TechSpot

Sirefef trojans... ugh

Inactive
By Jesterical
Jul 20, 2012
  1. Jesterical

    Jesterical TS Rookie Topic Starter Posts: 21

    17:33:46.0114 7984 NetTcpPortSharing - ok
    17:33:46.0210 7984 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    17:33:46.0241 7984 nfrd960 - ok
    17:33:46.0273 7984 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
    17:33:46.0310 7984 NlaSvc - ok
    17:33:46.0326 7984 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    17:33:46.0350 7984 Npfs - ok
    17:33:46.0357 7984 npggsvc - ok
    17:33:46.0384 7984 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
    17:33:46.0411 7984 nsi - ok
    17:33:46.0417 7984 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    17:33:46.0446 7984 nsiproxy - ok
    17:33:46.0522 7984 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    17:33:46.0557 7984 Ntfs - ok
    17:33:46.0593 7984 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    17:33:46.0638 7984 Null - ok
    17:33:46.0971 7984 nvlddmkm (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    17:33:47.0258 7984 nvlddmkm - ok
    17:33:47.0337 7984 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
    17:33:47.0347 7984 nvraid - ok
    17:33:47.0363 7984 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
    17:33:47.0373 7984 nvstor - ok
    17:33:47.0432 7984 nvsvc (dfda089bb2cd0ff7e789e2ef6ba1e4ba) C:\Windows\system32\nvvsvc.exe
    17:33:47.0452 7984 nvsvc - ok
    17:33:47.0554 7984 nvUpdatusService (e7818cd4fb51284c948d68a7a85a69b8) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    17:33:47.0596 7984 nvUpdatusService - ok
    17:33:47.0630 7984 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    17:33:47.0639 7984 nv_agp - ok
    17:33:47.0717 7984 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    17:33:47.0766 7984 odserv - ok
    17:33:47.0799 7984 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    17:33:47.0816 7984 ohci1394 - ok
    17:33:47.0851 7984 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    17:33:47.0863 7984 ose - ok
    17:33:47.0906 7984 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    17:33:47.0941 7984 p2pimsvc - ok
    17:33:47.0989 7984 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
    17:33:48.0012 7984 p2psvc - ok
    17:33:48.0045 7984 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    17:33:48.0058 7984 Parport - ok
    17:33:48.0086 7984 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
    17:33:48.0099 7984 partmgr - ok
    17:33:48.0111 7984 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
    17:33:48.0139 7984 PcaSvc - ok
    17:33:48.0160 7984 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    17:33:48.0174 7984 pci - ok
    17:33:48.0179 7984 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    17:33:48.0191 7984 pciide - ok
    17:33:48.0210 7984 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    17:33:48.0226 7984 pcmcia - ok
    17:33:48.0242 7984 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    17:33:48.0254 7984 pcw - ok
    17:33:48.0291 7984 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    17:33:48.0356 7984 PEAUTH - ok
    17:33:48.0433 7984 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
    17:33:48.0468 7984 PerfHost - ok
    17:33:48.0555 7984 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
    17:33:48.0617 7984 pla - ok
    17:33:48.0662 7984 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
    17:33:48.0703 7984 PlugPlay - ok
    17:33:48.0712 7984 PnkBstrA - ok
    17:33:48.0726 7984 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
    17:33:48.0753 7984 PNRPAutoReg - ok
    17:33:48.0778 7984 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    17:33:48.0792 7984 PNRPsvc - ok
    17:33:48.0819 7984 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
    17:33:48.0879 7984 PolicyAgent - ok
    17:33:48.0923 7984 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
    17:33:48.0999 7984 Power - ok
    17:33:49.0059 7984 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    17:33:49.0107 7984 PptpMiniport - ok
    17:33:49.0112 7984 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    17:33:49.0137 7984 Processor - ok
    17:33:49.0172 7984 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
    17:33:49.0204 7984 ProfSvc - ok
    17:33:49.0234 7984 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    17:33:49.0245 7984 ProtectedStorage - ok
    17:33:49.0280 7984 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    17:33:49.0326 7984 Psched - ok
    17:33:49.0389 7984 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    17:33:49.0426 7984 ql2300 - ok
    17:33:49.0513 7984 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    17:33:49.0547 7984 ql40xx - ok
    17:33:49.0572 7984 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
    17:33:49.0599 7984 QWAVE - ok
    17:33:49.0613 7984 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    17:33:49.0640 7984 QWAVEdrv - ok
    17:33:49.0786 7984 RalinkRegistryWriter (37c3272e58976598bef1cdf321019209) C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry.exe
    17:33:49.0830 7984 RalinkRegistryWriter - ok
    17:33:49.0884 7984 RalinkRegistryWriter64 (25daad73732b51a46b11c6df788f3322) C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry64.exe
    17:33:49.0909 7984 RalinkRegistryWriter64 - ok
    17:33:49.0926 7984 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    17:33:49.0963 7984 RasAcd - ok
    17:33:49.0977 7984 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    17:33:50.0021 7984 RasAgileVpn - ok
    17:33:50.0038 7984 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
    17:33:50.0063 7984 RasAuto - ok
    17:33:50.0095 7984 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    17:33:50.0126 7984 Rasl2tp - ok
    17:33:50.0165 7984 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
    17:33:50.0192 7984 RasMan - ok
    17:33:50.0202 7984 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    17:33:50.0237 7984 RasPppoe - ok
    17:33:50.0257 7984 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    17:33:50.0293 7984 RasSstp - ok
    17:33:50.0332 7984 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    17:33:50.0367 7984 rdbss - ok
    17:33:50.0376 7984 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    17:33:50.0386 7984 rdpbus - ok
    17:33:50.0405 7984 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    17:33:50.0435 7984 RDPCDD - ok
    17:33:50.0445 7984 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    17:33:50.0480 7984 RDPENCDD - ok
    17:33:50.0503 7984 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    17:33:50.0527 7984 RDPREFMP - ok
    17:33:50.0564 7984 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
    17:33:50.0612 7984 RDPWD - ok
    17:33:50.0666 7984 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    17:33:50.0681 7984 rdyboost - ok
    17:33:50.0716 7984 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
    17:33:50.0756 7984 RemoteAccess - ok
    17:33:50.0787 7984 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
    17:33:50.0814 7984 RemoteRegistry - ok
    17:33:50.0848 7984 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
    17:33:50.0886 7984 RpcEptMapper - ok
    17:33:50.0907 7984 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
    17:33:50.0925 7984 RpcLocator - ok
    17:33:50.0981 7984 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
    17:33:51.0025 7984 RpcSs - ok
    17:33:51.0031 7984 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    17:33:51.0061 7984 rspndr - ok
    17:33:51.0108 7984 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
    17:33:51.0118 7984 RTL8167 - ok
    17:33:51.0151 7984 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    17:33:51.0159 7984 SamSs - ok
    17:33:51.0186 7984 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    17:33:51.0195 7984 sbp2port - ok
    17:33:51.0212 7984 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
    17:33:51.0239 7984 SCardSvr - ok
    17:33:51.0252 7984 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    17:33:51.0289 7984 scfilter - ok
    17:33:51.0344 7984 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
    17:33:51.0394 7984 Schedule - ok
    17:33:51.0408 7984 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    17:33:51.0431 7984 SCPolicySvc - ok
    17:33:51.0453 7984 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
    17:33:51.0497 7984 SDRSVC - ok
    17:33:51.0527 7984 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    17:33:51.0623 7984 secdrv - ok
    17:33:51.0651 7984 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
    17:33:51.0695 7984 seclogon - ok
    17:33:51.0710 7984 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
    17:33:51.0743 7984 SENS - ok
    17:33:51.0750 7984 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
    17:33:51.0795 7984 SensrSvc - ok
    17:33:51.0804 7984 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    17:33:51.0824 7984 Serenum - ok
    17:33:51.0840 7984 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    17:33:51.0849 7984 Serial - ok
    17:33:51.0861 7984 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    17:33:51.0880 7984 sermouse - ok
    17:33:51.0908 7984 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
    17:33:51.0938 7984 SessionEnv - ok
    17:33:51.0961 7984 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    17:33:51.0979 7984 sffdisk - ok
    17:33:51.0987 7984 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    17:33:51.0997 7984 sffp_mmc - ok
    17:33:52.0004 7984 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    17:33:52.0020 7984 sffp_sd - ok
    17:33:52.0028 7984 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    17:33:52.0037 7984 sfloppy - ok
    17:33:52.0089 7984 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
    17:33:52.0194 7984 SharedAccess - ok
    17:33:52.0240 7984 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
    17:33:52.0280 7984 ShellHWDetection - ok
    17:33:52.0289 7984 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    17:33:52.0301 7984 SiSRaid2 - ok
    17:33:52.0337 7984 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    17:33:52.0367 7984 SiSRaid4 - ok
    17:33:52.0463 7984 SkypeUpdate (ddaa5f4a6b958fc313ebd02dd925752f) C:\Program Files (x86)\Skype\Updater\Updater.exe
    17:33:52.0492 7984 SkypeUpdate - ok
    17:33:52.0522 7984 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    17:33:52.0565 7984 Smb - ok
    17:33:52.0609 7984 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
    17:33:52.0629 7984 SNMPTRAP - ok
    17:33:52.0637 7984 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    17:33:52.0648 7984 spldr - ok
    17:33:52.0679 7984 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
    17:33:52.0722 7984 Spooler - ok
    17:33:52.0903 7984 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
    17:33:53.0025 7984 sppsvc - ok
    17:33:53.0157 7984 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
    17:33:53.0249 7984 sppuinotify - ok
    17:33:53.0330 7984 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    17:33:53.0360 7984 SQLBrowser - ok
    17:33:53.0404 7984 SQLWriter (3c432a96363097870995e2a3c8b66abd) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    17:33:53.0416 7984 SQLWriter - ok
    17:33:53.0508 7984 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    17:33:53.0598 7984 srv - ok
    17:33:53.0658 7984 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    17:33:53.0702 7984 srv2 - ok
    17:33:53.0736 7984 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    17:33:53.0772 7984 srvnet - ok
    17:33:53.0797 7984 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
    17:33:53.0847 7984 SSDPSRV - ok
    17:33:53.0865 7984 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
    17:33:53.0901 7984 SstpSvc - ok
    17:33:53.0941 7984 Steam Client Service - ok
    17:33:53.0959 7984 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    17:33:53.0971 7984 stexstor - ok
    17:33:54.0001 7984 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
    17:33:54.0023 7984 StillCam - ok
    17:33:54.0059 7984 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
    17:33:54.0102 7984 stisvc - ok
    17:33:54.0128 7984 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    17:33:54.0139 7984 swenum - ok
    17:33:54.0168 7984 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
    17:33:54.0224 7984 swprv - ok
    17:33:54.0337 7984 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
    17:33:54.0390 7984 SysMain - ok
    17:33:54.0503 7984 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
    17:33:54.0549 7984 TabletInputService - ok
    17:33:54.0587 7984 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
    17:33:54.0624 7984 TapiSrv - ok
    17:33:54.0636 7984 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
    17:33:54.0661 7984 TBS - ok
    17:33:54.0752 7984 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
    17:33:54.0792 7984 Tcpip - ok
    17:33:54.0881 7984 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
    17:33:54.0908 7984 TCPIP6 - ok
    17:33:54.0955 7984 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    17:33:55.0027 7984 tcpipreg - ok
    17:33:55.0055 7984 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    17:33:55.0110 7984 TDPIPE - ok
    17:33:55.0135 7984 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
    17:33:55.0161 7984 TDTCP - ok
    17:33:55.0194 7984 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    17:33:55.0226 7984 tdx - ok
    17:33:55.0240 7984 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    17:33:55.0249 7984 TermDD - ok
    17:33:55.0278 7984 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
    17:33:55.0334 7984 TermService - ok
    17:33:55.0337 7984 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
    17:33:55.0355 7984 Themes - ok
    17:33:55.0384 7984 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    17:33:55.0409 7984 THREADORDER - ok
    17:33:55.0419 7984 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
    17:33:55.0463 7984 TrkWks - ok
    17:33:55.0525 7984 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
    17:33:55.0576 7984 TrustedInstaller - ok
    17:33:55.0604 7984 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    17:33:55.0632 7984 tssecsrv - ok
    17:33:55.0673 7984 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    17:33:55.0726 7984 TsUsbFlt - ok
    17:33:55.0778 7984 TsVlb (3244d95f72db33b238915461aa0f91d0) C:\Windows\system32\DRIVERS\tsvlb.sys
    17:33:55.0794 7984 TsVlb - ok
    17:33:55.0809 7984 TsVp (adf60e064ce420a54dd725462bdfa165) C:\Windows\system32\DRIVERS\tsvp.sys
    17:33:55.0819 7984 TsVp - ok
    17:33:55.0854 7984 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    17:33:55.0900 7984 tunnel - ok
    17:33:55.0916 7984 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    17:33:55.0925 7984 uagp35 - ok
    17:33:55.0956 7984 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    17:33:55.0983 7984 udfs - ok
    17:33:55.0993 7984 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
    17:33:56.0002 7984 UI0Detect - ok
    17:33:56.0011 7984 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    17:33:56.0019 7984 uliagpkx - ok
    17:33:56.0037 7984 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
    17:33:56.0062 7984 umbus - ok
    17:33:56.0068 7984 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    17:33:56.0081 7984 UmPass - ok
    17:33:56.0116 7984 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
    17:33:56.0155 7984 upnphost - ok
    17:33:56.0194 7984 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
    17:33:56.0202 7984 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
    17:33:56.0202 7984 USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
    17:33:56.0237 7984 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
    17:33:56.0287 7984 usbaudio - ok
    17:33:56.0312 7984 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
    17:33:56.0375 7984 usbccgp - ok
    17:33:56.0406 7984 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    17:33:56.0421 7984 usbcir - ok
    17:33:56.0438 7984 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
    17:33:56.0457 7984 usbehci - ok
    17:33:56.0486 7984 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    17:33:56.0502 7984 usbhub - ok
    17:33:56.0515 7984 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
    17:33:56.0526 7984 usbohci - ok
    17:33:56.0542 7984 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    17:33:56.0565 7984 usbprint - ok
    17:33:56.0595 7984 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
    17:33:56.0615 7984 usbscan - ok
    17:33:56.0628 7984 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    17:33:56.0679 7984 USBSTOR - ok
    17:33:56.0696 7984 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
    17:33:56.0714 7984 usbuhci - ok
    17:33:56.0756 7984 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
    17:33:56.0773 7984 usbvideo - ok
    17:33:56.0777 7984 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
    17:33:56.0817 7984 UxSms - ok
    17:33:56.0850 7984 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    17:33:56.0858 7984 VaultSvc - ok
    17:33:56.0869 7984 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    17:33:56.0877 7984 vdrvroot - ok
    17:33:56.0922 7984 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
    17:33:56.0956 7984 vds - ok
    17:33:56.0965 7984 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    17:33:56.0975 7984 vga - ok
    17:33:56.0984 7984 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    17:33:57.0019 7984 VgaSave - ok
    17:33:57.0039 7984 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    17:33:57.0049 7984 vhdmp - ok
    17:33:57.0056 7984 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    17:33:57.0064 7984 viaide - ok
    17:33:57.0075 7984 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    17:33:57.0084 7984 volmgr - ok
    17:33:57.0122 7984 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    17:33:57.0134 7984 volmgrx - ok
    17:33:57.0150 7984 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    17:33:57.0161 7984 volsnap - ok
    17:33:57.0175 7984 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    17:33:57.0185 7984 vsmraid - ok
    17:33:57.0259 7984 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
    17:33:57.0306 7984 VSS - ok
    17:33:57.0420 7984 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    17:33:57.0468 7984 vwifibus - ok
    17:33:57.0489 7984 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    17:33:57.0506 7984 vwififlt - ok
    17:33:57.0529 7984 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
    17:33:57.0545 7984 vwifimp - ok
    17:33:57.0561 7984 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
    17:33:57.0602 7984 W32Time - ok
    17:33:57.0617 7984 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    17:33:57.0642 7984 WacomPen - ok
    17:33:57.0661 7984 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    17:33:57.0705 7984 WANARP - ok
    17:33:57.0709 7984 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    17:33:57.0741 7984 Wanarpv6 - ok
    17:33:57.0810 7984 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
    17:33:57.0843 7984 WatAdminSvc - ok
    17:33:57.0912 7984 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
    17:33:57.0966 7984 wbengine - ok
    17:33:58.0005 7984 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
    17:33:58.0019 7984 WbioSrvc - ok
    17:33:58.0059 7984 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
    17:33:58.0074 7984 wcncsvc - ok
    17:33:58.0083 7984 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
    17:33:58.0135 7984 WcsPlugInService - ok
    17:33:58.0169 7984 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    17:33:58.0192 7984 Wd - ok
    17:33:58.0229 7984 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    17:33:58.0260 7984 Wdf01000 - ok
    17:33:58.0276 7984 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    17:33:58.0333 7984 WdiServiceHost - ok
    17:33:58.0336 7984 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    17:33:58.0349 7984 WdiSystemHost - ok
    17:33:58.0384 7984 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
    17:33:58.0408 7984 WebClient - ok
    17:33:58.0449 7984 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
    17:33:58.0484 7984 Wecsvc - ok
    17:33:58.0494 7984 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
    17:33:58.0529 7984 wercplsupport - ok
    17:33:58.0546 7984 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
    17:33:58.0570 7984 WerSvc - ok
    17:33:58.0579 7984 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    17:33:58.0603 7984 WfpLwf - ok
    17:33:58.0613 7984 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    17:33:58.0620 7984 WIMMount - ok
    17:33:58.0637 7984 WinDefend - ok
    17:33:58.0642 7984 WinHttpAutoProxySvc - ok
    17:33:58.0698 7984 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
    17:33:58.0731 7984 Winmgmt - ok
    17:33:58.0824 7984 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
    17:33:58.0883 7984 WinRM - ok
    17:33:58.0945 7984 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
    17:33:58.0955 7984 WinUsb - ok
    17:33:59.0010 7984 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
    17:33:59.0035 7984 Wlansvc - ok
    17:33:59.0237 7984 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    17:33:59.0325 7984 wlidsvc - ok
    17:33:59.0372 7984 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    17:33:59.0380 7984 WmiAcpi - ok
    17:33:59.0413 7984 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
    17:33:59.0430 7984 wmiApSrv - ok
    17:33:59.0437 7984 WMPNetworkSvc - ok
    17:33:59.0466 7984 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
    17:33:59.0502 7984 WPCSvc - ok
    17:33:59.0530 7984 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
    17:33:59.0550 7984 WPDBusEnum - ok
    17:33:59.0563 7984 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    17:33:59.0587 7984 ws2ifsl - ok
    17:33:59.0595 7984 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
    17:33:59.0613 7984 wscsvc - ok
    17:33:59.0615 7984 WSearch - ok
    17:33:59.0746 7984 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
    17:33:59.0864 7984 wuauserv - ok
    17:33:59.0922 7984 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    17:33:59.0946 7984 WudfPf - ok
    17:33:59.0964 7984 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    17:33:59.0993 7984 WUDFRd - ok
    17:34:00.0020 7984 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
    17:34:00.0044 7984 wudfsvc - ok
    17:34:00.0079 7984 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
    17:34:00.0100 7984 WwanSvc - ok
    17:34:00.0135 7984 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    17:34:00.0158 7984 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
    17:34:00.0158 7984 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
    17:34:00.0174 7984 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
    17:34:00.0174 7984 \Device\Harddisk0\DR0 - detected TDSS File System (1)
    17:34:00.0182 7984 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR1
    17:34:00.0329 7984 \Device\Harddisk1\DR1 - ok
    17:34:00.0336 7984 Boot (0x1200) (efedc59c0bfd317157d20d43d2284208) \Device\Harddisk0\DR0\Partition0
    17:34:00.0339 7984 \Device\Harddisk0\DR0\Partition0 - ok
    17:34:00.0356 7984 Boot (0x1200) (636eaa35a698061f37f5750c34f03fb2) \Device\Harddisk0\DR0\Partition1
    17:34:00.0359 7984 \Device\Harddisk0\DR0\Partition1 - ok
    17:34:00.0367 7984 Boot (0x1200) (307b0334ace7a64fd2ca3d417ef0b2bb) \Device\Harddisk1\DR1\Partition0
    17:34:00.0370 7984 \Device\Harddisk1\DR1\Partition0 - ok
    17:34:00.0371 7984 ============================================================
    17:34:00.0371 7984 Scan finished
    17:34:00.0371 7984 ============================================================
    17:34:00.0388 7508 Detected object count: 3
    17:34:00.0388 7508 Actual detected object count: 3
    17:34:24.0245 7508 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
    17:34:24.0245 7508 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
    17:34:24.0721 7508 \Device\Harddisk0\DR0\# - copied to quarantine
    17:34:24.0722 7508 \Device\Harddisk0\DR0 - copied to quarantine
    17:34:24.0746 7508 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
    17:34:26.0736 7508 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
    17:34:27.0125 7508 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
    17:34:27.0631 7508 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
    17:34:27.0959 7508 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
    17:34:28.0302 7508 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
    17:34:28.0603 7508 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
    17:34:28.0605 7508 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
    17:34:28.0607 7508 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
    17:34:28.0611 7508 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
    17:34:28.0982 7508 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
    17:34:29.0326 7508 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
    17:34:29.0333 7508 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
    17:34:29.0340 7508 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
    17:34:29.0353 7508 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
    17:34:29.0768 7508 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
    17:34:29.0770 7508 \Device\Harddisk0\DR0 - ok
    17:34:31.0572 7508 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
    17:34:31.0573 7508 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
    17:34:31.0573 7508 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
    17:34:33.0920 8188 Deinitialize success
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Please download aswMBR from here

    • Save aswMBR.exe to your Desktop
    • Double click aswMBR.exe to run it
    • Click the Scan button to start the scan as illustrated below

    [​IMG]

    Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

    • Once the scan finishes click Save log to save the log to your Desktop
      [​IMG]
    • Copy and paste the contents of aswMBR.txt back here for review


    Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.
    • Double-click on MBRCheck.exe to run it.
    • It will open a black window...please do not fix anything (if it gives you an option).
    • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
    • A log named MBRCheck_date_time.txt (I.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
    • Please copy and paste the contents of that log in your next reply.
  3. Jesterical

    Jesterical TS Rookie Topic Starter Posts: 21

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-08-03 10:56:47
    -----------------------------
    10:56:47.681 OS Version: Windows x64 6.1.7601 Service Pack 1
    10:56:47.681 Number of processors: 4 586 0x403
    10:56:47.682 ComputerName: MORISOLI-PC UserName: Morisoli
    10:56:48.695 Initialize success
    10:57:06.965 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T1L0-9
    10:57:06.974 Disk 0 Vendor: WDC_WD1002FAEX-00Z3A0 05.01D05 Size: 953869MB BusType: 3
    10:57:06.988 Disk 0 MBR read successfully
    10:57:06.990 Disk 0 MBR scan
    10:57:06.992 Disk 0 Windows 7 default MBR code
    10:57:06.994 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    10:57:07.007 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
    10:57:07.026 Disk 0 scanning C:\Windows\system32\drivers
    10:57:12.688 Service scanning
    10:57:24.744 Modules scanning
    10:57:24.759 Disk 0 trace - called modules:
    10:57:24.780 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
    10:57:24.783 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a6f060]
    10:57:24.786 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa8004823520]
    10:57:25.116 5 ACPI.sys[fffff88000f947a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T1L0-9[0xfffffa8004821060]
    10:57:25.126 Scan finished successfully
    10:57:55.374 Disk 0 MBR has been saved successfully to "C:\Users\Morisoli\Desktop\MBR.dat"
    10:57:55.378 The log file has been saved successfully to "C:\Users\Morisoli\Desktop\aswMBR.txt"
  4. Jesterical

    Jesterical TS Rookie Topic Starter Posts: 21

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Home Premium Edition
    Windows Information: Service Pack 1 (build 7601), 64-bit
    Base Board Manufacturer: Gigabyte Technology Co., Ltd.
    BIOS Manufacturer: Award Software International, Inc.
    System Manufacturer: Gigabyte Technology Co., Ltd.
    System Product Name: GA-870A-UD3
    Logical Drives Mask: 0x0000001c

    Kernel Drivers (total 206):
    0x03257000 \SystemRoot\system32\ntoskrnl.exe
    0x0320E000 \SystemRoot\system32\hal.dll
    0x00BB6000 \SystemRoot\system32\kdcom.dll
    0x00C80000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
    0x00C8D000 \SystemRoot\system32\PSHED.dll
    0x00CA1000 \SystemRoot\system32\CLFS.SYS
    0x00CFF000 \SystemRoot\system32\CI.dll
    0x00ED6000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x00F7A000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x00F89000 \SystemRoot\system32\drivers\ACPI.sys
    0x00FE0000 \SystemRoot\system32\drivers\WMILIB.SYS
    0x00FE9000 \SystemRoot\system32\drivers\msisadrv.sys
    0x00E00000 \SystemRoot\system32\drivers\pci.sys
    0x00E33000 \SystemRoot\system32\drivers\vdrvroot.sys
    0x00E40000 \SystemRoot\System32\drivers\partmgr.sys
    0x00E55000 \SystemRoot\system32\drivers\volmgr.sys
    0x00E6A000 \SystemRoot\System32\drivers\volmgrx.sys
    0x00EC6000 \SystemRoot\system32\drivers\pciide.sys
    0x00DBF000 \SystemRoot\system32\drivers\PCIIDEX.SYS
    0x00DCF000 \SystemRoot\System32\drivers\mountmgr.sys
    0x00ECD000 \SystemRoot\system32\drivers\atapi.sys
    0x00C00000 \SystemRoot\system32\drivers\ataport.SYS
    0x00FF3000 \SystemRoot\system32\drivers\amdxata.sys
    0x00C2A000 \SystemRoot\system32\drivers\fltmgr.sys
    0x00DE9000 \SystemRoot\system32\drivers\fileinfo.sys
    0x0102A000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x0124B000 \SystemRoot\System32\Drivers\msrpc.sys
    0x012A9000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x012C4000 \SystemRoot\System32\Drivers\cng.sys
    0x01336000 \SystemRoot\System32\drivers\pcw.sys
    0x01347000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x01451000 \SystemRoot\system32\drivers\ndis.sys
    0x01544000 \SystemRoot\system32\drivers\NETIO.SYS
    0x015A4000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x016AC000 \SystemRoot\System32\drivers\tcpip.sys
    0x018AF000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x018F9000 \SystemRoot\system32\drivers\volsnap.sys
    0x01945000 \SystemRoot\System32\Drivers\spldr.sys
    0x0194D000 \SystemRoot\System32\drivers\rdyboost.sys
    0x01987000 \SystemRoot\System32\Drivers\mup.sys
    0x01999000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x019A2000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x019DC000 \SystemRoot\system32\DRIVERS\disk.sys
    0x01600000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x01666000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x01690000 \SystemRoot\System32\Drivers\Null.SYS
    0x01699000 \SystemRoot\System32\Drivers\Beep.SYS
    0x015CE000 \SystemRoot\system32\DRIVERS\ehdrv.sys
    0x019F2000 \SystemRoot\System32\drivers\vga.sys
    0x01400000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x01425000 \SystemRoot\System32\drivers\watchdog.sys
    0x016A0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x01435000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x0143E000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x015F5000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x01351000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x01362000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x01384000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x0409D000 \SystemRoot\system32\drivers\afd.sys
    0x04126000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x0416B000 \SystemRoot\system32\drivers\ws2ifsl.sys
    0x04176000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x0417F000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x041A5000 \SystemRoot\system32\DRIVERS\vwififlt.sys
    0x041BB000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x041CA000 \SystemRoot\system32\DRIVERS\serial.sys
    0x04000000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x0401B000 \SystemRoot\system32\DRIVERS\tsvp.sys
    0x04028000 \SystemRoot\system32\drivers\termdd.sys
    0x0403C000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x0408D000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x041E7000 \SystemRoot\system32\drivers\mssmbios.sys
    0x01391000 \SystemRoot\System32\drivers\discache.sys
    0x013A0000 \SystemRoot\System32\Drivers\dfsc.sys
    0x013BE000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x013CF000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x01200000 \SystemRoot\system32\DRIVERS\amdppm.sys
    0x041F2000 \SystemRoot\system32\drivers\wmiacpi.sys
    0x042AB000 \SystemRoot\system32\DRIVERS\atikmpag.sys
    0x04835000 \SystemRoot\system32\DRIVERS\atikmdag.sys
    0x05250000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x05344000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x0538A000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x053AE000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0x0430C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x053B9000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x04362000 \SystemRoot\system32\drivers\1394ohci.sys
    0x053CA000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
    0x04800000 \SystemRoot\system32\DRIVERS\serenum.sys
    0x0480C000 \SystemRoot\system32\DRIVERS\parport.sys
    0x043A0000 \SystemRoot\system32\drivers\i8042prt.sys
    0x043BE000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x043CD000 \SystemRoot\system32\drivers\CompositeBus.sys
    0x043DD000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x04200000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x04829000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x04224000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x04253000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x0426E000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x0428F000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x01215000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x043F3000 \SystemRoot\system32\DRIVERS\serscan.sys
    0x01447000 \SystemRoot\system32\drivers\ksthunk.sys
    0x044C0000 \SystemRoot\system32\drivers\ks.sys
    0x04503000 \SystemRoot\system32\drivers\swenum.sys
    0x04505000 \SystemRoot\system32\DRIVERS\amdiox64.sys
    0x04519000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x0452B000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x04585000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x0459A000 \SystemRoot\system32\drivers\AtihdW76.sys
    0x045B5000 \SystemRoot\system32\drivers\portcls.sys
    0x04400000 \SystemRoot\system32\drivers\drmk.sys
    0x06462000 \SystemRoot\system32\drivers\RTKVHD64.sys
    0x0669C000 \SystemRoot\system32\DRIVERS\cdfs.sys
    0x00010000 \SystemRoot\System32\win32k.sys
    0x066B9000 \SystemRoot\System32\drivers\Dxapi.sys
    0x066C5000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x066D3000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x066DF000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0x066E8000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x066FB000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x06718000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x0671A000 \SystemRoot\System32\Drivers\nx6000.sys
    0x06727000 \SystemRoot\System32\Drivers\usbvideo.sys
    0x06755000 \SystemRoot\system32\drivers\usbaudio.sys
    0x06770000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0x02A40000 \SystemRoot\system32\DRIVERS\netr28ux.sys
    0x02BE1000 \SystemRoot\system32\DRIVERS\vwifibus.sys
    0x02BEE000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x02A00000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x02A19000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x02A22000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
    0x0678B000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x06798000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
    0x067AC000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x067BA000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x00420000 \SystemRoot\System32\TSDDD.dll
    0x006C0000 \SystemRoot\System32\cdd.dll
    0x067C8000 \SystemRoot\system32\drivers\luafv.sys
    0x03A7B000 \SystemRoot\system32\DRIVERS\eamonm.sys
    0x03B5D000 \SystemRoot\system32\drivers\WudfPf.sys
    0x03B7E000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x03B93000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x03BE6000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x03A00000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x03A18000 \SystemRoot\System32\Drivers\fastfat.SYS
    0x07021000 \SystemRoot\system32\drivers\HTTP.sys
    0x070EA000 \SystemRoot\system32\DRIVERS\vwifimp.sys
    0x070F4000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x07125000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x07143000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x0715B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x07188000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x071D6000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x04422000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x07270000 \SystemRoot\System32\DRIVERS\srv.sys
    0x07308000 \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
    0x07339000 \SystemRoot\system32\DRIVERS\epfwwfpr.sys
    0x078AA000 \SystemRoot\system32\drivers\peauth.sys
    0x07950000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x079CC000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x079DE000 \SystemRoot\system32\DRIVERS\asyncmac.sys
    0x07800000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
    0x07831000 \??\C:\Windows\system32\drivers\mbam.sys
    0x07868000 \SystemRoot\system32\drivers\MSPQM.sys
    0x0786A000 \SystemRoot\system32\drivers\MSPCLOCK.sys
    0x0786C000 \??\C:\Users\Morisoli\AppData\Local\Temp\aswMBR.sys
    0x77750000 \Windows\System32\ntdll.dll
    0x47C30000 \Windows\System32\smss.exe
    0xFFA70000 \Windows\System32\apisetschema.dll
    0xFF110000 \Windows\System32\autochk.exe
    0xFF980000 \Windows\System32\oleaut32.dll
    0xFF960000 \Windows\System32\sechost.dll
    0xFF910000 \Windows\System32\ws2_32.dll
    0xFF700000 \Windows\System32\ole32.dll
    0xFF680000 \Windows\System32\difxapi.dll
    0xFF570000 \Windows\System32\msctf.dll
    0xFF490000 \Windows\System32\advapi32.dll
    0x77630000 \Windows\System32\kernel32.dll
    0xFF3F0000 \Windows\System32\comdlg32.dll
    0xFF390000 \Windows\System32\Wldap32.dll
    0xFF260000 \Windows\System32\rpcrt4.dll
    0x77920000 \Windows\System32\psapi.dll
    0xFE4D0000 \Windows\System32\shell32.dll
    0xFE2F0000 \Windows\System32\setupapi.dll
    0xFE090000 \Windows\System32\iertutil.dll
    0xFDF60000 \Windows\System32\wininet.dll
    0xFDEC0000 \Windows\System32\msvcrt.dll
    0xFDD40000 \Windows\System32\urlmon.dll
    0xFDCA0000 \Windows\System32\clbcatq.dll
    0x77530000 \Windows\System32\user32.dll
    0xFDBD0000 \Windows\System32\usp10.dll
    0xFDBC0000 \Windows\System32\nsi.dll
    0xFDB40000 \Windows\System32\shlwapi.dll
    0xFDAD0000 \Windows\System32\gdi32.dll
    0x77910000 \Windows\System32\normaliz.dll
    0xFDAC0000 \Windows\System32\lpk.dll
    0xFDA90000 \Windows\System32\imm32.dll
    0xFDA70000 \Windows\System32\imagehlp.dll
    0xFDA50000 \Windows\System32\devobj.dll
    0xFDA10000 \Windows\System32\cfgmgr32.dll
    0xFD8A0000 \Windows\System32\crypt32.dll
    0xFD800000 \Windows\System32\comctl32.dll
    0xFD7C0000 \Windows\System32\wintrust.dll
    0xFD750000 \Windows\System32\KernelBase.dll
    0xFD740000 \Windows\System32\msasn1.dll

    Processes (total 74):
    0 System Idle Process
    4 System
    292 C:\Windows\System32\smss.exe
    428 csrss.exe
    520 C:\Windows\System32\wininit.exe
    540 csrss.exe
    576 C:\Windows\System32\services.exe
    600 C:\Windows\System32\lsass.exe
    608 C:\Windows\System32\lsm.exe
    724 C:\Windows\System32\winlogon.exe
    756 C:\Windows\System32\svchost.exe
    816 C:\Windows\System32\nvvsvc.exe
    856 C:\Windows\System32\svchost.exe
    920 C:\Windows\System32\atiesrxx.exe
    980 C:\Windows\System32\svchost.exe
    1020 C:\Windows\System32\svchost.exe
    304 C:\Windows\System32\svchost.exe
    536 C:\Windows\System32\svchost.exe
    1156 C:\Windows\System32\atieclxx.exe
    1204 C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    1316 C:\Windows\System32\svchost.exe
    1428 C:\Windows\System32\wlanext.exe
    1440 C:\Windows\System32\conhost.exe
    1536 C:\Windows\System32\spoolsv.exe
    1576 C:\Windows\System32\svchost.exe
    1772 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    1796 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    1840 C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    1860 C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
    1880 C:\Program Files\Bonjour\mDNSResponder.exe
    2000 C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
    1132 C:\Windows\System32\svchost.exe
    1216 C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
    2036 C:\Program Files\Microsoft LifeCam\MSCamS64.exe
    2084 C:\Windows\SysWOW64\PnkBstrA.exe
    2108 C:\Windows\System32\svchost.exe
    2156 C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry.exe
    2180 C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry64.exe
    2276 C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    2328 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    2348 C:\Windows\System32\svchost.exe
    2380 C:\Windows\System32\svchost.exe
    2548 C:\Windows\System32\SearchIndexer.exe
    2132 C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    2772 WUDFHost.exe
    3772 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    3848 C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    4072 C:\Windows\System32\taskhost.exe
    3288 C:\Windows\System32\dwm.exe
    940 C:\Windows\explorer.exe
    1944 C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
    1804 C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    2016 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    1048 C:\Program Files (x86)\NETGEAR\WNDA4100\WNDA4100.EXE
    3096 C:\Program Files\Logitech\SetPoint II\SetPointII.exe
    3276 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
    1700 C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
    3556 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    3892 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    872 C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    4580 WmiPrvSE.exe
    4108 C:\Program Files (x86)\Skype\Phone\Skype.exe
    1968 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    4968 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    5748 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    4900 C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
    4160 C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
    6276 C:\Windows\System32\audiodg.exe
    592 C:\Users\Morisoli\Desktop\aswMBR.exe
    6356 C:\Windows\System32\SearchProtocolHost.exe
    2860 C:\Windows\System32\SearchFilterHost.exe
    5544 C:\Users\Morisoli\Desktop\MBRCheck.exe
    2824 C:\Windows\System32\conhost.exe
    5800 C:\Windows\System32\dllhost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)

    PhysicalDrive0 Model Number: WDCWD1002FAEX-00Z3A0, Rev: 05.01D05

    Size Device Name MBR Status
    --------------------------------------------
    931 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
    SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


    Done!
  5. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Excellent work!

    • Download RogueKiller and save it on your desktop.
    • Quit all programs
    • Start RogueKiller.exe.
    • Wait until Prescan has finished ...
    • Click on Scan
    [​IMG]

    • Wait for the end of the scan.
    • The report has been created on the desktop.
    • Click on the Delete button.
    [​IMG]

    • The report has been created on the desktop.
    • Next click on the ShortcutsFix

      [​IMG]
    • The report has been created on the desktop.
    Please post:

    All RKreport.txt text files located on your desktop.
  6. Jesterical

    Jesterical TS Rookie Topic Starter Posts: 21

    I apologize for the delayed response. Here are all three logs posted in the order that you have directed me to run them.

    [Report 1]

    RogueKiller V7.6.5 [08/03/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User: Morisoli [Admin rights]
    Mode: Scan -- Date: 08/08/2012 11:23:24

    ¤¤¤ Bad processes: 1 ¤¤¤
    [SVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]

    ¤¤¤ Registry Entries: 4 ¤¤¤
    [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
    [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver: [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : Root.MBR ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: WDC WD1002FAEX-00Z3A0 ATA Device +++++
    --- User ---
    [MBR] 7b5075b10c335ac79feac895fbb7f7af
    [BSP] 891123bb65932d4d20677b2de86e141a : Windows 7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo
    User = LL1 ... OK!
    User != LL2 ... KO!
    --- LL2 ---
    [MBR] 8e5c4025ec301eb8ba0d47a6bf4da11f
    [BSP] 891123bb65932d4d20677b2de86e141a : Windows 7 MBR Code
    Partition table:
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo

    +++++ PhysicalDrive1: USB Flash Memory USB Device +++++
    --- User ---
    [MBR] cc4d8f0b6bfa2dc17a228985a6729d62
    [BSP] c173e8275afa7edbf14411e11edaaad8 : Standard MBR Code
    Partition table:
    0 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 32 | Size: 488 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[1].txt >>
    RKreport[1].txt

    [Report 2]

    RogueKiller V7.6.5 [08/03/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User: Morisoli [Admin rights]
    Mode: Remove -- Date: 08/08/2012 11:25:29

    ¤¤¤ Bad processes: 1 ¤¤¤
    [SVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]

    ¤¤¤ Registry Entries: 4 ¤¤¤
    [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
    [HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
    [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver: [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : Root.MBR ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: WDC WD1002FAEX-00Z3A0 ATA Device +++++
    --- User ---
    [MBR] 7b5075b10c335ac79feac895fbb7f7af
    [BSP] 891123bb65932d4d20677b2de86e141a : Windows 7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo
    User = LL1 ... OK!
    User != LL2 ... KO!
    --- LL2 ---
    [MBR] 8e5c4025ec301eb8ba0d47a6bf4da11f
    [BSP] 891123bb65932d4d20677b2de86e141a : Windows 7 MBR Code
    Partition table:
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo

    +++++ PhysicalDrive1: USB Flash Memory USB Device +++++
    --- User ---
    [MBR] cc4d8f0b6bfa2dc17a228985a6729d62
    [BSP] c173e8275afa7edbf14411e11edaaad8 : Standard MBR Code
    Partition table:
    0 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 32 | Size: 488 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt


    [Report 3]


    RogueKiller V7.6.5 [08/03/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User: Morisoli [Admin rights]
    Mode: Shortcuts HJfix -- Date: 08/08/2012 11:31:59

    ¤¤¤ Bad processes: 1 ¤¤¤
    [SVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]

    ¤¤¤ Driver: [NOT LOADED] ¤¤¤

    ¤¤¤ File attributes restored: ¤¤¤
    Desktop: Success 0 / Fail 0
    Quick launch: Success 0 / Fail 0
    Programs: Success 1 / Fail 0
    Start menu: Success 0 / Fail 0
    User folder: Success 133 / Fail 0
    My documents: Success 0 / Fail 0
    My favorites: Success 0 / Fail 0
    My pictures: Success 0 / Fail 0
    My music: Success 0 / Fail 0
    My videos: Success 0 / Fail 0
    Local drives: Success 186 / Fail 0
    Backup: [NOT FOUND]

    Drives:
    [C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
    [D:] \Device\CdRom0 -- 0x5 --> Skipped
    [E:] \Device\HarddiskVolume3 -- 0x2 --> Restored

    ¤¤¤ Infection : ¤¤¤

    Finished : << RKreport[3].txt >>
    RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
  7. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Please download and run TDSSKiller to your desktop as outlined below:

    Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    For Windows XP, double-click to start.
    For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.


    [​IMG]

    -------------------------

    Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    [​IMG]

    ------------------------

    Click the Start Scan button.

    [​IMG]

    -----------------------

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue


    [​IMG]

    ----------------------

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


    [​IMG]


    --------------------

    A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
    Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

    -------------------

    Here's a summary of what to do if you would like to print it out:

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  8. Jesterical

    Jesterical TS Rookie Topic Starter Posts: 21

    [First part of the report]

    11:15:03.0073 5504 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
    11:15:03.0402 5504 ============================================================
    11:15:03.0402 5504 Current date / time: 2012/08/11 11:15:03.0402
    11:15:03.0402 5504 SystemInfo:
    11:15:03.0402 5504
    11:15:03.0402 5504 OS Version: 6.1.7601 ServicePack: 1.0
    11:15:03.0402 5504 Product type: Workstation
    11:15:03.0402 5504 ComputerName: MORISOLI-PC
    11:15:03.0402 5504 UserName: Morisoli
    11:15:03.0402 5504 Windows directory: C:\Windows
    11:15:03.0402 5504 System windows directory: C:\Windows
    11:15:03.0403 5504 Running under WOW64
    11:15:03.0403 5504 Processor architecture: Intel x64
    11:15:03.0403 5504 Number of processors: 4
    11:15:03.0403 5504 Page size: 0x1000
    11:15:03.0403 5504 Boot type: Normal boot
    11:15:03.0403 5504 ============================================================
    11:15:04.0541 5504 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
    11:15:04.0568 5504 Drive \Device\Harddisk1\DR1 - Size: 0x1E900000 (0.48 Gb), SectorSize: 0x200, Cylinders: 0x3E, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    11:15:04.0573 5504 ============================================================
    11:15:04.0573 5504 \Device\Harddisk0\DR0:
    11:15:04.0573 5504 MBR partitions:
    11:15:04.0573 5504 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    11:15:04.0573 5504 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
    11:15:04.0573 5504 \Device\Harddisk1\DR1:
    11:15:04.0574 5504 MBR partitions:
    11:15:04.0574 5504 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0xF46E0
    11:15:04.0574 5504 ============================================================
    11:15:04.0603 5504 C: <-> \Device\Harddisk0\DR0\Partition1
    11:15:04.0603 5504 ============================================================
    11:15:04.0603 5504 Initialize success
    11:15:04.0603 5504 ============================================================
    11:15:11.0175 7376 ============================================================
    11:15:11.0175 7376 Scan started
    11:15:11.0175 7376 Mode: Manual; SigCheck; TDLFS;
    11:15:11.0175 7376 ============================================================
    11:15:13.0861 7376 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    11:15:14.0092 7376 1394ohci - ok
    11:15:14.0217 7376 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    11:15:14.0246 7376 ACPI - ok
    11:15:14.0289 7376 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    11:15:14.0577 7376 AcpiPmi - ok
    11:15:14.0821 7376 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    11:15:14.0859 7376 AdobeARMservice - ok
    11:15:15.0129 7376 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    11:15:15.0164 7376 AdobeFlashPlayerUpdateSvc - ok
    11:15:15.0234 7376 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    11:15:15.0259 7376 adp94xx - ok
    11:15:15.0280 7376 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    11:15:15.0293 7376 adpahci - ok
    11:15:15.0307 7376 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    11:15:15.0317 7376 adpu320 - ok
    11:15:15.0424 7376 AE1000 (e005682ae8f8ec4eb05f2a70a16ea1c5) C:\Windows\system32\DRIVERS\ae1000w7.sys
    11:15:15.0482 7376 AE1000 - ok
    11:15:15.0515 7376 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
    11:15:15.0680 7376 AeLookupSvc - ok
    11:15:15.0758 7376 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
    11:15:15.0853 7376 AFD - ok
    11:15:15.0877 7376 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    11:15:15.0889 7376 agp440 - ok
    11:15:15.0908 7376 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
    11:15:15.0944 7376 ALG - ok
    11:15:15.0963 7376 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    11:15:15.0975 7376 aliide - ok
    11:15:16.0019 7376 AMD External Events Utility (9c616ba191b80f5cd1a1b9553e107100) C:\Windows\system32\atiesrxx.exe
    11:15:16.0109 7376 AMD External Events Utility - ok
    11:15:16.0179 7376 AMD FUEL Service - ok
    11:15:16.0182 7376 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    11:15:16.0190 7376 amdide - ok
    11:15:16.0221 7376 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
    11:15:16.0564 7376 amdiox64 - ok
    11:15:16.0595 7376 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    11:15:16.0688 7376 AmdK8 - ok
    11:15:16.0981 7376 amdkmdag (5165e83751b8ff40e5e4925996fcc506) C:\Windows\system32\DRIVERS\atikmdag.sys
    11:15:17.0254 7376 amdkmdag - ok
    11:15:17.0384 7376 amdkmdap (86ab3cf484260c4318f3a6e8b035f422) C:\Windows\system32\DRIVERS\atikmpag.sys
    11:15:17.0416 7376 amdkmdap - ok
    11:15:17.0441 7376 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    11:15:17.0491 7376 AmdPPM - ok
    11:15:17.0534 7376 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    11:15:17.0544 7376 amdsata - ok
    11:15:17.0569 7376 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    11:15:17.0588 7376 amdsbs - ok
    11:15:17.0603 7376 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    11:15:17.0611 7376 amdxata - ok
    11:15:17.0688 7376 AODDriver4.01 (5b25d1a753cc3a3edb909bb759ac1098) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
    11:15:17.0716 7376 AODDriver4.01 - ok
    11:15:17.0725 7376 AODDriver4.1 (5b25d1a753cc3a3edb909bb759ac1098) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
    11:15:17.0734 7376 AODDriver4.1 - ok
    11:15:17.0770 7376 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    11:15:17.0887 7376 AppID - ok
    11:15:17.0911 7376 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
    11:15:17.0993 7376 AppIDSvc - ok
    11:15:18.0025 7376 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
    11:15:18.0059 7376 Appinfo - ok
    11:15:18.0084 7376 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    11:15:18.0093 7376 arc - ok
    11:15:18.0104 7376 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    11:15:18.0112 7376 arcsas - ok
    11:15:18.0115 7376 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    11:15:18.0143 7376 AsyncMac - ok
    11:15:18.0170 7376 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    11:15:18.0178 7376 atapi - ok
    11:15:18.0221 7376 AtiHDAudioService (24464b908e143d2561e9e452fee97309) C:\Windows\system32\drivers\AtihdW76.sys
    11:15:18.0239 7376 AtiHDAudioService - ok
    11:15:18.0300 7376 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    11:15:18.0372 7376 AudioEndpointBuilder - ok
    11:15:18.0378 7376 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    11:15:18.0404 7376 AudioSrv - ok
    11:15:18.0457 7376 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
    11:15:18.0546 7376 AxInstSV - ok
    11:15:18.0579 7376 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    11:15:18.0629 7376 b06bdrv - ok
    11:15:18.0650 7376 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    11:15:18.0674 7376 b57nd60a - ok
    11:15:18.0846 7376 BcmSqlStartupSvc (6163664c7e9cd110af70180c126c3fdc) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    11:15:18.0888 7376 BcmSqlStartupSvc - ok
    11:15:19.0028 7376 BCUService (382b151daffe4a9ce9da9f564b66761e) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
    11:15:19.0046 7376 BCUService - ok
    11:15:19.0077 7376 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
    11:15:19.0114 7376 BDESVC - ok
    11:15:19.0136 7376 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    11:15:19.0170 7376 Beep - ok
    11:15:19.0193 7376 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    11:15:19.0202 7376 blbdrive - ok
    11:15:19.0284 7376 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
    11:15:19.0335 7376 Bonjour Service - ok
    11:15:19.0364 7376 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    11:15:19.0383 7376 bowser - ok
    11:15:19.0386 7376 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    11:15:19.0447 7376 BrFiltLo - ok
    11:15:19.0450 7376 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    11:15:19.0464 7376 BrFiltUp - ok
    11:15:19.0477 7376 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
    11:15:19.0529 7376 BridgeMP - ok
    11:15:19.0557 7376 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
    11:15:19.0596 7376 Browser - ok
    11:15:19.0617 7376 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    11:15:19.0649 7376 Brserid - ok
    11:15:19.0657 7376 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    11:15:19.0667 7376 BrSerWdm - ok
    11:15:19.0678 7376 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    11:15:19.0688 7376 BrUsbMdm - ok
    11:15:19.0690 7376 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    11:15:19.0709 7376 BrUsbSer - ok
    11:15:19.0714 7376 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    11:15:19.0734 7376 BTHMODEM - ok
    11:15:19.0752 7376 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
    11:15:19.0790 7376 bthserv - ok
    11:15:19.0792 7376 catchme - ok
    11:15:19.0819 7376 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    11:15:19.0854 7376 cdfs - ok
    11:15:19.0897 7376 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
    11:15:19.0941 7376 cdrom - ok
    11:15:19.0985 7376 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    11:15:20.0043 7376 CertPropSvc - ok
    11:15:20.0108 7376 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    11:15:20.0144 7376 circlass - ok
    11:15:20.0170 7376 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    11:15:20.0190 7376 CLFS - ok
    11:15:20.0264 7376 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    11:15:20.0275 7376 clr_optimization_v2.0.50727_32 - ok
    11:15:20.0329 7376 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    11:15:20.0340 7376 clr_optimization_v2.0.50727_64 - ok
    11:15:20.0405 7376 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    11:15:20.0448 7376 clr_optimization_v4.0.30319_32 - ok
    11:15:20.0503 7376 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    11:15:20.0512 7376 clr_optimization_v4.0.30319_64 - ok
    11:15:20.0524 7376 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    11:15:20.0532 7376 CmBatt - ok
    11:15:20.0560 7376 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    11:15:20.0576 7376 cmdide - ok
    11:15:20.0630 7376 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
    11:15:20.0683 7376 CNG - ok
    11:15:20.0698 7376 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    11:15:20.0706 7376 Compbatt - ok
    11:15:20.0739 7376 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    11:15:20.0846 7376 CompositeBus - ok
    11:15:20.0848 7376 COMSysApp - ok
    11:15:20.0856 7376 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    11:15:20.0864 7376 crcdisk - ok
    11:15:20.0908 7376 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
    11:15:20.0964 7376 CryptSvc - ok
    11:15:21.0007 7376 CV2K1 (2f0e9e92c30bdaeadcca577ff09743a8) C:\Windows\system32\DRIVERS\cv2k1.sys
    11:15:21.0026 7376 CV2K1 - ok
    11:15:21.0069 7376 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    11:15:21.0107 7376 DcomLaunch - ok
    11:15:21.0169 7376 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
    11:15:21.0239 7376 defragsvc - ok
    11:15:21.0287 7376 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    11:15:21.0370 7376 DfsC - ok
    11:15:21.0425 7376 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
    11:15:21.0511 7376 Dhcp - ok
    11:15:21.0526 7376 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    11:15:21.0568 7376 discache - ok
    11:15:21.0582 7376 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    11:15:21.0590 7376 Disk - ok
    11:15:21.0628 7376 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
    11:15:21.0676 7376 Dnscache - ok
    11:15:21.0705 7376 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
    11:15:21.0742 7376 dot3svc - ok
    11:15:21.0762 7376 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
    11:15:21.0812 7376 DPS - ok
    11:15:21.0842 7376 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    11:15:21.0860 7376 drmkaud - ok
    11:15:21.0906 7376 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    11:15:21.0929 7376 DXGKrnl - ok
    11:15:21.0936 7376 EagleX64 - ok
    11:15:21.0974 7376 eamonm (13533557d01b88c83110d5cf749f14d7) C:\Windows\system32\DRIVERS\eamonm.sys
    11:15:22.0006 7376 eamonm - ok
    11:15:22.0039 7376 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
    11:15:22.0065 7376 EapHost - ok
    11:15:22.0165 7376 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    11:15:22.0227 7376 ebdrv - ok
    11:15:22.0314 7376 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
    11:15:22.0391 7376 EFS - ok
    11:15:22.0447 7376 ehdrv (e097728129e7b79bf1089d7aef42332b) C:\Windows\system32\DRIVERS\ehdrv.sys
    11:15:22.0458 7376 ehdrv - ok
    11:15:22.0537 7376 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
    11:15:22.0604 7376 ehRecvr - ok
    11:15:22.0632 7376 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
    11:15:22.0675 7376 ehSched - ok
    11:15:22.0815 7376 ekrn (c7bb95cf9631aa401e4aded1648f6af7) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
    11:15:22.0852 7376 ekrn - ok
    11:15:22.0905 7376 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    11:15:22.0930 7376 elxstor - ok
    11:15:22.0961 7376 epfwwfpr (2380976cf8a4a56611f35633acd2a74f) C:\Windows\system32\DRIVERS\epfwwfpr.sys
    11:15:22.0972 7376 epfwwfpr - ok
    11:15:23.0000 7376 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    11:15:23.0015 7376 ErrDev - ok
    11:15:23.0047 7376 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
    11:15:23.0085 7376 EventSystem - ok
    11:15:23.0104 7376 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    11:15:23.0130 7376 exfat - ok
    11:15:23.0159 7376 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    11:15:23.0185 7376 fastfat - ok
    11:15:23.0217 7376 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
    11:15:23.0244 7376 Fax - ok
    11:15:23.0253 7376 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    11:15:23.0269 7376 fdc - ok
    11:15:23.0279 7376 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
    11:15:23.0313 7376 fdPHost - ok
    11:15:23.0324 7376 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
    11:15:23.0355 7376 FDResPub - ok
    11:15:23.0366 7376 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    11:15:23.0375 7376 FileInfo - ok
    11:15:23.0385 7376 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    11:15:23.0419 7376 Filetrace - ok
    11:15:23.0422 7376 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    11:15:23.0430 7376 flpydisk - ok
    11:15:23.0453 7376 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    11:15:23.0465 7376 FltMgr - ok
    11:15:23.0531 7376 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
    11:15:23.0604 7376 FontCache - ok
    11:15:23.0721 7376 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    11:15:23.0745 7376 FontCache3.0.0.0 - ok
    11:15:23.0754 7376 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    11:15:23.0766 7376 FsDepends - ok
    11:15:23.0789 7376 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
    11:15:23.0800 7376 Fs_Rec - ok
    11:15:23.0813 7376 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    11:15:23.0832 7376 fvevol - ok
    11:15:23.0836 7376 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    11:15:23.0848 7376 gagp30kx - ok
    11:15:23.0881 7376 gdrv (7907e14f9bcf3a4689c9a74a1a873cb6) C:\Windows\gdrv.sys
    11:15:23.0890 7376 gdrv - ok
    11:15:23.0937 7376 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
    11:15:24.0001 7376 gpsvc - ok
    11:15:24.0098 7376 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
    11:15:24.0136 7376 hamachi - ok
    11:15:24.0139 7376 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    11:15:24.0226 7376 hcw85cir - ok
    11:15:24.0275 7376 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
    11:15:24.0300 7376 HdAudAddService - ok
    11:15:24.0321 7376 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
    11:15:24.0347 7376 HDAudBus - ok
    11:15:24.0350 7376 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    11:15:24.0363 7376 HidBatt - ok
    11:15:24.0381 7376 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    11:15:24.0422 7376 HidBth - ok
    11:15:24.0444 7376 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    11:15:24.0466 7376 HidIr - ok
    11:15:24.0483 7376 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
    11:15:24.0518 7376 hidserv - ok
    11:15:24.0535 7376 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
    11:15:24.0543 7376 HidUsb - ok
    11:15:24.0580 7376 hitmanpro36 (44f92c1f913e582bef9cac66443c6230) C:\Windows\system32\drivers\hitmanpro36.sys
    11:15:24.0596 7376 hitmanpro36 - ok
    11:15:24.0627 7376 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
    11:15:24.0694 7376 hkmsvc - ok
    11:15:24.0720 7376 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
    11:15:24.0746 7376 HomeGroupListener - ok
    11:15:24.0762 7376 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
    11:15:24.0776 7376 HomeGroupProvider - ok
    11:15:24.0791 7376 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    11:15:24.0800 7376 HpSAMD - ok
    11:15:24.0853 7376 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    11:15:24.0901 7376 HTTP - ok
    11:15:24.0920 7376 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    11:15:24.0928 7376 hwpolicy - ok
    11:15:24.0973 7376 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    11:15:25.0001 7376 i8042prt - ok
    11:15:25.0031 7376 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    11:15:25.0058 7376 iaStorV - ok
    11:15:25.0183 7376 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    11:15:25.0213 7376 idsvc - ok
    11:15:25.0228 7376 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    11:15:25.0237 7376 iirsp - ok
    11:15:25.0299 7376 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
    11:15:25.0343 7376 IKEEXT - ok
    11:15:25.0483 7376 IntcAzAudAddService (0adf714079ae174a39d69036143e4c50) C:\Windows\system32\drivers\RTKVHD64.sys
    11:15:25.0547 7376 IntcAzAudAddService - ok
    11:15:25.0651 7376 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    11:15:25.0680 7376 intelide - ok
    11:15:25.0695 7376 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    11:15:25.0717 7376 intelppm - ok
    11:15:25.0750 7376 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
    11:15:25.0826 7376 IPBusEnum - ok
    11:15:25.0843 7376 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    11:15:25.0867 7376 IpFilterDriver - ok
    11:15:25.0877 7376 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    11:15:25.0899 7376 IPMIDRV - ok
    11:15:25.0921 7376 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    11:15:25.0958 7376 IPNAT - ok
    11:15:25.0970 7376 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    11:15:25.0985 7376 IRENUM - ok
    11:15:26.0008 7376 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    11:15:26.0016 7376 isapnp - ok
    11:15:26.0040 7376 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    11:15:26.0052 7376 iScsiPrt - ok
    11:15:26.0071 7376 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    11:15:26.0080 7376 kbdclass - ok
    11:15:26.0087 7376 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
    11:15:26.0110 7376 kbdhid - ok
    11:15:26.0127 7376 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    11:15:26.0135 7376 KeyIso - ok
    11:15:26.0156 7376 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
    11:15:26.0165 7376 KSecDD - ok
    11:15:26.0195 7376 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
    11:15:26.0205 7376 KSecPkg - ok
    11:15:26.0215 7376 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    11:15:26.0245 7376 ksthunk - ok
    11:15:26.0277 7376 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
    11:15:26.0316 7376 KtmRm - ok
    11:15:26.0343 7376 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
    11:15:26.0369 7376 LanmanServer - ok
    11:15:26.0379 7376 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
    11:15:26.0404 7376 LanmanWorkstation - ok
    11:15:26.0441 7376 LHidFilt (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys
    11:15:26.0459 7376 LHidFilt - ok
    11:15:26.0468 7376 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    11:15:26.0506 7376 lltdio - ok
    11:15:26.0534 7376 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
    11:15:26.0574 7376 lltdsvc - ok
    11:15:26.0591 7376 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
    11:15:26.0616 7376 lmhosts - ok
    11:15:26.0626 7376 LMouFilt (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys
    11:15:26.0633 7376 LMouFilt - ok
    11:15:26.0658 7376 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    11:15:26.0667 7376 LSI_FC - ok
    11:15:26.0680 7376 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    11:15:26.0690 7376 LSI_SAS - ok
    11:15:26.0699 7376 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    11:15:26.0707 7376 LSI_SAS2 - ok
    11:15:26.0734 7376 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    11:15:26.0743 7376 LSI_SCSI - ok
    11:15:26.0758 7376 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    11:15:26.0790 7376 luafv - ok
    11:15:26.0819 7376 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
    11:15:26.0828 7376 Mcx2Svc - ok
    11:15:26.0838 7376 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    11:15:26.0846 7376 megasas - ok
    11:15:26.0866 7376 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    11:15:26.0877 7376 MegaSR - ok
    11:15:26.0906 7376 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    11:15:26.0941 7376 MMCSS - ok
    11:15:26.0949 7376 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    11:15:26.0984 7376 Modem - ok
    11:15:26.0998 7376 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    11:15:27.0020 7376 monitor - ok
    11:15:27.0098 7376 MotoHelper (3bbc6c2402242401f791548aaebf3d39) C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
    11:15:27.0131 7376 MotoHelper - ok
    11:15:27.0157 7376 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    11:15:27.0169 7376 mouclass - ok
    11:15:27.0198 7376 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    11:15:27.0209 7376 mouhid - ok
    11:15:27.0236 7376 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    11:15:27.0249 7376 mountmgr - ok
    11:15:27.0325 7376 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    11:15:27.0362 7376 MozillaMaintenance - ok
    11:15:27.0394 7376 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    11:15:27.0408 7376 mpio - ok
    11:15:27.0422 7376 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    11:15:27.0458 7376 mpsdrv - ok
    11:15:27.0482 7376 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    11:15:27.0528 7376 MRxDAV - ok
    11:15:27.0561 7376 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    11:15:27.0623 7376 mrxsmb - ok
    11:15:27.0650 7376 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    11:15:27.0676 7376 mrxsmb10 - ok
    11:15:27.0708 7376 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    11:15:27.0722 7376 mrxsmb20 - ok
    11:15:27.0731 7376 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    11:15:27.0740 7376 msahci - ok
    11:15:27.0823 7376 MSCamSvc (41fb1d61df09c36ccab0b04eec66f6d5) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
    11:15:27.0853 7376 MSCamSvc - ok
    11:15:27.0887 7376 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    11:15:27.0901 7376 msdsm - ok
    11:15:27.0926 7376 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
    11:15:27.0936 7376 MSDTC - ok
    11:15:27.0960 7376 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    11:15:27.0984 7376 Msfs - ok
    11:15:27.0995 7376 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    11:15:28.0019 7376 mshidkmdf - ok
    11:15:28.0052 7376 MSHUSBVideo (bb590070d606ae6f008341fc9a7b2ad7) C:\Windows\system32\Drivers\nx6000.sys
    11:15:28.0084 7376 MSHUSBVideo - ok
    11:15:28.0111 7376 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    11:15:28.0122 7376 msisadrv - ok
    11:15:28.0164 7376 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
    11:15:28.0213 7376 MSiSCSI - ok
    11:15:28.0215 7376 msiserver - ok
    11:15:28.0236 7376 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    11:15:28.0268 7376 MSKSSRV - ok
    11:15:28.0285 7376 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    11:15:28.0353 7376 MSPCLOCK - ok
    11:15:28.0372 7376 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    11:15:28.0414 7376 MSPQM - ok
    11:15:28.0453 7376 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    11:15:28.0467 7376 MsRPC - ok
    11:15:28.0547 7376 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    11:15:28.0587 7376 mssmbios - ok
    11:15:28.0719 7376 MSSQL$MSSMLBIZ - ok
    11:15:28.0775 7376 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
    11:15:28.0790 7376 MSSQLServerADHelper - ok
    11:15:28.0793 7376 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    11:15:28.0829 7376 MSTEE - ok
    11:15:28.0849 7376 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    11:15:28.0862 7376 MTConfig - ok
    11:15:28.0882 7376 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    11:15:28.0891 7376 Mup - ok
    11:15:28.0940 7376 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
    11:15:29.0005 7376 napagent - ok
    11:15:29.0054 7376 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    11:15:29.0073 7376 NativeWifiP - ok
    11:15:29.0115 7376 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
    11:15:29.0135 7376 NDIS - ok
    11:15:29.0291 7376 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    11:15:29.0370 7376 NdisCap - ok
    11:15:29.0388 7376 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    11:15:29.0412 7376 NdisTapi - ok
    11:15:29.0442 7376 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    11:15:29.0495 7376 Ndisuio - ok
    11:15:29.0523 7376 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    11:15:29.0554 7376 NdisWan - ok
    11:15:29.0579 7376 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    11:15:29.0603 7376 NDProxy - ok
    11:15:29.0612 7376 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    11:15:29.0636 7376 NetBIOS - ok
    11:15:29.0673 7376 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    11:15:29.0700 7376 NetBT - ok
    11:15:29.0721 7376 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    11:15:29.0729 7376 Netlogon - ok
    11:15:29.0774 7376 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
    11:15:29.0809 7376 Netman - ok
    11:15:29.0838 7376 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
    11:15:29.0875 7376 netprofm - ok
    11:15:29.0980 7376 netr28ux (b330ce846d1c672f640d3b3647cef86d) C:\Windows\system32\DRIVERS\netr28ux.sys
    11:15:30.0013 7376 netr28ux - ok
    11:15:30.0133 7376 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    11:15:30.0145 7376 NetTcpPortSharing - ok
    11:15:30.0230 7376 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    11:15:30.0260 7376 nfrd960 - ok
    11:15:30.0288 7376 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
    11:15:30.0341 7376 NlaSvc - ok
    11:15:30.0354 7376 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    11:15:30.0380 7376 Npfs - ok
    11:15:30.0387 7376 npggsvc - ok
    11:15:30.0414 7376 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
    11:15:30.0441 7376 nsi - ok
    11:15:30.0447 7376 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    11:15:30.0476 7376 nsiproxy - ok
    11:15:30.0584 7376 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    11:15:30.0643 7376 Ntfs - ok
    11:15:30.0673 7376 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    11:15:30.0717 7376 Null - ok
    11:15:31.0025 7376 nvlddmkm (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    11:15:31.0279 7376 nvlddmkm - ok
    11:15:31.0344 7376 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
    11:15:31.0371 7376 nvraid - ok
    11:15:31.0384 7376 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
    11:15:31.0397 7376 nvstor - ok
    11:15:31.0461 7376 nvsvc (dfda089bb2cd0ff7e789e2ef6ba1e4ba) C:\Windows\system32\nvvsvc.exe
    11:15:31.0493 7376 nvsvc - ok
    11:15:31.0599 7376 nvUpdatusService (e7818cd4fb51284c948d68a7a85a69b8) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    11:15:31.0643 7376 nvUpdatusService - ok
    11:15:31.0685 7376 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    11:15:31.0694 7376 nv_agp - ok
    11:15:31.0764 7376 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    11:15:31.0785 7376 odserv - ok
    11:15:31.0812 7376 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    11:15:31.0827 7376 ohci1394 - ok
    11:15:31.0864 7376 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    11:15:31.0872 7376 ose - ok
    11:15:31.0913 7376 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    11:15:31.0987 7376 p2pimsvc - ok
    11:15:32.0028 7376 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
    11:15:32.0050 7376 p2psvc - ok
    11:15:32.0067 7376 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    11:15:32.0076 7376 Parport - ok
    11:15:32.0107 7376 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
    11:15:32.0116 7376 partmgr - ok
    11:15:32.0131 7376 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
    11:15:32.0157 7376 PcaSvc - ok
    11:15:32.0190 7376 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    11:15:32.0200 7376 pci - ok
    11:15:32.0209 7376 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    11:15:32.0217 7376 pciide - ok
    11:15:32.0256 7376 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    11:15:32.0267 7376 pcmcia - ok
    11:15:32.0280 7376 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    11:15:32.0288 7376 pcw - ok
    11:15:32.0319 7376 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    11:15:32.0362 7376 PEAUTH - ok
    11:15:32.0446 7376 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
    11:15:32.0480 7376 PerfHost - ok
    11:15:32.0558 7376 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
    11:15:32.0607 7376 pla - ok
    11:15:32.0661 7376 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
    11:15:32.0707 7376 PlugPlay - ok
    11:15:32.0717 7376 PnkBstrA - ok
    11:15:32.0731 7376 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
    11:15:32.0757 7376 PNRPAutoReg - ok
    11:15:32.0782 7376 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    11:15:32.0796 7376 PNRPsvc - ok
    11:15:32.0823 7376 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
    11:15:32.0866 7376 PolicyAgent - ok
    11:15:32.0903 7376 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
    11:15:32.0994 7376 Power - ok
    11:15:33.0039 7376 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    11:15:33.0074 7376 PptpMiniport - ok
    11:15:33.0078 7376 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    11:15:33.0097 7376 Processor - ok
    11:15:33.0127 7376 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
    11:15:33.0165 7376 ProfSvc - ok
    11:15:33.0197 7376 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    11:15:33.0208 7376 ProtectedStorage - ok
    11:15:33.0234 7376 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    11:15:33.0281 7376 Psched - ok
    11:15:33.0365 7376 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    11:15:33.0427 7376 ql2300 - ok
    11:15:33.0517 7376 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    11:15:33.0535 7376 ql40xx - ok
    11:15:33.0577 7376 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
    11:15:33.0603 7376 QWAVE - ok
    11:15:33.0618 7376 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    11:15:33.0645 7376 QWAVEdrv - ok
    11:15:33.0773 7376 RalinkRegistryWriter (37c3272e58976598bef1cdf321019209) C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry.exe
    11:15:33.0803 7376 RalinkRegistryWriter - ok
    11:15:33.0855 7376 RalinkRegistryWriter64 (25daad73732b51a46b11c6df788f3322) C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry64.exe
    11:15:33.0880 7376 RalinkRegistryWriter64 - ok
    11:15:33.0889 7376 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    11:15:33.0916 7376 RasAcd - ok
    11:15:33.0934 7376 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    11:15:33.0958 7376 RasAgileVpn - ok
    11:15:33.0976 7376 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
    11:15:34.0001 7376 RasAuto - ok
    11:15:34.0024 7376 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    11:15:34.0083 7376 Rasl2tp - ok
    11:15:34.0120 7376 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
    11:15:34.0147 7376 RasMan - ok
    11:15:34.0157 7376 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    11:15:34.0192 7376 RasPppoe - ok
    11:15:34.0212 7376 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    11:15:34.0248 7376 RasSstp - ok
    11:15:34.0287 7376 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    11:15:34.0322 7376 rdbss - ok
    11:15:34.0356 7376 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    11:15:34.0366 7376 rdpbus - ok
    11:15:34.0376 7376 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    11:15:34.0407 7376 RDPCDD - ok
    11:15:34.0425 7376 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    11:15:34.0460 7376 RDPENCDD - ok
    11:15:34.0475 7376 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    11:15:34.0498 7376 RDPREFMP - ok
    11:15:34.0536 7376 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
    11:15:34.0573 7376 RDPWD - ok
    11:15:34.0616 7376 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    11:15:34.0642 7376 rdyboost - ok
    11:15:34.0679 7376 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
    11:15:34.0722 7376 RemoteAccess - ok
    11:15:34.0742 7376 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
    11:15:34.0769 7376 RemoteRegistry - ok
    11:15:34.0795 7376 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
    11:15:34.0832 7376 RpcEptMapper - ok
    11:15:34.0854 7376 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
    11:15:34.0897 7376 RpcLocator - ok
    11:15:34.0936 7376 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
    11:15:34.0972 7376 RpcSs - ok
    11:15:34.0976 7376 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    11:15:35.0002 7376 rspndr - ok
    11:15:35.0046 7376 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
    11:15:35.0056 7376 RTL8167 - ok
    11:15:35.0080 7376 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    11:15:35.0088 7376 SamSs - ok
    11:15:35.0124 7376 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    11:15:35.0134 7376 sbp2port - ok
    11:15:35.0167 7376 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
    11:15:35.0193 7376 SCardSvr - ok
    11:15:35.0205 7376 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    11:15:35.0243 7376 scfilter - ok
    11:15:35.0298 7376 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
    11:15:35.0350 7376 Schedule - ok
    11:15:35.0368 7376 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    11:15:35.0391 7376 SCPolicySvc - ok
    11:15:35.0408 7376 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
    11:15:35.0448 7376 SDRSVC - ok
    11:15:35.0478 7376 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    11:15:35.0554 7376 secdrv - ok
    11:15:35.0580 7376 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
    11:15:35.0624 7376 seclogon - ok
    11:15:35.0639 7376 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
    11:15:35.0669 7376 SENS - ok
    11:15:35.0680 7376 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
    11:15:35.0738 7376 SensrSvc - ok
    11:15:35.0751 7376 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    11:15:35.0773 7376 Serenum - ok
    11:15:35.0795 7376 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    11:15:35.0807 7376 Serial - ok
    11:15:35.0832 7376 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    11:15:35.0854 7376 sermouse - ok
    11:15:35.0888 7376 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
    11:15:35.0932 7376 SessionEnv - ok
  9. Jesterical

    Jesterical TS Rookie Topic Starter Posts: 21

    [Second Part of the report]

    11:15:35.0958 7376 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    11:15:35.0975 7376 sffdisk - ok
    11:15:35.0983 7376 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    11:15:35.0993 7376 sffp_mmc - ok
    11:15:36.0000 7376 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    11:15:36.0016 7376 sffp_sd - ok
    11:15:36.0041 7376 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    11:15:36.0050 7376 sfloppy - ok
    11:15:36.0086 7376 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
    11:15:36.0113 7376 ShellHWDetection - ok
    11:15:36.0127 7376 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    11:15:36.0136 7376 SiSRaid2 - ok
    11:15:36.0150 7376 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    11:15:36.0159 7376 SiSRaid4 - ok
    11:15:36.0225 7376 SkypeUpdate (ddaa5f4a6b958fc313ebd02dd925752f) C:\Program Files (x86)\Skype\Updater\Updater.exe
    11:15:36.0237 7376 SkypeUpdate - ok
    11:15:36.0251 7376 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    11:15:36.0284 7376 Smb - ok
    11:15:36.0306 7376 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
    11:15:36.0322 7376 SNMPTRAP - ok
    11:15:36.0333 7376 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    11:15:36.0341 7376 spldr - ok
    11:15:36.0398 7376 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
    11:15:36.0462 7376 Spooler - ok
    11:15:36.0591 7376 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
    11:15:36.0677 7376 sppsvc - ok
    11:15:36.0753 7376 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
    11:15:36.0814 7376 sppuinotify - ok
    11:15:36.0893 7376 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    11:15:36.0919 7376 SQLBrowser - ok
    11:15:36.0968 7376 SQLWriter (3c432a96363097870995e2a3c8b66abd) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    11:15:36.0978 7376 SQLWriter - ok
    11:15:37.0029 7376 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    11:15:37.0106 7376 srv - ok
    11:15:37.0139 7376 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    11:15:37.0182 7376 srv2 - ok
    11:15:37.0207 7376 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    11:15:37.0233 7376 srvnet - ok
    11:15:37.0259 7376 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
    11:15:37.0300 7376 SSDPSRV - ok
    11:15:37.0319 7376 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
    11:15:37.0345 7376 SstpSvc - ok
    11:15:37.0384 7376 Steam Client Service - ok
    11:15:37.0397 7376 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    11:15:37.0405 7376 stexstor - ok
    11:15:37.0448 7376 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
    11:15:37.0466 7376 StillCam - ok
    11:15:37.0512 7376 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
    11:15:37.0544 7376 stisvc - ok
    11:15:37.0566 7376 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    11:15:37.0573 7376 swenum - ok
    11:15:37.0605 7376 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
    11:15:37.0653 7376 swprv - ok
    11:15:37.0734 7376 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
    11:15:37.0778 7376 SysMain - ok
    11:15:37.0849 7376 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
    11:15:37.0883 7376 TabletInputService - ok
    11:15:37.0926 7376 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
    11:15:37.0967 7376 TapiSrv - ok
    11:15:38.0001 7376 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
    11:15:38.0051 7376 TBS - ok
    11:15:38.0178 7376 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
    11:15:38.0219 7376 Tcpip - ok
    11:15:38.0303 7376 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
    11:15:38.0330 7376 TCPIP6 - ok
    11:15:38.0375 7376 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    11:15:38.0415 7376 tcpipreg - ok
    11:15:38.0435 7376 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    11:15:38.0479 7376 TDPIPE - ok
    11:15:38.0506 7376 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
    11:15:38.0515 7376 TDTCP - ok
    11:15:38.0540 7376 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    11:15:38.0564 7376 tdx - ok
    11:15:38.0582 7376 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    11:15:38.0590 7376 TermDD - ok
    11:15:38.0650 7376 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
    11:15:38.0742 7376 TermService - ok
    11:15:38.0747 7376 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
    11:15:38.0806 7376 Themes - ok
    11:15:38.0831 7376 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    11:15:38.0866 7376 THREADORDER - ok
    11:15:38.0901 7376 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
    11:15:38.0976 7376 TrkWks - ok
    11:15:39.0031 7376 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
    11:15:39.0094 7376 TrustedInstaller - ok
    11:15:39.0125 7376 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    11:15:39.0154 7376 tssecsrv - ok
    11:15:39.0194 7376 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    11:15:39.0226 7376 TsUsbFlt - ok
    11:15:39.0250 7376 TsVlb (3244d95f72db33b238915461aa0f91d0) C:\Windows\system32\DRIVERS\tsvlb.sys
    11:15:39.0257 7376 TsVlb - ok
    11:15:39.0281 7376 TsVp (adf60e064ce420a54dd725462bdfa165) C:\Windows\system32\DRIVERS\tsvp.sys
    11:15:39.0294 7376 TsVp - ok
    11:15:39.0342 7376 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    11:15:39.0451 7376 tunnel - ok
    11:15:39.0479 7376 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    11:15:39.0491 7376 uagp35 - ok
    11:15:39.0528 7376 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    11:15:39.0562 7376 udfs - ok
    11:15:39.0589 7376 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
    11:15:39.0599 7376 UI0Detect - ok
    11:15:39.0616 7376 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    11:15:39.0624 7376 uliagpkx - ok
    11:15:39.0639 7376 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
    11:15:39.0659 7376 umbus - ok
    11:15:39.0681 7376 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    11:15:39.0694 7376 UmPass - ok
    11:15:39.0729 7376 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
    11:15:39.0812 7376 upnphost - ok
    11:15:39.0842 7376 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
    11:15:39.0857 7376 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
    11:15:39.0857 7376 USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
    11:15:39.0892 7376 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
    11:15:39.0925 7376 usbaudio - ok
    11:15:39.0948 7376 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
    11:15:39.0965 7376 usbccgp - ok
    11:15:40.0012 7376 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    11:15:40.0041 7376 usbcir - ok
    11:15:40.0051 7376 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
    11:15:40.0070 7376 usbehci - ok
    11:15:40.0099 7376 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    11:15:40.0114 7376 usbhub - ok
    11:15:40.0128 7376 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
    11:15:40.0139 7376 usbohci - ok
    11:15:40.0155 7376 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    11:15:40.0178 7376 usbprint - ok
    11:15:40.0208 7376 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
    11:15:40.0228 7376 usbscan - ok
    11:15:40.0241 7376 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    11:15:40.0290 7376 USBSTOR - ok
    11:15:40.0300 7376 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
    11:15:40.0317 7376 usbuhci - ok
    11:15:40.0361 7376 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
    11:15:40.0383 7376 usbvideo - ok
    11:15:40.0386 7376 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
    11:15:40.0422 7376 UxSms - ok
    11:15:40.0447 7376 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    11:15:40.0454 7376 VaultSvc - ok
    11:15:40.0465 7376 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    11:15:40.0473 7376 vdrvroot - ok
    11:15:40.0518 7376 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
    11:15:40.0560 7376 vds - ok
    11:15:40.0572 7376 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    11:15:40.0582 7376 vga - ok
    11:15:40.0597 7376 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    11:15:40.0632 7376 VgaSave - ok
    11:15:40.0652 7376 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    11:15:40.0662 7376 vhdmp - ok
    11:15:40.0669 7376 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    11:15:40.0677 7376 viaide - ok
    11:15:40.0688 7376 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    11:15:40.0697 7376 volmgr - ok
    11:15:40.0765 7376 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    11:15:40.0796 7376 volmgrx - ok
    11:15:40.0813 7376 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    11:15:40.0830 7376 volsnap - ok
    11:15:40.0847 7376 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    11:15:40.0861 7376 vsmraid - ok
    11:15:40.0942 7376 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
    11:15:41.0000 7376 VSS - ok
    11:15:41.0100 7376 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    11:15:41.0123 7376 vwifibus - ok
    11:15:41.0136 7376 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    11:15:41.0152 7376 vwififlt - ok
    11:15:41.0192 7376 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
    11:15:41.0208 7376 vwifimp - ok
    11:15:41.0222 7376 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
    11:15:41.0253 7376 W32Time - ok
    11:15:41.0264 7376 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    11:15:41.0277 7376 WacomPen - ok
    11:15:41.0299 7376 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    11:15:41.0335 7376 WANARP - ok
    11:15:41.0337 7376 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    11:15:41.0360 7376 Wanarpv6 - ok
    11:15:41.0430 7376 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
    11:15:41.0457 7376 WatAdminSvc - ok
    11:15:41.0524 7376 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
    11:15:41.0579 7376 wbengine - ok
    11:15:41.0610 7376 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
    11:15:41.0624 7376 WbioSrvc - ok
    11:15:41.0670 7376 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
    11:15:41.0733 7376 wcncsvc - ok
    11:15:41.0746 7376 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
    11:15:41.0806 7376 WcsPlugInService - ok
    11:15:41.0823 7376 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    11:15:41.0842 7376 Wd - ok
    11:15:41.0875 7376 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    11:15:41.0907 7376 Wdf01000 - ok
    11:15:41.0922 7376 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    11:15:41.0979 7376 WdiServiceHost - ok
    11:15:41.0982 7376 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    11:15:41.0999 7376 WdiSystemHost - ok
    11:15:42.0039 7376 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
    11:15:42.0067 7376 WebClient - ok
    11:15:42.0087 7376 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
    11:15:42.0119 7376 Wecsvc - ok
    11:15:42.0132 7376 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
    11:15:42.0168 7376 wercplsupport - ok
    11:15:42.0184 7376 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
    11:15:42.0220 7376 WerSvc - ok
    11:15:42.0234 7376 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    11:15:42.0258 7376 WfpLwf - ok
    11:15:42.0267 7376 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    11:15:42.0275 7376 WIMMount - ok
    11:15:42.0278 7376 WinHttpAutoProxySvc - ok
    11:15:42.0344 7376 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
    11:15:42.0371 7376 Winmgmt - ok
    11:15:42.0483 7376 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
    11:15:42.0554 7376 WinRM - ok
    11:15:42.0617 7376 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
    11:15:42.0648 7376 WinUsb - ok
    11:15:42.0698 7376 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
    11:15:42.0724 7376 Wlansvc - ok
    11:15:42.0917 7376 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    11:15:43.0004 7376 wlidsvc - ok
    11:15:43.0051 7376 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    11:15:43.0070 7376 WmiAcpi - ok
    11:15:43.0110 7376 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
    11:15:43.0129 7376 wmiApSrv - ok
    11:15:43.0167 7376 WMPNetworkSvc - ok
    11:15:43.0179 7376 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
    11:15:43.0223 7376 WPCSvc - ok
    11:15:43.0262 7376 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
    11:15:43.0323 7376 WPDBusEnum - ok
    11:15:43.0335 7376 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    11:15:43.0368 7376 ws2ifsl - ok
    11:15:43.0370 7376 WSearch - ok
    11:15:43.0555 7376 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
    11:15:43.0621 7376 wuauserv - ok
    11:15:43.0669 7376 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    11:15:43.0756 7376 WudfPf - ok
    11:15:43.0770 7376 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    11:15:43.0814 7376 WUDFRd - ok
    11:15:43.0840 7376 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
    11:15:43.0864 7376 wudfsvc - ok
    11:15:43.0900 7376 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
    11:15:43.0929 7376 WwanSvc - ok
    11:15:43.0950 7376 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    11:15:43.0989 7376 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
    11:15:43.0989 7376 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
    11:15:44.0043 7376 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
    11:15:44.0043 7376 \Device\Harddisk0\DR0 - detected TDSS File System (1)
    11:15:44.0055 7376 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR1
    11:15:44.0193 7376 \Device\Harddisk1\DR1 - ok
    11:15:44.0195 7376 Boot (0x1200) (efedc59c0bfd317157d20d43d2284208) \Device\Harddisk0\DR0\Partition0
    11:15:44.0196 7376 \Device\Harddisk0\DR0\Partition0 - ok
    11:15:44.0210 7376 Boot (0x1200) (636eaa35a698061f37f5750c34f03fb2) \Device\Harddisk0\DR0\Partition1
    11:15:44.0211 7376 \Device\Harddisk0\DR0\Partition1 - ok
    11:15:44.0214 7376 Boot (0x1200) (307b0334ace7a64fd2ca3d417ef0b2bb) \Device\Harddisk1\DR1\Partition0
    11:15:44.0215 7376 \Device\Harddisk1\DR1\Partition0 - ok
    11:15:44.0215 7376 ============================================================
    11:15:44.0215 7376 Scan finished
    11:15:44.0215 7376 ============================================================
    11:15:44.0223 7952 Detected object count: 3
    11:15:44.0223 7952 Actual detected object count: 3
    11:15:56.0644 7952 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
    11:15:56.0645 7952 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
    11:15:57.0144 7952 \Device\Harddisk0\DR0\# - copied to quarantine
    11:15:57.0146 7952 \Device\Harddisk0\DR0 - copied to quarantine
    11:15:57.0169 7952 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
    11:15:57.0502 7952 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
    11:15:57.0720 7952 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
    11:15:57.0936 7952 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
    11:15:58.0191 7952 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
    11:15:58.0441 7952 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
    11:15:58.0703 7952 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
    11:15:58.0705 7952 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
    11:15:58.0707 7952 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
    11:15:58.0710 7952 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
    11:15:58.0953 7952 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
    11:15:59.0212 7952 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
    11:15:59.0214 7952 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
    11:15:59.0216 7952 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
    11:15:59.0219 7952 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
    11:15:59.0220 7952 \Device\Harddisk0\DR0 - ok
    11:16:01.0051 7952 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
    11:16:01.0052 7952 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
    11:16:01.0052 7952 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
    11:16:13.0264 8108 Deinitialize success
  10. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Please download aswMBR from here

    • Save aswMBR.exe to your Desktop
    • Double click aswMBR.exe to run it
    • Click the Scan button to start the scan as illustrated below

    [​IMG]

    Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

    • Once the scan finishes click Save log to save the log to your Desktop
      [​IMG]
    • Copy and paste the contents of aswMBR.txt back here for review
  11. Jesterical

    Jesterical TS Rookie Topic Starter Posts: 21

    May I ask why we are doing all of this over again?

    Should I just partition my hard drive and wipe it?

    My computer is getting slower from your instructions and things are begging to work less.
     
  12. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Things change, because TDSS was on your computer. BUT! We need to make sure there are no more remnants in the MBR.

    I'm specifically trained to deal with all of these types of infections, and have very specific methods at determining vectors of infection.

    All of the info posted is to help reveal malware entry points so we can find and target the malware. Sometimes logs cannot properly help diagnose the issue. Eventually, malware finds ways to get around our scanners.

    If we did not use our scanners, and instead used third party products, we could not get enough info to make sure we can help to defeat the issue.

    For example, whenever rootkit scanners, and antivirus software scan for a rootkit, it gets as close to the system kernel as possible. If the rootkit is beyond that point, it will not be detected.

    Problem is, you could try to replace every file on the system, but still the rootkit will show its face. That is a primary problem we have in detecting malware. So, these scanners are engineered by our staff, and corresponding staff to help bypass malware, and fully detect it - so it can be effectively removed.
  13. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello. Are you still with us?

    Your thread has been marked as "Inactive" because of your lack of reply. Please let us know how your computer is running, or if you want to continue in this topic.

    Thanks.
  14. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello. Are you still with us?

    Your thread has been marked as "Inactive" because of your lack of reply. Please let us know how your computer is running, or if you want to continue in this topic.

    Thanks.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.