesktop.exe" [2003-03-11 45056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-05-12 495711]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-06-04 292208]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"tvncontrol"="c:\program files\TightVNC\tvnserver.exe" [2010-07-08 815704]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-05-11 1634112]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico [2012-8-14 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Donny^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PdaNet Desktop.lnk]
path=c:\users\Donny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk
backup=c:\windows\pss\PdaNet Desktop.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 16:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 08:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-08-28 01:32 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-10 03:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RestoreDesktop]
2003-03-11 08:52 45056 ----a-w- c:\program files\Restore Desktop\RestoreDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 13:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\users\Donny\Desktop\Run\a2ddax86.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_111ae7bb7f222578\aestsrv.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 tvnserver;TightVNC Server;c:\program files\TightVNC\tvnserver.exe [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [x]
S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [x]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 00:55]
.
2012-11-28 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-11-28 23:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://forums.nasioc.com/forums/forumdisplay.php?f=24/
uInternet Settings,ProxyOverride = *.local
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Locate Spot on Map by GPS - c:\program files\Opanda\IExif 2.3\IExifMap.htm
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: View Exif/GPS/IPTC with IExif - c:\program files\Opanda\IExif 2.3\IExifCom.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Donny\AppData\Roaming\Mozilla\Firefox\Profiles\9g0rmyez.default\
FF - prefs.js: browser.startup.homepage - hxxp://forums.nasioc.com/forums/forumdisplay.php?f=24/
FF - ExtSQL: 2012-11-28 17:26; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-67628195.sys
SafeBoot-Wdf01000.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-28 20:43:09
ComboFix-quarantined-files.txt 2012-11-29 01:43
.
Pre-Run: 239,437,787,136 bytes free
Post-Run: 239,536,013,312 bytes free
.
- - End Of File - - 0F1BBC9334C14F894F5B29391CA552D2

 

[Broni]

Looks good.

You're running two AV programs, MSE and Avast.
You must uninstall one of them.

Next...

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Delete.
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next...

• Double click on adwcleaner.exe to run the tool.
• Click on Uninstall.
• Confirm with yes.

======================================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.