Inactive Sirefef trojans... ugh

17:33:46.0114 7984 NetTcpPortSharing - ok
17:33:46.0210 7984 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
17:33:46.0241 7984 nfrd960 - ok
17:33:46.0273 7984 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
17:33:46.0310 7984 NlaSvc - ok
17:33:46.0326 7984 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:33:46.0350 7984 Npfs - ok
17:33:46.0357 7984 npggsvc - ok
17:33:46.0384 7984 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
17:33:46.0411 7984 nsi - ok
17:33:46.0417 7984 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:33:46.0446 7984 nsiproxy - ok
17:33:46.0522 7984 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
17:33:46.0557 7984 Ntfs - ok
17:33:46.0593 7984 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:33:46.0638 7984 Null - ok
17:33:46.0971 7984 nvlddmkm (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:33:47.0258 7984 nvlddmkm - ok
17:33:47.0337 7984 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
17:33:47.0347 7984 nvraid - ok
17:33:47.0363 7984 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
17:33:47.0373 7984 nvstor - ok
17:33:47.0432 7984 nvsvc (dfda089bb2cd0ff7e789e2ef6ba1e4ba) C:\Windows\system32\nvvsvc.exe
17:33:47.0452 7984 nvsvc - ok
17:33:47.0554 7984 nvUpdatusService (e7818cd4fb51284c948d68a7a85a69b8) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
17:33:47.0596 7984 nvUpdatusService - ok
17:33:47.0630 7984 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
17:33:47.0639 7984 nv_agp - ok
17:33:47.0717 7984 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:33:47.0766 7984 odserv - ok
17:33:47.0799 7984 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
17:33:47.0816 7984 ohci1394 - ok
17:33:47.0851 7984 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:33:47.0863 7984 ose - ok
17:33:47.0906 7984 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:33:47.0941 7984 p2pimsvc - ok
17:33:47.0989 7984 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
17:33:48.0012 7984 p2psvc - ok
17:33:48.0045 7984 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
17:33:48.0058 7984 Parport - ok
17:33:48.0086 7984 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
17:33:48.0099 7984 partmgr - ok
17:33:48.0111 7984 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
17:33:48.0139 7984 PcaSvc - ok
17:33:48.0160 7984 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
17:33:48.0174 7984 pci - ok
17:33:48.0179 7984 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
17:33:48.0191 7984 pciide - ok
17:33:48.0210 7984 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
17:33:48.0226 7984 pcmcia - ok
17:33:48.0242 7984 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:33:48.0254 7984 pcw - ok
17:33:48.0291 7984 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:33:48.0356 7984 PEAUTH - ok
17:33:48.0433 7984 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
17:33:48.0468 7984 PerfHost - ok
17:33:48.0555 7984 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
17:33:48.0617 7984 pla - ok
17:33:48.0662 7984 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
17:33:48.0703 7984 PlugPlay - ok
17:33:48.0712 7984 PnkBstrA - ok
17:33:48.0726 7984 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
17:33:48.0753 7984 PNRPAutoReg - ok
17:33:48.0778 7984 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:33:48.0792 7984 PNRPsvc - ok
17:33:48.0819 7984 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
17:33:48.0879 7984 PolicyAgent - ok
17:33:48.0923 7984 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
17:33:48.0999 7984 Power - ok
17:33:49.0059 7984 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
17:33:49.0107 7984 PptpMiniport - ok
17:33:49.0112 7984 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
17:33:49.0137 7984 Processor - ok
17:33:49.0172 7984 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
17:33:49.0204 7984 ProfSvc - ok
17:33:49.0234 7984 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:33:49.0245 7984 ProtectedStorage - ok
17:33:49.0280 7984 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
17:33:49.0326 7984 Psched - ok
17:33:49.0389 7984 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
17:33:49.0426 7984 ql2300 - ok
17:33:49.0513 7984 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
17:33:49.0547 7984 ql40xx - ok
17:33:49.0572 7984 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
17:33:49.0599 7984 QWAVE - ok
17:33:49.0613 7984 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:33:49.0640 7984 QWAVEdrv - ok
17:33:49.0786 7984 RalinkRegistryWriter (37c3272e58976598bef1cdf321019209) C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry.exe
17:33:49.0830 7984 RalinkRegistryWriter - ok
17:33:49.0884 7984 RalinkRegistryWriter64 (25daad73732b51a46b11c6df788f3322) C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry64.exe
17:33:49.0909 7984 RalinkRegistryWriter64 - ok
17:33:49.0926 7984 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:33:49.0963 7984 RasAcd - ok
17:33:49.0977 7984 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:33:50.0021 7984 RasAgileVpn - ok
17:33:50.0038 7984 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
17:33:50.0063 7984 RasAuto - ok
17:33:50.0095 7984 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:33:50.0126 7984 Rasl2tp - ok
17:33:50.0165 7984 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
17:33:50.0192 7984 RasMan - ok
17:33:50.0202 7984 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:33:50.0237 7984 RasPppoe - ok
17:33:50.0257 7984 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:33:50.0293 7984 RasSstp - ok
17:33:50.0332 7984 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
17:33:50.0367 7984 rdbss - ok
17:33:50.0376 7984 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
17:33:50.0386 7984 rdpbus - ok
17:33:50.0405 7984 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:33:50.0435 7984 RDPCDD - ok
17:33:50.0445 7984 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:33:50.0480 7984 RDPENCDD - ok
17:33:50.0503 7984 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:33:50.0527 7984 RDPREFMP - ok
17:33:50.0564 7984 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
17:33:50.0612 7984 RDPWD - ok
17:33:50.0666 7984 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
17:33:50.0681 7984 rdyboost - ok
17:33:50.0716 7984 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
17:33:50.0756 7984 RemoteAccess - ok
17:33:50.0787 7984 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
17:33:50.0814 7984 RemoteRegistry - ok
17:33:50.0848 7984 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
17:33:50.0886 7984 RpcEptMapper - ok
17:33:50.0907 7984 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
17:33:50.0925 7984 RpcLocator - ok
17:33:50.0981 7984 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
17:33:51.0025 7984 RpcSs - ok
17:33:51.0031 7984 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:33:51.0061 7984 rspndr - ok
17:33:51.0108 7984 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
17:33:51.0118 7984 RTL8167 - ok
17:33:51.0151 7984 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:33:51.0159 7984 SamSs - ok
17:33:51.0186 7984 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
17:33:51.0195 7984 sbp2port - ok
17:33:51.0212 7984 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
17:33:51.0239 7984 SCardSvr - ok
17:33:51.0252 7984 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
17:33:51.0289 7984 scfilter - ok
17:33:51.0344 7984 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
17:33:51.0394 7984 Schedule - ok
17:33:51.0408 7984 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:33:51.0431 7984 SCPolicySvc - ok
17:33:51.0453 7984 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
17:33:51.0497 7984 SDRSVC - ok
17:33:51.0527 7984 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:33:51.0623 7984 secdrv - ok
17:33:51.0651 7984 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
17:33:51.0695 7984 seclogon - ok
17:33:51.0710 7984 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
17:33:51.0743 7984 SENS - ok
17:33:51.0750 7984 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
17:33:51.0795 7984 SensrSvc - ok
17:33:51.0804 7984 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
17:33:51.0824 7984 Serenum - ok
17:33:51.0840 7984 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
17:33:51.0849 7984 Serial - ok
17:33:51.0861 7984 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
17:33:51.0880 7984 sermouse - ok
17:33:51.0908 7984 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
17:33:51.0938 7984 SessionEnv - ok
17:33:51.0961 7984 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
17:33:51.0979 7984 sffdisk - ok
17:33:51.0987 7984 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
17:33:51.0997 7984 sffp_mmc - ok
17:33:52.0004 7984 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
17:33:52.0020 7984 sffp_sd - ok
17:33:52.0028 7984 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
17:33:52.0037 7984 sfloppy - ok
17:33:52.0089 7984 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
17:33:52.0194 7984 SharedAccess - ok
17:33:52.0240 7984 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
17:33:52.0280 7984 ShellHWDetection - ok
17:33:52.0289 7984 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:33:52.0301 7984 SiSRaid2 - ok
17:33:52.0337 7984 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
17:33:52.0367 7984 SiSRaid4 - ok
17:33:52.0463 7984 SkypeUpdate (ddaa5f4a6b958fc313ebd02dd925752f) C:\Program Files (x86)\Skype\Updater\Updater.exe
17:33:52.0492 7984 SkypeUpdate - ok
17:33:52.0522 7984 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:33:52.0565 7984 Smb - ok
17:33:52.0609 7984 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
17:33:52.0629 7984 SNMPTRAP - ok
17:33:52.0637 7984 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:33:52.0648 7984 spldr - ok
17:33:52.0679 7984 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
17:33:52.0722 7984 Spooler - ok
17:33:52.0903 7984 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
17:33:53.0025 7984 sppsvc - ok
17:33:53.0157 7984 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
17:33:53.0249 7984 sppuinotify - ok
17:33:53.0330 7984 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
17:33:53.0360 7984 SQLBrowser - ok
17:33:53.0404 7984 SQLWriter (3c432a96363097870995e2a3c8b66abd) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
17:33:53.0416 7984 SQLWriter - ok
17:33:53.0508 7984 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
17:33:53.0598 7984 srv - ok
17:33:53.0658 7984 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
17:33:53.0702 7984 srv2 - ok
17:33:53.0736 7984 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
17:33:53.0772 7984 srvnet - ok
17:33:53.0797 7984 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
17:33:53.0847 7984 SSDPSRV - ok
17:33:53.0865 7984 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
17:33:53.0901 7984 SstpSvc - ok
17:33:53.0941 7984 Steam Client Service - ok
17:33:53.0959 7984 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
17:33:53.0971 7984 stexstor - ok
17:33:54.0001 7984 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
17:33:54.0023 7984 StillCam - ok
17:33:54.0059 7984 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
17:33:54.0102 7984 stisvc - ok
17:33:54.0128 7984 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
17:33:54.0139 7984 swenum - ok
17:33:54.0168 7984 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
17:33:54.0224 7984 swprv - ok
17:33:54.0337 7984 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
17:33:54.0390 7984 SysMain - ok
17:33:54.0503 7984 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
17:33:54.0549 7984 TabletInputService - ok
17:33:54.0587 7984 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
17:33:54.0624 7984 TapiSrv - ok
17:33:54.0636 7984 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
17:33:54.0661 7984 TBS - ok
17:33:54.0752 7984 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
17:33:54.0792 7984 Tcpip - ok
17:33:54.0881 7984 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
17:33:54.0908 7984 TCPIP6 - ok
17:33:54.0955 7984 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
17:33:55.0027 7984 tcpipreg - ok
17:33:55.0055 7984 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:33:55.0110 7984 TDPIPE - ok
17:33:55.0135 7984 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
17:33:55.0161 7984 TDTCP - ok
17:33:55.0194 7984 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
17:33:55.0226 7984 tdx - ok
17:33:55.0240 7984 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
17:33:55.0249 7984 TermDD - ok
17:33:55.0278 7984 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
17:33:55.0334 7984 TermService - ok
17:33:55.0337 7984 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
17:33:55.0355 7984 Themes - ok
17:33:55.0384 7984 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:33:55.0409 7984 THREADORDER - ok
17:33:55.0419 7984 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
17:33:55.0463 7984 TrkWks - ok
17:33:55.0525 7984 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
17:33:55.0576 7984 TrustedInstaller - ok
17:33:55.0604 7984 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:33:55.0632 7984 tssecsrv - ok
17:33:55.0673 7984 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
17:33:55.0726 7984 TsUsbFlt - ok
17:33:55.0778 7984 TsVlb (3244d95f72db33b238915461aa0f91d0) C:\Windows\system32\DRIVERS\tsvlb.sys
17:33:55.0794 7984 TsVlb - ok
17:33:55.0809 7984 TsVp (adf60e064ce420a54dd725462bdfa165) C:\Windows\system32\DRIVERS\tsvp.sys
17:33:55.0819 7984 TsVp - ok
17:33:55.0854 7984 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
17:33:55.0900 7984 tunnel - ok
17:33:55.0916 7984 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
17:33:55.0925 7984 uagp35 - ok
17:33:55.0956 7984 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
17:33:55.0983 7984 udfs - ok
17:33:55.0993 7984 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
17:33:56.0002 7984 UI0Detect - ok
17:33:56.0011 7984 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
17:33:56.0019 7984 uliagpkx - ok
17:33:56.0037 7984 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
17:33:56.0062 7984 umbus - ok
17:33:56.0068 7984 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
17:33:56.0081 7984 UmPass - ok
17:33:56.0116 7984 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
17:33:56.0155 7984 upnphost - ok
17:33:56.0194 7984 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
17:33:56.0202 7984 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
17:33:56.0202 7984 USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
17:33:56.0237 7984 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
17:33:56.0287 7984 usbaudio - ok
17:33:56.0312 7984 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
17:33:56.0375 7984 usbccgp - ok
17:33:56.0406 7984 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
17:33:56.0421 7984 usbcir - ok
17:33:56.0438 7984 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
17:33:56.0457 7984 usbehci - ok
17:33:56.0486 7984 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
17:33:56.0502 7984 usbhub - ok
17:33:56.0515 7984 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
17:33:56.0526 7984 usbohci - ok
17:33:56.0542 7984 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
17:33:56.0565 7984 usbprint - ok
17:33:56.0595 7984 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
17:33:56.0615 7984 usbscan - ok
17:33:56.0628 7984 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:33:56.0679 7984 USBSTOR - ok
17:33:56.0696 7984 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
17:33:56.0714 7984 usbuhci - ok
17:33:56.0756 7984 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
17:33:56.0773 7984 usbvideo - ok
17:33:56.0777 7984 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
17:33:56.0817 7984 UxSms - ok
17:33:56.0850 7984 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:33:56.0858 7984 VaultSvc - ok
17:33:56.0869 7984 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
17:33:56.0877 7984 vdrvroot - ok
17:33:56.0922 7984 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
17:33:56.0956 7984 vds - ok
17:33:56.0965 7984 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:33:56.0975 7984 vga - ok
17:33:56.0984 7984 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:33:57.0019 7984 VgaSave - ok
17:33:57.0039 7984 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
17:33:57.0049 7984 vhdmp - ok
17:33:57.0056 7984 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
17:33:57.0064 7984 viaide - ok
17:33:57.0075 7984 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
17:33:57.0084 7984 volmgr - ok
17:33:57.0122 7984 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
17:33:57.0134 7984 volmgrx - ok
17:33:57.0150 7984 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
17:33:57.0161 7984 volsnap - ok
17:33:57.0175 7984 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
17:33:57.0185 7984 vsmraid - ok
17:33:57.0259 7984 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
17:33:57.0306 7984 VSS - ok
17:33:57.0420 7984 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
17:33:57.0468 7984 vwifibus - ok
17:33:57.0489 7984 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
17:33:57.0506 7984 vwififlt - ok
17:33:57.0529 7984 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
17:33:57.0545 7984 vwifimp - ok
17:33:57.0561 7984 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
17:33:57.0602 7984 W32Time - ok
17:33:57.0617 7984 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
17:33:57.0642 7984 WacomPen - ok
17:33:57.0661 7984 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:33:57.0705 7984 WANARP - ok
17:33:57.0709 7984 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:33:57.0741 7984 Wanarpv6 - ok
17:33:57.0810 7984 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
17:33:57.0843 7984 WatAdminSvc - ok
17:33:57.0912 7984 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
17:33:57.0966 7984 wbengine - ok
17:33:58.0005 7984 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
17:33:58.0019 7984 WbioSrvc - ok
17:33:58.0059 7984 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
17:33:58.0074 7984 wcncsvc - ok
17:33:58.0083 7984 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
17:33:58.0135 7984 WcsPlugInService - ok
17:33:58.0169 7984 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
17:33:58.0192 7984 Wd - ok
17:33:58.0229 7984 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:33:58.0260 7984 Wdf01000 - ok
17:33:58.0276 7984 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:33:58.0333 7984 WdiServiceHost - ok
17:33:58.0336 7984 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:33:58.0349 7984 WdiSystemHost - ok
17:33:58.0384 7984 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
17:33:58.0408 7984 WebClient - ok
17:33:58.0449 7984 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
17:33:58.0484 7984 Wecsvc - ok
17:33:58.0494 7984 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
17:33:58.0529 7984 wercplsupport - ok
17:33:58.0546 7984 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
17:33:58.0570 7984 WerSvc - ok
17:33:58.0579 7984 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:33:58.0603 7984 WfpLwf - ok
17:33:58.0613 7984 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:33:58.0620 7984 WIMMount - ok
17:33:58.0637 7984 WinDefend - ok
17:33:58.0642 7984 WinHttpAutoProxySvc - ok
17:33:58.0698 7984 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
17:33:58.0731 7984 Winmgmt - ok
17:33:58.0824 7984 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
17:33:58.0883 7984 WinRM - ok
17:33:58.0945 7984 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
17:33:58.0955 7984 WinUsb - ok
17:33:59.0010 7984 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
17:33:59.0035 7984 Wlansvc - ok
17:33:59.0237 7984 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:33:59.0325 7984 wlidsvc - ok
17:33:59.0372 7984 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
17:33:59.0380 7984 WmiAcpi - ok
17:33:59.0413 7984 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
17:33:59.0430 7984 wmiApSrv - ok
17:33:59.0437 7984 WMPNetworkSvc - ok
17:33:59.0466 7984 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
17:33:59.0502 7984 WPCSvc - ok
17:33:59.0530 7984 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
17:33:59.0550 7984 WPDBusEnum - ok
17:33:59.0563 7984 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:33:59.0587 7984 ws2ifsl - ok
17:33:59.0595 7984 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
17:33:59.0613 7984 wscsvc - ok
17:33:59.0615 7984 WSearch - ok
17:33:59.0746 7984 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
17:33:59.0864 7984 wuauserv - ok
17:33:59.0922 7984 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
17:33:59.0946 7984 WudfPf - ok
17:33:59.0964 7984 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:33:59.0993 7984 WUDFRd - ok
17:34:00.0020 7984 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
17:34:00.0044 7984 wudfsvc - ok
17:34:00.0079 7984 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
17:34:00.0100 7984 WwanSvc - ok
17:34:00.0135 7984 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:34:00.0158 7984 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
17:34:00.0158 7984 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
17:34:00.0174 7984 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
17:34:00.0174 7984 \Device\Harddisk0\DR0 - detected TDSS File System (1)
17:34:00.0182 7984 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR1
17:34:00.0329 7984 \Device\Harddisk1\DR1 - ok
17:34:00.0336 7984 Boot (0x1200) (efedc59c0bfd317157d20d43d2284208) \Device\Harddisk0\DR0\Partition0
17:34:00.0339 7984 \Device\Harddisk0\DR0\Partition0 - ok
17:34:00.0356 7984 Boot (0x1200) (636eaa35a698061f37f5750c34f03fb2) \Device\Harddisk0\DR0\Partition1
17:34:00.0359 7984 \Device\Harddisk0\DR0\Partition1 - ok
17:34:00.0367 7984 Boot (0x1200) (307b0334ace7a64fd2ca3d417ef0b2bb) \Device\Harddisk1\DR1\Partition0
17:34:00.0370 7984 \Device\Harddisk1\DR1\Partition0 - ok
17:34:00.0371 7984 ============================================================
17:34:00.0371 7984 Scan finished
17:34:00.0371 7984 ============================================================
17:34:00.0388 7508 Detected object count: 3
17:34:00.0388 7508 Actual detected object count: 3
17:34:24.0245 7508 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
17:34:24.0245 7508 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:34:24.0721 7508 \Device\Harddisk0\DR0\# - copied to quarantine
17:34:24.0722 7508 \Device\Harddisk0\DR0 - copied to quarantine
17:34:24.0746 7508 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
17:34:26.0736 7508 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
17:34:27.0125 7508 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
17:34:27.0631 7508 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
17:34:27.0959 7508 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
17:34:28.0302 7508 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
17:34:28.0603 7508 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
17:34:28.0605 7508 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
17:34:28.0607 7508 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
17:34:28.0611 7508 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
17:34:28.0982 7508 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
17:34:29.0326 7508 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
17:34:29.0333 7508 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
17:34:29.0340 7508 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
17:34:29.0353 7508 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
17:34:29.0768 7508 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
17:34:29.0770 7508 \Device\Harddisk0\DR0 - ok
17:34:31.0572 7508 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
17:34:31.0573 7508 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
17:34:31.0573 7508 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
17:34:33.0920 8188 Deinitialize success
 
Please download aswMBR from here

  • Save aswMBR.exe to your Desktop
  • Double click aswMBR.exe to run it
  • Click the Scan button to start the scan as illustrated below

aswMBR_Scan.jpg


Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

  • Once the scan finishes click Save log to save the log to your Desktop
    aswMBR_SaveLog.png

  • Copy and paste the contents of aswMBR.txt back here for review


Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.
  • Double-click on MBRCheck.exe to run it.
  • It will open a black window...please do not fix anything (if it gives you an option).
  • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  • A log named MBRCheck_date_time.txt (I.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
  • Please copy and paste the contents of that log in your next reply.
 
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-03 10:56:47
-----------------------------
10:56:47.681 OS Version: Windows x64 6.1.7601 Service Pack 1
10:56:47.681 Number of processors: 4 586 0x403
10:56:47.682 ComputerName: MORISOLI-PC UserName: Morisoli
10:56:48.695 Initialize success
10:57:06.965 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T1L0-9
10:57:06.974 Disk 0 Vendor: WDC_WD1002FAEX-00Z3A0 05.01D05 Size: 953869MB BusType: 3
10:57:06.988 Disk 0 MBR read successfully
10:57:06.990 Disk 0 MBR scan
10:57:06.992 Disk 0 Windows 7 default MBR code
10:57:06.994 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
10:57:07.007 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
10:57:07.026 Disk 0 scanning C:\Windows\system32\drivers
10:57:12.688 Service scanning
10:57:24.744 Modules scanning
10:57:24.759 Disk 0 trace - called modules:
10:57:24.780 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
10:57:24.783 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a6f060]
10:57:24.786 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa8004823520]
10:57:25.116 5 ACPI.sys[fffff88000f947a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T1L0-9[0xfffffa8004821060]
10:57:25.126 Scan finished successfully
10:57:55.374 Disk 0 MBR has been saved successfully to "C:\Users\Morisoli\Desktop\MBR.dat"
10:57:55.378 The log file has been saved successfully to "C:\Users\Morisoli\Desktop\aswMBR.txt"
 
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: Gigabyte Technology Co., Ltd.
BIOS Manufacturer: Award Software International, Inc.
System Manufacturer: Gigabyte Technology Co., Ltd.
System Product Name: GA-870A-UD3
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 206):
0x03257000 \SystemRoot\system32\ntoskrnl.exe
0x0320E000 \SystemRoot\system32\hal.dll
0x00BB6000 \SystemRoot\system32\kdcom.dll
0x00C80000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00C8D000 \SystemRoot\system32\PSHED.dll
0x00CA1000 \SystemRoot\system32\CLFS.SYS
0x00CFF000 \SystemRoot\system32\CI.dll
0x00ED6000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F7A000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F89000 \SystemRoot\system32\drivers\ACPI.sys
0x00FE0000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00FE9000 \SystemRoot\system32\drivers\msisadrv.sys
0x00E00000 \SystemRoot\system32\drivers\pci.sys
0x00E33000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00E40000 \SystemRoot\System32\drivers\partmgr.sys
0x00E55000 \SystemRoot\system32\drivers\volmgr.sys
0x00E6A000 \SystemRoot\System32\drivers\volmgrx.sys
0x00EC6000 \SystemRoot\system32\drivers\pciide.sys
0x00DBF000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00DCF000 \SystemRoot\System32\drivers\mountmgr.sys
0x00ECD000 \SystemRoot\system32\drivers\atapi.sys
0x00C00000 \SystemRoot\system32\drivers\ataport.SYS
0x00FF3000 \SystemRoot\system32\drivers\amdxata.sys
0x00C2A000 \SystemRoot\system32\drivers\fltmgr.sys
0x00DE9000 \SystemRoot\system32\drivers\fileinfo.sys
0x0102A000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0124B000 \SystemRoot\System32\Drivers\msrpc.sys
0x012A9000 \SystemRoot\System32\Drivers\ksecdd.sys
0x012C4000 \SystemRoot\System32\Drivers\cng.sys
0x01336000 \SystemRoot\System32\drivers\pcw.sys
0x01347000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01451000 \SystemRoot\system32\drivers\ndis.sys
0x01544000 \SystemRoot\system32\drivers\NETIO.SYS
0x015A4000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x016AC000 \SystemRoot\System32\drivers\tcpip.sys
0x018AF000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x018F9000 \SystemRoot\system32\drivers\volsnap.sys
0x01945000 \SystemRoot\System32\Drivers\spldr.sys
0x0194D000 \SystemRoot\System32\drivers\rdyboost.sys
0x01987000 \SystemRoot\System32\Drivers\mup.sys
0x01999000 \SystemRoot\System32\drivers\hwpolicy.sys
0x019A2000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x019DC000 \SystemRoot\system32\DRIVERS\disk.sys
0x01600000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01666000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x01690000 \SystemRoot\System32\Drivers\Null.SYS
0x01699000 \SystemRoot\System32\Drivers\Beep.SYS
0x015CE000 \SystemRoot\system32\DRIVERS\ehdrv.sys
0x019F2000 \SystemRoot\System32\drivers\vga.sys
0x01400000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01425000 \SystemRoot\System32\drivers\watchdog.sys
0x016A0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x01435000 \SystemRoot\system32\drivers\rdpencdd.sys
0x0143E000 \SystemRoot\system32\drivers\rdprefmp.sys
0x015F5000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01351000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01362000 \SystemRoot\system32\DRIVERS\tdx.sys
0x01384000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x0409D000 \SystemRoot\system32\drivers\afd.sys
0x04126000 \SystemRoot\System32\DRIVERS\netbt.sys
0x0416B000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x04176000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x0417F000 \SystemRoot\system32\DRIVERS\pacer.sys
0x041A5000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x041BB000 \SystemRoot\system32\DRIVERS\netbios.sys
0x041CA000 \SystemRoot\system32\DRIVERS\serial.sys
0x04000000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x0401B000 \SystemRoot\system32\DRIVERS\tsvp.sys
0x04028000 \SystemRoot\system32\drivers\termdd.sys
0x0403C000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x0408D000 \SystemRoot\system32\drivers\nsiproxy.sys
0x041E7000 \SystemRoot\system32\drivers\mssmbios.sys
0x01391000 \SystemRoot\System32\drivers\discache.sys
0x013A0000 \SystemRoot\System32\Drivers\dfsc.sys
0x013BE000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x013CF000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x01200000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x041F2000 \SystemRoot\system32\drivers\wmiacpi.sys
0x042AB000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x04835000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x05250000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x05344000 \SystemRoot\System32\drivers\dxgmms1.sys
0x0538A000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x053AE000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x0430C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x053B9000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04362000 \SystemRoot\system32\drivers\1394ohci.sys
0x053CA000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x04800000 \SystemRoot\system32\DRIVERS\serenum.sys
0x0480C000 \SystemRoot\system32\DRIVERS\parport.sys
0x043A0000 \SystemRoot\system32\drivers\i8042prt.sys
0x043BE000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x043CD000 \SystemRoot\system32\drivers\CompositeBus.sys
0x043DD000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04200000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04829000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04224000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x04253000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x0426E000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x0428F000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x01215000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x043F3000 \SystemRoot\system32\DRIVERS\serscan.sys
0x01447000 \SystemRoot\system32\drivers\ksthunk.sys
0x044C0000 \SystemRoot\system32\drivers\ks.sys
0x04503000 \SystemRoot\system32\drivers\swenum.sys
0x04505000 \SystemRoot\system32\DRIVERS\amdiox64.sys
0x04519000 \SystemRoot\system32\DRIVERS\umbus.sys
0x0452B000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x04585000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0459A000 \SystemRoot\system32\drivers\AtihdW76.sys
0x045B5000 \SystemRoot\system32\drivers\portcls.sys
0x04400000 \SystemRoot\system32\drivers\drmk.sys
0x06462000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x0669C000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x00010000 \SystemRoot\System32\win32k.sys
0x066B9000 \SystemRoot\System32\drivers\Dxapi.sys
0x066C5000 \SystemRoot\System32\Drivers\crashdmp.sys
0x066D3000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x066DF000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x066E8000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x066FB000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x06718000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x0671A000 \SystemRoot\System32\Drivers\nx6000.sys
0x06727000 \SystemRoot\System32\Drivers\usbvideo.sys
0x06755000 \SystemRoot\system32\drivers\usbaudio.sys
0x06770000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x02A40000 \SystemRoot\system32\DRIVERS\netr28ux.sys
0x02BE1000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x02BEE000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x02A00000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x02A19000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x02A22000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0x0678B000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x06798000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0x067AC000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x067BA000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00420000 \SystemRoot\System32\TSDDD.dll
0x006C0000 \SystemRoot\System32\cdd.dll
0x067C8000 \SystemRoot\system32\drivers\luafv.sys
0x03A7B000 \SystemRoot\system32\DRIVERS\eamonm.sys
0x03B5D000 \SystemRoot\system32\drivers\WudfPf.sys
0x03B7E000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x03B93000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x03BE6000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x03A00000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x03A18000 \SystemRoot\System32\Drivers\fastfat.SYS
0x07021000 \SystemRoot\system32\drivers\HTTP.sys
0x070EA000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x070F4000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x07125000 \SystemRoot\system32\DRIVERS\bowser.sys
0x07143000 \SystemRoot\System32\drivers\mpsdrv.sys
0x0715B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x07188000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x071D6000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x04422000 \SystemRoot\System32\DRIVERS\srv2.sys
0x07270000 \SystemRoot\System32\DRIVERS\srv.sys
0x07308000 \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
0x07339000 \SystemRoot\system32\DRIVERS\epfwwfpr.sys
0x078AA000 \SystemRoot\system32\drivers\peauth.sys
0x07950000 \SystemRoot\System32\Drivers\secdrv.SYS
0x079CC000 \SystemRoot\System32\drivers\tcpipreg.sys
0x079DE000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x07800000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x07831000 \??\C:\Windows\system32\drivers\mbam.sys
0x07868000 \SystemRoot\system32\drivers\MSPQM.sys
0x0786A000 \SystemRoot\system32\drivers\MSPCLOCK.sys
0x0786C000 \??\C:\Users\Morisoli\AppData\Local\Temp\aswMBR.sys
0x77750000 \Windows\System32\ntdll.dll
0x47C30000 \Windows\System32\smss.exe
0xFFA70000 \Windows\System32\apisetschema.dll
0xFF110000 \Windows\System32\autochk.exe
0xFF980000 \Windows\System32\oleaut32.dll
0xFF960000 \Windows\System32\sechost.dll
0xFF910000 \Windows\System32\ws2_32.dll
0xFF700000 \Windows\System32\ole32.dll
0xFF680000 \Windows\System32\difxapi.dll
0xFF570000 \Windows\System32\msctf.dll
0xFF490000 \Windows\System32\advapi32.dll
0x77630000 \Windows\System32\kernel32.dll
0xFF3F0000 \Windows\System32\comdlg32.dll
0xFF390000 \Windows\System32\Wldap32.dll
0xFF260000 \Windows\System32\rpcrt4.dll
0x77920000 \Windows\System32\psapi.dll
0xFE4D0000 \Windows\System32\shell32.dll
0xFE2F0000 \Windows\System32\setupapi.dll
0xFE090000 \Windows\System32\iertutil.dll
0xFDF60000 \Windows\System32\wininet.dll
0xFDEC0000 \Windows\System32\msvcrt.dll
0xFDD40000 \Windows\System32\urlmon.dll
0xFDCA0000 \Windows\System32\clbcatq.dll
0x77530000 \Windows\System32\user32.dll
0xFDBD0000 \Windows\System32\usp10.dll
0xFDBC0000 \Windows\System32\nsi.dll
0xFDB40000 \Windows\System32\shlwapi.dll
0xFDAD0000 \Windows\System32\gdi32.dll
0x77910000 \Windows\System32\normaliz.dll
0xFDAC0000 \Windows\System32\lpk.dll
0xFDA90000 \Windows\System32\imm32.dll
0xFDA70000 \Windows\System32\imagehlp.dll
0xFDA50000 \Windows\System32\devobj.dll
0xFDA10000 \Windows\System32\cfgmgr32.dll
0xFD8A0000 \Windows\System32\crypt32.dll
0xFD800000 \Windows\System32\comctl32.dll
0xFD7C0000 \Windows\System32\wintrust.dll
0xFD750000 \Windows\System32\KernelBase.dll
0xFD740000 \Windows\System32\msasn1.dll

Processes (total 74):
0 System Idle Process
4 System
292 C:\Windows\System32\smss.exe
428 csrss.exe
520 C:\Windows\System32\wininit.exe
540 csrss.exe
576 C:\Windows\System32\services.exe
600 C:\Windows\System32\lsass.exe
608 C:\Windows\System32\lsm.exe
724 C:\Windows\System32\winlogon.exe
756 C:\Windows\System32\svchost.exe
816 C:\Windows\System32\nvvsvc.exe
856 C:\Windows\System32\svchost.exe
920 C:\Windows\System32\atiesrxx.exe
980 C:\Windows\System32\svchost.exe
1020 C:\Windows\System32\svchost.exe
304 C:\Windows\System32\svchost.exe
536 C:\Windows\System32\svchost.exe
1156 C:\Windows\System32\atieclxx.exe
1204 C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
1316 C:\Windows\System32\svchost.exe
1428 C:\Windows\System32\wlanext.exe
1440 C:\Windows\System32\conhost.exe
1536 C:\Windows\System32\spoolsv.exe
1576 C:\Windows\System32\svchost.exe
1772 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1796 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
1840 C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
1860 C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
1880 C:\Program Files\Bonjour\mDNSResponder.exe
2000 C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
1132 C:\Windows\System32\svchost.exe
1216 C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
2036 C:\Program Files\Microsoft LifeCam\MSCamS64.exe
2084 C:\Windows\SysWOW64\PnkBstrA.exe
2108 C:\Windows\System32\svchost.exe
2156 C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry.exe
2180 C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry64.exe
2276 C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
2328 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
2348 C:\Windows\System32\svchost.exe
2380 C:\Windows\System32\svchost.exe
2548 C:\Windows\System32\SearchIndexer.exe
2132 C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
2772 WUDFHost.exe
3772 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
3848 C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
4072 C:\Windows\System32\taskhost.exe
3288 C:\Windows\System32\dwm.exe
940 C:\Windows\explorer.exe
1944 C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
1804 C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
2016 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
1048 C:\Program Files (x86)\NETGEAR\WNDA4100\WNDA4100.EXE
3096 C:\Program Files\Logitech\SetPoint II\SetPointII.exe
3276 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
1700 C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
3556 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
3892 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
872 C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
4580 WmiPrvSE.exe
4108 C:\Program Files (x86)\Skype\Phone\Skype.exe
1968 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
4968 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
5748 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
4900 C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
4160 C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
6276 C:\Windows\System32\audiodg.exe
592 C:\Users\Morisoli\Desktop\aswMBR.exe
6356 C:\Windows\System32\SearchProtocolHost.exe
2860 C:\Windows\System32\SearchFilterHost.exe
5544 C:\Users\Morisoli\Desktop\MBRCheck.exe
2824 C:\Windows\System32\conhost.exe
5800 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)

PhysicalDrive0 Model Number: WDCWD1002FAEX-00Z3A0, Rev: 05.01D05

Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!
 
Excellent work!

  • Download RogueKiller and save it on your desktop.
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
RGKRScan.png


  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.
RGKRDelete.png


  • The report has been created on the desktop.
  • Next click on the ShortcutsFix

    RGKRShortcutsFix.png
  • The report has been created on the desktop.
Please post:

All RKreport.txt text files located on your desktop.
 
I apologize for the delayed response. Here are all three logs posted in the order that you have directed me to run them.

[Report 1]

RogueKiller V7.6.5 [08/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Morisoli [Admin rights]
Mode: Scan -- Date: 08/08/2012 11:23:24

¤¤¤ Bad processes: 1 ¤¤¤
[SVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 4 ¤¤¤
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD1002FAEX-00Z3A0 ATA Device +++++
--- User ---
[MBR] 7b5075b10c335ac79feac895fbb7f7af
[BSP] 891123bb65932d4d20677b2de86e141a : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 8e5c4025ec301eb8ba0d47a6bf4da11f
[BSP] 891123bb65932d4d20677b2de86e141a : Windows 7 MBR Code
Partition table:
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo

+++++ PhysicalDrive1: USB Flash Memory USB Device +++++
--- User ---
[MBR] cc4d8f0b6bfa2dc17a228985a6729d62
[BSP] c173e8275afa7edbf14411e11edaaad8 : Standard MBR Code
Partition table:
0 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 32 | Size: 488 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt

[Report 2]

RogueKiller V7.6.5 [08/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Morisoli [Admin rights]
Mode: Remove -- Date: 08/08/2012 11:25:29

¤¤¤ Bad processes: 1 ¤¤¤
[SVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 4 ¤¤¤
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD1002FAEX-00Z3A0 ATA Device +++++
--- User ---
[MBR] 7b5075b10c335ac79feac895fbb7f7af
[BSP] 891123bb65932d4d20677b2de86e141a : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 8e5c4025ec301eb8ba0d47a6bf4da11f
[BSP] 891123bb65932d4d20677b2de86e141a : Windows 7 MBR Code
Partition table:
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo

+++++ PhysicalDrive1: USB Flash Memory USB Device +++++
--- User ---
[MBR] cc4d8f0b6bfa2dc17a228985a6729d62
[BSP] c173e8275afa7edbf14411e11edaaad8 : Standard MBR Code
Partition table:
0 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 32 | Size: 488 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt


[Report 3]

RogueKiller V7.6.5 [08/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Morisoli [Admin rights]
Mode: Shortcuts HJfix -- Date: 08/08/2012 11:31:59

¤¤¤ Bad processes: 1 ¤¤¤
[SVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 1 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 133 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 186 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
[E:] \Device\HarddiskVolume3 -- 0x2 --> Restored

¤¤¤ Infection : ¤¤¤

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
 
Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg


-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg


------------------------

Click the Start Scan button.

tdss_3.jpg


-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue


tdss_4.jpg


----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


tdss_5.jpg



--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
 
[First part of the report]

11:15:03.0073 5504 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
11:15:03.0402 5504 ============================================================
11:15:03.0402 5504 Current date / time: 2012/08/11 11:15:03.0402
11:15:03.0402 5504 SystemInfo:
11:15:03.0402 5504
11:15:03.0402 5504 OS Version: 6.1.7601 ServicePack: 1.0
11:15:03.0402 5504 Product type: Workstation
11:15:03.0402 5504 ComputerName: MORISOLI-PC
11:15:03.0402 5504 UserName: Morisoli
11:15:03.0402 5504 Windows directory: C:\Windows
11:15:03.0402 5504 System windows directory: C:\Windows
11:15:03.0403 5504 Running under WOW64
11:15:03.0403 5504 Processor architecture: Intel x64
11:15:03.0403 5504 Number of processors: 4
11:15:03.0403 5504 Page size: 0x1000
11:15:03.0403 5504 Boot type: Normal boot
11:15:03.0403 5504 ============================================================
11:15:04.0541 5504 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
11:15:04.0568 5504 Drive \Device\Harddisk1\DR1 - Size: 0x1E900000 (0.48 Gb), SectorSize: 0x200, Cylinders: 0x3E, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:15:04.0573 5504 ============================================================
11:15:04.0573 5504 \Device\Harddisk0\DR0:
11:15:04.0573 5504 MBR partitions:
11:15:04.0573 5504 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
11:15:04.0573 5504 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
11:15:04.0573 5504 \Device\Harddisk1\DR1:
11:15:04.0574 5504 MBR partitions:
11:15:04.0574 5504 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0xF46E0
11:15:04.0574 5504 ============================================================
11:15:04.0603 5504 C: <-> \Device\Harddisk0\DR0\Partition1
11:15:04.0603 5504 ============================================================
11:15:04.0603 5504 Initialize success
11:15:04.0603 5504 ============================================================
11:15:11.0175 7376 ============================================================
11:15:11.0175 7376 Scan started
11:15:11.0175 7376 Mode: Manual; SigCheck; TDLFS;
11:15:11.0175 7376 ============================================================
11:15:13.0861 7376 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
11:15:14.0092 7376 1394ohci - ok
11:15:14.0217 7376 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
11:15:14.0246 7376 ACPI - ok
11:15:14.0289 7376 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
11:15:14.0577 7376 AcpiPmi - ok
11:15:14.0821 7376 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:15:14.0859 7376 AdobeARMservice - ok
11:15:15.0129 7376 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:15:15.0164 7376 AdobeFlashPlayerUpdateSvc - ok
11:15:15.0234 7376 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
11:15:15.0259 7376 adp94xx - ok
11:15:15.0280 7376 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
11:15:15.0293 7376 adpahci - ok
11:15:15.0307 7376 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
11:15:15.0317 7376 adpu320 - ok
11:15:15.0424 7376 AE1000 (e005682ae8f8ec4eb05f2a70a16ea1c5) C:\Windows\system32\DRIVERS\ae1000w7.sys
11:15:15.0482 7376 AE1000 - ok
11:15:15.0515 7376 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
11:15:15.0680 7376 AeLookupSvc - ok
11:15:15.0758 7376 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
11:15:15.0853 7376 AFD - ok
11:15:15.0877 7376 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
11:15:15.0889 7376 agp440 - ok
11:15:15.0908 7376 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
11:15:15.0944 7376 ALG - ok
11:15:15.0963 7376 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
11:15:15.0975 7376 aliide - ok
11:15:16.0019 7376 AMD External Events Utility (9c616ba191b80f5cd1a1b9553e107100) C:\Windows\system32\atiesrxx.exe
11:15:16.0109 7376 AMD External Events Utility - ok
11:15:16.0179 7376 AMD FUEL Service - ok
11:15:16.0182 7376 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
11:15:16.0190 7376 amdide - ok
11:15:16.0221 7376 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
11:15:16.0564 7376 amdiox64 - ok
11:15:16.0595 7376 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
11:15:16.0688 7376 AmdK8 - ok
11:15:16.0981 7376 amdkmdag (5165e83751b8ff40e5e4925996fcc506) C:\Windows\system32\DRIVERS\atikmdag.sys
11:15:17.0254 7376 amdkmdag - ok
11:15:17.0384 7376 amdkmdap (86ab3cf484260c4318f3a6e8b035f422) C:\Windows\system32\DRIVERS\atikmpag.sys
11:15:17.0416 7376 amdkmdap - ok
11:15:17.0441 7376 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:15:17.0491 7376 AmdPPM - ok
11:15:17.0534 7376 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
11:15:17.0544 7376 amdsata - ok
11:15:17.0569 7376 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
11:15:17.0588 7376 amdsbs - ok
11:15:17.0603 7376 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
11:15:17.0611 7376 amdxata - ok
11:15:17.0688 7376 AODDriver4.01 (5b25d1a753cc3a3edb909bb759ac1098) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
11:15:17.0716 7376 AODDriver4.01 - ok
11:15:17.0725 7376 AODDriver4.1 (5b25d1a753cc3a3edb909bb759ac1098) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
11:15:17.0734 7376 AODDriver4.1 - ok
11:15:17.0770 7376 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
11:15:17.0887 7376 AppID - ok
11:15:17.0911 7376 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
11:15:17.0993 7376 AppIDSvc - ok
11:15:18.0025 7376 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
11:15:18.0059 7376 Appinfo - ok
11:15:18.0084 7376 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
11:15:18.0093 7376 arc - ok
11:15:18.0104 7376 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
11:15:18.0112 7376 arcsas - ok
11:15:18.0115 7376 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:15:18.0143 7376 AsyncMac - ok
11:15:18.0170 7376 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
11:15:18.0178 7376 atapi - ok
11:15:18.0221 7376 AtiHDAudioService (24464b908e143d2561e9e452fee97309) C:\Windows\system32\drivers\AtihdW76.sys
11:15:18.0239 7376 AtiHDAudioService - ok
11:15:18.0300 7376 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:15:18.0372 7376 AudioEndpointBuilder - ok
11:15:18.0378 7376 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:15:18.0404 7376 AudioSrv - ok
11:15:18.0457 7376 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
11:15:18.0546 7376 AxInstSV - ok
11:15:18.0579 7376 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
11:15:18.0629 7376 b06bdrv - ok
11:15:18.0650 7376 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:15:18.0674 7376 b57nd60a - ok
11:15:18.0846 7376 BcmSqlStartupSvc (6163664c7e9cd110af70180c126c3fdc) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
11:15:18.0888 7376 BcmSqlStartupSvc - ok
11:15:19.0028 7376 BCUService (382b151daffe4a9ce9da9f564b66761e) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
11:15:19.0046 7376 BCUService - ok
11:15:19.0077 7376 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
11:15:19.0114 7376 BDESVC - ok
11:15:19.0136 7376 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:15:19.0170 7376 Beep - ok
11:15:19.0193 7376 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:15:19.0202 7376 blbdrive - ok
11:15:19.0284 7376 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
11:15:19.0335 7376 Bonjour Service - ok
11:15:19.0364 7376 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
11:15:19.0383 7376 bowser - ok
11:15:19.0386 7376 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:15:19.0447 7376 BrFiltLo - ok
11:15:19.0450 7376 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:15:19.0464 7376 BrFiltUp - ok
11:15:19.0477 7376 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
11:15:19.0529 7376 BridgeMP - ok
11:15:19.0557 7376 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
11:15:19.0596 7376 Browser - ok
11:15:19.0617 7376 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:15:19.0649 7376 Brserid - ok
11:15:19.0657 7376 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:15:19.0667 7376 BrSerWdm - ok
11:15:19.0678 7376 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:15:19.0688 7376 BrUsbMdm - ok
11:15:19.0690 7376 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:15:19.0709 7376 BrUsbSer - ok
11:15:19.0714 7376 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
11:15:19.0734 7376 BTHMODEM - ok
11:15:19.0752 7376 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
11:15:19.0790 7376 bthserv - ok
11:15:19.0792 7376 catchme - ok
11:15:19.0819 7376 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:15:19.0854 7376 cdfs - ok
11:15:19.0897 7376 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
11:15:19.0941 7376 cdrom - ok
11:15:19.0985 7376 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:15:20.0043 7376 CertPropSvc - ok
11:15:20.0108 7376 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
11:15:20.0144 7376 circlass - ok
11:15:20.0170 7376 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:15:20.0190 7376 CLFS - ok
11:15:20.0264 7376 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:15:20.0275 7376 clr_optimization_v2.0.50727_32 - ok
11:15:20.0329 7376 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:15:20.0340 7376 clr_optimization_v2.0.50727_64 - ok
11:15:20.0405 7376 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:15:20.0448 7376 clr_optimization_v4.0.30319_32 - ok
11:15:20.0503 7376 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:15:20.0512 7376 clr_optimization_v4.0.30319_64 - ok
11:15:20.0524 7376 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
11:15:20.0532 7376 CmBatt - ok
11:15:20.0560 7376 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
11:15:20.0576 7376 cmdide - ok
11:15:20.0630 7376 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
11:15:20.0683 7376 CNG - ok
11:15:20.0698 7376 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
11:15:20.0706 7376 Compbatt - ok
11:15:20.0739 7376 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
11:15:20.0846 7376 CompositeBus - ok
11:15:20.0848 7376 COMSysApp - ok
11:15:20.0856 7376 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
11:15:20.0864 7376 crcdisk - ok
11:15:20.0908 7376 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
11:15:20.0964 7376 CryptSvc - ok
11:15:21.0007 7376 CV2K1 (2f0e9e92c30bdaeadcca577ff09743a8) C:\Windows\system32\DRIVERS\cv2k1.sys
11:15:21.0026 7376 CV2K1 - ok
11:15:21.0069 7376 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:15:21.0107 7376 DcomLaunch - ok
11:15:21.0169 7376 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
11:15:21.0239 7376 defragsvc - ok
11:15:21.0287 7376 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
11:15:21.0370 7376 DfsC - ok
11:15:21.0425 7376 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
11:15:21.0511 7376 Dhcp - ok
11:15:21.0526 7376 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:15:21.0568 7376 discache - ok
11:15:21.0582 7376 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
11:15:21.0590 7376 Disk - ok
11:15:21.0628 7376 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
11:15:21.0676 7376 Dnscache - ok
11:15:21.0705 7376 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
11:15:21.0742 7376 dot3svc - ok
11:15:21.0762 7376 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
11:15:21.0812 7376 DPS - ok
11:15:21.0842 7376 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:15:21.0860 7376 drmkaud - ok
11:15:21.0906 7376 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
11:15:21.0929 7376 DXGKrnl - ok
11:15:21.0936 7376 EagleX64 - ok
11:15:21.0974 7376 eamonm (13533557d01b88c83110d5cf749f14d7) C:\Windows\system32\DRIVERS\eamonm.sys
11:15:22.0006 7376 eamonm - ok
11:15:22.0039 7376 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
11:15:22.0065 7376 EapHost - ok
11:15:22.0165 7376 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
11:15:22.0227 7376 ebdrv - ok
11:15:22.0314 7376 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
11:15:22.0391 7376 EFS - ok
11:15:22.0447 7376 ehdrv (e097728129e7b79bf1089d7aef42332b) C:\Windows\system32\DRIVERS\ehdrv.sys
11:15:22.0458 7376 ehdrv - ok
11:15:22.0537 7376 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
11:15:22.0604 7376 ehRecvr - ok
11:15:22.0632 7376 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
11:15:22.0675 7376 ehSched - ok
11:15:22.0815 7376 ekrn (c7bb95cf9631aa401e4aded1648f6af7) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
11:15:22.0852 7376 ekrn - ok
11:15:22.0905 7376 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
11:15:22.0930 7376 elxstor - ok
11:15:22.0961 7376 epfwwfpr (2380976cf8a4a56611f35633acd2a74f) C:\Windows\system32\DRIVERS\epfwwfpr.sys
11:15:22.0972 7376 epfwwfpr - ok
11:15:23.0000 7376 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
11:15:23.0015 7376 ErrDev - ok
11:15:23.0047 7376 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
11:15:23.0085 7376 EventSystem - ok
11:15:23.0104 7376 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:15:23.0130 7376 exfat - ok
11:15:23.0159 7376 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:15:23.0185 7376 fastfat - ok
11:15:23.0217 7376 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
11:15:23.0244 7376 Fax - ok
11:15:23.0253 7376 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
11:15:23.0269 7376 fdc - ok
11:15:23.0279 7376 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
11:15:23.0313 7376 fdPHost - ok
11:15:23.0324 7376 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
11:15:23.0355 7376 FDResPub - ok
11:15:23.0366 7376 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:15:23.0375 7376 FileInfo - ok
11:15:23.0385 7376 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:15:23.0419 7376 Filetrace - ok
11:15:23.0422 7376 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
11:15:23.0430 7376 flpydisk - ok
11:15:23.0453 7376 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
11:15:23.0465 7376 FltMgr - ok
11:15:23.0531 7376 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
11:15:23.0604 7376 FontCache - ok
11:15:23.0721 7376 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:15:23.0745 7376 FontCache3.0.0.0 - ok
11:15:23.0754 7376 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:15:23.0766 7376 FsDepends - ok
11:15:23.0789 7376 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
11:15:23.0800 7376 Fs_Rec - ok
11:15:23.0813 7376 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:15:23.0832 7376 fvevol - ok
11:15:23.0836 7376 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:15:23.0848 7376 gagp30kx - ok
11:15:23.0881 7376 gdrv (7907e14f9bcf3a4689c9a74a1a873cb6) C:\Windows\gdrv.sys
11:15:23.0890 7376 gdrv - ok
11:15:23.0937 7376 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
11:15:24.0001 7376 gpsvc - ok
11:15:24.0098 7376 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
11:15:24.0136 7376 hamachi - ok
11:15:24.0139 7376 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:15:24.0226 7376 hcw85cir - ok
11:15:24.0275 7376 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
11:15:24.0300 7376 HdAudAddService - ok
11:15:24.0321 7376 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
11:15:24.0347 7376 HDAudBus - ok
11:15:24.0350 7376 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
11:15:24.0363 7376 HidBatt - ok
11:15:24.0381 7376 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
11:15:24.0422 7376 HidBth - ok
11:15:24.0444 7376 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
11:15:24.0466 7376 HidIr - ok
11:15:24.0483 7376 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
11:15:24.0518 7376 hidserv - ok
11:15:24.0535 7376 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
11:15:24.0543 7376 HidUsb - ok
11:15:24.0580 7376 hitmanpro36 (44f92c1f913e582bef9cac66443c6230) C:\Windows\system32\drivers\hitmanpro36.sys
11:15:24.0596 7376 hitmanpro36 - ok
11:15:24.0627 7376 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
11:15:24.0694 7376 hkmsvc - ok
11:15:24.0720 7376 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
11:15:24.0746 7376 HomeGroupListener - ok
11:15:24.0762 7376 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
11:15:24.0776 7376 HomeGroupProvider - ok
11:15:24.0791 7376 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
11:15:24.0800 7376 HpSAMD - ok
11:15:24.0853 7376 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
11:15:24.0901 7376 HTTP - ok
11:15:24.0920 7376 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
11:15:24.0928 7376 hwpolicy - ok
11:15:24.0973 7376 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
11:15:25.0001 7376 i8042prt - ok
11:15:25.0031 7376 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
11:15:25.0058 7376 iaStorV - ok
11:15:25.0183 7376 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:15:25.0213 7376 idsvc - ok
11:15:25.0228 7376 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
11:15:25.0237 7376 iirsp - ok
11:15:25.0299 7376 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
11:15:25.0343 7376 IKEEXT - ok
11:15:25.0483 7376 IntcAzAudAddService (0adf714079ae174a39d69036143e4c50) C:\Windows\system32\drivers\RTKVHD64.sys
11:15:25.0547 7376 IntcAzAudAddService - ok
11:15:25.0651 7376 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
11:15:25.0680 7376 intelide - ok
11:15:25.0695 7376 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:15:25.0717 7376 intelppm - ok
11:15:25.0750 7376 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
11:15:25.0826 7376 IPBusEnum - ok
11:15:25.0843 7376 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:15:25.0867 7376 IpFilterDriver - ok
11:15:25.0877 7376 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
11:15:25.0899 7376 IPMIDRV - ok
11:15:25.0921 7376 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:15:25.0958 7376 IPNAT - ok
11:15:25.0970 7376 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:15:25.0985 7376 IRENUM - ok
11:15:26.0008 7376 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
11:15:26.0016 7376 isapnp - ok
11:15:26.0040 7376 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
11:15:26.0052 7376 iScsiPrt - ok
11:15:26.0071 7376 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
11:15:26.0080 7376 kbdclass - ok
11:15:26.0087 7376 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
11:15:26.0110 7376 kbdhid - ok
11:15:26.0127 7376 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:15:26.0135 7376 KeyIso - ok
11:15:26.0156 7376 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
11:15:26.0165 7376 KSecDD - ok
11:15:26.0195 7376 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
11:15:26.0205 7376 KSecPkg - ok
11:15:26.0215 7376 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:15:26.0245 7376 ksthunk - ok
11:15:26.0277 7376 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
11:15:26.0316 7376 KtmRm - ok
11:15:26.0343 7376 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
11:15:26.0369 7376 LanmanServer - ok
11:15:26.0379 7376 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
11:15:26.0404 7376 LanmanWorkstation - ok
11:15:26.0441 7376 LHidFilt (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys
11:15:26.0459 7376 LHidFilt - ok
11:15:26.0468 7376 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:15:26.0506 7376 lltdio - ok
11:15:26.0534 7376 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
11:15:26.0574 7376 lltdsvc - ok
11:15:26.0591 7376 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
11:15:26.0616 7376 lmhosts - ok
11:15:26.0626 7376 LMouFilt (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys
11:15:26.0633 7376 LMouFilt - ok
11:15:26.0658 7376 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:15:26.0667 7376 LSI_FC - ok
11:15:26.0680 7376 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:15:26.0690 7376 LSI_SAS - ok
11:15:26.0699 7376 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:15:26.0707 7376 LSI_SAS2 - ok
11:15:26.0734 7376 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:15:26.0743 7376 LSI_SCSI - ok
11:15:26.0758 7376 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:15:26.0790 7376 luafv - ok
11:15:26.0819 7376 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
11:15:26.0828 7376 Mcx2Svc - ok
11:15:26.0838 7376 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
11:15:26.0846 7376 megasas - ok
11:15:26.0866 7376 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
11:15:26.0877 7376 MegaSR - ok
11:15:26.0906 7376 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:15:26.0941 7376 MMCSS - ok
11:15:26.0949 7376 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:15:26.0984 7376 Modem - ok
11:15:26.0998 7376 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:15:27.0020 7376 monitor - ok
11:15:27.0098 7376 MotoHelper (3bbc6c2402242401f791548aaebf3d39) C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
11:15:27.0131 7376 MotoHelper - ok
11:15:27.0157 7376 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
11:15:27.0169 7376 mouclass - ok
11:15:27.0198 7376 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:15:27.0209 7376 mouhid - ok
11:15:27.0236 7376 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
11:15:27.0249 7376 mountmgr - ok
11:15:27.0325 7376 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
11:15:27.0362 7376 MozillaMaintenance - ok
11:15:27.0394 7376 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
11:15:27.0408 7376 mpio - ok
11:15:27.0422 7376 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:15:27.0458 7376 mpsdrv - ok
11:15:27.0482 7376 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
11:15:27.0528 7376 MRxDAV - ok
11:15:27.0561 7376 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:15:27.0623 7376 mrxsmb - ok
11:15:27.0650 7376 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:15:27.0676 7376 mrxsmb10 - ok
11:15:27.0708 7376 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:15:27.0722 7376 mrxsmb20 - ok
11:15:27.0731 7376 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
11:15:27.0740 7376 msahci - ok
11:15:27.0823 7376 MSCamSvc (41fb1d61df09c36ccab0b04eec66f6d5) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
11:15:27.0853 7376 MSCamSvc - ok
11:15:27.0887 7376 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
11:15:27.0901 7376 msdsm - ok
11:15:27.0926 7376 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
11:15:27.0936 7376 MSDTC - ok
11:15:27.0960 7376 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:15:27.0984 7376 Msfs - ok
11:15:27.0995 7376 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:15:28.0019 7376 mshidkmdf - ok
11:15:28.0052 7376 MSHUSBVideo (bb590070d606ae6f008341fc9a7b2ad7) C:\Windows\system32\Drivers\nx6000.sys
11:15:28.0084 7376 MSHUSBVideo - ok
11:15:28.0111 7376 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
11:15:28.0122 7376 msisadrv - ok
11:15:28.0164 7376 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
11:15:28.0213 7376 MSiSCSI - ok
11:15:28.0215 7376 msiserver - ok
11:15:28.0236 7376 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:15:28.0268 7376 MSKSSRV - ok
11:15:28.0285 7376 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:15:28.0353 7376 MSPCLOCK - ok
11:15:28.0372 7376 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:15:28.0414 7376 MSPQM - ok
11:15:28.0453 7376 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
11:15:28.0467 7376 MsRPC - ok
11:15:28.0547 7376 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
11:15:28.0587 7376 mssmbios - ok
11:15:28.0719 7376 MSSQL$MSSMLBIZ - ok
11:15:28.0775 7376 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
11:15:28.0790 7376 MSSQLServerADHelper - ok
11:15:28.0793 7376 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:15:28.0829 7376 MSTEE - ok
11:15:28.0849 7376 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
11:15:28.0862 7376 MTConfig - ok
11:15:28.0882 7376 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:15:28.0891 7376 Mup - ok
11:15:28.0940 7376 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
11:15:29.0005 7376 napagent - ok
11:15:29.0054 7376 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:15:29.0073 7376 NativeWifiP - ok
11:15:29.0115 7376 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
11:15:29.0135 7376 NDIS - ok
11:15:29.0291 7376 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:15:29.0370 7376 NdisCap - ok
11:15:29.0388 7376 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:15:29.0412 7376 NdisTapi - ok
11:15:29.0442 7376 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
11:15:29.0495 7376 Ndisuio - ok
11:15:29.0523 7376 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
11:15:29.0554 7376 NdisWan - ok
11:15:29.0579 7376 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
11:15:29.0603 7376 NDProxy - ok
11:15:29.0612 7376 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:15:29.0636 7376 NetBIOS - ok
11:15:29.0673 7376 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
11:15:29.0700 7376 NetBT - ok
11:15:29.0721 7376 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:15:29.0729 7376 Netlogon - ok
11:15:29.0774 7376 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
11:15:29.0809 7376 Netman - ok
11:15:29.0838 7376 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
11:15:29.0875 7376 netprofm - ok
11:15:29.0980 7376 netr28ux (b330ce846d1c672f640d3b3647cef86d) C:\Windows\system32\DRIVERS\netr28ux.sys
11:15:30.0013 7376 netr28ux - ok
11:15:30.0133 7376 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:15:30.0145 7376 NetTcpPortSharing - ok
11:15:30.0230 7376 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
11:15:30.0260 7376 nfrd960 - ok
11:15:30.0288 7376 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
11:15:30.0341 7376 NlaSvc - ok
11:15:30.0354 7376 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:15:30.0380 7376 Npfs - ok
11:15:30.0387 7376 npggsvc - ok
11:15:30.0414 7376 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
11:15:30.0441 7376 nsi - ok
11:15:30.0447 7376 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:15:30.0476 7376 nsiproxy - ok
11:15:30.0584 7376 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
11:15:30.0643 7376 Ntfs - ok
11:15:30.0673 7376 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:15:30.0717 7376 Null - ok
11:15:31.0025 7376 nvlddmkm (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:15:31.0279 7376 nvlddmkm - ok
11:15:31.0344 7376 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
11:15:31.0371 7376 nvraid - ok
11:15:31.0384 7376 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
11:15:31.0397 7376 nvstor - ok
11:15:31.0461 7376 nvsvc (dfda089bb2cd0ff7e789e2ef6ba1e4ba) C:\Windows\system32\nvvsvc.exe
11:15:31.0493 7376 nvsvc - ok
11:15:31.0599 7376 nvUpdatusService (e7818cd4fb51284c948d68a7a85a69b8) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
11:15:31.0643 7376 nvUpdatusService - ok
11:15:31.0685 7376 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
11:15:31.0694 7376 nv_agp - ok
11:15:31.0764 7376 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:15:31.0785 7376 odserv - ok
11:15:31.0812 7376 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
11:15:31.0827 7376 ohci1394 - ok
11:15:31.0864 7376 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:15:31.0872 7376 ose - ok
11:15:31.0913 7376 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:15:31.0987 7376 p2pimsvc - ok
11:15:32.0028 7376 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
11:15:32.0050 7376 p2psvc - ok
11:15:32.0067 7376 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
11:15:32.0076 7376 Parport - ok
11:15:32.0107 7376 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
11:15:32.0116 7376 partmgr - ok
11:15:32.0131 7376 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
11:15:32.0157 7376 PcaSvc - ok
11:15:32.0190 7376 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
11:15:32.0200 7376 pci - ok
11:15:32.0209 7376 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
11:15:32.0217 7376 pciide - ok
11:15:32.0256 7376 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
11:15:32.0267 7376 pcmcia - ok
11:15:32.0280 7376 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:15:32.0288 7376 pcw - ok
11:15:32.0319 7376 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:15:32.0362 7376 PEAUTH - ok
11:15:32.0446 7376 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
11:15:32.0480 7376 PerfHost - ok
11:15:32.0558 7376 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
11:15:32.0607 7376 pla - ok
11:15:32.0661 7376 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
11:15:32.0707 7376 PlugPlay - ok
11:15:32.0717 7376 PnkBstrA - ok
11:15:32.0731 7376 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
11:15:32.0757 7376 PNRPAutoReg - ok
11:15:32.0782 7376 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:15:32.0796 7376 PNRPsvc - ok
11:15:32.0823 7376 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
11:15:32.0866 7376 PolicyAgent - ok
11:15:32.0903 7376 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
11:15:32.0994 7376 Power - ok
11:15:33.0039 7376 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
11:15:33.0074 7376 PptpMiniport - ok
11:15:33.0078 7376 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
11:15:33.0097 7376 Processor - ok
11:15:33.0127 7376 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
11:15:33.0165 7376 ProfSvc - ok
11:15:33.0197 7376 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:15:33.0208 7376 ProtectedStorage - ok
11:15:33.0234 7376 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
11:15:33.0281 7376 Psched - ok
11:15:33.0365 7376 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
11:15:33.0427 7376 ql2300 - ok
11:15:33.0517 7376 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
11:15:33.0535 7376 ql40xx - ok
11:15:33.0577 7376 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
11:15:33.0603 7376 QWAVE - ok
11:15:33.0618 7376 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:15:33.0645 7376 QWAVEdrv - ok
11:15:33.0773 7376 RalinkRegistryWriter (37c3272e58976598bef1cdf321019209) C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry.exe
11:15:33.0803 7376 RalinkRegistryWriter - ok
11:15:33.0855 7376 RalinkRegistryWriter64 (25daad73732b51a46b11c6df788f3322) C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry64.exe
11:15:33.0880 7376 RalinkRegistryWriter64 - ok
11:15:33.0889 7376 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:15:33.0916 7376 RasAcd - ok
11:15:33.0934 7376 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:15:33.0958 7376 RasAgileVpn - ok
11:15:33.0976 7376 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
11:15:34.0001 7376 RasAuto - ok
11:15:34.0024 7376 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:15:34.0083 7376 Rasl2tp - ok
11:15:34.0120 7376 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
11:15:34.0147 7376 RasMan - ok
11:15:34.0157 7376 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:15:34.0192 7376 RasPppoe - ok
11:15:34.0212 7376 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:15:34.0248 7376 RasSstp - ok
11:15:34.0287 7376 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
11:15:34.0322 7376 rdbss - ok
11:15:34.0356 7376 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:15:34.0366 7376 rdpbus - ok
11:15:34.0376 7376 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:15:34.0407 7376 RDPCDD - ok
11:15:34.0425 7376 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:15:34.0460 7376 RDPENCDD - ok
11:15:34.0475 7376 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:15:34.0498 7376 RDPREFMP - ok
11:15:34.0536 7376 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
11:15:34.0573 7376 RDPWD - ok
11:15:34.0616 7376 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
11:15:34.0642 7376 rdyboost - ok
11:15:34.0679 7376 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
11:15:34.0722 7376 RemoteAccess - ok
11:15:34.0742 7376 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
11:15:34.0769 7376 RemoteRegistry - ok
11:15:34.0795 7376 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
11:15:34.0832 7376 RpcEptMapper - ok
11:15:34.0854 7376 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
11:15:34.0897 7376 RpcLocator - ok
11:15:34.0936 7376 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
11:15:34.0972 7376 RpcSs - ok
11:15:34.0976 7376 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:15:35.0002 7376 rspndr - ok
11:15:35.0046 7376 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
11:15:35.0056 7376 RTL8167 - ok
11:15:35.0080 7376 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:15:35.0088 7376 SamSs - ok
11:15:35.0124 7376 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
11:15:35.0134 7376 sbp2port - ok
11:15:35.0167 7376 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
11:15:35.0193 7376 SCardSvr - ok
11:15:35.0205 7376 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
11:15:35.0243 7376 scfilter - ok
11:15:35.0298 7376 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
11:15:35.0350 7376 Schedule - ok
11:15:35.0368 7376 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:15:35.0391 7376 SCPolicySvc - ok
11:15:35.0408 7376 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
11:15:35.0448 7376 SDRSVC - ok
11:15:35.0478 7376 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:15:35.0554 7376 secdrv - ok
11:15:35.0580 7376 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
11:15:35.0624 7376 seclogon - ok
11:15:35.0639 7376 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
11:15:35.0669 7376 SENS - ok
11:15:35.0680 7376 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
11:15:35.0738 7376 SensrSvc - ok
11:15:35.0751 7376 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:15:35.0773 7376 Serenum - ok
11:15:35.0795 7376 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:15:35.0807 7376 Serial - ok
11:15:35.0832 7376 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
11:15:35.0854 7376 sermouse - ok
11:15:35.0888 7376 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
11:15:35.0932 7376 SessionEnv - ok
 
[Second Part of the report]

11:15:35.0958 7376 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
11:15:35.0975 7376 sffdisk - ok
11:15:35.0983 7376 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:15:35.0993 7376 sffp_mmc - ok
11:15:36.0000 7376 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
11:15:36.0016 7376 sffp_sd - ok
11:15:36.0041 7376 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
11:15:36.0050 7376 sfloppy - ok
11:15:36.0086 7376 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
11:15:36.0113 7376 ShellHWDetection - ok
11:15:36.0127 7376 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:15:36.0136 7376 SiSRaid2 - ok
11:15:36.0150 7376 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
11:15:36.0159 7376 SiSRaid4 - ok
11:15:36.0225 7376 SkypeUpdate (ddaa5f4a6b958fc313ebd02dd925752f) C:\Program Files (x86)\Skype\Updater\Updater.exe
11:15:36.0237 7376 SkypeUpdate - ok
11:15:36.0251 7376 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:15:36.0284 7376 Smb - ok
11:15:36.0306 7376 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
11:15:36.0322 7376 SNMPTRAP - ok
11:15:36.0333 7376 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:15:36.0341 7376 spldr - ok
11:15:36.0398 7376 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
11:15:36.0462 7376 Spooler - ok
11:15:36.0591 7376 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
11:15:36.0677 7376 sppsvc - ok
11:15:36.0753 7376 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
11:15:36.0814 7376 sppuinotify - ok
11:15:36.0893 7376 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
11:15:36.0919 7376 SQLBrowser - ok
11:15:36.0968 7376 SQLWriter (3c432a96363097870995e2a3c8b66abd) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
11:15:36.0978 7376 SQLWriter - ok
11:15:37.0029 7376 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
11:15:37.0106 7376 srv - ok
11:15:37.0139 7376 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
11:15:37.0182 7376 srv2 - ok
11:15:37.0207 7376 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
11:15:37.0233 7376 srvnet - ok
11:15:37.0259 7376 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
11:15:37.0300 7376 SSDPSRV - ok
11:15:37.0319 7376 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
11:15:37.0345 7376 SstpSvc - ok
11:15:37.0384 7376 Steam Client Service - ok
11:15:37.0397 7376 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
11:15:37.0405 7376 stexstor - ok
11:15:37.0448 7376 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
11:15:37.0466 7376 StillCam - ok
11:15:37.0512 7376 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
11:15:37.0544 7376 stisvc - ok
11:15:37.0566 7376 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
11:15:37.0573 7376 swenum - ok
11:15:37.0605 7376 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
11:15:37.0653 7376 swprv - ok
11:15:37.0734 7376 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
11:15:37.0778 7376 SysMain - ok
11:15:37.0849 7376 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
11:15:37.0883 7376 TabletInputService - ok
11:15:37.0926 7376 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
11:15:37.0967 7376 TapiSrv - ok
11:15:38.0001 7376 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
11:15:38.0051 7376 TBS - ok
11:15:38.0178 7376 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
11:15:38.0219 7376 Tcpip - ok
11:15:38.0303 7376 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
11:15:38.0330 7376 TCPIP6 - ok
11:15:38.0375 7376 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
11:15:38.0415 7376 tcpipreg - ok
11:15:38.0435 7376 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:15:38.0479 7376 TDPIPE - ok
11:15:38.0506 7376 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
11:15:38.0515 7376 TDTCP - ok
11:15:38.0540 7376 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
11:15:38.0564 7376 tdx - ok
11:15:38.0582 7376 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
11:15:38.0590 7376 TermDD - ok
11:15:38.0650 7376 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
11:15:38.0742 7376 TermService - ok
11:15:38.0747 7376 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
11:15:38.0806 7376 Themes - ok
11:15:38.0831 7376 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:15:38.0866 7376 THREADORDER - ok
11:15:38.0901 7376 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
11:15:38.0976 7376 TrkWks - ok
11:15:39.0031 7376 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
11:15:39.0094 7376 TrustedInstaller - ok
11:15:39.0125 7376 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:15:39.0154 7376 tssecsrv - ok
11:15:39.0194 7376 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
11:15:39.0226 7376 TsUsbFlt - ok
11:15:39.0250 7376 TsVlb (3244d95f72db33b238915461aa0f91d0) C:\Windows\system32\DRIVERS\tsvlb.sys
11:15:39.0257 7376 TsVlb - ok
11:15:39.0281 7376 TsVp (adf60e064ce420a54dd725462bdfa165) C:\Windows\system32\DRIVERS\tsvp.sys
11:15:39.0294 7376 TsVp - ok
11:15:39.0342 7376 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
11:15:39.0451 7376 tunnel - ok
11:15:39.0479 7376 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
11:15:39.0491 7376 uagp35 - ok
11:15:39.0528 7376 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
11:15:39.0562 7376 udfs - ok
11:15:39.0589 7376 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
11:15:39.0599 7376 UI0Detect - ok
11:15:39.0616 7376 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
11:15:39.0624 7376 uliagpkx - ok
11:15:39.0639 7376 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
11:15:39.0659 7376 umbus - ok
11:15:39.0681 7376 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
11:15:39.0694 7376 UmPass - ok
11:15:39.0729 7376 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
11:15:39.0812 7376 upnphost - ok
11:15:39.0842 7376 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
11:15:39.0857 7376 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
11:15:39.0857 7376 USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
11:15:39.0892 7376 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
11:15:39.0925 7376 usbaudio - ok
11:15:39.0948 7376 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
11:15:39.0965 7376 usbccgp - ok
11:15:40.0012 7376 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
11:15:40.0041 7376 usbcir - ok
11:15:40.0051 7376 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
11:15:40.0070 7376 usbehci - ok
11:15:40.0099 7376 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
11:15:40.0114 7376 usbhub - ok
11:15:40.0128 7376 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
11:15:40.0139 7376 usbohci - ok
11:15:40.0155 7376 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:15:40.0178 7376 usbprint - ok
11:15:40.0208 7376 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
11:15:40.0228 7376 usbscan - ok
11:15:40.0241 7376 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:15:40.0290 7376 USBSTOR - ok
11:15:40.0300 7376 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
11:15:40.0317 7376 usbuhci - ok
11:15:40.0361 7376 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
11:15:40.0383 7376 usbvideo - ok
11:15:40.0386 7376 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
11:15:40.0422 7376 UxSms - ok
11:15:40.0447 7376 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:15:40.0454 7376 VaultSvc - ok
11:15:40.0465 7376 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
11:15:40.0473 7376 vdrvroot - ok
11:15:40.0518 7376 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
11:15:40.0560 7376 vds - ok
11:15:40.0572 7376 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:15:40.0582 7376 vga - ok
11:15:40.0597 7376 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:15:40.0632 7376 VgaSave - ok
11:15:40.0652 7376 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
11:15:40.0662 7376 vhdmp - ok
11:15:40.0669 7376 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
11:15:40.0677 7376 viaide - ok
11:15:40.0688 7376 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
11:15:40.0697 7376 volmgr - ok
11:15:40.0765 7376 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
11:15:40.0796 7376 volmgrx - ok
11:15:40.0813 7376 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
11:15:40.0830 7376 volsnap - ok
11:15:40.0847 7376 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
11:15:40.0861 7376 vsmraid - ok
11:15:40.0942 7376 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
11:15:41.0000 7376 VSS - ok
11:15:41.0100 7376 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
11:15:41.0123 7376 vwifibus - ok
11:15:41.0136 7376 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
11:15:41.0152 7376 vwififlt - ok
11:15:41.0192 7376 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
11:15:41.0208 7376 vwifimp - ok
11:15:41.0222 7376 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
11:15:41.0253 7376 W32Time - ok
11:15:41.0264 7376 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
11:15:41.0277 7376 WacomPen - ok
11:15:41.0299 7376 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:15:41.0335 7376 WANARP - ok
11:15:41.0337 7376 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:15:41.0360 7376 Wanarpv6 - ok
11:15:41.0430 7376 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
11:15:41.0457 7376 WatAdminSvc - ok
11:15:41.0524 7376 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
11:15:41.0579 7376 wbengine - ok
11:15:41.0610 7376 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
11:15:41.0624 7376 WbioSrvc - ok
11:15:41.0670 7376 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
11:15:41.0733 7376 wcncsvc - ok
11:15:41.0746 7376 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
11:15:41.0806 7376 WcsPlugInService - ok
11:15:41.0823 7376 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
11:15:41.0842 7376 Wd - ok
11:15:41.0875 7376 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:15:41.0907 7376 Wdf01000 - ok
11:15:41.0922 7376 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:15:41.0979 7376 WdiServiceHost - ok
11:15:41.0982 7376 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:15:41.0999 7376 WdiSystemHost - ok
11:15:42.0039 7376 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
11:15:42.0067 7376 WebClient - ok
11:15:42.0087 7376 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
11:15:42.0119 7376 Wecsvc - ok
11:15:42.0132 7376 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
11:15:42.0168 7376 wercplsupport - ok
11:15:42.0184 7376 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
11:15:42.0220 7376 WerSvc - ok
11:15:42.0234 7376 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:15:42.0258 7376 WfpLwf - ok
11:15:42.0267 7376 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:15:42.0275 7376 WIMMount - ok
11:15:42.0278 7376 WinHttpAutoProxySvc - ok
11:15:42.0344 7376 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
11:15:42.0371 7376 Winmgmt - ok
11:15:42.0483 7376 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
11:15:42.0554 7376 WinRM - ok
11:15:42.0617 7376 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
11:15:42.0648 7376 WinUsb - ok
11:15:42.0698 7376 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
11:15:42.0724 7376 Wlansvc - ok
11:15:42.0917 7376 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:15:43.0004 7376 wlidsvc - ok
11:15:43.0051 7376 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
11:15:43.0070 7376 WmiAcpi - ok
11:15:43.0110 7376 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
11:15:43.0129 7376 wmiApSrv - ok
11:15:43.0167 7376 WMPNetworkSvc - ok
11:15:43.0179 7376 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
11:15:43.0223 7376 WPCSvc - ok
11:15:43.0262 7376 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
11:15:43.0323 7376 WPDBusEnum - ok
11:15:43.0335 7376 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:15:43.0368 7376 ws2ifsl - ok
11:15:43.0370 7376 WSearch - ok
11:15:43.0555 7376 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
11:15:43.0621 7376 wuauserv - ok
11:15:43.0669 7376 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
11:15:43.0756 7376 WudfPf - ok
11:15:43.0770 7376 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:15:43.0814 7376 WUDFRd - ok
11:15:43.0840 7376 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
11:15:43.0864 7376 wudfsvc - ok
11:15:43.0900 7376 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
11:15:43.0929 7376 WwanSvc - ok
11:15:43.0950 7376 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
11:15:43.0989 7376 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
11:15:43.0989 7376 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
11:15:44.0043 7376 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
11:15:44.0043 7376 \Device\Harddisk0\DR0 - detected TDSS File System (1)
11:15:44.0055 7376 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR1
11:15:44.0193 7376 \Device\Harddisk1\DR1 - ok
11:15:44.0195 7376 Boot (0x1200) (efedc59c0bfd317157d20d43d2284208) \Device\Harddisk0\DR0\Partition0
11:15:44.0196 7376 \Device\Harddisk0\DR0\Partition0 - ok
11:15:44.0210 7376 Boot (0x1200) (636eaa35a698061f37f5750c34f03fb2) \Device\Harddisk0\DR0\Partition1
11:15:44.0211 7376 \Device\Harddisk0\DR0\Partition1 - ok
11:15:44.0214 7376 Boot (0x1200) (307b0334ace7a64fd2ca3d417ef0b2bb) \Device\Harddisk1\DR1\Partition0
11:15:44.0215 7376 \Device\Harddisk1\DR1\Partition0 - ok
11:15:44.0215 7376 ============================================================
11:15:44.0215 7376 Scan finished
11:15:44.0215 7376 ============================================================
11:15:44.0223 7952 Detected object count: 3
11:15:44.0223 7952 Actual detected object count: 3
11:15:56.0644 7952 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
11:15:56.0645 7952 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:15:57.0144 7952 \Device\Harddisk0\DR0\# - copied to quarantine
11:15:57.0146 7952 \Device\Harddisk0\DR0 - copied to quarantine
11:15:57.0169 7952 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
11:15:57.0502 7952 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
11:15:57.0720 7952 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
11:15:57.0936 7952 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
11:15:58.0191 7952 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
11:15:58.0441 7952 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
11:15:58.0703 7952 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
11:15:58.0705 7952 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
11:15:58.0707 7952 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
11:15:58.0710 7952 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
11:15:58.0953 7952 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
11:15:59.0212 7952 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
11:15:59.0214 7952 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
11:15:59.0216 7952 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
11:15:59.0219 7952 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
11:15:59.0220 7952 \Device\Harddisk0\DR0 - ok
11:16:01.0051 7952 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
11:16:01.0052 7952 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
11:16:01.0052 7952 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
11:16:13.0264 8108 Deinitialize success
 
Please download aswMBR from here

  • Save aswMBR.exe to your Desktop
  • Double click aswMBR.exe to run it
  • Click the Scan button to start the scan as illustrated below

aswMBR_Scan.jpg


Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

  • Once the scan finishes click Save log to save the log to your Desktop
    aswMBR_SaveLog.png

  • Copy and paste the contents of aswMBR.txt back here for review
 
May I ask why we are doing all of this over again?

Should I just partition my hard drive and wipe it?

My computer is getting slower from your instructions and things are begging to work less.
 
Things change, because TDSS was on your computer. BUT! We need to make sure there are no more remnants in the MBR.

I'm specifically trained to deal with all of these types of infections, and have very specific methods at determining vectors of infection.

All of the info posted is to help reveal malware entry points so we can find and target the malware. Sometimes logs cannot properly help diagnose the issue. Eventually, malware finds ways to get around our scanners.

If we did not use our scanners, and instead used third party products, we could not get enough info to make sure we can help to defeat the issue.

For example, whenever rootkit scanners, and antivirus software scan for a rootkit, it gets as close to the system kernel as possible. If the rootkit is beyond that point, it will not be detected.

Problem is, you could try to replace every file on the system, but still the rootkit will show its face. That is a primary problem we have in detecting malware. So, these scanners are engineered by our staff, and corresponding staff to help bypass malware, and fully detect it - so it can be effectively removed.
 
Hello. Are you still with us?

Your thread has been marked as "Inactive" because of your lack of reply. Please let us know how your computer is running, or if you want to continue in this topic.

Thanks.
 
Hello. Are you still with us?

Your thread has been marked as "Inactive" because of your lack of reply. Please let us know how your computer is running, or if you want to continue in this topic.

Thanks.
 
You must log in or register to reply here.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
793
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A

Latest posts

Back