Solved: Trojan infection preventing boot (scvhost.exe)

Timmeh! · 03-Feb-2012, 03:34 PM #1

Greetings everyone. Thanks in advance for any help!

Our PC has been showing erratic behavior, including problems booting up. MBAM is detecting svchost.exe attempting to regularly hit various IP addresses. Re-booting after the MBAM check does not fix the problem.

Here are the specs on the machine:
Dell XPS L502X
Intel Core i5-2410M
6 GB RAM
64 bit system
Windows 7

Here is our MBAM log:
Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.02.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Zeynep :: ZEYNEP-PC [administrator]

Protection: Enabled

2/3/2012 9:33:52 AM
mbam-log-2012-02-03 (09-33-52).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211123
Time elapsed: 15 minute(s),

Memory Processes Detected: 2
C:\Windows\svchost.exe (Trojan.Agent) -> 7956 -> Delete on reboot.
C:\Windows\svchost.exe (Trojan.Agent) -> 7964 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)

Timmeh! · 03-Feb-2012, 03:36 PM #2

Here is the Hijack This Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:05:17 AM, on 2/3/2012
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Ares\Ares.exe
C:\Users\Zeynep\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Zeynep\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
C:\Program Files (x86)\Memeo\AutoSync\MemeoAutoSync.exe
C:\Program Files (x86)\Memeo\Memeo Send\MemeoSend.exe
C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
C:\Program Files (x86)\Memeo\AutoBackup\MemeoUpdater.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Zeynep\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Fantapper - {8A86D350-37AB-410A-8531-7D1363F317B3} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Support.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui
O4 - HKLM\..\Run: [Memeo AutoSync] C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe --silent
O4 - HKLM\..\Run: [Memeo Send] C:\Program Files (x86)\Memeo\Memeo Send\MemeoLauncher.exe --silent
O4 - HKLM\..\Run: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
O4 - HKLM\..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Users\Zeynep\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [googletalk] C:\Users\Zeynep\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [AROReminder] C:\Program Files (x86)\ARO 2011\ARO.exe -rem
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1213244044-3777014464-1362229086-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1213244044-3777014464-1362229086-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: Dropbox.lnk = C:\Users\Zeynep\AppData\Roaming\Dropbox\bin\Dropbox.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Fantapper - {AB745E88-1BAD-4B80-A83E-7C964EAC9804} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - https://support.dell.com/systemprofiler/SysProExe.CAB
O16 - DPF: {79B9399C-6B30-43DC-BA89-7BA3F9459B12} (BznAtx Class) - http://video.englishunt.com//BizNuri...rce/BznAtx.cab
O16 - DPF: {A5261EF0-76F0-4D9C-891C-56813163D9DA} (KoinoLoader Control) - https://822.co.kr/download/_cab/KoinoLoader.cab
O16 - DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} (Image Uploader Control) - http://www.ritzpix.com/net/Uploader/LPUploader57.cab
O18 - Protocol: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Fantapper Player Update Service (FTSvc) - Brand Affinity Technologies - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\FantapperUpdateService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: MemeoBackgroundService - Memeo - C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Dell DataSafe Online (NOBU) - Dell, Inc. - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: RoxMediaDB12OEM - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Seagate Dashboard Service (SeagateDashboardService) - Memeo - C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sound Blaster X-Fi MB Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Intel(R) Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 18650 bytes

Timmeh! · 03-Feb-2012, 03:38 PM #3

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Zeynep at 10:10:31 on 2012-02-03
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6058.2855 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\FantapperUpdateService.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\System32\igfxtray.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\AMBSpiE.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Ares\Ares.exe
C:\Users\Zeynep\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Zeynep\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Memeo\AutoSync\MemeoAutoSync.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Memeo\Memeo Send\MemeoSend.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
C:\Program Files (x86)\Memeo\AutoBackup\MemeoUpdater.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
-netsvcs
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Users\Zeynep\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = about:blank
uSearch Bar = Preserve
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Fantapper: {8a86d350-37ab-410a-8531-7d1363f317b3} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Support.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Support.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Google Update] "C:\Users\Zeynep\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h
uRun: [googletalk] C:\Users\Zeynep\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [AROReminder] C:\Program Files (x86)\ARO 2011\ARO.exe -rem
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui
mRun: [Memeo AutoSync] C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe --silent
mRun: [Memeo Send] C:\Program Files (x86)\Memeo\Memeo Send\MemeoLauncher.exe --silent
mRun: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
mRun: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [<NO NAME>]
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
StartupFolder: C:\Users\Zeynep\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ Dropbox.lnk - C:\Users\Zeynep\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 2 (0x2)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
Trusted Zone: rhapsody.com\rhap-app-4-0
Trusted Zone: rhapsody.com\rhapreg
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {79B9399C-6B30-43DC-BA89-7BA3F9459B12} - hxxp://video.englishunt.com//BizNuri/Web/resource/BznAtx.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {A5261EF0-76F0-4D9C-891C-56813163D9DA} - hxxps://822.co.kr/download/_cab/KoinoLoader.cab
DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} - hxxp://www.ritzpix.com/net/Uploader/LPUploader57.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{CAD1C1E0-559B-47A7-A46F-44EA40F2E88E} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{CAD1C1E0-559B-47A7-A46F-44EA40F2E88E}\46C696E6B6 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{CAD1C1E0-559B-47A7-A46F-44EA40F2E88E}\8594149343 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{E505F44B-0194-4397-8F10-A55CAB91EAC7} : DhcpNameServer = 192.168.2.1
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Fantapper: {8A86D350-37AB-410A-8531-7D1363F317B3} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll
BHO-X64: Fantapper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Support.com Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Support.com Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB-X64: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
TB-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui
mRun-x64: [Memeo AutoSync] C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe --silent
mRun-x64: [Memeo Send] C:\Program Files (x86)\Memeo\Memeo Send\MemeoLauncher.exe --silent
mRun-x64: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
mRun-x64: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [(Default)]
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Zeynep\AppData\Roaming\Mozilla\Firefox\Profiles\q6gfishy.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=X-SD&o=13959&locale=en_US&apn_uid=401c9ddc-3d7f-47e1-bfc7-6b49b9dfdb24&apn_ptnrs=SV&apn_sauid=47986647-4D36-4384-AC20-085700D46066&apn_dtid=YYYYYYBFUS&&q=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Zeynep\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Users\Zeynep\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Zeynep\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extentions.y2layers.installId - 7f8a2cbd-a1af-4a67-9657-caa0d08f87a1
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,DropDownDeals,DropDownDeals,
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdcfltn.sys --> C:\Windows\system32\DRIVERS\stdcfltn.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-4-16 98208]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
R2 FTSvc;Fantapper Player Update Service;C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\FantapperUpdateService.exe [2011-12-12 11776]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-1 652360]
R2 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-1-24 25824]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-4-16 1997416]
R2 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2010-4-30 14088]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-4-15 705856]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-11-29 378472]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-4-15 2656280]
R2 vToolbarUpdater;vToolbarUpdater;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [2012-1-25 869216]
R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Accelern.sys --> C:\Windows\system32\DRIVERS\Accelern.sys [?]
R3 appliandMP;appliandMP;C:\Windows\system32\DRIVERS\appliand.sys --> C:\Windows\system32\DRIVERS\appliand.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\system32\DRIVERS\btmaux.sys --> C:\Windows\system32\DRIVERS\btmaux.sys [?]
R3 btmhsf;btmhsf;C:\Windows\system32\DRIVERS\btmhsf.sys --> C:\Windows\system32\DRIVERS\btmhsf.sys [?]
R3 dfmirage;dfmirage;C:\Windows\system32\DRIVERS\dfmirage.sys --> C:\Windows\system32\DRIVERS\dfmirage.sys [?]
R3 iBtFltCoex;iBtFltCoex;C:\Windows\system32\DRIVERS\iBtFltCoex.sys --> C:\Windows\system32\DRIVERS\iBtFltCoex.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 qicflt;upper Device Filter Driver;C:\Windows\system32\DRIVERS\qicflt.sys --> C:\Windows\system32\DRIVERS\qicflt.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-24 136176]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S3 appliand;Applian Network Service;C:\Windows\system32\DRIVERS\appliand.sys --> C:\Windows\system32\DRIVERS\appliand.sys [?]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\Windows\system32\drivers\BVRPMPR5a64.SYS --> C:\Windows\system32\drivers\BVRPMPR5a64.SYS [?]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-4-15 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-4-15 79360]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-24 136176]
S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
S3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\Windows\system32\DRIVERS\nvstusb.sys --> C:\Windows\system32\DRIVERS\nvstusb.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2011-4-15 79360]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-02-03 15:04:53 -------- d-----w- C:\Program Files\Trend Micro
2012-02-03 14:58:27 -------- d-----w- C:\Users\Zeynep\AppData\Roaming\SUPERAntiSpyware.com
2012-02-03 14:57:47 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-02-03 14:57:46 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-02-03 04:54:13 -------- d-----w- C:\Users\Zeynep\AppData\Local\{7E8E4085-428F-4351-ADC6-2CEAC479E4D3}
2012-02-03 04:53:22 -------- d-----w- C:\Users\Zeynep\AppData\Local\{4DECA14E-738F-4007-AD05-D1D6F1633D96}
2012-02-02 15:47:18 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2012-02-02 15:41:32 -------- d-----w- C:\Users\Zeynep\AppData\Local\{3A2AB672-9204-4CE1-B38B-9B74D53FF649}
2012-02-02 15:41:19 -------- d-----w- C:\Users\Zeynep\AppData\Local\{19B05124-01D1-4B46-9718-4533D8B77863}
2012-02-02 02:35:50 -------- d-----w- C:\Users\Zeynep\AppData\Local\{E7961303-A04C-4DC7-8962-ED31ED852B80}
2012-02-02 02:35:30 -------- d-----w- C:\Users\Zeynep\AppData\Local\{E658A0F5-1120-4C93-A7F8-F93D353A8983}
2012-02-01 17:27:04 -------- d-----w- C:\Users\Zeynep\AppData\Roaming\Malwarebytes
2012-02-01 17:26:55 -------- d-----w- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
2012-02-01 17:26:54 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-02-01 17:26:54 -------- d-----w- C:\ProgramData\Malwarebytes
2012-02-01 17:26:54 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-01 15:39:15 -------- d-----w- C:\Program Files (x86)\Common Files\Intel
2012-02-01 14:54:50 -------- d-----w- C:\Program Files (x86)\NirSoft
2012-02-01 14:50:37 -------- d-----w- C:\ProgramData\Citrix
2012-02-01 14:49:38 -------- d-----w- C:\Program Files (x86)\Citrix
2012-02-01 14:49:24 -------- d-----w- C:\Users\Zeynep\AppData\Local\Citrix
2012-02-01 14:44:14 103784 ----a-w- C:\Users\Zeynep\GoToAssistDownloadHelper.exe
2012-02-01 14:34:35 -------- d-----w- C:\Users\Zeynep\AppData\Local\{AA9D689D-8BD5-4903-B77E-1F949AD27D70}
2012-02-01 14:33:48 -------- d-----w- C:\Users\Zeynep\AppData\Local\{62F34D8D-8074-47C3-AA8B-C248D19FCE53}
2012-01-30 22:23:57 -------- d-----w- C:\Users\Zeynep\AppData\Local\{FA01384E-213C-46DA-9927-22F3F17F805E}
2012-01-30 22:23:36 -------- d-----w- C:\Users\Zeynep\AppData\Local\{E2CA0EDA-9F61-4B4E-B63B-7C01F8F226A4}
2012-01-30 21:39:14 -------- d-----w- C:\Users\Zeynep\AppData\Local\{0CAFCB11-E87A-4F40-AAF3-7C6B75AF2E87}
2012-01-30 21:38:20 -------- d-----w- C:\Users\Zeynep\AppData\Local\{E991F2F9-3615-4D19-90B5-2282DBEBC33D}
2012-01-29 14:15:06 -------- d-----w- C:\Users\Zeynep\AppData\Local\{D0674023-A3DE-42C6-B1EE-7BA58CFFD265}
2012-01-29 14:14:31 -------- d-----w- C:\Users\Zeynep\AppData\Local\{4665AA7A-919D-42B9-A029-3678CA02353B}
2012-01-28 12:23:07 -------- d-----w- C:\Users\Zeynep\AppData\Local\{C2453089-15B3-42FD-809E-8E084DB569C8}
2012-01-28 12:22:35 -------- d-----w- C:\Users\Zeynep\AppData\Local\{7A4BE91C-41A2-4FD3-8A27-0E693CC01FAA}
2012-01-27 21:38:44 -------- d-----w- C:\Users\Zeynep\AppData\Local\{EF063F78-91DF-4CF7-9BDD-9F88AE3F3F3E}
2012-01-27 21:37:44 -------- d-----w- C:\Users\Zeynep\AppData\Local\{D4928D19-552C-4E9A-90B9-86FB4A3592F6}
2012-01-27 05:39:20 -------- d-----w- C:\Program Files (x86)\McAfee Security Scan
2012-01-27 05:36:44 -------- d-----w- C:\Users\Zeynep\AppData\Local\Solid State Networks
2012-01-26 23:13:45 -------- d-----w- C:\Users\Zeynep\AppData\Local\{B9776364-8822-4AE6-BBFA-257586C03C5B}
2012-01-26 23:13:23 -------- d-----w- C:\Users\Zeynep\AppData\Local\{71C27033-EA32-49B3-AF8F-78E18D43C770}
2012-01-26 11:12:59 -------- d-----w- C:\Users\Zeynep\AppData\Local\{D4833C57-7619-468A-906D-41C8B55A55B0}
2012-01-26 11:12:25 -------- d-----w- C:\Users\Zeynep\AppData\Local\{0ACEE59A-B911-4C28-85FC-78D7239FB895}
2012-01-26 01:46:26 -------- d-----w- C:\ProgramData\AVG Secure Search
2012-01-26 01:46:24 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2012-01-26 01:46:23 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
2012-01-26 01:44:54 -------- d-----w- C:\Users\Zeynep\AppData\Roaming\AVG2012
2012-01-26 01:44:04 -------- d-----w- C:\ProgramData\AVG2012
2012-01-26 01:37:54 -------- d-----w- C:\Users\Zeynep\AppData\Roaming\Sammsoft
2012-01-26 01:24:54 -------- d-----w- C:\Program Files (x86)\ARO 2011
2012-01-26 01:24:32 -------- d-----w- C:\Program Files (x86)\Ask.com
2012-01-26 01:24:25 -------- d-----w- C:\Users\Zeynep\AppData\Local\APN
2012-01-25 23:11:43 -------- d-----w- C:\Users\Zeynep\AppData\Local\{EA4A87A9-C5FA-4B23-9D7A-4D38C036A067}
2012-01-25 23:11:08 -------- d-----w- C:\Users\Zeynep\AppData\Local\{894ED09E-2927-40A7-8553-75CE476290B2}
2012-01-25 07:43:08 -------- d-----w- C:\Users\Zeynep\AppData\Local\{2C0A84A7-85F0-4081-838A-8EE2B6B66C69}
2012-01-25 07:42:11 -------- d-----w- C:\Users\Zeynep\AppData\Local\{68AA132C-DE41-443E-9CFB-3ED706EF7AAF}
2012-01-25 07:21:45 -------- d-----w- C:\Users\Zeynep\AppData\Local\{9792E9A8-5404-46C4-93FB-F215316EF308}
2012-01-25 07:20:01 -------- d-----w- C:\Users\Zeynep\AppData\Local\{4DDE4E86-1509-446E-9C0D-2BB92B764C60}
2012-01-25 07:17:28 20480 ----a-w- C:\Windows\svchost.exe
2012-01-25 01:27:35 -------- d-----w- C:\Users\Zeynep\AppData\Local\{C9EC23FE-05A1-41DE-B8BB-BA2F9CE2DE2E}
2012-01-25 01:27:11 -------- d-----w- C:\Users\Zeynep\AppData\Local\{AC8B5AAD-D473-409C-B286-554D434D3D7E}
2012-01-24 21:09:15 -------- d-----w- C:\Users\Zeynep\AppData\Local\{B75A600C-6AE7-4C1F-9277-44B491BC0BE7}
2012-01-24 21:08:20 -------- d-----w- C:\Users\Zeynep\AppData\Local\{699FBDFF-402D-41DA-9781-8D7BF5B6E5AF}
2012-01-24 13:11:53 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-01-24 13:06:56 -------- d-----w- C:\Users\Zeynep\AppData\Local\{0963E96C-D6CD-4EEB-BE81-3D58F5951F7A}
2012-01-24 02:07:06 -------- d-----w- C:\Users\Zeynep\AppData\Local\{E81FF34D-A4A8-4E02-B70C-21EBC458C3E0}
2012-01-23 06:48:02 -------- d-----w- C:\Users\Zeynep\AppData\Local\{1544413A-2F69-44D8-A6B0-B051F590FAD5}
2012-01-23 06:47:41 -------- d-----w- C:\Users\Zeynep\AppData\Local\{E49E559C-6B80-477B-973E-3921494C48A9}
2012-01-22 18:46:49 -------- d-----w- C:\Users\Zeynep\AppData\Local\{A22539E4-C651-4F73-9E6C-A995E99AE3B1}
2012-01-22 18:45:58 -------- d-----w- C:\Users\Zeynep\AppData\Local\{08BD9FDC-A462-4D2B-A683-7E12DE88AD38}
2012-01-22 03:30:45 -------- d-----w- C:\Users\Zeynep\AppData\Local\WeatherBug
2012-01-22 03:30:42 -------- d-----w- C:\Users\Zeynep\AppData\Roaming\WeatherBug
2012-01-22 03:30:40 -------- d-----w- C:\Program Files (x86)\AWS
2012-01-22 03:29:17 -------- d--h--w- C:\$AVG
2012-01-22 03:29:16 -------- d-----w- C:\Program Files (x86)\Brand Affinity Technologies
2012-01-22 03:28:44 -------- d-----w- C:\Program Files (x86)\Yontoo
2012-01-22 03:28:43 -------- d-----w- C:\ProgramData\Tarma Installer
2012-01-22 03:27:31 -------- d-----w- C:\Program Files (x86)\1ClickDownload
2012-01-21 16:34:49 -------- d-----w- C:\Users\Zeynep\AppData\Local\{CD028A22-2F3D-4C62-A821-EBA5DE419DEE}
2012-01-21 16:34:28 -------- d-----w- C:\Users\Zeynep\AppData\Local\{369407EC-0943-4978-97D9-9412D4E69643}
2012-01-20 22:37:49 -------- d-----w- C:\Users\Zeynep\AppData\Local\{1954976F-B5EE-4AF0-BD13-595FEF127584}
2012-01-20 22:37:32 -------- d-----w- C:\Users\Zeynep\AppData\Local\{319D1713-261D-40D9-B406-873EF1258C07}
2012-01-19 01:20:31 -------- d-----w- C:\Users\Zeynep\AppData\Local\{5FF69442-794F-497B-875F-D05DB9D23560}
2012-01-19 01:20:19 -------- d-----w- C:\Users\Zeynep\AppData\Local\{F3EB3CB5-4621-4590-8B5F-FDBF82DF58E5}
2012-01-18 09:41:44 -------- d-----w- C:\Users\Zeynep\AppData\Local\{A6F80D2B-5FC2-4343-9689-6F2210798BCC}
2012-01-17 21:38:09 -------- d-----w- C:\Users\Zeynep\AppData\Local\{8002D2EC-3F7E-4F60-8017-2F5BABBECA69}
2012-01-17 21:37:48 -------- d-----w- C:\Users\Zeynep\AppData\Local\{0A51795F-C7D6-4530-98A8-0421FEAABE75}
2012-01-17 09:37:24 -------- d-----w- C:\Users\Zeynep\AppData\Local\{540C713B-99F3-4E1E-9F80-EE687093BB99}
2012-01-17 09:37:06 -------- d-----w- C:\Users\Zeynep\AppData\Local\{F4D98477-9079-4B67-BB4E-D8CAE1C901ED}
2012-01-16 17:02:17 -------- d-----w- C:\Users\Zeynep\AppData\Local\{BBC88AC9-37E4-4CA4-8482-F75C27BC080D}
2012-01-16 17:02:02 -------- d-----w- C:\Users\Zeynep\AppData\Local\{14A9EC6F-9E35-4420-897B-20F74619639B}
2012-01-16 00:37:31 -------- d-----w- C:\Users\Zeynep\AppData\Local\{4C5965D9-0D5A-412D-AD37-9C6ADAB25D13}
2012-01-16 00:35:52 -------- d-----w- C:\Users\Zeynep\AppData\Local\{666DB168-B3E5-4797-A829-C0EC2D4E232D}
2012-01-14 16:35:31 -------- d-----w- C:\Users\Zeynep\AppData\Local\{07838171-CC18-4ED4-B51D-F96A7D391595}
2012-01-14 16:35:04 -------- d-----w- C:\Users\Zeynep\AppData\Local\{06F6BAD6-14A7-4133-BC55-1481867A3944}
2012-01-14 02:57:39 -------- d-----w- C:\Users\Zeynep\AppData\Local\{E1E40AD0-54CC-4D51-A9D5-0191244B64D7}
2012-01-14 02:57:16 -------- d-----w- C:\Users\Zeynep\AppData\Local\{633EBFCA-70EE-419F-AC3A-C2DAF382DDCB}
2012-01-13 14:57:05 -------- d-----w- C:\Users\Zeynep\AppData\Local\{55BF1B65-82EC-4894-9EBD-0360989378FE}
2012-01-13 10:25:31 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-13 10:25:31 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-13 10:25:31 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-13 10:25:31 43992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll
2012-01-13 02:56:31 -------- d-----w- C:\Users\Zeynep\AppData\Local\{931B6C90-9B2B-4546-98CD-54DE7D8FD93D}
2012-01-13 02:56:10 -------- d-----w- C:\Users\Zeynep\AppData\Local\{3932BDEB-8C71-46AD-857F-CE0366674D21}
2012-01-12 18:59:42 -------- d-----w- C:\Users\Zeynep\AppData\Roaming\webex
2012-01-12 18:59:29 -------- d-----w- C:\ProgramData\WebEx
2012-01-12 18:59:26 176952 ----a-w- C:\Program Files (x86)\Mozilla Firefox\Plugins\npatgpc.dll
2012-01-12 14:55:44 -------- d-----w- C:\Users\Zeynep\AppData\Local\{EBEBBFFA-2F7C-4400-82E0-1FBE40FE597F}
2012-01-12 14:55:22 -------- d-----w- C:\Users\Zeynep\AppData\Local\{2F49F4B0-A252-46F9-8118-D55DD01FA9AA}
2012-01-12 02:55:25 -------- d-----w- C:\Users\Zeynep\AppData\Local\{CAC7A5E0-BAEA-4E90-AD34-BA12C110BAD2}
2012-01-11 17:17:42 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-01-11 17:17:42 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-01-11 17:17:42 1572864 ----a-w- C:\Windows\System32\quartz.dll
2012-01-11 17:17:42 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll
2012-01-11 17:17:40 77312 ----a-w- C:\Windows\System32\packager.dll
2012-01-11 17:17:40 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-01-11 17:17:40 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2012-01-11 17:17:40 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-01-11 14:26:44 -------- d-----w- C:\Users\Zeynep\AppData\Local\{FE5A4319-6DA6-4117-A9E0-D57E3C04FDE9}
2012-01-11 14:26:34 -------- d-----w- C:\Users\Zeynep\AppData\Local\{7EDC4DD5-EB2F-4FEA-BFAC-1710A86047FB}
2012-01-10 21:39:25 -------- d-----w- C:\Users\Zeynep\AppData\Local\{028B4245-E2BD-4E97-9617-C1B4765FB232}
2012-01-10 21:39:02 -------- d-----w- C:\Users\Zeynep\AppData\Local\{7F18F66B-04CB-41B0-B08A-75665A41B6B9}
2012-01-10 09:38:42 -------- d-----w- C:\Users\Zeynep\AppData\Local\{7BDB3BDE-6C37-4033-B622-2BAD61DD38C5}
2012-01-10 09:38:22 -------- d-----w- C:\Users\Zeynep\AppData\Local\{9DD52509-D4C0-428D-BAFA-471257BF5843}
2012-01-09 16:51:34 -------- d-----w- C:\Users\Zeynep\AppData\Local\{C169112C-AA0E-4BBE-BB49-40322C983F4F}
2012-01-09 16:51:17 -------- d-----w- C:\Users\Zeynep\AppData\Local\{97C73852-D085-4564-B071-2F0380EDC77A}
2012-01-09 01:35:35 -------- d-----w- C:\Users\Zeynep\AppData\Local\{1D066C76-799A-497D-9820-8E9A8FC5C046}
2012-01-09 01:35:25 -------- d-----w- C:\Users\Zeynep\AppData\Local\{B8886FC4-2B3F-4D9E-8C16-EFA9464BA7E0}
2012-01-08 09:17:37 -------- d-----w- C:\Users\Zeynep\AppData\Local\{612043D6-8DB9-4AF8-9825-E616562E96EE}
2012-01-08 09:17:16 -------- d-----w- C:\Users\Zeynep\AppData\Local\{C3B7EF75-FE5E-4985-A882-C69170625A2F}
2012-01-07 21:17:00 -------- d-----w- C:\Users\Zeynep\AppData\Local\{0472EB72-3E28-486E-A427-A8CE9BBF9000}
2012-01-07 21:16:43 -------- d-----w- C:\Users\Zeynep\AppData\Local\{C4E4DCBB-68CC-429F-959A-25692CE21717}
2012-01-06 16:35:46 -------- d-----w- C:\Users\Zeynep\AppData\Local\{33DCD9A9-623A-4171-9C8F-F2BCF1E93DC6}
2012-01-06 01:54:20 -------- d-----w- C:\Users\Zeynep\AppData\Local\{BB3A6C36-2819-4B22-85FF-98626877F5ED}
2012-01-06 01:53:57 -------- d-----w- C:\Users\Zeynep\AppData\Local\{02FEA3DB-3499-40DB-90F1-9DB734C53199}
2012-01-05 23:57:36 -------- d-----w- C:\Program Files\iPod
2012-01-05 23:57:35 -------- d-----w- C:\Program Files\iTunes
2012-01-05 23:57:35 -------- d-----w- C:\Program Files (x86)\iTunes
2012-01-05 13:23:43 -------- d-----w- C:\Users\Zeynep\AppData\Local\{EB60CAD1-2198-441E-87B2-8414055B8D8C}
2012-01-05 13:23:21 -------- d-----w- C:\Users\Zeynep\AppData\Local\{6D88665C-ACA2-49F3-8C00-FAC727C646BA}
2012-01-05 13:13:20 -------- d-----w- C:\Users\Zeynep\AppData\Local\{52B4F2AB-0735-484A-8310-DB73C98E0488}
2012-01-04 16:57:56 -------- d-----w- C:\Users\Zeynep\AppData\Local\{C1B8CA46-B9DE-4214-A32B-05AC44A657DD}
2012-01-04 16:57:45 -------- d-----w- C:\Users\Zeynep\AppData\Local\{F36B64EA-314C-43D7-8288-D34C574B0C9F}
.
==================== Find3M ====================
.
2012-01-25 07:22:06 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-11-21 22:01:12 279616 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2011-11-17 06:49:14 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2011-11-17 06:49:14 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2011-11-17 06:44:43 459232 ----a-w- C:\Windows\System32\drivers\cng.sys
2011-11-17 06:35:28 395776 ----a-w- C:\Windows\System32\webio.dll
2011-11-17 06:35:26 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2011-11-17 06:35:26 136192 ----a-w- C:\Windows\System32\sspicli.dll
2011-11-17 06:35:25 340992 ----a-w- C:\Windows\System32\schannel.dll
2011-11-17 06:35:25 28160 ----a-w- C:\Windows\System32\secur32.dll
2011-11-17 06:35:19 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2011-11-17 06:33:55 31232 ----a-w- C:\Windows\System32\lsass.exe
2011-11-17 05:35:02 314880 ----a-w- C:\Windows\SysWow64\webio.dll
2011-11-17 05:34:52 224768 ----a-w- C:\Windows\SysWow64\schannel.dll
2011-11-17 05:34:52 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2011-11-17 05:28:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 10:13:45.00 ===============

kevinf80 · 09-Feb-2012, 09:53 AM #4

Download RogueKiller (by tigzy) and save direct to your Desktop.

Quit all programs
Start RogueKiller.exe

Wait until Prescan has finished ...
Click on Scan. Click on Report and copy/paste the content of the notepad

Timmeh! · 09-Feb-2012, 11:09 AM #5

Kevin,

Thanks so much for your help! Here is the scan report:

RogueKiller V7.0.4 [02/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files...3-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Zeynep [Admin rights]
Mode: Scan -- Date : 02/09/2012 03:06:25

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 3 ¤¤¤
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9500420AS +++++
--- User ---
[MBR] dd6967e897e9549401c89a8d9f38da4a
[BSP] dea9defa67a18cc486b8c709b2ee22f0 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 208845 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30928845 | Size: 461837 Mo
User != LL1 ... KO!
--- LL1 ---
[MBR] 271927eb50298151e6cf3ad586dba11f
[BSP] a3da7b7c65472fdf352e0865a1105756 : PiHar MBR Code!
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 208845 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30928845 | Size: 461837 Mo
User != LL2 ... KO!
--- LL2 ---
[MBR] 271927eb50298151e6cf3ad586dba11f
[BSP] a3da7b7c65472fdf352e0865a1105756 : PiHar MBR Code!
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 208845 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30928845 | Size: 461837 Mo

Finished : << RKreport[1].txt >>
RKreport[1].txt

kevinf80 · 09-Feb-2012, 11:18 AM #6

Continue as follows :-

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
Click on "Change parameters" and place a checkmark next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Let me see that log...

Kevin

Timmeh! · 09-Feb-2012, 11:37 AM #7

Done. Here is the log:

11:28:55.0254 12524 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
11:28:56.0023 12524 ============================================================
11:28:56.0023 12524 Current date / time: 2012/02/09 11:28:56.0023
11:28:56.0023 12524 SystemInfo:
11:28:56.0023 12524
11:28:56.0023 12524 OS Version: 6.1.7601 ServicePack: 1.0
11:28:56.0023 12524 Product type: Workstation
11:28:56.0024 12524 ComputerName: ZEYNEP-PC
11:28:56.0024 12524 UserName: Zeynep
11:28:56.0024 12524 Windows directory: C:\Windows
11:28:56.0024 12524 System windows directory: C:\Windows
11:28:56.0024 12524 Running under WOW64
11:28:56.0024 12524 Processor architecture: Intel x64
11:28:56.0024 12524 Number of processors: 4
11:28:56.0024 12524 Page size: 0x1000
11:28:56.0024 12524 Boot type: Normal boot
11:28:56.0024 12524 ============================================================
11:28:56.0605 12524 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:28:56.0617 12524 \Device\Harddisk0\DR0:
11:28:56.0619 12524 MBR used
11:28:56.0619 12524 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32FCD, BlocksNum 0x1D4C000
11:28:56.0619 12524 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D7EFCD, BlocksNum 0x38606863
11:28:56.0652 12524 Initialize success
11:28:56.0652 12524 ============================================================
11:29:33.0812 9296 ============================================================
11:29:33.0813 9296 Scan started
11:29:33.0813 9296 Mode: Manual; SigCheck; TDLFS;
11:29:33.0813 9296 ============================================================
11:29:38.0079 9296 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
11:29:38.0190 9296 1394ohci - ok
11:29:38.0273 9296 Acceler (e0065cbf1a25c015c218457d2cd522b9) C:\Windows\system32\DRIVERS\Accelern.sys
11:29:38.0375 9296 Acceler - ok
11:29:38.0465 9296 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
11:29:38.0490 9296 ACPI - ok
11:29:38.0562 9296 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
11:29:38.0694 9296 AcpiPmi - ok
11:29:38.0752 9296 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
11:29:38.0770 9296 adp94xx - ok
11:29:38.0829 9296 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
11:29:38.0845 9296 adpahci - ok
11:29:38.0876 9296 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
11:29:38.0887 9296 adpu320 - ok
11:29:38.0987 9296 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
11:29:39.0106 9296 AFD - ok
11:29:39.0161 9296 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
11:29:39.0187 9296 agp440 - ok
11:29:39.0236 9296 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
11:29:39.0262 9296 aliide - ok
11:29:39.0301 9296 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
11:29:39.0327 9296 amdide - ok
11:29:39.0372 9296 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
11:29:39.0448 9296 AmdK8 - ok
11:29:39.0468 9296 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:29:39.0516 9296 AmdPPM - ok
11:29:39.0557 9296 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
11:29:39.0586 9296 amdsata - ok
11:29:39.0617 9296 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
11:29:39.0658 9296 amdsbs - ok
11:29:39.0678 9296 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
11:29:39.0687 9296 amdxata - ok
11:29:39.0757 9296 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
11:29:40.0900 9296 AppID - ok
11:29:40.0979 9296 appliand (0eeff7103e4f3e783f3d2b870af67f1c) C:\Windows\system32\DRIVERS\appliand.sys
11:29:40.0996 9296 appliand - ok
11:29:41.0001 9296 appliandMP (0eeff7103e4f3e783f3d2b870af67f1c) C:\Windows\system32\DRIVERS\appliand.sys
11:29:41.0013 9296 appliandMP - ok
11:29:41.0071 9296 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
11:29:41.0102 9296 arc - ok
11:29:41.0122 9296 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
11:29:41.0133 9296 arcsas - ok
11:29:41.0172 9296 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:29:41.0295 9296 AsyncMac - ok
11:29:41.0344 9296 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
11:29:41.0354 9296 atapi - ok
11:29:41.0436 9296 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
11:29:41.0482 9296 AVGIDSDriver - ok
11:29:41.0522 9296 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
11:29:41.0537 9296 AVGIDSEH - ok
11:29:41.0559 9296 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
11:29:41.0572 9296 AVGIDSFilter - ok
11:29:41.0602 9296 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
11:29:41.0624 9296 Avgldx64 - ok
11:29:41.0636 9296 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
11:29:41.0647 9296 Avgmfx64 - ok
11:29:41.0706 9296 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
11:29:41.0727 9296 Avgrkx64 - ok
11:29:41.0753 9296 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
11:29:41.0767 9296 Avgtdia - ok
11:29:41.0914 9296 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
11:29:42.0009 9296 b06bdrv - ok
11:29:42.0061 9296 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:29:42.0124 9296 b57nd60a - ok
11:29:42.0163 9296 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:29:42.0253 9296 Beep - ok
11:29:42.0307 9296 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:29:42.0335 9296 blbdrive - ok
11:29:42.0406 9296 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
11:29:42.0639 9296 bowser - ok
11:29:43.0198 9296 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:29:43.0282 9296 BrFiltLo - ok
11:29:43.0319 9296 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:29:43.0331 9296 BrFiltUp - ok
11:29:43.0374 9296 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:29:43.0446 9296 Brserid - ok
11:29:43.0496 9296 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:29:43.0533 9296 BrSerWdm - ok
11:29:43.0566 9296 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:29:43.0617 9296 BrUsbMdm - ok
11:29:43.0640 9296 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:29:43.0684 9296 BrUsbSer - ok
11:29:43.0767 9296 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
11:29:43.0861 9296 BthEnum - ok
11:29:43.0887 9296 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
11:29:43.0929 9296 BTHMODEM - ok
11:29:43.0981 9296 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
11:29:44.0042 9296 BthPan - ok
11:29:44.0118 9296 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
11:29:44.0195 9296 BTHPORT - ok
11:29:44.0249 9296 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
11:29:44.0287 9296 BTHUSB - ok
11:29:44.0344 9296 btmaux (ba554bfcbf21201d310738a42c9c19e1) C:\Windows\system32\DRIVERS\btmaux.sys
11:29:44.0351 9296 btmaux - ok
11:29:44.0416 9296 btmhsf (0010a54571f525a97eed8c091e96eaa9) C:\Windows\system32\DRIVERS\btmhsf.sys
11:29:44.0501 9296 btmhsf - ok
11:29:44.0566 9296 BVRPMPR5a64 (9887ca12f407d7fbc7f48f3678f5f0b6) C:\Windows\system32\drivers\BVRPMPR5a64.SYS
11:29:44.0591 9296 BVRPMPR5a64 - ok
11:29:44.0638 9296 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:29:44.0717 9296 cdfs - ok
11:29:44.0775 9296 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
11:29:44.0828 9296 cdrom - ok
11:29:44.0875 9296 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
11:29:44.0896 9296 circlass - ok
11:29:44.0936 9296 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:29:44.0986 9296 CLFS - ok
11:29:45.0062 9296 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
11:29:45.0105 9296 CmBatt - ok
11:29:45.0451 9296 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
11:29:45.0478 9296 cmdide - ok
11:29:45.0558 9296 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
11:29:45.0615 9296 CNG - ok
11:29:45.0665 9296 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
11:29:45.0690 9296 Compbatt - ok
11:29:45.0740 9296 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
11:29:45.0797 9296 CompositeBus - ok
11:29:45.0830 9296 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
11:29:45.0839 9296 crcdisk - ok
11:29:45.0915 9296 CtClsFlt - ok
11:29:46.0068 9296 dfmirage (178a6e9a0dce42959fc5ad129f60cba9) C:\Windows\system32\DRIVERS\dfmirage.sys
11:29:46.0092 9296 dfmirage - ok
11:29:46.0135 9296 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
11:29:46.0197 9296 DfsC - ok
11:29:46.0231 9296 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:29:46.0270 9296 discache - ok
11:29:46.0320 9296 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
11:29:46.0336 9296 Disk - ok
11:29:46.0385 9296 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:29:46.0451 9296 drmkaud - ok
11:29:46.0539 9296 dtsoftbus01 (400582b09e0bb557d0ec28a945150eeb) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
11:29:46.0551 9296 dtsoftbus01 - ok
11:29:46.0616 9296 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
11:29:46.0656 9296 DXGKrnl - ok
11:29:46.0760 9296 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
11:29:46.0899 9296 ebdrv - ok
11:29:46.0978 9296 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
11:29:47.0039 9296 elxstor - ok
11:29:47.0104 9296 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
11:29:47.0185 9296 ErrDev - ok
11:29:47.0281 9296 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:29:47.0339 9296 exfat - ok
11:29:47.0390 9296 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:29:47.0449 9296 fastfat - ok
11:29:47.0869 9296 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
11:29:47.0954 9296 fdc - ok
11:29:47.0995 9296 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:29:48.0006 9296 FileInfo - ok
11:29:48.0041 9296 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:29:48.0224 9296 Filetrace - ok
11:29:48.0252 9296 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
11:29:48.0282 9296 flpydisk - ok
11:29:48.0334 9296 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
11:29:48.0348 9296 FltMgr - ok
11:29:48.0382 9296 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:29:48.0396 9296 FsDepends - ok
11:29:48.0427 9296 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
11:29:48.0453 9296 Fs_Rec - ok
11:29:48.0534 9296 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:29:48.0555 9296 fvevol - ok
11:29:48.0608 9296 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:29:48.0623 9296 gagp30kx - ok
11:29:48.0668 9296 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:29:48.0676 9296 GEARAspiWDM - ok
11:29:48.0757 9296 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:29:48.0809 9296 hcw85cir - ok
11:29:48.0849 9296 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
11:29:48.0914 9296 HDAudBus - ok
11:29:48.0941 9296 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
11:29:48.0970 9296 HidBatt - ok
11:29:48.0988 9296 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
11:29:49.0067 9296 HidBth - ok
11:29:49.0103 9296 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
11:29:49.0117 9296 HidIr - ok
11:29:49.0145 9296 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
11:29:49.0168 9296 HidUsb - ok
11:29:49.0212 9296 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
11:29:49.0223 9296 HpSAMD - ok
11:29:49.0278 9296 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
11:29:49.0370 9296 HTTP - ok
11:29:49.0405 9296 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
11:29:49.0413 9296 hwpolicy - ok
11:29:49.0467 9296 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
11:29:49.0501 9296 i8042prt - ok
11:29:49.0569 9296 iaStor (d469b77687e12fe43e344806740b624d) C:\Windows\system32\DRIVERS\iaStor.sys
11:29:49.0629 9296 iaStor - ok
11:29:49.0698 9296 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
11:29:49.0739 9296 iaStorV - ok
11:29:49.0773 9296 iBtFltCoex (50b8ab6013ef9970ac85fdba0f622300) C:\Windows\system32\DRIVERS\iBtFltCoex.sys
11:29:49.0818 9296 iBtFltCoex - ok
11:29:50.0588 9296 igfx (0ac9e321d604be48a0d72b69ba484bdc) C:\Windows\system32\DRIVERS\igdkmd64.sys
11:29:50.0936 9296 igfx - ok
11:29:50.0981 9296 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
11:29:51.0005 9296 iirsp - ok
11:29:51.0038 9296 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
11:29:51.0141 9296 Impcd - ok
11:29:51.0353 9296 IntcAzAudAddService (a9853214cc97796579d75b1f59c51dcd) C:\Windows\system32\drivers\RTKVHD64.sys
11:29:51.0439 9296 IntcAzAudAddService - ok
11:29:51.0505 9296 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
11:29:51.0595 9296 IntcDAud - ok
11:29:51.0632 9296 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
11:29:51.0641 9296 intelide - ok
11:29:51.0687 9296 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:29:51.0728 9296 intelppm - ok
11:29:51.0793 9296 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:29:51.0845 9296 IpFilterDriver - ok
11:29:51.0884 9296 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
11:29:51.0910 9296 IPMIDRV - ok
11:29:51.0944 9296 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:29:52.0012 9296 IPNAT - ok
11:29:52.0063 9296 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:29:52.0141 9296 IRENUM - ok
11:29:52.0186 9296 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
11:29:52.0210 9296 isapnp - ok
11:29:52.0256 9296 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
11:29:52.0295 9296 iScsiPrt - ok
11:29:52.0541 9296 JMCR (e56417c56b6a7316b6f527c890a1860d) C:\Windows\system32\DRIVERS\jmcr.sys
11:29:52.0789 9296 JMCR - ok
11:29:52.0826 9296 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
11:29:52.0837 9296 kbdclass - ok
11:29:52.0862 9296 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
11:29:52.0930 9296 kbdhid - ok
11:29:52.0980 9296 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
11:29:52.0993 9296 KSecDD - ok
11:29:53.0083 9296 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
11:29:53.0110 9296 KSecPkg - ok
11:29:53.0161 9296 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:29:53.0213 9296 ksthunk - ok
11:29:53.0321 9296 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:29:53.0371 9296 lltdio - ok
11:29:53.0446 9296 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:29:53.0456 9296 LSI_FC - ok
11:29:53.0498 9296 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:29:53.0527 9296 LSI_SAS - ok
11:29:53.0567 9296 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:29:53.0589 9296 LSI_SAS2 - ok
11:29:53.0626 9296 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:29:53.0650 9296 LSI_SCSI - ok
11:29:53.0677 9296 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:29:53.0744 9296 luafv - ok
11:29:53.0853 9296 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
11:29:53.0881 9296 MBAMProtector - ok
11:29:53.0938 9296 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
11:29:53.0968 9296 megasas - ok
11:29:54.0008 9296 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
11:29:54.0040 9296 MegaSR - ok
11:29:54.0119 9296 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
11:29:54.0148 9296 MEIx64 - ok
11:29:54.0231 9296 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:29:54.0294 9296 Modem - ok
11:29:54.0331 9296 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:29:54.0358 9296 monitor - ok
11:29:54.0434 9296 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
11:29:54.0458 9296 mouclass - ok
11:29:54.0511 9296 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:29:54.0550 9296 mouhid - ok
11:29:54.0612 9296 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
11:29:54.0638 9296 mountmgr - ok
11:29:54.0672 9296 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
11:29:54.0699 9296 mpio - ok
11:29:54.0721 9296 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:29:54.0751 9296 mpsdrv - ok
11:29:55.0211 9296 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
11:29:55.0310 9296 MRxDAV - ok
11:29:55.0350 9296 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:29:55.0413 9296 mrxsmb - ok
11:29:55.0462 9296 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:29:55.0503 9296 mrxsmb10 - ok
11:29:55.0526 9296 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:29:55.0574 9296 mrxsmb20 - ok
11:29:55.0610 9296 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
11:29:55.0630 9296 msahci - ok
11:29:55.0669 9296 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
11:29:55.0690 9296 msdsm - ok
11:29:55.0734 9296 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:29:55.0790 9296 Msfs - ok
11:29:55.0826 9296 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:29:55.0908 9296 mshidkmdf - ok
11:29:55.0929 9296 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
11:29:55.0937 9296 msisadrv - ok
11:29:55.0984 9296 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:29:56.0037 9296 MSKSSRV - ok
11:29:56.0073 9296 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:29:56.0126 9296 MSPCLOCK - ok
11:29:56.0148 9296 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:29:56.0240 9296 MSPQM - ok
11:29:56.0283 9296 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
11:29:56.0318 9296 MsRPC - ok
11:29:56.0335 9296 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
11:29:56.0343 9296 mssmbios - ok
11:29:56.0358 9296 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:29:56.0406 9296 MSTEE - ok
11:29:56.0429 9296 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
11:29:56.0469 9296 MTConfig - ok
11:29:56.0494 9296 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:29:56.0522 9296 Mup - ok
11:29:56.0596 9296 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:29:56.0645 9296 NativeWifiP - ok
11:29:56.0709 9296 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
11:29:56.0757 9296 NDIS - ok
11:29:56.0815 9296 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:29:56.0871 9296 NdisCap - ok
11:29:56.0906 9296 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:29:56.0965 9296 NdisTapi - ok
11:29:56.0998 9296 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
11:29:57.0082 9296 Ndisuio - ok
11:29:57.0114 9296 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
11:29:57.0173 9296 NdisWan - ok
11:29:57.0617 9296 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
11:29:57.0682 9296 NDProxy - ok
11:29:57.0705 9296 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:29:57.0734 9296 NetBIOS - ok
11:29:57.0785 9296 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
11:29:57.0842 9296 NetBT - ok
11:29:58.0109 9296 NETwNs64 (5d262402b0634c998f8cbcead7dd8676) C:\Windows\system32\DRIVERS\NETwNs64.sys
11:29:58.0326 9296 NETwNs64 - ok
11:29:58.0392 9296 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
11:29:58.0418 9296 nfrd960 - ok
11:29:58.0482 9296 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:29:58.0538 9296 Npfs - ok
11:29:58.0562 9296 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:29:58.0638 9296 nsiproxy - ok
11:29:58.0713 9296 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
11:29:58.0788 9296 Ntfs - ok
11:29:58.0815 9296 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:29:58.0865 9296 Null - ok
11:29:58.0930 9296 nusb3hub (0ebc9d13cd96c15b1b18d8678a609e4b) C:\Windows\system32\DRIVERS\nusb3hub.sys
11:29:58.0983 9296 nusb3hub - ok
11:29:59.0032 9296 nusb3xhc (7bdec000d56d485021d9c1e63c2f81ca) C:\Windows\system32\DRIVERS\nusb3xhc.sys
11:29:59.0089 9296 nusb3xhc - ok
11:29:59.0134 9296 NVHDA (857fb74754ebff94ee3ad40788740916) C:\Windows\system32\drivers\nvhda64v.sys
11:29:59.0148 9296 NVHDA - ok
11:29:59.0520 9296 nvlddmkm (24aa5e3ed7a2b48b8e798a1059a2b323) C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:29:59.0822 9296 nvlddmkm - ok
11:30:00.0192 9296 nvpciflt (58aa797b41410daea6a6eb33e77f9b7a) C:\Windows\system32\DRIVERS\nvpciflt.sys
11:30:00.0214 9296 nvpciflt - ok
11:30:00.0275 9296 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
11:30:00.0289 9296 nvraid - ok
11:30:00.0313 9296 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
11:30:00.0326 9296 nvstor - ok
11:30:00.0369 9296 NvStUSB (9e01b716c8085f7adb1cdc10103ceef8) C:\Windows\system32\DRIVERS\nvstusb.sys
11:30:00.0379 9296 NvStUSB - ok
11:30:00.0441 9296 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
11:30:00.0465 9296 nv_agp - ok
11:30:00.0514 9296 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
11:30:00.0597 9296 ohci1394 - ok
11:30:00.0644 9296 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
11:30:00.0670 9296 Parport - ok
11:30:00.0710 9296 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
11:30:00.0730 9296 partmgr - ok
11:30:00.0776 9296 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
11:30:00.0794 9296 pci - ok
11:30:00.0883 9296 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
11:30:00.0908 9296 pciide - ok
11:30:00.0954 9296 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
11:30:00.0974 9296 pcmcia - ok
11:30:01.0000 9296 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:30:01.0026 9296 pcw - ok
11:30:01.0055 9296 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:30:01.0154 9296 PEAUTH - ok
11:30:01.0221 9296 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
11:30:01.0284 9296 PptpMiniport - ok
11:30:01.0322 9296 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
11:30:01.0343 9296 Processor - ok
11:30:01.0411 9296 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
11:30:01.0485 9296 Psched - ok
11:30:01.0532 9296 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
11:30:01.0559 9296 PxHlpa64 - ok
11:30:01.0615 9296 qicflt (0928bd20273625622722fe1de5bbde57) C:\Windows\system32\DRIVERS\qicflt.sys
11:30:01.0637 9296 qicflt - ok
11:30:01.0695 9296 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
11:30:01.0767 9296 ql2300 - ok
11:30:01.0798 9296 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
11:30:01.0810 9296 ql40xx - ok
11:30:01.0847 9296 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:30:01.0880 9296 QWAVEdrv - ok
11:30:01.0918 9296 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:30:01.0947 9296 RasAcd - ok
11:30:02.0009 9296 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:30:02.0064 9296 RasAgileVpn - ok
11:30:02.0126 9296 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:30:02.0187 9296 Rasl2tp - ok
11:30:02.0610 9296 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:30:02.0667 9296 RasPppoe - ok
11:30:02.0698 9296 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:30:02.0754 9296 RasSstp - ok
11:30:02.0790 9296 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
11:30:02.0843 9296 rdbss - ok
11:30:02.0864 9296 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:30:02.0877 9296 rdpbus - ok
11:30:02.0914 9296 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:30:02.0967 9296 RDPCDD - ok
11:30:02.0990 9296 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:30:03.0051 9296 RDPENCDD - ok
11:30:03.0080 9296 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:30:03.0126 9296 RDPREFMP - ok
11:30:03.0171 9296 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
11:30:03.0215 9296 RDPWD - ok
11:30:03.0354 9296 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
11:30:03.0373 9296 rdyboost - ok
11:30:03.0456 9296 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
11:30:03.0488 9296 RFCOMM - ok
11:30:03.0555 9296 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:30:03.0605 9296 rspndr - ok
11:30:03.0669 9296 RTL8167 (a73ed14670220307874ad6bc2f279349) C:\Windows\system32\DRIVERS\Rt64win7.sys
11:30:03.0688 9296 RTL8167 - ok
11:30:03.0721 9296 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
11:30:03.0744 9296 sbp2port - ok
11:30:03.0791 9296 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
11:30:03.0846 9296 scfilter - ok
11:30:03.0905 9296 sdbus (84e00908975faf79e91282ed8fb88c2f) C:\Windows\system32\drivers\sdbus.sys
11:30:03.0986 9296 sdbus - ok
11:30:04.0045 9296 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:30:04.0097 9296 secdrv - ok
11:30:04.0118 9296 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:30:04.0150 9296 Serenum - ok
11:30:04.0185 9296 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:30:04.0236 9296 Serial - ok
11:30:04.0270 9296 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
11:30:04.0298 9296 sermouse - ok
11:30:04.0338 9296 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
11:30:04.0382 9296 sffdisk - ok
11:30:04.0406 9296 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:30:04.0438 9296 sffp_mmc - ok
11:30:04.0456 9296 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
11:30:04.0506 9296 sffp_sd - ok
11:30:04.0525 9296 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
11:30:04.0597 9296 sfloppy - ok
11:30:05.0255 9296 Sftfs (a40abfdcb75f835fdf3ce0cc64e4250d) C:\Windows\system32\DRIVERS\Sftfslh.sys
11:30:05.0294 9296 Sftfs - ok
11:30:05.0344 9296 Sftplay (411769ed1cb12d2b44217734347bdb7a) C:\Windows\system32\DRIVERS\Sftplaylh.sys
11:30:05.0356 9296 Sftplay - ok
11:30:05.0378 9296 Sftredir (a14d0df34bbb00ea94da16193d0c7957) C:\Windows\system32\DRIVERS\Sftredirlh.sys
11:30:05.0386 9296 Sftredir - ok
11:30:05.0408 9296 Sftvol (393b22addd89979eb1c60898f51c3648) C:\Windows\system32\DRIVERS\Sftvollh.sys
11:30:05.0416 9296 Sftvol - ok
11:30:05.0449 9296 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:30:05.0486 9296 SiSRaid2 - ok
11:30:05.0511 9296 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
11:30:05.0522 9296 SiSRaid4 - ok
11:30:05.0575 9296 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:30:05.0624 9296 Smb - ok
11:30:05.0674 9296 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:30:05.0699 9296 spldr - ok
11:30:05.0756 9296 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
11:30:05.0853 9296 srv - ok
11:30:05.0876 9296 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
11:30:05.0936 9296 srv2 - ok
11:30:05.0969 9296 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
11:30:06.0009 9296 srvnet - ok
11:30:06.0061 9296 stdcfltn (92e7f6666633d2dd91d527503daa7be0) C:\Windows\system32\DRIVERS\stdcfltn.sys
11:30:06.0074 9296 stdcfltn - ok
11:30:06.0134 9296 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
11:30:06.0159 9296 stexstor - ok
11:30:06.0211 9296 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
11:30:06.0226 9296 swenum - ok
11:30:06.0293 9296 SynTP (b0c7d4dcf4800df2f2145b500d0161e8) C:\Windows\system32\DRIVERS\SynTP.sys
11:30:06.0340 9296 SynTP - ok
11:30:06.0439 9296 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
11:30:06.0511 9296 Tcpip - ok
11:30:06.0574 9296 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
11:30:06.0613 9296 TCPIP6 - ok
11:30:06.0660 9296 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
11:30:06.0715 9296 tcpipreg - ok
11:30:06.0736 9296 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:30:06.0800 9296 TDPIPE - ok
11:30:06.0826 9296 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
11:30:06.0887 9296 TDTCP - ok
11:30:06.0945 9296 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
11:30:06.0986 9296 tdx - ok
11:30:07.0040 9296 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
11:30:07.0068 9296 TermDD - ok
11:30:07.0129 9296 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:30:07.0193 9296 tssecsrv - ok
11:30:07.0740 9296 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
11:30:07.0802 9296 TsUsbFlt - ok
11:30:07.0838 9296 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
11:30:07.0895 9296 tunnel - ok
11:30:08.0001 9296 TurboB (fd24f98d2898be093fe926604be7db99) C:\Windows\system32\DRIVERS\TurboB.sys
11:30:08.0013 9296 TurboB - ok
11:30:08.0069 9296 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
11:30:08.0099 9296 uagp35 - ok
11:30:08.0149 9296 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
11:30:08.0202 9296 udfs - ok
11:30:08.0277 9296 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
11:30:08.0294 9296 uliagpkx - ok
11:30:08.0347 9296 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
11:30:08.0386 9296 umbus - ok
11:30:08.0422 9296 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
11:30:08.0449 9296 UmPass - ok
11:30:08.0513 9296 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
11:30:08.0571 9296 USBAAPL64 - ok
11:30:08.0635 9296 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
11:30:08.0680 9296 usbaudio - ok
11:30:08.0716 9296 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\DRIVERS\usbccgp.sys
11:30:08.0782 9296 usbccgp - ok
11:30:08.0802 9296 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
11:30:08.0846 9296 usbcir - ok
11:30:08.0886 9296 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
11:30:08.0967 9296 usbehci - ok
11:30:09.0041 9296 usbhub (8b892002d7b79312821169a14317ab86) C:\Windows\system32\DRIVERS\usbhub.sys
11:30:09.0099 9296 usbhub - ok
11:30:09.0155 9296 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
11:30:09.0253 9296 usbohci - ok
11:30:09.0313 9296 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:30:09.0340 9296 usbprint - ok
11:30:09.0394 9296 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
11:30:09.0451 9296 usbscan - ok
11:30:09.0480 9296 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:30:09.0530 9296 USBSTOR - ok
11:30:09.0554 9296 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
11:30:09.0588 9296 usbuhci - ok
11:30:09.0668 9296 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
11:30:09.0703 9296 usbvideo - ok
11:30:10.0104 9296 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
11:30:10.0130 9296 vdrvroot - ok
11:30:10.0168 9296 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:30:10.0192 9296 vga - ok
11:30:10.0218 9296 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:30:10.0281 9296 VgaSave - ok
11:30:10.0325 9296 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
11:30:10.0338 9296 vhdmp - ok
11:30:10.0377 9296 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
11:30:10.0387 9296 viaide - ok
11:30:10.0442 9296 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
11:30:10.0454 9296 volmgr - ok
11:30:10.0528 9296 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
11:30:10.0542 9296 volmgrx - ok
11:30:10.0598 9296 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
11:30:10.0629 9296 volsnap - ok
11:30:10.0677 9296 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
11:30:10.0718 9296 vsmraid - ok
11:30:10.0778 9296 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
11:30:10.0813 9296 vwifibus - ok
11:30:10.0838 9296 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
11:30:10.0874 9296 vwififlt - ok
11:30:10.0907 9296 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
11:30:10.0934 9296 vwifimp - ok
11:30:10.0961 9296 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
11:30:10.0979 9296 WacomPen - ok
11:30:11.0118 9296 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:30:11.0211 9296 WANARP - ok
11:30:11.0215 9296 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:30:11.0243 9296 Wanarpv6 - ok
11:30:11.0286 9296 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
11:30:11.0296 9296 Wd - ok
11:30:11.0340 9296 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:30:11.0371 9296 Wdf01000 - ok
11:30:11.0448 9296 wdkmd (94dc2bf6cbaaa95e369c3756d3115a76) C:\Windows\system32\DRIVERS\WDKMD.sys
11:30:11.0489 9296 wdkmd - ok
11:30:11.0533 9296 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:30:11.0565 9296 WfpLwf - ok
11:30:11.0603 9296 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
11:30:11.0615 9296 WimFltr - ok
11:30:11.0636 9296 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:30:11.0647 9296 WIMMount - ok
11:30:11.0742 9296 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
11:30:11.0788 9296 WinUsb - ok
11:30:11.0878 9296 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
11:30:11.0894 9296 WmiAcpi - ok
11:30:11.0964 9296 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:30:12.0012 9296 ws2ifsl - ok
11:30:12.0571 9296 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
11:30:12.0629 9296 WudfPf - ok
11:30:12.0679 9296 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:30:12.0739 9296 WUDFRd - ok
11:30:12.0763 9296 MBR (0x1B8) (4bf077b4df3f4f5483a79d4ce511c7f3) \Device\Harddisk0\DR0
11:30:12.0790 9296 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
11:30:12.0790 9296 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
11:30:12.0894 9296 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
11:30:12.0894 9296 \Device\Harddisk0\DR0 - detected TDSS File System (1)
11:30:12.0933 9296 Boot (0x1200) (4980b5f8fa0890f5e98eda07dcebc2f2) \Device\Harddisk0\DR0\Partition0
11:30:12.0935 9296 \Device\Harddisk0\DR0\Partition0 - ok
11:30:12.0954 9296 Boot (0x1200) (683c52ad82086aedc39384b3d0160f54) \Device\Harddisk0\DR0\Partition1
11:30:12.0957 9296 \Device\Harddisk0\DR0\Partition1 - ok
11:30:12.0958 9296 ============================================================
11:30:12.0958 9296 Scan finished
11:30:12.0958 9296 ============================================================
11:30:12.0979 15332 Detected object count: 2
11:30:12.0979 15332 Actual detected object count: 2
11:31:15.0862 15332 \Device\Harddisk0\DR0\# - copied to quarantine
11:31:15.0862 15332 \Device\Harddisk0\DR0 - copied to quarantine
11:31:15.0973 15332 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
11:31:15.0976 15332 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
11:31:15.0982 15332 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
11:31:15.0989 15332 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
11:31:15.0997 15332 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
11:31:16.0738 15332 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
11:31:16.0772 15332 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
11:31:16.0805 15332 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
11:31:16.0811 15332 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
11:31:16.0813 15332 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
11:31:16.0827 15332 \Device\Harddisk0\DR0\TDLFS\xh.dll - copied to quarantine
11:31:16.0832 15332 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
11:31:16.0834 15332 \Device\Harddisk0\DR0 - ok
11:31:17.0048 15332 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
11:31:17.0049 15332 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
11:31:17.0049 15332 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
11:31:24.0364 12456 Deinitialize success

kevinf80 · 09-Feb-2012, 11:48 AM #8

We are making good progress, run TDSSKiller again, when you see this Device\Harddisk0\DR0 ( TDSS File System ) Select delete this time, not skip.

Re-boot and run Malwarebytes, make sure to update first. Let me see the two logs in next reply. Also tell me if your system has improved...

Kevin

Timmeh! · 09-Feb-2012, 12:18 PM #9

Kevin,

This is great. We deleted the fill with TDSS. This is the log. We rebooted, and are currently running MBAM's full scan. So far, so good -- MBAM has not popped up with it's normal detection of the malware! We will post the MBAM log as soon as it's done!

11:55:20.0129 1184 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
11:55:20.0411 1184 ============================================================
11:55:20.0411 1184 Current date / time: 2012/02/09 11:55:20.0411
11:55:20.0411 1184 SystemInfo:
11:55:20.0411 1184
11:55:20.0411 1184 OS Version: 6.1.7601 ServicePack: 1.0
11:55:20.0411 1184 Product type: Workstation
11:55:20.0412 1184 ComputerName: ZEYNEP-PC
11:55:20.0412 1184 UserName: Zeynep
11:55:20.0412 1184 Windows directory: C:\Windows
11:55:20.0412 1184 System windows directory: C:\Windows
11:55:20.0412 1184 Running under WOW64
11:55:20.0412 1184 Processor architecture: Intel x64
11:55:20.0412 1184 Number of processors: 4
11:55:20.0412 1184 Page size: 0x1000
11:55:20.0412 1184 Boot type: Normal boot
11:55:20.0412 1184 ============================================================
11:55:21.0468 1184 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:55:21.0474 1184 \Device\Harddisk0\DR0:
11:55:21.0475 1184 MBR used
11:55:21.0475 1184 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32FCD, BlocksNum 0x1D4C000
11:55:21.0475 1184 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D7EFCD, BlocksNum 0x38606863
11:55:21.0505 1184 Initialize success
11:55:21.0505 1184 ============================================================
11:55:30.0386 5732 ============================================================
11:55:30.0386 5732 Scan started
11:55:30.0386 5732 Mode: Manual; SigCheck; TDLFS;
11:55:30.0386 5732 ============================================================
11:55:31.0758 5732 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
11:55:31.0872 5732 1394ohci - ok
11:55:31.0917 5732 Acceler (e0065cbf1a25c015c218457d2cd522b9) C:\Windows\system32\DRIVERS\Accelern.sys
11:55:31.0956 5732 Acceler - ok
11:55:32.0008 5732 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
11:55:32.0046 5732 ACPI - ok
11:55:32.0090 5732 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
11:55:32.0175 5732 AcpiPmi - ok
11:55:32.0217 5732 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
11:55:32.0266 5732 adp94xx - ok
11:55:32.0314 5732 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
11:55:32.0349 5732 adpahci - ok
11:55:32.0370 5732 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
11:55:32.0396 5732 adpu320 - ok
11:55:32.0483 5732 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
11:55:32.0574 5732 AFD - ok
11:55:32.0615 5732 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
11:55:32.0642 5732 agp440 - ok
11:55:32.0698 5732 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
11:55:32.0720 5732 aliide - ok
11:55:32.0739 5732 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
11:55:32.0747 5732 amdide - ok
11:55:32.0768 5732 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
11:55:32.0819 5732 AmdK8 - ok
11:55:32.0864 5732 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:55:32.0917 5732 AmdPPM - ok
11:55:32.0978 5732 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
11:55:33.0006 5732 amdsata - ok
11:55:33.0046 5732 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
11:55:33.0070 5732 amdsbs - ok
11:55:33.0099 5732 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
11:55:33.0124 5732 amdxata - ok
11:55:33.0195 5732 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
11:55:33.0365 5732 AppID - ok
11:55:33.0451 5732 appliand (0eeff7103e4f3e783f3d2b870af67f1c) C:\Windows\system32\DRIVERS\appliand.sys
11:55:33.0470 5732 appliand - ok
11:55:33.0484 5732 appliandMP (0eeff7103e4f3e783f3d2b870af67f1c) C:\Windows\system32\DRIVERS\appliand.sys
11:55:33.0491 5732 appliandMP - ok
11:55:33.0543 5732 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
11:55:33.0570 5732 arc - ok
11:55:33.0877 5732 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
11:55:33.0905 5732 arcsas - ok
11:55:33.0958 5732 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:55:34.0140 5732 AsyncMac - ok
11:55:34.0196 5732 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
11:55:34.0222 5732 atapi - ok
11:55:34.0305 5732 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
11:55:34.0326 5732 AVGIDSDriver - ok
11:55:34.0366 5732 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
11:55:34.0384 5732 AVGIDSEH - ok
11:55:34.0427 5732 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
11:55:34.0446 5732 AVGIDSFilter - ok
11:55:34.0470 5732 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
11:55:34.0486 5732 Avgldx64 - ok
11:55:34.0497 5732 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
11:55:34.0507 5732 Avgmfx64 - ok
11:55:34.0565 5732 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
11:55:34.0583 5732 Avgrkx64 - ok
11:55:34.0605 5732 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
11:55:34.0615 5732 Avgtdia - ok
11:55:34.0691 5732 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
11:55:34.0766 5732 b06bdrv - ok
11:55:34.0819 5732 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:55:34.0854 5732 b57nd60a - ok
11:55:34.0899 5732 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:55:34.0971 5732 Beep - ok
11:55:35.0011 5732 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:55:35.0049 5732 blbdrive - ok
11:55:35.0118 5732 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
11:55:35.0183 5732 bowser - ok
11:55:35.0208 5732 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:55:35.0292 5732 BrFiltLo - ok
11:55:35.0312 5732 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:55:35.0331 5732 BrFiltUp - ok
11:55:35.0359 5732 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:55:35.0431 5732 Brserid - ok
11:55:35.0456 5732 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:55:35.0505 5732 BrSerWdm - ok
11:55:35.0523 5732 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:55:35.0560 5732 BrUsbMdm - ok
11:55:35.0572 5732 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:55:35.0634 5732 BrUsbSer - ok
11:55:35.0686 5732 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
11:55:35.0746 5732 BthEnum - ok
11:55:35.0798 5732 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
11:55:35.0827 5732 BTHMODEM - ok
11:55:35.0866 5732 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
11:55:36.0107 5732 BthPan - ok
11:55:36.0458 5732 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
11:55:36.0548 5732 BTHPORT - ok
11:55:36.0598 5732 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
11:55:36.0646 5732 BTHUSB - ok
11:55:36.0684 5732 btmaux (ba554bfcbf21201d310738a42c9c19e1) C:\Windows\system32\DRIVERS\btmaux.sys
11:55:36.0705 5732 btmaux - ok
11:55:36.0740 5732 btmhsf (0010a54571f525a97eed8c091e96eaa9) C:\Windows\system32\DRIVERS\btmhsf.sys
11:55:36.0803 5732 btmhsf - ok
11:55:36.0857 5732 BVRPMPR5a64 (9887ca12f407d7fbc7f48f3678f5f0b6) C:\Windows\system32\drivers\BVRPMPR5a64.SYS
11:55:36.0880 5732 BVRPMPR5a64 - ok
11:55:36.0938 5732 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:55:37.0012 5732 cdfs - ok
11:55:37.0065 5732 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
11:55:37.0115 5732 cdrom - ok
11:55:37.0149 5732 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
11:55:37.0181 5732 circlass - ok
11:55:37.0219 5732 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:55:37.0256 5732 CLFS - ok
11:55:37.0311 5732 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
11:55:37.0356 5732 CmBatt - ok
11:55:37.0387 5732 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
11:55:37.0413 5732 cmdide - ok
11:55:37.0461 5732 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
11:55:37.0488 5732 CNG - ok
11:55:37.0535 5732 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
11:55:37.0558 5732 Compbatt - ok
11:55:37.0625 5732 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
11:55:37.0672 5732 CompositeBus - ok
11:55:37.0700 5732 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
11:55:37.0708 5732 crcdisk - ok
11:55:37.0750 5732 CtClsFlt - ok
11:55:37.0805 5732 dfmirage (178a6e9a0dce42959fc5ad129f60cba9) C:\Windows\system32\DRIVERS\dfmirage.sys
11:55:37.0815 5732 dfmirage - ok
11:55:37.0872 5732 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
11:55:37.0921 5732 DfsC - ok
11:55:37.0944 5732 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:55:37.0975 5732 discache - ok
11:55:38.0089 5732 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
11:55:38.0099 5732 Disk - ok
11:55:38.0140 5732 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:55:38.0171 5732 drmkaud - ok
11:55:38.0211 5732 dtsoftbus01 (400582b09e0bb557d0ec28a945150eeb) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
11:55:38.0221 5732 dtsoftbus01 - ok
11:55:38.0271 5732 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
11:55:38.0292 5732 DXGKrnl - ok
11:55:38.0383 5732 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
11:55:38.0649 5732 ebdrv - ok
11:55:39.0029 5732 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
11:55:39.0090 5732 elxstor - ok
11:55:39.0155 5732 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
11:55:39.0205 5732 ErrDev - ok
11:55:39.0348 5732 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:55:39.0410 5732 exfat - ok
11:55:39.0448 5732 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:55:39.0500 5732 fastfat - ok
11:55:39.0524 5732 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
11:55:39.0566 5732 fdc - ok
11:55:39.0602 5732 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:55:39.0626 5732 FileInfo - ok
11:55:39.0647 5732 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:55:39.0699 5732 Filetrace - ok
11:55:39.0724 5732 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
11:55:39.0755 5732 flpydisk - ok
11:55:39.0794 5732 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
11:55:39.0819 5732 FltMgr - ok
11:55:39.0839 5732 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:55:39.0850 5732 FsDepends - ok
11:55:39.0868 5732 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
11:55:39.0875 5732 Fs_Rec - ok
11:55:39.0944 5732 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:55:39.0971 5732 fvevol - ok
11:55:39.0991 5732 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:55:40.0000 5732 gagp30kx - ok
11:55:40.0035 5732 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:55:40.0054 5732 GEARAspiWDM - ok
11:55:40.0132 5732 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:55:40.0197 5732 hcw85cir - ok
11:55:40.0242 5732 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
11:55:40.0297 5732 HDAudBus - ok
11:55:40.0316 5732 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
11:55:40.0359 5732 HidBatt - ok
11:55:40.0385 5732 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
11:55:40.0446 5732 HidBth - ok
11:55:40.0478 5732 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
11:55:40.0509 5732 HidIr - ok
11:55:40.0536 5732 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
11:55:40.0582 5732 HidUsb - ok
11:55:40.0637 5732 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
11:55:40.0658 5732 HpSAMD - ok
11:55:40.0711 5732 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
11:55:40.0814 5732 HTTP - ok
11:55:40.0846 5732 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
11:55:40.0853 5732 hwpolicy - ok
11:55:40.0900 5732 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
11:55:40.0928 5732 i8042prt - ok
11:55:41.0604 5732 iaStor (d469b77687e12fe43e344806740b624d) C:\Windows\system32\DRIVERS\iaStor.sys
11:55:41.0639 5732 iaStor - ok
11:55:41.0700 5732 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
11:55:41.0739 5732 iaStorV - ok
11:55:41.0768 5732 iBtFltCoex (50b8ab6013ef9970ac85fdba0f622300) C:\Windows\system32\DRIVERS\iBtFltCoex.sys
11:55:41.0800 5732 iBtFltCoex - ok
11:55:42.0073 5732 igfx (0ac9e321d604be48a0d72b69ba484bdc) C:\Windows\system32\DRIVERS\igdkmd64.sys
11:55:42.0459 5732 igfx - ok
11:55:42.0504 5732 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
11:55:42.0513 5732 iirsp - ok
11:55:42.0561 5732 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
11:55:42.0664 5732 Impcd - ok
11:55:42.0758 5732 IntcAzAudAddService (a9853214cc97796579d75b1f59c51dcd) C:\Windows\system32\drivers\RTKVHD64.sys
11:55:42.0799 5732 IntcAzAudAddService - ok
11:55:42.0857 5732 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
11:55:42.0965 5732 IntcDAud - ok
11:55:43.0007 5732 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
11:55:43.0032 5732 intelide - ok
11:55:43.0087 5732 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:55:43.0133 5732 intelppm - ok
11:55:43.0177 5732 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:55:43.0248 5732 IpFilterDriver - ok
11:55:43.0283 5732 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
11:55:43.0294 5732 IPMIDRV - ok
11:55:43.0352 5732 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:55:43.0429 5732 IPNAT - ok
11:55:43.0470 5732 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:55:43.0565 5732 IRENUM - ok
11:55:44.0096 5732 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
11:55:44.0126 5732 isapnp - ok
11:55:44.0175 5732 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
11:55:44.0200 5732 iScsiPrt - ok
11:55:44.0257 5732 JMCR (e56417c56b6a7316b6f527c890a1860d) C:\Windows\system32\DRIVERS\jmcr.sys
11:55:44.0285 5732 JMCR - ok
11:55:44.0307 5732 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
11:55:44.0315 5732 kbdclass - ok
11:55:44.0335 5732 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
11:55:44.0378 5732 kbdhid - ok
11:55:44.0421 5732 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
11:55:44.0447 5732 KSecDD - ok
11:55:44.0489 5732 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
11:55:44.0520 5732 KSecPkg - ok
11:55:44.0552 5732 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:55:44.0648 5732 ksthunk - ok
11:55:44.0712 5732 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:55:44.0781 5732 lltdio - ok
11:55:44.0829 5732 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:55:44.0838 5732 LSI_FC - ok
11:55:44.0855 5732 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:55:44.0866 5732 LSI_SAS - ok
11:55:44.0883 5732 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:55:44.0892 5732 LSI_SAS2 - ok
11:55:44.0919 5732 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:55:44.0947 5732 LSI_SCSI - ok
11:55:44.0969 5732 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:55:45.0037 5732 luafv - ok
11:55:45.0112 5732 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
11:55:45.0130 5732 MBAMProtector - ok
11:55:45.0166 5732 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
11:55:45.0188 5732 megasas - ok
11:55:45.0217 5732 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
11:55:45.0249 5732 MegaSR - ok
11:55:45.0280 5732 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
11:55:45.0300 5732 MEIx64 - ok
11:55:45.0358 5732 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:55:45.0437 5732 Modem - ok
11:55:45.0467 5732 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:55:45.0512 5732 monitor - ok
11:55:45.0561 5732 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
11:55:45.0586 5732 mouclass - ok
11:55:45.0639 5732 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:55:45.0670 5732 mouhid - ok
11:55:45.0699 5732 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
11:55:45.0726 5732 mountmgr - ok
11:55:45.0767 5732 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
11:55:45.0789 5732 mpio - ok
11:55:45.0815 5732 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:55:45.0844 5732 mpsdrv - ok
11:55:45.0885 5732 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
11:55:45.0990 5732 MRxDAV - ok
11:55:46.0034 5732 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:55:46.0097 5732 mrxsmb - ok
11:55:46.0647 5732 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:55:46.0686 5732 mrxsmb10 - ok
11:55:46.0702 5732 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:55:46.0715 5732 mrxsmb20 - ok
11:55:46.0762 5732 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
11:55:46.0782 5732 msahci - ok
11:55:46.0837 5732 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
11:55:46.0848 5732 msdsm - ok
11:55:46.0895 5732 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:55:46.0943 5732 Msfs - ok
11:55:46.0971 5732 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:55:47.0078 5732 mshidkmdf - ok
11:55:47.0098 5732 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
11:55:47.0105 5732 msisadrv - ok
11:55:47.0170 5732 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:55:47.0228 5732 MSKSSRV - ok
11:55:47.0258 5732 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:55:47.0307 5732 MSPCLOCK - ok
11:55:47.0333 5732 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:55:47.0417 5732 MSPQM - ok
11:55:47.0452 5732 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
11:55:47.0467 5732 MsRPC - ok
11:55:47.0487 5732 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
11:55:47.0495 5732 mssmbios - ok
11:55:47.0519 5732 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:55:47.0574 5732 MSTEE - ok
11:55:47.0598 5732 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
11:55:47.0637 5732 MTConfig - ok
11:55:47.0662 5732 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:55:47.0670 5732 Mup - ok
11:55:47.0740 5732 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:55:47.0788 5732 NativeWifiP - ok
11:55:47.0846 5732 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
11:55:47.0896 5732 NDIS - ok
11:55:47.0918 5732 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:55:47.0947 5732 NdisCap - ok
11:55:47.0984 5732 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:55:48.0050 5732 NdisTapi - ok
11:55:48.0084 5732 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
11:55:48.0157 5732 Ndisuio - ok
11:55:48.0194 5732 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
11:55:48.0256 5732 NdisWan - ok
11:55:48.0299 5732 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
11:55:48.0353 5732 NDProxy - ok
11:55:48.0379 5732 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:55:48.0408 5732 NetBIOS - ok
11:55:48.0458 5732 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
11:55:48.0515 5732 NetBT - ok
11:55:49.0415 5732 NETwNs64 (5d262402b0634c998f8cbcead7dd8676) C:\Windows\system32\DRIVERS\NETwNs64.sys
11:55:49.0691 5732 NETwNs64 - ok
11:55:49.0733 5732 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
11:55:49.0743 5732 nfrd960 - ok
11:55:49.0815 5732 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:55:49.0863 5732 Npfs - ok
11:55:49.0887 5732 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:55:49.0942 5732 nsiproxy - ok
11:55:50.0014 5732 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
11:55:50.0089 5732 Ntfs - ok
11:55:50.0108 5732 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:55:50.0136 5732 Null - ok
11:55:50.0189 5732 nusb3hub (0ebc9d13cd96c15b1b18d8678a609e4b) C:\Windows\system32\DRIVERS\nusb3hub.sys
11:55:50.0226 5732 nusb3hub - ok
11:55:50.0275 5732 nusb3xhc (7bdec000d56d485021d9c1e63c2f81ca) C:\Windows\system32\DRIVERS\nusb3xhc.sys
11:55:50.0332 5732 nusb3xhc - ok
11:55:50.0360 5732 NVHDA (857fb74754ebff94ee3ad40788740916) C:\Windows\system32\drivers\nvhda64v.sys
11:55:50.0368 5732 NVHDA - ok
11:55:50.0655 5732 nvlddmkm (24aa5e3ed7a2b48b8e798a1059a2b323) C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:55:50.0830 5732 nvlddmkm - ok
11:55:50.0858 5732 nvpciflt (58aa797b41410daea6a6eb33e77f9b7a) C:\Windows\system32\DRIVERS\nvpciflt.sys
11:55:50.0877 5732 nvpciflt - ok
11:55:50.0932 5732 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
11:55:50.0959 5732 nvraid - ok
11:55:51.0005 5732 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
11:55:51.0036 5732 nvstor - ok
11:55:51.0069 5732 NvStUSB (9e01b716c8085f7adb1cdc10103ceef8) C:\Windows\system32\DRIVERS\nvstusb.sys
11:55:51.0092 5732 NvStUSB - ok
11:55:51.0156 5732 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
11:55:51.0185 5732 nv_agp - ok
11:55:51.0237 5732 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
11:55:51.0341 5732 ohci1394 - ok
11:55:51.0722 5732 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
11:55:51.0759 5732 Parport - ok
11:55:51.0795 5732 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
11:55:51.0804 5732 partmgr - ok
11:55:51.0844 5732 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
11:55:51.0883 5732 pci - ok
11:55:51.0928 5732 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
11:55:51.0952 5732 pciide - ok
11:55:51.0980 5732 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
11:55:51.0993 5732 pcmcia - ok
11:55:52.0011 5732 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:55:52.0021 5732 pcw - ok
11:55:52.0050 5732 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:55:52.0124 5732 PEAUTH - ok
11:55:52.0192 5732 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
11:55:52.0270 5732 PptpMiniport - ok
11:55:52.0293 5732 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
11:55:52.0329 5732 Processor - ok
11:55:52.0373 5732 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
11:55:52.0451 5732 Psched - ok
11:55:52.0487 5732 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
11:55:52.0506 5732 PxHlpa64 - ok
11:55:52.0561 5732 qicflt (0928bd20273625622722fe1de5bbde57) C:\Windows\system32\DRIVERS\qicflt.sys
11:55:52.0581 5732 qicflt - ok
11:55:52.0627 5732 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
11:55:52.0700 5732 ql2300 - ok
11:55:52.0720 5732 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
11:55:52.0730 5732 ql40xx - ok
11:55:52.0751 5732 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:55:52.0794 5732 QWAVEdrv - ok
11:55:52.0839 5732 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:55:52.0880 5732 RasAcd - ok
11:55:52.0922 5732 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:55:52.0972 5732 RasAgileVpn - ok
11:55:53.0013 5732 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:55:53.0087 5732 Rasl2tp - ok
11:55:53.0118 5732 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:55:53.0147 5732 RasPppoe - ok
11:55:53.0182 5732 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:55:53.0260 5732 RasSstp - ok
11:55:53.0301 5732 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
11:55:53.0354 5732 rdbss - ok
11:55:53.0381 5732 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:55:53.0394 5732 rdpbus - ok
11:55:53.0414 5732 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:55:53.0476 5732 RDPCDD - ok
11:55:53.0499 5732 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:55:53.0540 5732 RDPENCDD - ok
11:55:53.0564 5732 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:55:53.0591 5732 RDPREFMP - ok
11:55:54.0017 5732 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
11:55:54.0055 5732 RDPWD - ok
11:55:54.0103 5732 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
11:55:54.0129 5732 rdyboost - ok
11:55:54.0189 5732 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
11:55:54.0248 5732 RFCOMM - ok
11:55:54.0303 5732 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:55:54.0381 5732 rspndr - ok
11:55:54.0462 5732 RTL8167 (a73ed14670220307874ad6bc2f279349) C:\Windows\system32\DRIVERS\Rt64win7.sys
11:55:54.0489 5732 RTL8167 - ok
11:55:54.0544 5732 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
11:55:54.0574 5732 sbp2port - ok
11:55:54.0621 5732 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
11:55:54.0711 5732 scfilter - ok
11:55:54.0816 5732 sdbus (84e00908975faf79e91282ed8fb88c2f) C:\Windows\system32\drivers\sdbus.sys
11:55:54.0856 5732 sdbus - ok
11:55:54.0934 5732 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:55:55.0010 5732 secdrv - ok
11:55:55.0072 5732 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:55:55.0112 5732 Serenum - ok
11:55:55.0156 5732 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:55:55.0192 5732 Serial - ok
11:55:55.0265 5732 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
11:55:55.0296 5732 sermouse - ok
11:55:55.0350 5732 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
11:55:55.0414 5732 sffdisk - ok
11:55:55.0434 5732 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:55:55.0445 5732 sffp_mmc - ok
11:55:55.0459 5732 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
11:55:55.0506 5732 sffp_sd - ok
11:55:55.0529 5732 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
11:55:55.0563 5732 sfloppy - ok
11:55:55.0631 5732 Sftfs (a40abfdcb75f835fdf3ce0cc64e4250d) C:\Windows\system32\DRIVERS\Sftfslh.sys
11:55:55.0663 5732 Sftfs - ok
11:55:55.0713 5732 Sftplay (411769ed1cb12d2b44217734347bdb7a) C:\Windows\system32\DRIVERS\Sftplaylh.sys
11:55:55.0739 5732 Sftplay - ok
11:55:55.0763 5732 Sftredir (a14d0df34bbb00ea94da16193d0c7957) C:\Windows\system32\DRIVERS\Sftredirlh.sys
11:55:55.0769 5732 Sftredir - ok
11:55:55.0793 5732 Sftvol (393b22addd89979eb1c60898f51c3648) C:\Windows\system32\DRIVERS\Sftvollh.sys
11:55:55.0799 5732 Sftvol - ok
11:55:55.0843 5732 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:55:55.0867 5732 SiSRaid2 - ok
11:55:55.0887 5732 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
11:55:55.0902 5732 SiSRaid4 - ok
11:55:55.0944 5732 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:55:56.0004 5732 Smb - ok
11:55:56.0431 5732 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:55:56.0455 5732 spldr - ok
11:55:56.0520 5732 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
11:55:56.0593 5732 srv - ok
11:55:56.0624 5732 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
11:55:56.0667 5732 srv2 - ok
11:55:56.0700 5732 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
11:55:56.0749 5732 srvnet - ok
11:55:56.0793 5732 stdcfltn (92e7f6666633d2dd91d527503daa7be0) C:\Windows\system32\DRIVERS\stdcfltn.sys
11:55:56.0802 5732 stdcfltn - ok
11:55:56.0858 5732 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
11:55:56.0884 5732 stexstor - ok
11:55:56.0934 5732 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
11:55:56.0953 5732 swenum - ok
11:55:57.0012 5732 SynTP (b0c7d4dcf4800df2f2145b500d0161e8) C:\Windows\system32\DRIVERS\SynTP.sys
11:55:57.0052 5732 SynTP - ok
11:55:57.0145 5732 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
11:55:57.0199 5732 Tcpip - ok
11:55:57.0242 5732 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
11:55:57.0294 5732 TCPIP6 - ok
11:55:57.0331 5732 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
11:55:57.0383 5732 tcpipreg - ok
11:55:57.0410 5732 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:55:57.0471 5732 TDPIPE - ok
11:55:57.0491 5732 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
11:55:57.0553 5732 TDTCP - ok
11:55:57.0593 5732 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
11:55:57.0621 5732 tdx - ok
11:55:57.0663 5732 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
11:55:57.0687 5732 TermDD - ok
11:55:57.0745 5732 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:55:57.0801 5732 tssecsrv - ok
11:55:57.0852 5732 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
11:55:57.0877 5732 TsUsbFlt - ok
11:55:57.0925 5732 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
11:55:57.0988 5732 tunnel - ok
11:55:58.0040 5732 TurboB (fd24f98d2898be093fe926604be7db99) C:\Windows\system32\DRIVERS\TurboB.sys
11:55:58.0049 5732 TurboB - ok
11:55:58.0082 5732 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
11:55:58.0094 5732 uagp35 - ok
11:55:58.0137 5732 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
11:55:58.0187 5732 udfs - ok
11:55:58.0242 5732 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
11:55:58.0266 5732 uliagpkx - ok
11:55:58.0312 5732 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
11:55:58.0331 5732 umbus - ok
11:55:58.0353 5732 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
11:55:58.0378 5732 UmPass - ok
11:55:59.0022 5732 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
11:55:59.0069 5732 USBAAPL64 - ok
11:55:59.0118 5732 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
11:55:59.0171 5732 usbaudio - ok
11:55:59.0208 5732 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\DRIVERS\usbccgp.sys
11:55:59.0252 5732 usbccgp - ok
11:55:59.0295 5732 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
11:55:59.0332 5732 usbcir - ok
11:55:59.0395 5732 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
11:55:59.0438 5732 usbehci - ok
11:55:59.0475 5732 usbhub (8b892002d7b79312821169a14317ab86) C:\Windows\system32\DRIVERS\usbhub.sys
11:55:59.0538 5732 usbhub - ok
11:55:59.0598 5732 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
11:55:59.0674 5732 usbohci - ok
11:55:59.0731 5732 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:55:59.0780 5732 usbprint - ok
11:55:59.0820 5732 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
11:55:59.0849 5732 usbscan - ok
11:55:59.0873 5732 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:55:59.0928 5732 USBSTOR - ok
11:55:59.0956 5732 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
11:55:59.0992 5732 usbuhci - ok
11:56:00.0036 5732 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
11:56:00.0070 5732 usbvideo - ok
11:56:00.0125 5732 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
11:56:00.0151 5732 vdrvroot - ok
11:56:00.0181 5732 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:56:00.0216 5732 vga - ok
11:56:00.0239 5732 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:56:00.0292 5732 VgaSave - ok
11:56:00.0329 5732 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
11:56:00.0358 5732 vhdmp - ok
11:56:00.0398 5732 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
11:56:00.0423 5732 viaide - ok
11:56:00.0446 5732 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
11:56:00.0457 5732 volmgr - ok
11:56:00.0507 5732 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
11:56:00.0545 5732 volmgrx - ok
11:56:00.0569 5732 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
11:56:00.0582 5732 volsnap - ok
11:56:00.0622 5732 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
11:56:00.0635 5732 vsmraid - ok
11:56:00.0700 5732 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
11:56:00.0733 5732 vwifibus - ok
11:56:00.0759 5732 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
11:56:00.0784 5732 vwififlt - ok
11:56:00.0805 5732 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
11:56:00.0826 5732 vwifimp - ok
11:56:00.0840 5732 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
11:56:00.0860 5732 WacomPen - ok
11:56:00.0924 5732 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:56:00.0999 5732 WANARP - ok
11:56:01.0477 5732 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:56:01.0522 5732 Wanarpv6 - ok
11:56:01.0559 5732 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
11:56:01.0567 5732 Wd - ok
11:56:01.0598 5732 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:56:01.0617 5732 Wdf01000 - ok
11:56:01.0667 5732 wdkmd (94dc2bf6cbaaa95e369c3756d3115a76) C:\Windows\system32\DRIVERS\WDKMD.sys
11:56:01.0710 5732 wdkmd - ok
11:56:01.0735 5732 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:56:01.0763 5732 WfpLwf - ok
11:56:01.0797 5732 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
11:56:01.0812 5732 WimFltr - ok
11:56:01.0831 5732 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:56:01.0839 5732 WIMMount - ok
11:56:01.0920 5732 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
11:56:01.0978 5732 WinUsb - ok
11:56:02.0024 5732 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
11:56:02.0048 5732 WmiAcpi - ok
11:56:02.0075 5732 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:56:02.0142 5732 ws2ifsl - ok
11:56:02.0186 5732 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
11:56:02.0263 5732 WudfPf - ok
11:56:02.0313 5732 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:56:02.0373 5732 WUDFRd - ok
11:56:02.0423 5732 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
11:56:02.0590 5732 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
11:56:02.0590 5732 \Device\Harddisk0\DR0 - detected TDSS File System (1)
11:56:02.0597 5732 Boot (0x1200) (4980b5f8fa0890f5e98eda07dcebc2f2) \Device\Harddisk0\DR0\Partition0
11:56:02.0598 5732 \Device\Harddisk0\DR0\Partition0 - ok
11:56:02.0630 5732 Boot (0x1200) (683c52ad82086aedc39384b3d0160f54) \Device\Harddisk0\DR0\Partition1
11:56:02.0631 5732 \Device\Harddisk0\DR0\Partition1 - ok
11:56:02.0632 5732 ============================================================
11:56:02.0632 5732 Scan finished
11:56:02.0632 5732 ============================================================
11:56:02.0639 3036 Detected object count: 1
11:56:02.0639 3036 Actual detected object count: 1
11:56:10.0442 3036 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
11:56:10.0445 3036 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
11:56:10.0448 3036 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
11:56:10.0451 3036 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
11:56:10.0455 3036 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
11:56:10.0488 3036 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
11:56:10.0508 3036 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
11:56:10.0530 3036 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
11:56:10.0537 3036 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
11:56:10.0545 3036 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
11:56:10.0558 3036 \Device\Harddisk0\DR0\TDLFS\xh.dll - copied to quarantine
11:56:10.0559 3036 \Device\Harddisk0\DR0\TDLFS - deleted
11:56:10.0559 3036 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete

kevinf80 · 09-Feb-2012, 12:25 PM **#10**

OK, post the log when ready, a quick scan would have been adequate but a full scan is fine. I`ve got to go out, will be back maybe 1 to 2 hours....

Kevin

Timmeh! · 09-Feb-2012, 12:35 PM **#11**

Kevin,

We aborted and ran a quick scan. Here you go:

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.09.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Zeynep :: ZEYNEP-PC [administrator]

Protection: Enabled

2/9/2012 12:23:07 PM
mbam-log-2012-02-09 (12-23-07).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 212640
Time elapsed: 11 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Timmeh! · 09-Feb-2012, 12:37 PM **#12**

Kevin, it looks like MBAM is showing a clean scan! Thanks so much for your help on this! Do you recommend continuing to use MBAM as our virus protection to avoid this happening again?

kevinf80 · 09-Feb-2012, 01:58 PM **#13**

Malwarebytes does not give Anti-Virus protection, it is however an excellent program and will protect from all other forms of malware if realtime protection is engaged. You will need the pro version for that option.

Run the following scan, post the logs when complete:

Download

OTL from any of the following links and save to your Desktop:

Link 1
Link 2
Link 3
Link 4

Double click on the icon to run it, Vista or Windows 7 users right click and select Run as Administartor. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top, make sure Stadard output is selected.
Select Scan all users
Under the Extra Registry section, check Use SafeList
In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".

Under the Custom Scan box paste this in:

Code:

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

Click the button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them in your reply

Next,

Download Security Check by screen317 from HERE or HERE.
Save it to your Desktop.
Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me see the following in your reply :-

OTL.txt
Extras.txt
Log from Security Checks

Kevin

Timmeh! · 09-Feb-2012, 06:04 PM **#14**

Here is the OTL log:

OTL Extras logfile created on: 2/9/2012 5:52:41 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Zeynep\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.92 Gb Total Physical Memory | 3.40 Gb Available Physical Memory | 57.46% Memory free
11.83 Gb Paging File | 8.94 Gb Available in Paging File | 75.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.01 Gb Total Space | 271.21 Gb Free Space | 60.13% Space Free | Partition Type: NTFS

Computer Name: ZEYNEP-PC | User Name: Zeynep | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-1213244044-3777014464-1362229086-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series" = Canon MG5200 series MP Drivers
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1A26F3E9-1351-400B-B296-A0B24F2FDA8C}" = CXP Color Printer Driver
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}" = Intel(R) PROSet/Wireless WiFi Software
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{7BE6B345-6BD9-492E-A440-A32D12AB2EF3}" = AVG 2012
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{AC76BA86-1033-0000-0064-0003D0000004}" = Adobe Acrobat 9 Pro Extended 64-bit Add-On
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 265.94
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 265.94
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 265.94
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.9
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.1.13.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel(R) Turbo Boost Technology Monitor 2.0
"{C7B40C35-85AE-4303-9EEA-1A1EA779664D}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{D050583D-5CEC-47B1-88AA-8B328CAA8621}" = AVG 2012
"{D1829BE5-F305-4576-9593-C66FC7E0B008}" = iCloud
"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"ARO 2011_is1" = ARO 2011
"AVG" = AVG 2012
"Dell Support Center" = Dell Support Center
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BC77CEF-C52F-4092-BF87-0D4E6B86D860}" = Memeo Share
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}" = Cozi
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75B7F766-7998-44d8-A202-F1EC76A121BA}" = Memeo AutoSync
"{75CE8AF5-0A5E-4A42-BC67-F83591DA9A7D}" = Sound Blaster X-Fi MB
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
"{81784157-3D4D-4bc1-B988-B24C32A26DA8}" = Memeo Send
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E666407-AC41-46a2-9692-6C7BFCBFDD37}" = Memeo Instant Backup
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA31EA7B-7917-4000-949B-38E91F848A25}" = Internet Explorer
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{C3A11907-930D-41AC-A135-CC3B12F92011}" = Seagate Dashboard
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8FAFAEE-94E2-43D9-8046-87F96D0FD7CF}" = Fantapper Player
"{CCF13D13-A87B-34E8-B689-1896D0C2DBA2}" = Google Talk Plugin
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D770F4B4-C422-45D9-8CEE-1B4C66E68CA8}" = Dell Stage
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECC2ECA-7737-4E13-A0ED-8D0A38FBE1CE}_is1" = EXARadyo 3
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F336F89D-8C5A-432C-8EA9-DA19377AD591}" = Dell MusicStage
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{F84906ED-BB54-4889-B131-FED9C9056FC8}" = Intel(R) Wireless Display
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"ActiveTouchMeetingClient" = WebEx
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"BizNuri" = BizNuri 4.0
"Canon MG5200 series User Registration" = Canon MG5200 series User Registration
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon My Printer
"DAEMON Tools Lite" = DAEMON Tools Lite
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Chrome" = Google Chrome
"GoToAssist" = GoToAssist Corporate
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"Kur'an Öðreniyorum (Bedava Web Sürümü)" = Kur'an Öðreniyorum (Bedava Web Sürümü)
"Kur'an Ögreniyorum 1.0" = Kur'an Ögreniyorum 1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"NirSoft BlueScreenView" = NirSoft BlueScreenView
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Picasa 3" = Picasa 3
"Replay Media Catcher 4" = Replay Media Catcher 4 (4.2.9)
"Rhapsody" = Rhapsody
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1213244044-3777014464-1362229086-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Support.com Toolbar Updater
"Dropbox" = Dropbox
"Spotify" = Spotify

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/2/2012 5:02:45 AM | Computer Name = Zeynep-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5102

Error - 2/2/2012 5:02:45 AM | Computer Name = Zeynep-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5102

Error - 2/2/2012 5:02:46 AM | Computer Name = Zeynep-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/2/2012 5:02:46 AM | Computer Name = Zeynep-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6116

Error - 2/2/2012 5:02:46 AM | Computer Name = Zeynep-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6116

Error - 2/2/2012 5:02:47 AM | Computer Name = Zeynep-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/2/2012 5:02:47 AM | Computer Name = Zeynep-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7114

Error - 2/2/2012 5:02:47 AM | Computer Name = Zeynep-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7114

Error - 2/2/2012 12:17:54 PM | Computer Name = Zeynep-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\Program Files (x86)\Cozi
Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 2/3/2012 12:52:36 AM | Computer Name = Zeynep-PC | Source = Application Error | ID = 1000
Description = Faulting application name: NOBuAgent.exe, version: 2.1.19634.0, time
stamp: 0x4c75b543 Faulting module name: NOBuAgent.exe, version: 2.1.19634.0, time
stamp: 0x4c75b543 Exception code: 0xc0000409 Fault offset: 0x000000000011e276 Faulting
process id: 0x12e4 Faulting application start time: 0x01cce22f98ee7f10 Faulting application
path: C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe Faulting module
path: C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe Report Id:
e3d8937a-4e22-11e1-80d2-bc773736e86c

[ Dell Events ]
Error - 11/21/2011 6:27:47 PM | Computer Name = Zeynep-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 11/21/2011 7:01:37 PM | Computer Name = Zeynep-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 11/21/2011 7:01:37 PM | Computer Name = Zeynep-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 12/5/2011 5:49:37 AM | Computer Name = Zeynep-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 12/5/2011 5:49:37 AM | Computer Name = Zeynep-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 12/8/2011 9:08:32 PM | Computer Name = Zeynep-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 12/8/2011 9:08:32 PM | Computer Name = Zeynep-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 1/25/2012 3:22:20 AM | Computer Name = Zeynep-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 1/25/2012 3:22:20 AM | Computer Name = Zeynep-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 2/1/2012 12:02:17 PM | Computer Name = Zeynep-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

[ OSession Events ]
Error - 8/30/2011 7:04:03 AM | Computer Name = Zeynep-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 536 seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/2/2011 8:45:13 AM | Computer Name = Zeynep-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 358 seconds with 60 seconds of active time. This session ended with a crash.

Error - 9/14/2011 6:26:01 AM | Computer Name = Zeynep-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 287 seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/14/2011 6:52:35 AM | Computer Name = Zeynep-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 320 seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/19/2011 8:05:07 AM | Computer Name = Zeynep-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 299 seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/20/2011 7:45:14 AM | Computer Name = Zeynep-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 533 seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/22/2011 7:45:28 AM | Computer Name = Zeynep-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 2674 seconds with 480 seconds of active time. This session ended with a
crash.

Error - 11/1/2011 8:30:05 AM | Computer Name = Zeynep-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 537 seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 9/15/2011 3:04:01 AM | Computer Name = Zeynep-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (120000 milliseconds) while waiting for the
Windows Search service to connect.

Error - 9/15/2011 3:04:01 AM | Computer Name = Zeynep-PC | Source = Service Control Manager | ID = 7000
Description = The Windows Search service failed to start due to the following error:
%%1053

Error - 9/15/2011 3:05:30 AM | Computer Name = Zeynep-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (120000 milliseconds) while waiting for the
Windows Search service to connect.

Error - 9/15/2011 3:05:30 AM | Computer Name = Zeynep-PC | Source = Service Control Manager | ID = 7000
Description = The Windows Search service failed to start due to the following error:
%%1053

Error - 9/15/2011 3:05:51 AM | Computer Name = Zeynep-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (120000 milliseconds) while waiting for the
Windows Search service to connect.

Error - 9/15/2011 3:05:51 AM | Computer Name = Zeynep-PC | Source = Service Control Manager | ID = 7000
Description = The Windows Search service failed to start due to the following error:
%%1053

Error - 9/15/2011 5:40:49 AM | Computer Name = Zeynep-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:39:18 AM on ?9/?15/?2011 was unexpected.

Error - 9/15/2011 3:37:39 PM | Computer Name = Zeynep-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (120000 milliseconds) was reached while waiting for a transaction
response from the SysMain service.

Error - 9/15/2011 3:37:50 PM | Computer Name = Zeynep-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 9/20/2011 5:31:26 AM | Computer Name = Zeynep-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

< End of report >

kevinf80 · 09-Feb-2012, 06:13 PM **#15**

That is Extras.txt, still need OTL.txt (that is the main log) Also need the log from Security Checks...

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Solved: Trojan infection preventing boot (scvhost.exe)

Find the solution to your computer problem!

Find the solution to your
computer problem!