Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Olmarik & (scour?) Google Redirect


  • This topic is locked This topic is locked
26 replies to this topic

#1 pepotero

pepotero

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:17 AM

Posted 21 December 2011 - 08:03 PM

I've used the guide on preparations before posting. I am not able to give a GMER because I am running 64-bit.
Like I've mentioned, I just keep getting redirect's by google and my anti-virus programs keep detecting Olmarik as well. I eset's website to remove Olmarik but they do not support a 64-bit verision and even looking online its difficult to find an answer specific to my computer. Thanks for any help. I have attached DDS.txt & Attach.txt

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:17 AM

Posted 25 December 2011 - 01:57 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 pepotero

pepotero
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:17 AM

Posted 25 December 2011 - 07:28 PM

Sorry about the attachments, my mistake. Let me know if u need that DDS.txt file posted (since you did not ask for it)

Once i had started combofix it instructed me to close spyware doctor (which i had forgotten to do) and I did close/turn off protection before clicking ok. No other errors/interruptions came up after that.

Ran combofix. I am still getting redirects from google searches. (Not sure if i still have olmarik, as you instructed not to run any other tool so I have not opened my antivirus program (ESET) to search for it)

Here is the combofix log:

ComboFix 11-12-24.10 - David_2 12/25/2011 17:21:43.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3893.2327 [GMT -6:00]
Running from: c:\users\David_2\Desktop\ComboFix.exe
AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
AV: Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Spyware Doctor with AntiVirus *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\logboot_25.12.2011.tureg.log
.
.
((((((((((((((((((((((((( Files Created from 2011-11-25 to 2011-12-25 )))))))))))))))))))))))))))))))
.
.
2011-12-25 23:54 . 2011-12-25 23:54 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2011-12-25 23:54 . 2011-12-25 23:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-25 23:54 . 2011-12-25 23:54 -------- d-----w- c:\users\David\AppData\Local\temp
2011-12-25 23:02 . 2011-12-25 23:02 -------- d-----w- c:\program files\Microsoft IntelliPoint
2011-12-24 23:27 . 2011-12-25 22:58 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A0EFE452-1529-49AC-A36B-A1C4E29B63AB}\offreg.dll
2011-12-24 23:27 . 2011-11-30 08:21 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A0EFE452-1529-49AC-A36B-A1C4E29B63AB}\mpengine.dll
2011-12-24 23:27 . 2011-11-15 20:29 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-12-24 23:27 . 2011-12-24 23:27 -------- d-----w- C:\f9be96cd96d8458e247f
2011-12-24 22:49 . 2010-12-31 15:36 74824 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2011-12-24 22:49 . 2010-12-31 15:36 41888 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2011-12-24 22:49 . 2010-12-31 15:36 65072 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2011-12-24 22:39 . 2011-12-24 22:39 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-12-24 22:26 . 2011-12-24 22:27 -------- d-----w- c:\program files\CCleaner
2011-12-24 08:08 . 2011-01-07 20:54 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-12-24 08:08 . 2011-01-07 20:54 1533904 ----a-w- c:\windows\PCTBDRes.dll
2011-12-24 08:08 . 2011-01-07 20:54 2000848 ----a-w- c:\windows\PCTBDCore.dll
2011-12-24 08:08 . 2011-01-07 20:54 767952 ----a-w- c:\windows\BDTSupport.dll
2011-12-24 08:00 . 2010-07-16 20:53 816016 ----a-w- c:\windows\system32\drivers\pctEFA64.sys
2011-12-24 08:00 . 2010-06-29 16:35 452872 ----a-w- c:\windows\system32\drivers\pctDS64.sys
2011-12-24 08:00 . 2011-01-17 15:09 334976 ----a-w- c:\windows\system32\drivers\pctgntdi64.sys
2011-12-24 08:00 . 2010-12-16 14:43 137704 ----a-w- c:\windows\system32\drivers\pctwfpfilter64.sys
2011-12-24 07:59 . 2010-12-10 19:24 257232 ----a-w- c:\windows\system32\drivers\PCTCore64.sys
2011-12-24 07:59 . 2010-12-16 14:46 92896 ----a-w- c:\windows\system32\drivers\pctplsg64.sys
2011-12-24 07:56 . 2011-12-24 22:49 -------- d-----w- c:\programdata\PC Tools
2011-12-23 07:01 . 2011-12-23 07:01 -------- d-----w- c:\programdata\Malwarebytes
2011-12-23 07:01 . 2011-12-23 07:02 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-23 01:22 . 2011-12-23 01:22 -------- d-----w- c:\windows\CheckSur
2011-12-22 23:34 . 2011-12-22 23:34 -------- d-----w- c:\windows\system32\SPReview
2011-12-22 23:33 . 2011-12-22 23:33 -------- d-----w- c:\windows\system32\EventProviders
2011-12-22 00:07 . 2010-10-28 00:25 34624 ----a-w- c:\windows\system32\TURegOpt.exe
2011-12-22 00:07 . 2010-10-28 00:21 36160 ----a-w- c:\windows\system32\uxtuneup.dll
2011-12-22 00:07 . 2010-10-28 00:21 29504 ----a-w- c:\windows\SysWow64\uxtuneup.dll
2011-12-22 00:07 . 2010-10-28 00:21 25920 ----a-w- c:\windows\system32\authuitu.dll
2011-12-22 00:07 . 2010-10-28 00:21 21312 ----a-w- c:\windows\SysWow64\authuitu.dll
2011-12-22 00:05 . 2011-12-22 00:10 -------- d-----w- c:\program files (x86)\TuneUp Utilities 2011
2011-12-22 00:02 . 2011-12-22 00:02 -------- d-----w- c:\program files (x86)\uTorrent
2011-12-22 00:01 . 2011-12-22 00:32 -------- d-----w- c:\users\David\AppData\Roaming\uTorrent
2011-12-21 23:02 . 2011-12-21 23:02 -------- d-----w- c:\users\David\AppData\Roaming\LockHunter
2011-12-21 22:50 . 2011-12-21 22:50 -------- d-----w- c:\users\David\AppData\Local\ESET
2011-12-21 19:46 . 2011-12-21 19:46 -------- d-----w- c:\program files\ESET
2011-12-21 18:19 . 2011-12-21 18:19 -------- d-----w- c:\program files\LockHunter
2011-12-21 18:02 . 2011-12-24 08:01 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2011-12-21 18:02 . 2011-12-25 23:13 -------- d-----w- c:\program files (x86)\PC Tools Security
2011-12-21 17:35 . 2011-12-25 22:53 -------- d-----w- c:\users\David_2
2011-12-17 05:14 . 2011-10-15 06:25 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-17 05:14 . 2011-10-15 05:48 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-17 05:14 . 2011-11-24 05:00 3141632 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 05:14 . 2011-10-26 05:19 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-17 05:13 . 2011-11-05 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-17 05:13 . 2011-11-05 05:17 2048 ----a-w- c:\windows\system32\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-23 00:05 . 2009-07-14 02:36 152064 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-12-23 00:05 . 2009-07-14 02:36 175104 ----a-w- c:\windows\system32\msclmd.dll
2011-09-29 16:24 . 2011-11-09 04:47 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-23_03.12.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2011-12-25 22:56 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-12-23 01:14 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-12-25 22:56 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-12-23 01:14 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-12-23 01:14 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-25 22:56 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-01-06 11:43 . 2011-12-24 08:18 48610 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-12-25 22:55 30822 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:30 . 2011-12-25 23:03 86016 c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2011-12-23 00:12 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2011-08-01 21:59 . 2011-08-01 21:59 45416 c:\windows\system32\DriverStore\FileRepository\point64.inf_amd64_neutral_b1cf5e889e918ca6\point64.sys
+ 2011-08-01 21:59 . 2011-08-01 21:59 23960 c:\windows\system32\DriverStore\FileRepository\nuidfltr.inf_amd64_neutral_a071a87dc95c1c15\nuidfltr.sys
+ 2011-07-29 00:37 . 2011-07-29 00:37 52584 c:\windows\system32\DriverStore\FileRepository\dc3du.inf_amd64_neutral_74c6c3670a9a8e89\dc3d.sys
+ 2011-05-18 14:08 . 2011-05-18 14:08 47616 c:\windows\system32\DriverStore\FileRepository\dc3dh.inf_amd64_neutral_73d3d011f5a03306\dc3d.sys
+ 2011-08-01 21:59 . 2011-08-01 21:59 45416 c:\windows\system32\drivers\point64.sys
+ 2011-08-01 21:59 . 2011-08-01 21:59 23960 c:\windows\system32\drivers\nuidfltr.sys
+ 2011-05-18 14:08 . 2011-05-18 14:08 47616 c:\windows\system32\drivers\dc3d.sys
- 2011-01-15 18:46 . 2011-12-23 01:14 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-01-15 18:46 . 2011-12-25 23:09 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-01-15 18:46 . 2011-12-23 01:14 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-01-15 18:46 . 2011-12-25 23:09 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-25 23:09 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-12-23 01:14 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2011-12-23 19:48 82352 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-12-21 21:10 . 2011-12-24 22:25 4380 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3760101215-242095506-3321230525-1004_UserData.bin
+ 2011-12-25 17:33 . 2011-12-25 23:18 3362 c:\windows\SoftwareDistribution\EventCache\{3FD21133-9D57-4F56-9997-65F05FE438BF}.bin
+ 2011-12-24 22:21 . 2011-12-25 22:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-12-23 01:14 . 2011-12-23 01:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-24 22:21 . 2011-12-25 22:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-12-23 01:14 . 2011-12-23 01:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-01-15 21:42 . 2011-12-24 19:23 334760 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2011-12-23 01:21 624178 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-12-25 22:59 624178 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-12-25 22:59 106522 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-12-23 01:21 106522 c:\windows\system32\perfc009.dat
+ 2011-05-18 14:08 . 2011-05-18 14:08 465408 c:\windows\system32\ipcoin82.dll
+ 2009-07-14 05:30 . 2011-12-25 23:03 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2011-12-23 00:08 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2011-12-25 23:03 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2011-12-23 00:12 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2011-08-01 21:59 . 2011-08-01 21:59 470376 c:\windows\system32\DriverStore\FileRepository\ipcdless.inf_amd64_neutral_165412f37e9f9224\ipcoin82.dll
+ 2011-05-18 14:08 . 2011-05-18 14:08 465408 c:\windows\system32\DriverStore\FileRepository\dc3dh.inf_amd64_neutral_73d3d011f5a03306\ipcoin82.dll
- 2009-07-14 05:01 . 2011-12-23 00:28 390244 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-12-24 20:53 390244 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-08-01 21:59 . 2011-08-01 21:59 1721576 c:\windows\system32\DriverStore\FileRepository\point64.inf_amd64_neutral_b1cf5e889e918ca6\wdfcoinstaller01009.dll
+ 2011-08-01 21:59 . 2011-08-01 21:59 1721576 c:\windows\system32\DriverStore\FileRepository\nuidfltr.inf_amd64_neutral_a071a87dc95c1c15\wdfcoinstaller01009.dll
+ 2011-07-29 00:37 . 2011-07-29 00:37 1721576 c:\windows\system32\DriverStore\FileRepository\dc3du.inf_amd64_neutral_74c6c3670a9a8e89\WdfCoInstaller01009.dll
+ 2011-02-18 18:49 . 2011-02-18 18:49 1721576 c:\windows\system32\DriverStore\FileRepository\dc3dh.inf_amd64_neutral_73d3d011f5a03306\WdfCoInstaller01009.dll
+ 2011-12-21 20:57 . 2011-12-24 20:53 1985572 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3760101215-242095506-3321230525-1004-8192.dat
+ 2011-12-21 20:57 . 2011-12-24 20:53 1267484 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3760101215-242095506-3321230525-1004-12288.dat
+ 2011-08-01 21:59 . 2011-08-01 21:59 1978368 c:\windows\Installer\923ee.msi
+ 2011-08-01 21:59 . 2011-08-01 21:59 2081792 c:\windows\Installer\923e9.msi
- 2009-07-14 02:34 . 2011-12-23 01:22 11010048 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2011-12-23 00:44 11010048 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-10 559616]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2011-01-13 165184]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
"PCTools FGuard"=c:\program files (x86)\PC Tools Security\BDT\FGuard.exe
"ISTray"="c:\program files (x86)\PC Tools Security\pctsGui.exe" /hideGUI
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools Security\pctsAuxs.exe [2010-03-15 366840]
R3 ThreatFire;ThreatFire;c:\program files (x86)\PC Tools Security\TFEngine\TFService.exe service [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
S0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools Security\BDT\BDTUpdateService.exe [2011-01-07 247760]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-08-10 974944]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2010-10-28 1974080]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-07-01 2533400]
S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2010-10-07 11856]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - PCTSDInjDriver64
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3760101215-242095506-3321230525-1003Core.job
- c:\users\David\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-11 06:34]
.
2011-12-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3760101215-242095506-3321230525-1003UA.job
- c:\users\David\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-11 06:34]
.
2011-12-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3760101215-242095506-3321230525-1003Core.job
- c:\users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-30 06:26]
.
2011-12-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3760101215-242095506-3321230525-1003UA.job
- c:\users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-30 06:26]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-14 10144288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-29 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-29 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-29 415256]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-08-10 4030008]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = g.msn.com/USCON/1
mLocal Page = c:\windows\SysWOW64\blank.htm
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-12-25 18:15:13
ComboFix-quarantined-files.txt 2011-12-26 00:15
.
Pre-Run: 444,136,013,824 bytes free
Post-Run: 443,883,536,384 bytes free
.
- - End Of File - - 7FEF201F0BC8EC7E5C53E6CC8A758165

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:17 AM

Posted 25 December 2011 - 08:19 PM

Hello

How are things doing at this time.

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 pepotero

pepotero
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:17 AM

Posted 25 December 2011 - 08:28 PM

Its refusing to run Tddskiller. (in task manager i see it pop-up, then disappear 2 seconds later) should I try it in safemode?

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:17 AM

Posted 25 December 2011 - 08:38 PM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun TDSSKiller for me and send me the report

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 pepotero

pepotero
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:17 AM

Posted 25 December 2011 - 08:46 PM

Infected MBR Detected
- Clicked Repair
- repair was successful
- Restarted computer
Windows is now giving me a blue screen after the "windows logo" and gives me an option to go startup repair or start normally (which then starts and crashes again)

Im assuming I shouldnt have clicked repair? :/

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:17 AM

Posted 25 December 2011 - 09:00 PM

Hello

during startup I want you to press f10 and tell me what you see


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 pepotero

pepotero
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:17 AM

Posted 25 December 2011 - 09:26 PM

edit windows boot options for: Windows 7
Path: \windows\system32\winload.exe
Partitions: 3
Hard Disk: 7f2837e

[\NOEXECUTE=OPTIN /MININT



Enter= Submit
Esc= Cancel

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:17 AM

Posted 25 December 2011 - 09:39 PM

Hello

boot back using f10 and remove this /MININT

restart the computer and once you are back into windows run tdskiller again


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 pepotero

pepotero
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:17 AM

Posted 25 December 2011 - 09:59 PM

No Threats Found

Log:

20:56:00.0420 3164 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
20:56:01.0856 3164 ============================================================
20:56:01.0856 3164 Current date / time: 2011/12/25 20:56:01.0856
20:56:01.0856 3164 SystemInfo:
20:56:01.0856 3164
20:56:01.0856 3164 OS Version: 6.1.7600 ServicePack: 0.0
20:56:01.0856 3164 Product type: Workstation
20:56:01.0857 3164 ComputerName: DVD-PC
20:56:01.0857 3164 UserName: David_2
20:56:01.0857 3164 Windows directory: C:\Windows
20:56:01.0857 3164 System windows directory: C:\Windows
20:56:01.0857 3164 Running under WOW64
20:56:01.0857 3164 Processor architecture: Intel x64
20:56:01.0857 3164 Number of processors: 4
20:56:01.0857 3164 Page size: 0x1000
20:56:01.0858 3164 Boot type: Normal boot
20:56:01.0858 3164 ============================================================
20:56:02.0908 3164 Initialize success
20:56:23.0978 2996 ============================================================
20:56:23.0978 2996 Scan started
20:56:23.0978 2996 Mode: Manual;
20:56:23.0978 2996 ============================================================
20:56:24.0350 2996 1394ohci (969c91060cbb5d17cb8440b5f78b4c51) C:\Windows\system32\drivers\1394ohci.sys
20:56:24.0356 2996 1394ohci - ok
20:56:24.0453 2996 ACPI (794ff35015209b9d44f1360c42c9776d) C:\Windows\system32\drivers\ACPI.sys
20:56:24.0461 2996 ACPI - ok
20:56:24.0514 2996 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\drivers\acpipmi.sys
20:56:24.0517 2996 AcpiPmi - ok
20:56:24.0583 2996 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:56:24.0594 2996 adp94xx - ok
20:56:24.0739 2996 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:56:24.0747 2996 adpahci - ok
20:56:24.0846 2996 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:56:24.0852 2996 adpu320 - ok
20:56:24.0987 2996 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
20:56:25.0596 2996 AFD - ok
20:56:25.0642 2996 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:56:25.0645 2996 agp440 - ok
20:56:25.0733 2996 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:56:25.0735 2996 aliide - ok
20:56:25.0823 2996 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:56:25.0825 2996 amdide - ok
20:56:25.0945 2996 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:56:25.0949 2996 AmdK8 - ok
20:56:26.0035 2996 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:56:26.0038 2996 AmdPPM - ok
20:56:26.0124 2996 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
20:56:26.0127 2996 amdsata - ok
20:56:26.0219 2996 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:56:26.0224 2996 amdsbs - ok
20:56:26.0343 2996 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
20:56:26.0344 2996 amdxata - ok
20:56:26.0436 2996 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
20:56:26.0439 2996 AppID - ok
20:56:26.0589 2996 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:56:26.0592 2996 arc - ok
20:56:26.0620 2996 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:56:26.0626 2996 arcsas - ok
20:56:26.0737 2996 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:56:26.0740 2996 AsyncMac - ok
20:56:26.0854 2996 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:56:26.0857 2996 atapi - ok
20:56:26.0989 2996 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:56:27.0000 2996 b06bdrv - ok
20:56:27.0057 2996 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:56:27.0064 2996 b57nd60a - ok
20:56:27.0189 2996 BCM43XX (8b5d16d20774fc3727f44e161be2c0ac) C:\Windows\system32\DRIVERS\bcmwl664.sys
20:56:27.0214 2996 BCM43XX - ok
20:56:27.0293 2996 BcmVWL (d224b2e6bb543f1d8f1177d57fec2950) C:\Windows\system32\DRIVERS\bcmvwl64.sys
20:56:27.0295 2996 BcmVWL - ok
20:56:27.0333 2996 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:56:27.0335 2996 Beep - ok
20:56:27.0413 2996 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:56:27.0415 2996 blbdrive - ok
20:56:27.0507 2996 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
20:56:27.0508 2996 bowser - ok
20:56:27.0557 2996 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:56:27.0558 2996 BrFiltLo - ok
20:56:27.0599 2996 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:56:27.0601 2996 BrFiltUp - ok
20:56:27.0728 2996 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:56:27.0732 2996 Brserid - ok
20:56:27.0785 2996 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:56:27.0787 2996 BrSerWdm - ok
20:56:27.0867 2996 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:56:27.0869 2996 BrUsbMdm - ok
20:56:27.0899 2996 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:56:27.0900 2996 BrUsbSer - ok
20:56:27.0990 2996 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
20:56:27.0992 2996 BthEnum - ok
20:56:28.0076 2996 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:56:28.0077 2996 BTHMODEM - ok
20:56:28.0133 2996 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
20:56:28.0135 2996 BthPan - ok
20:56:28.0267 2996 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\System32\Drivers\BTHport.sys
20:56:28.0273 2996 BTHPORT - ok
20:56:28.0424 2996 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\Windows\System32\Drivers\BTHUSB.sys
20:56:28.0427 2996 BTHUSB - ok
20:56:28.0486 2996 btusbflt (d3466f77c2c49c6e393ba5fba963a33e) C:\Windows\system32\drivers\btusbflt.sys
20:56:28.0490 2996 btusbflt - ok
20:56:28.0585 2996 btwaudio (af838d8029ae7c27470862d63fa54d24) C:\Windows\system32\drivers\btwaudio.sys
20:56:28.0587 2996 btwaudio - ok
20:56:28.0706 2996 btwavdt (5c849bd7c78791c5cee9f4651d7fe38d) C:\Windows\system32\drivers\btwavdt.sys
20:56:28.0707 2996 btwavdt - ok
20:56:28.0821 2996 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
20:56:28.0822 2996 btwl2cap - ok
20:56:28.0932 2996 btwrchid (3e1991afa851a36dc978b0a1b0535c8b) C:\Windows\system32\DRIVERS\btwrchid.sys
20:56:28.0933 2996 btwrchid - ok
20:56:29.0019 2996 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:56:29.0022 2996 cdfs - ok
20:56:29.0125 2996 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\drivers\cdrom.sys
20:56:29.0127 2996 cdrom - ok
20:56:29.0222 2996 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:56:29.0224 2996 circlass - ok
20:56:29.0288 2996 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:56:29.0293 2996 CLFS - ok
20:56:29.0401 2996 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:56:29.0402 2996 CmBatt - ok
20:56:29.0436 2996 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:56:29.0438 2996 cmdide - ok
20:56:29.0520 2996 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
20:56:29.0526 2996 CNG - ok
20:56:29.0547 2996 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:56:29.0548 2996 Compbatt - ok
20:56:29.0580 2996 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\drivers\CompositeBus.sys
20:56:29.0582 2996 CompositeBus - ok
20:56:29.0665 2996 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:56:29.0666 2996 crcdisk - ok
20:56:29.0760 2996 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
20:56:29.0763 2996 CtClsFlt - ok
20:56:29.0892 2996 dc3d (7af9dac504fbd047cbc3e64ae52c92bf) C:\Windows\system32\DRIVERS\dc3d.sys
20:56:29.0893 2996 dc3d - ok
20:56:29.0999 2996 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
20:56:30.0001 2996 DfsC - ok
20:56:30.0089 2996 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:56:30.0090 2996 discache - ok
20:56:30.0111 2996 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:56:30.0113 2996 Disk - ok
20:56:30.0204 2996 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:56:30.0205 2996 drmkaud - ok
20:56:30.0285 2996 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
20:56:30.0291 2996 DXGKrnl - ok
20:56:30.0445 2996 eamonm (13533557d01b88c83110d5cf749f14d7) C:\Windows\system32\DRIVERS\eamonm.sys
20:56:30.0446 2996 eamonm - ok
20:56:30.0586 2996 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:56:30.0655 2996 ebdrv - ok
20:56:30.0856 2996 ehdrv (e097728129e7b79bf1089d7aef42332b) C:\Windows\system32\DRIVERS\ehdrv.sys
20:56:30.0857 2996 ehdrv - ok
20:56:31.0212 2996 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:56:31.0220 2996 elxstor - ok
20:56:31.0403 2996 epfw (198c6fbc30bbd9632ea051203dccf204) C:\Windows\system32\DRIVERS\epfw.sys
20:56:31.0405 2996 epfw - ok
20:56:31.0628 2996 EpfwLWF (56de463f517710a8aa44eef82c35b3c9) C:\Windows\system32\DRIVERS\EpfwLWF.sys
20:56:31.0629 2996 EpfwLWF - ok
20:56:31.0856 2996 epfwwfp (710b0442bb2f99278d7b8e02a8849c11) C:\Windows\system32\DRIVERS\epfwwfp.sys
20:56:31.0857 2996 epfwwfp - ok
20:56:32.0058 2996 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:56:32.0059 2996 ErrDev - ok
20:56:32.0314 2996 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:56:32.0320 2996 exfat - ok
20:56:32.0462 2996 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:56:32.0466 2996 fastfat - ok
20:56:32.0726 2996 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:56:32.0727 2996 fdc - ok
20:56:32.0904 2996 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:56:32.0906 2996 FileInfo - ok
20:56:33.0042 2996 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:56:33.0045 2996 Filetrace - ok
20:56:33.0262 2996 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:56:33.0264 2996 flpydisk - ok
20:56:33.0499 2996 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
20:56:33.0502 2996 FltMgr - ok
20:56:33.0659 2996 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:56:33.0660 2996 FsDepends - ok
20:56:33.0802 2996 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
20:56:33.0804 2996 Fs_Rec - ok
20:56:33.0999 2996 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:56:34.0005 2996 fvevol - ok
20:56:34.0201 2996 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:56:34.0204 2996 gagp30kx - ok
20:56:34.0335 2996 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:56:34.0336 2996 GEARAspiWDM - ok
20:56:34.0491 2996 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:56:34.0494 2996 hcw85cir - ok
20:56:34.0673 2996 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\drivers\HDAudBus.sys
20:56:34.0676 2996 HDAudBus - ok
20:56:34.0871 2996 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
20:56:34.0873 2996 HECIx64 - ok
20:56:35.0015 2996 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:56:35.0018 2996 HidBatt - ok
20:56:35.0167 2996 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:56:35.0170 2996 HidBth - ok
20:56:35.0347 2996 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:56:35.0349 2996 HidIr - ok
20:56:35.0782 2996 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
20:56:35.0784 2996 HidUsb - ok
20:56:35.0962 2996 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\drivers\HpSAMD.sys
20:56:35.0964 2996 HpSAMD - ok
20:56:36.0255 2996 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
20:56:36.0263 2996 HTTP - ok
20:56:36.0512 2996 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
20:56:36.0514 2996 hwpolicy - ok
20:56:36.0657 2996 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
20:56:36.0660 2996 i8042prt - ok
20:56:36.0848 2996 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
20:56:36.0857 2996 iaStor - ok
20:56:37.0102 2996 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
20:56:37.0112 2996 iaStorV - ok
20:56:39.0352 2996 igfx (31569a2e836c12014148bf7342716946) C:\Windows\system32\DRIVERS\igdkmd64.sys
20:56:39.0569 2996 igfx - ok
20:56:39.0821 2996 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:56:39.0824 2996 iirsp - ok
20:56:40.0134 2996 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
20:56:40.0138 2996 Impcd - ok
20:56:40.0418 2996 IntcAzAudAddService (6e4ccb3aff07e2b9f2a937385c84b573) C:\Windows\system32\drivers\RTKVHD64.sys
20:56:40.0430 2996 IntcAzAudAddService - ok
20:56:40.0706 2996 IntcDAud (03c74719d48056a1078f3a51ceb76baa) C:\Windows\system32\DRIVERS\IntcDAud.sys
20:56:40.0712 2996 IntcDAud - ok
20:56:40.0900 2996 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:56:40.0902 2996 intelide - ok
20:56:41.0060 2996 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:56:41.0062 2996 intelppm - ok
20:56:41.0239 2996 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:56:41.0241 2996 IpFilterDriver - ok
20:56:41.0406 2996 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\drivers\IPMIDrv.sys
20:56:41.0410 2996 IPMIDRV - ok
20:56:41.0698 2996 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:56:41.0701 2996 IPNAT - ok
20:56:41.0994 2996 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:56:41.0997 2996 IRENUM - ok
20:56:42.0251 2996 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:56:42.0254 2996 isapnp - ok
20:56:42.0542 2996 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\drivers\msiscsi.sys
20:56:42.0548 2996 iScsiPrt - ok
20:56:42.0803 2996 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
20:56:42.0805 2996 kbdclass - ok
20:56:42.0964 2996 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\drivers\kbdhid.sys
20:56:42.0965 2996 kbdhid - ok
20:56:43.0117 2996 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
20:56:43.0120 2996 KSecDD - ok
20:56:43.0371 2996 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
20:56:43.0375 2996 KSecPkg - ok
20:56:43.0555 2996 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:56:43.0557 2996 ksthunk - ok
20:56:43.0798 2996 L1C (39918db0efcf045a1ce6fabbf339f975) C:\Windows\system32\DRIVERS\L1C62x64.sys
20:56:43.0801 2996 L1C - ok
20:56:43.0980 2996 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:56:43.0982 2996 lltdio - ok
20:56:44.0119 2996 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:56:44.0122 2996 LSI_FC - ok
20:56:44.0411 2996 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:56:44.0415 2996 LSI_SAS - ok
20:56:44.0556 2996 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:56:44.0559 2996 LSI_SAS2 - ok
20:56:44.0670 2996 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:56:44.0674 2996 LSI_SCSI - ok
20:56:44.0834 2996 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:56:44.0837 2996 luafv - ok
20:56:45.0016 2996 MBAMProtector - ok
20:56:45.0313 2996 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
20:56:45.0317 2996 mcdbus - ok
20:56:45.0511 2996 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:56:45.0514 2996 megasas - ok
20:56:45.0681 2996 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:56:45.0686 2996 MegaSR - ok
20:56:45.0908 2996 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:56:45.0910 2996 Modem - ok
20:56:46.0085 2996 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:56:46.0086 2996 monitor - ok
20:56:46.0288 2996 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
20:56:46.0290 2996 mouclass - ok
20:56:46.0442 2996 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:56:46.0443 2996 mouhid - ok
20:56:46.0655 2996 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
20:56:46.0657 2996 mountmgr - ok
20:56:46.0857 2996 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\drivers\mpio.sys
20:56:46.0862 2996 mpio - ok
20:56:46.0990 2996 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:56:46.0992 2996 mpsdrv - ok
20:56:47.0162 2996 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
20:56:47.0165 2996 MRxDAV - ok
20:56:47.0299 2996 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:56:47.0301 2996 mrxsmb - ok
20:56:47.0522 2996 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:56:47.0528 2996 mrxsmb10 - ok
20:56:47.0664 2996 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:56:47.0666 2996 mrxsmb20 - ok
20:56:47.0776 2996 msahci (bccf16d5fb1109162380e3e28dc9e4e5) C:\Windows\system32\drivers\msahci.sys
20:56:47.0777 2996 msahci - ok
20:56:47.0878 2996 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\drivers\msdsm.sys
20:56:47.0881 2996 msdsm - ok
20:56:48.0006 2996 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:56:48.0007 2996 Msfs - ok
20:56:48.0106 2996 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:56:48.0107 2996 mshidkmdf - ok
20:56:48.0220 2996 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:56:48.0221 2996 msisadrv - ok
20:56:48.0370 2996 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:56:48.0372 2996 MSKSSRV - ok
20:56:48.0476 2996 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:56:48.0477 2996 MSPCLOCK - ok
20:56:48.0691 2996 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:56:48.0692 2996 MSPQM - ok
20:56:48.0817 2996 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
20:56:48.0821 2996 MsRPC - ok
20:56:48.0962 2996 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
20:56:48.0963 2996 mssmbios - ok
20:56:49.0097 2996 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:56:49.0098 2996 MSTEE - ok
20:56:49.0222 2996 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:56:49.0224 2996 MTConfig - ok
20:56:49.0348 2996 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:56:49.0349 2996 Mup - ok
20:56:49.0510 2996 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:56:49.0514 2996 NativeWifiP - ok
20:56:49.0655 2996 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
20:56:49.0668 2996 NDIS - ok
20:56:49.0795 2996 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:56:49.0797 2996 NdisCap - ok
20:56:49.0871 2996 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:56:49.0873 2996 NdisTapi - ok
20:56:49.0929 2996 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
20:56:49.0931 2996 Ndisuio - ok
20:56:50.0100 2996 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
20:56:50.0102 2996 NdisWan - ok
20:56:50.0254 2996 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
20:56:50.0256 2996 NDProxy - ok
20:56:50.0359 2996 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:56:50.0361 2996 NetBIOS - ok
20:56:50.0485 2996 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
20:56:50.0489 2996 NetBT - ok
20:56:50.0606 2996 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:56:50.0608 2996 nfrd960 - ok
20:56:50.0712 2996 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:56:50.0713 2996 Npfs - ok
20:56:50.0837 2996 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:56:50.0839 2996 nsiproxy - ok
20:56:50.0969 2996 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
20:56:51.0004 2996 Ntfs - ok
20:56:51.0108 2996 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:56:51.0109 2996 Null - ok
20:56:51.0162 2996 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
20:56:51.0165 2996 nvraid - ok
20:56:51.0249 2996 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
20:56:51.0252 2996 nvstor - ok
20:56:51.0288 2996 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:56:51.0290 2996 nv_agp - ok
20:56:51.0339 2996 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:56:51.0341 2996 ohci1394 - ok
20:56:51.0410 2996 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:56:51.0413 2996 Parport - ok
20:56:51.0465 2996 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
20:56:51.0467 2996 partmgr - ok
20:56:51.0550 2996 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\drivers\pci.sys
20:56:51.0553 2996 pci - ok
20:56:51.0644 2996 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:56:51.0646 2996 pciide - ok
20:56:51.0740 2996 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:56:51.0743 2996 pcmcia - ok
20:56:51.0873 2996 PCTCore (54e013b6d55b81c0aa1ebea80ff42383) C:\Windows\system32\drivers\PCTCore64.sys
20:56:51.0877 2996 PCTCore - ok
20:56:52.0048 2996 pctDS (ff43e3b1687e4e2140de6349ea5c7372) C:\Windows\system32\drivers\pctDS64.sys
20:56:52.0058 2996 pctDS - ok
20:56:52.0239 2996 pctgntdi (24b8461b247824e0a8af9671e81a5553) C:\Windows\System32\drivers\pctgntdi64.sys
20:56:52.0246 2996 pctgntdi - ok
20:56:52.0388 2996 pctplsg (db7a3311c4ede70f3115308533ae9fb9) C:\Windows\System32\drivers\pctplsg64.sys
20:56:52.0391 2996 pctplsg - ok
20:56:52.0501 2996 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:56:52.0503 2996 pcw - ok
20:56:52.0622 2996 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:56:52.0635 2996 PEAUTH - ok
20:56:52.0768 2996 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
20:56:52.0772 2996 PptpMiniport - ok
20:56:52.0879 2996 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:56:52.0882 2996 Processor - ok
20:56:53.0002 2996 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
20:56:53.0005 2996 Psched - ok
20:56:53.0120 2996 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
20:56:53.0123 2996 PxHlpa64 - ok
20:56:53.0268 2996 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:56:53.0315 2996 ql2300 - ok
20:56:53.0437 2996 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:56:53.0439 2996 ql40xx - ok
20:56:53.0530 2996 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:56:53.0533 2996 QWAVEdrv - ok
20:56:53.0641 2996 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:56:53.0643 2996 RasAcd - ok
20:56:53.0756 2996 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:56:53.0759 2996 RasAgileVpn - ok
20:56:53.0875 2996 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:56:53.0880 2996 Rasl2tp - ok
20:56:53.0989 2996 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:56:53.0992 2996 RasPppoe - ok
20:56:54.0100 2996 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:56:54.0102 2996 RasSstp - ok
20:56:54.0223 2996 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
20:56:54.0230 2996 rdbss - ok
20:56:54.0351 2996 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:56:54.0354 2996 rdpbus - ok
20:56:54.0457 2996 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:56:54.0458 2996 RDPCDD - ok
20:56:54.0556 2996 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:56:54.0557 2996 RDPENCDD - ok
20:56:54.0651 2996 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:56:54.0652 2996 RDPREFMP - ok
20:56:54.0754 2996 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
20:56:54.0759 2996 RDPWD - ok
20:56:54.0858 2996 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
20:56:54.0864 2996 rdyboost - ok
20:56:55.0006 2996 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
20:56:55.0010 2996 RFCOMM - ok
20:56:55.0162 2996 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:56:55.0165 2996 rspndr - ok
20:56:55.0272 2996 RSUSBSTOR (22d6b47d004a6568c500680be2972854) C:\Windows\system32\Drivers\RtsUStor.sys
20:56:55.0276 2996 RSUSBSTOR - ok
20:56:55.0445 2996 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\drivers\sbp2port.sys
20:56:55.0449 2996 sbp2port - ok
20:56:55.0576 2996 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
20:56:55.0578 2996 scfilter - ok
20:56:55.0740 2996 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:56:55.0743 2996 secdrv - ok
20:56:55.0895 2996 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:56:55.0898 2996 Serenum - ok
20:56:56.0007 2996 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:56:56.0011 2996 Serial - ok
20:56:56.0117 2996 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:56:56.0120 2996 sermouse - ok
20:56:56.0252 2996 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
20:56:56.0254 2996 sffdisk - ok
20:56:56.0348 2996 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:56:56.0351 2996 sffp_mmc - ok
20:56:56.0378 2996 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\drivers\sffp_sd.sys
20:56:56.0381 2996 sffp_sd - ok
20:56:56.0481 2996 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:56:56.0484 2996 sfloppy - ok
20:56:56.0635 2996 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:56:56.0638 2996 SiSRaid2 - ok
20:56:56.0755 2996 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:56:56.0759 2996 SiSRaid4 - ok
20:56:56.0823 2996 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:56:56.0826 2996 Smb - ok
20:56:56.0965 2996 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:56:56.0967 2996 spldr - ok
20:56:57.0120 2996 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
20:56:57.0130 2996 srv - ok
20:56:57.0223 2996 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
20:56:57.0233 2996 srv2 - ok
20:56:57.0302 2996 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
20:56:57.0306 2996 srvnet - ok
20:56:57.0424 2996 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:56:57.0426 2996 stexstor - ok
20:56:57.0544 2996 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
20:56:57.0547 2996 swenum - ok
20:56:57.0641 2996 SynTP (c25866bdf0e818e02bb8e76845d26e54) C:\Windows\system32\DRIVERS\SynTP.sys
20:56:57.0649 2996 SynTP - ok
20:56:57.0761 2996 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
20:56:57.0813 2996 Tcpip - ok
20:56:57.0961 2996 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
20:56:57.0983 2996 TCPIP6 - ok
20:56:58.0041 2996 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
20:56:58.0043 2996 tcpipreg - ok
20:56:58.0089 2996 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:56:58.0092 2996 TDPIPE - ok
20:56:58.0111 2996 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
20:56:58.0114 2996 TDTCP - ok
20:56:58.0145 2996 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
20:56:58.0147 2996 tdx - ok
20:56:58.0185 2996 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\drivers\termdd.sys
20:56:58.0187 2996 TermDD - ok
20:56:58.0371 2996 TfFsMon (a0e9ff68460a30517283e75fdd3576d8) C:\Windows\system32\drivers\TfFsMon.sys
20:56:58.0392 2996 TfFsMon - ok
20:56:58.0564 2996 TfNetMon (974285b8fa8cf2f70ae868422ba05218) C:\Windows\system32\drivers\TfNetMon.sys
20:56:58.0566 2996 TfNetMon - ok
20:56:58.0764 2996 TFSysMon (f9a30737390516f4448682bd1888a038) C:\Windows\system32\drivers\TfSysMon.sys
20:56:58.0766 2996 TFSysMon - ok
20:56:59.0012 2996 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:56:59.0014 2996 tssecsrv - ok
20:56:59.0133 2996 TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys
20:56:59.0135 2996 TuneUpUtilitiesDrv - ok
20:56:59.0434 2996 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
20:56:59.0438 2996 tunnel - ok
20:56:59.0773 2996 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:56:59.0776 2996 uagp35 - ok
20:57:00.0057 2996 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys
20:57:00.0066 2996 udfs - ok
20:57:00.0377 2996 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:57:00.0380 2996 uliagpkx - ok
20:57:00.0525 2996 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\drivers\umbus.sys
20:57:00.0527 2996 umbus - ok
20:57:00.0647 2996 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:57:00.0650 2996 UmPass - ok
20:57:00.0711 2996 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
20:57:00.0713 2996 USBAAPL64 - ok
20:57:00.0774 2996 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
20:57:00.0778 2996 usbccgp - ok
20:57:00.0843 2996 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:57:00.0846 2996 usbcir - ok
20:57:00.0909 2996 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\drivers\usbehci.sys
20:57:00.0913 2996 usbehci - ok
20:57:01.0209 2996 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
20:57:01.0217 2996 usbhub - ok
20:57:01.0347 2996 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
20:57:01.0350 2996 usbohci - ok
20:57:01.0454 2996 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:57:01.0457 2996 usbprint - ok
20:57:01.0602 2996 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS
20:57:01.0605 2996 USBSTOR - ok
20:57:01.0755 2996 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys
20:57:01.0758 2996 usbuhci - ok
20:57:01.0927 2996 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
20:57:01.0931 2996 usbvideo - ok
20:57:02.0151 2996 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:57:02.0154 2996 vdrvroot - ok
20:57:02.0284 2996 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:57:02.0287 2996 vga - ok
20:57:02.0413 2996 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:57:02.0415 2996 VgaSave - ok
20:57:02.0591 2996 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\drivers\vhdmp.sys
20:57:02.0596 2996 vhdmp - ok
20:57:02.0779 2996 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:57:02.0781 2996 viaide - ok
20:57:02.0950 2996 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\drivers\volmgr.sys
20:57:02.0953 2996 volmgr - ok
20:57:03.0065 2996 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
20:57:03.0073 2996 volmgrx - ok
20:57:03.0279 2996 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\drivers\volsnap.sys
20:57:03.0285 2996 volsnap - ok
20:57:03.0388 2996 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:57:03.0393 2996 vsmraid - ok
20:57:03.0426 2996 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
20:57:03.0428 2996 vwifibus - ok
20:57:03.0452 2996 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
20:57:03.0456 2996 vwififlt - ok
20:57:03.0664 2996 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:57:03.0666 2996 WacomPen - ok
20:57:03.0756 2996 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
20:57:03.0759 2996 WANARP - ok
20:57:03.0770 2996 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
20:57:03.0773 2996 Wanarpv6 - ok
20:57:03.0951 2996 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:57:03.0954 2996 Wd - ok
20:57:04.0134 2996 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:57:04.0148 2996 Wdf01000 - ok
20:57:04.0346 2996 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:57:04.0348 2996 WfpLwf - ok
20:57:04.0603 2996 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
20:57:04.0607 2996 WimFltr - ok
20:57:04.0774 2996 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:57:04.0777 2996 WIMMount - ok
20:57:05.0114 2996 WinUsb (4d52c872018af7e18d078978dcc3f6f2) C:\Windows\system32\DRIVERS\WinUsb.sys
20:57:05.0145 2996 WinUsb - ok
20:57:05.0274 2996 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
20:57:05.0276 2996 WmiAcpi - ok
20:57:05.0425 2996 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:57:05.0427 2996 ws2ifsl - ok
20:57:05.0802 2996 WudfPf (c63907207b837a5c05cf6d1606aa0008) C:\Windows\system32\drivers\WudfPf.sys
20:57:05.0806 2996 WudfPf - ok
20:57:05.0963 2996 WUDFRd (d885a873d733020f8b9b9ff4b1666158) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:57:05.0968 2996 WUDFRd - ok
20:57:06.0054 2996 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
20:57:06.0136 2996 \Device\Harddisk0\DR0 - ok
20:57:06.0180 2996 Boot (0x1200) (7019b8cc0dc29e0feb9b03c67b44ee2d) \Device\Harddisk0\DR0\Partition0
20:57:06.0182 2996 \Device\Harddisk0\DR0\Partition0 - ok
20:57:06.0218 2996 Boot (0x1200) (2340c985aa75654c7597e3a6ea3097d0) \Device\Harddisk0\DR0\Partition1
20:57:06.0221 2996 \Device\Harddisk0\DR0\Partition1 - ok
20:57:06.0222 2996 ============================================================
20:57:06.0222 2996 Scan finished
20:57:06.0222 2996 ============================================================
20:57:06.0244 4804 Detected object count: 0
20:57:06.0244 4804 Actual detected object count: 0

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:17 AM

Posted 25 December 2011 - 10:12 PM

Hello

This is what we need to do

System Recovery Environment

To access the System Recovery Environment, simply boot your PC,

  • just before the system loads the Windows operating system, hit the [F8] Function 8 key on your keyboard which will launch the Advanced Boot Options menu.
  • There you will see a new option 'Repair Your Computer', select this option and hit 'Enter' on your keyboard.
  • Now, from the System Recovery Options dialog, select the "Operating System" you want to repair, then click Next:

    when you get to the "Choose a Recovery Tool" menu you will see at the top

    Operating System: Win 7 on (D:) OS

    Take note of the drive letter in red If it is not C then the commands below need to reflect the difference - change THe C: that are in below to what it shows above
  • From the "Choose a Recovery Tool" dialog menu, select "Command Prompt":
  • Type the following into the "Command Prompt Window": and press enter After Each line


    CD X:
    C:
    cd boot
    attrib bcd -s -h -r
    ren c:\boot\bcd bcd.old
    bootrec /RebuildBcd

restart the computer and let me know if it booted ok

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 pepotero

pepotero
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:17 AM

Posted 25 December 2011 - 10:26 PM

after cd boot i get "the system, cannot find the path specified"
after attrib bcd -s -h -r
"file not found bcd"
After ren c:....
"cannot find file specified"

i did not run rebuildbcd because i feel this is going wrong and i want to make sure first before i do the last command

Edited by pepotero, 25 December 2011 - 10:28 PM.


#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:17 AM

Posted 25 December 2011 - 10:43 PM

ok get back into windows


click on the start orb

type CMD into the search bar

right click on cmd and select "run as admin

type the following in and press enter

bcdedit /set {current} winpe no

restart computer and let me know how it goes


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 pepotero

pepotero
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:17 AM

Posted 25 December 2011 - 10:55 PM

do u want to me restart my computer and try to do system security enviroment steps or go back to windows.
(btw i seem to have to use F10 and delete /minint everytime i start windows normally, just some info for you)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users