Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Have a new computer thats become very slow only on webpages do I have malware?


  • This topic is locked This topic is locked
12 replies to this topic

#1 makaveli3005

makaveli3005

  • Members
  • 107 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 24 July 2013 - 09:14 AM

I am using a fairly new computer with Windows 7, 1TB of hard drive space, 4GB of ram, 2.67ghz processor. and just lately everything is very slow. When I access the internet explorer or Google chrome websites take a very long time to load up sometimes never do. If they do they are extremely slow. However everything else on the computer is fast especially games on an internet connect. I have optimum online boost so I know the speeds are good. I think I have some malware that's severely affecting my machines performance. Also I have another user on the same computer and her account seems to be fine and not experiencing any of these slow downs her webpages load up very quickly.



BC AdBot (Login to Remove)

 


#2 GodfatherKing

GodfatherKing

  • Members
  • 587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:48 PM

Posted 24 July 2013 - 09:33 AM

:step1:  Running TDSSKiller to obtain log

 

Note: Don't cure or delete a threat, but choose skip for all instead.

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters

tds2.jpg

  • In the Additional options: Check Detect TDLFS file system
  • Click Start Scan and allow the scan process to run

tds4-1.jpg

  • Choose for all threats to Skip for all of them.
  • Click Continue
  • Please post the TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)

===================================================

 

:step2: Install and run MBAM

 

 

:step3:  Please download MiniToolBox , save it to your desktop and run it.

 

Checkmark the following checkboxes:

  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.

Click Go and paste the content into your next post.

 

:step4: ESET Online Scanner

==================

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and » UNCHECK "Remove found threats" <== Important
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. (If no malware was found you will not be presented with a log).
  • Click the Back button.
  • Click the Finish button.

===================================================


If you have received help from me and I don't have respond to you for almost >= 3 days, send me a Private Message.  :hello:


#3 makaveli3005

makaveli3005
  • Topic Starter

  • Members
  • 107 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 24 July 2013 - 12:19 PM

1.

 

13:13:21.0496 8288  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
13:13:21.0901 8288  ============================================================
13:13:21.0901 8288  Current date / time: 2013/07/24 13:13:21.0901
13:13:21.0901 8288  SystemInfo:
13:13:21.0901 8288 
13:13:21.0901 8288  OS Version: 6.1.7601 ServicePack: 1.0
13:13:21.0901 8288  Product type: Workstation
13:13:21.0901 8288  ComputerName: ANDREW-PC
13:13:21.0901 8288  UserName: Andrew
13:13:21.0901 8288  Windows directory: C:\Windows
13:13:21.0901 8288  System windows directory: C:\Windows
13:13:21.0901 8288  Running under WOW64
13:13:21.0901 8288  Processor architecture: Intel x64
13:13:21.0901 8288  Number of processors: 4
13:13:21.0901 8288  Page size: 0x1000
13:13:21.0901 8288  Boot type: Normal boot
13:13:21.0901 8288  ============================================================
13:13:24.0007 8288  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
13:13:24.0101 8288  Drive \Device\Harddisk5\DR5 - Size: 0x75400000 (1.83 Gb), SectorSize: 0x200, Cylinders: 0xEF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:13:24.0101 8288  ============================================================
13:13:24.0101 8288  \Device\Harddisk0\DR0:
13:13:24.0101 8288  MBR partitions:
13:13:24.0101 8288  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:13:24.0101 8288  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
13:13:24.0101 8288  \Device\Harddisk5\DR5:
13:13:24.0101 8288  MBR partitions:
13:13:24.0101 8288  \Device\Harddisk5\DR5\Partition1: MBR, Type 0x6, StartLBA 0x200B, BlocksNum 0x3A7FF5
13:13:24.0101 8288  ============================================================
13:13:24.0117 8288  C: <-> \Device\Harddisk0\DR0\Partition2
13:13:24.0132 8288  K: <-> \Device\Harddisk0\DR0\Partition1
13:13:24.0148 8288  ============================================================
13:13:24.0148 8288  Initialize success
13:13:24.0148 8288  ============================================================
13:16:04.0785 8036  ============================================================
13:16:04.0785 8036  Scan started
13:16:04.0785 8036  Mode: Manual; TDLFS;
13:16:04.0785 8036  ============================================================
13:16:05.0300 8036  ================ Scan system memory ========================
13:16:05.0300 8036  System memory - ok
13:16:05.0300 8036  ================ Scan services =============================
13:16:05.0487 8036  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
13:16:05.0487 8036  1394ohci - ok
13:16:05.0503 8036  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
13:16:05.0503 8036  ACPI - ok
13:16:05.0518 8036  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
13:16:05.0518 8036  AcpiPmi - ok
13:16:05.0628 8036  [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:16:05.0643 8036  AdobeFlashPlayerUpdateSvc - ok
13:16:05.0674 8036  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
13:16:05.0690 8036  adp94xx - ok
13:16:05.0706 8036  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
13:16:05.0721 8036  adpahci - ok
13:16:05.0737 8036  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
13:16:05.0737 8036  adpu320 - ok
13:16:05.0768 8036  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
13:16:05.0768 8036  AeLookupSvc - ok
13:16:05.0815 8036  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
13:16:05.0830 8036  AFD - ok
13:16:05.0877 8036  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
13:16:05.0877 8036  agp440 - ok
13:16:05.0877 8036  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
13:16:05.0893 8036  ALG - ok
13:16:05.0893 8036  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
13:16:05.0893 8036  aliide - ok
13:16:05.0908 8036  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
13:16:05.0908 8036  amdide - ok
13:16:05.0940 8036  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
13:16:05.0940 8036  AmdK8 - ok
13:16:05.0940 8036  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
13:16:05.0940 8036  AmdPPM - ok
13:16:06.0002 8036  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
13:16:06.0002 8036  amdsata - ok
13:16:06.0018 8036  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
13:16:06.0018 8036  amdsbs - ok
13:16:06.0033 8036  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
13:16:06.0033 8036  amdxata - ok
13:16:06.0080 8036  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
13:16:06.0080 8036  AppID - ok
13:16:06.0111 8036  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
13:16:06.0111 8036  AppIDSvc - ok
13:16:06.0158 8036  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
13:16:06.0158 8036  Appinfo - ok
13:16:06.0236 8036  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:16:06.0236 8036  Apple Mobile Device - ok
13:16:06.0298 8036  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
13:16:06.0314 8036  arc - ok
13:16:06.0314 8036  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
13:16:06.0314 8036  arcsas - ok
13:16:06.0345 8036  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
13:16:06.0345 8036  AsyncMac - ok
13:16:06.0376 8036  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
13:16:06.0376 8036  atapi - ok
13:16:06.0439 8036  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:16:06.0454 8036  AudioEndpointBuilder - ok
13:16:06.0470 8036  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
13:16:06.0470 8036  AudioSrv - ok
13:16:06.0517 8036  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
13:16:06.0517 8036  AxInstSV - ok
13:16:06.0532 8036  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
13:16:06.0548 8036  b06bdrv - ok
13:16:06.0579 8036  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
13:16:06.0579 8036  b57nd60a - ok
13:16:06.0704 8036  [ 4BEFF67C1775D353A16A62347E727874 ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BBSvc.exe
13:16:06.0720 8036  BBSvc - ok
13:16:06.0798 8036  [ A6DAAD3EA93DBDBD07FA821BCED133F6 ] BBUpdate        C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.exe
13:16:06.0798 8036  BBUpdate - ok
13:16:06.0829 8036  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
13:16:06.0829 8036  BDESVC - ok
13:16:06.0860 8036  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
13:16:06.0860 8036  Beep - ok
13:16:06.0954 8036  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
13:16:06.0985 8036  BFE - ok
13:16:07.0156 8036  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
13:16:07.0172 8036  BITS - ok
13:16:07.0188 8036  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
13:16:07.0188 8036  blbdrive - ok
13:16:07.0266 8036  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:16:07.0266 8036  Bonjour Service - ok
13:16:07.0312 8036  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
13:16:07.0312 8036  bowser - ok
13:16:07.0328 8036  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:16:07.0328 8036  BrFiltLo - ok
13:16:07.0344 8036  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:16:07.0359 8036  BrFiltUp - ok
13:16:07.0406 8036  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
13:16:07.0406 8036  BridgeMP - ok
13:16:07.0453 8036  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
13:16:07.0468 8036  Browser - ok
13:16:07.0468 8036  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
13:16:07.0484 8036  Brserid - ok
13:16:07.0500 8036  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
13:16:07.0500 8036  BrSerWdm - ok
13:16:07.0515 8036  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
13:16:07.0515 8036  BrUsbMdm - ok
13:16:07.0515 8036  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
13:16:07.0515 8036  BrUsbSer - ok
13:16:07.0531 8036  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
13:16:07.0531 8036  BTHMODEM - ok
13:16:07.0562 8036  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
13:16:07.0562 8036  bthserv - ok
13:16:07.0593 8036  catchme - ok
13:16:07.0609 8036  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
13:16:07.0609 8036  cdfs - ok
13:16:07.0671 8036  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
13:16:07.0671 8036  cdrom - ok
13:16:07.0718 8036  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
13:16:07.0718 8036  CertPropSvc - ok
13:16:07.0749 8036  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
13:16:07.0749 8036  circlass - ok
13:16:07.0765 8036  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
13:16:07.0780 8036  CLFS - ok
13:16:07.0812 8036  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:16:07.0812 8036  clr_optimization_v2.0.50727_32 - ok
13:16:07.0843 8036  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:16:07.0843 8036  clr_optimization_v2.0.50727_64 - ok
13:16:07.0952 8036  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:16:07.0952 8036  clr_optimization_v4.0.30319_32 - ok
13:16:07.0968 8036  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:16:07.0983 8036  clr_optimization_v4.0.30319_64 - ok
13:16:07.0999 8036  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
13:16:07.0999 8036  CmBatt - ok
13:16:08.0014 8036  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
13:16:08.0014 8036  cmdide - ok
13:16:08.0061 8036  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
13:16:08.0061 8036  CNG - ok
13:16:08.0077 8036  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
13:16:08.0077 8036  Compbatt - ok
13:16:08.0124 8036  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
13:16:08.0124 8036  CompositeBus - ok
13:16:08.0139 8036  COMSysApp - ok
13:16:08.0155 8036  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
13:16:08.0155 8036  crcdisk - ok
13:16:08.0202 8036  [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc        C:\Windows\system32\cryptsvc.dll
13:16:08.0202 8036  CryptSvc - ok
13:16:08.0248 8036  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
13:16:08.0264 8036  DcomLaunch - ok
13:16:08.0280 8036  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
13:16:08.0295 8036  defragsvc - ok
13:16:08.0326 8036  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
13:16:08.0326 8036  DfsC - ok
13:16:08.0358 8036  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
13:16:08.0358 8036  Dhcp - ok
13:16:08.0373 8036  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
13:16:08.0373 8036  discache - ok
13:16:08.0451 8036  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
13:16:08.0451 8036  Disk - ok
13:16:08.0482 8036  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
13:16:08.0498 8036  Dnscache - ok
13:16:08.0545 8036  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
13:16:08.0545 8036  dot3svc - ok
13:16:08.0607 8036  [ B42ED0320C6E41102FDE0005154849BB ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
13:16:08.0607 8036  Dot4 - ok
13:16:08.0670 8036  [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print       C:\Windows\system32\drivers\Dot4Prt.sys
13:16:08.0670 8036  Dot4Print - ok
13:16:08.0670 8036  [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
13:16:08.0670 8036  dot4usb - ok
13:16:08.0716 8036  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
13:16:08.0716 8036  DPS - ok
13:16:08.0763 8036  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
13:16:08.0763 8036  drmkaud - ok
13:16:08.0826 8036  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
13:16:08.0841 8036  DXGKrnl - ok
13:16:08.0888 8036  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
13:16:08.0888 8036  EapHost - ok
13:16:08.0888 8036  easytether - ok
13:16:08.0966 8036  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
13:16:08.0997 8036  ebdrv - ok
13:16:09.0044 8036  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
13:16:09.0044 8036  EFS - ok
13:16:09.0106 8036  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
13:16:09.0122 8036  ehRecvr - ok
13:16:09.0138 8036  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
13:16:09.0138 8036  ehSched - ok
13:16:09.0184 8036  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
13:16:09.0184 8036  elxstor - ok
13:16:09.0231 8036  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
13:16:09.0231 8036  ErrDev - ok
13:16:09.0262 8036  etvoymsx - ok
13:16:09.0294 8036  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
13:16:09.0294 8036  EventSystem - ok
13:16:09.0309 8036  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
13:16:09.0309 8036  exfat - ok
13:16:09.0325 8036  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
13:16:09.0325 8036  fastfat - ok
13:16:09.0372 8036  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
13:16:09.0387 8036  Fax - ok
13:16:09.0403 8036  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
13:16:09.0403 8036  fdc - ok
13:16:09.0418 8036  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
13:16:09.0418 8036  fdPHost - ok
13:16:09.0434 8036  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
13:16:09.0434 8036  FDResPub - ok
13:16:09.0450 8036  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
13:16:09.0465 8036  FileInfo - ok
13:16:09.0465 8036  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
13:16:09.0465 8036  Filetrace - ok
13:16:09.0481 8036  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
13:16:09.0481 8036  flpydisk - ok
13:16:09.0496 8036  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
13:16:09.0496 8036  FltMgr - ok
13:16:09.0543 8036  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
13:16:09.0559 8036  FontCache - ok
13:16:09.0621 8036  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:16:09.0621 8036  FontCache3.0.0.0 - ok
13:16:09.0637 8036  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
13:16:09.0637 8036  FsDepends - ok
13:16:09.0684 8036  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
13:16:09.0684 8036  Fs_Rec - ok
13:16:09.0730 8036  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
13:16:09.0746 8036  fvevol - ok
13:16:09.0777 8036  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
13:16:09.0777 8036  gagp30kx - ok
13:16:09.0824 8036  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:16:09.0824 8036  GEARAspiWDM - ok
13:16:09.0871 8036  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
13:16:09.0886 8036  gpsvc - ok
13:16:09.0996 8036  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:16:09.0996 8036  gupdate - ok
13:16:10.0027 8036  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:16:10.0027 8036  gupdatem - ok
13:16:10.0042 8036  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
13:16:10.0042 8036  hcw85cir - ok
13:16:10.0089 8036  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:16:10.0089 8036  HdAudAddService - ok
13:16:10.0120 8036  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
13:16:10.0120 8036  HDAudBus - ok
13:16:10.0167 8036  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
13:16:10.0167 8036  HECIx64 - ok
13:16:10.0167 8036  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
13:16:10.0183 8036  HidBatt - ok
13:16:10.0183 8036  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
13:16:10.0183 8036  HidBth - ok
13:16:10.0198 8036  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
13:16:10.0198 8036  HidIr - ok
13:16:10.0214 8036  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
13:16:10.0230 8036  hidserv - ok
13:16:10.0245 8036  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
13:16:10.0245 8036  HidUsb - ok
13:16:10.0292 8036  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
13:16:10.0292 8036  hkmsvc - ok
13:16:10.0323 8036  hlscftjf - ok
13:16:10.0370 8036  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:16:10.0370 8036  HomeGroupListener - ok
13:16:10.0401 8036  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:16:10.0417 8036  HomeGroupProvider - ok
13:16:10.0495 8036  [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
13:16:10.0495 8036  hpqcxs08 - ok
13:16:10.0526 8036  [ F3F72A2A86C22610BCA5439FA789DD52 ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
13:16:10.0526 8036  hpqddsvc - ok
13:16:10.0573 8036  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
13:16:10.0573 8036  HpSAMD - ok
13:16:10.0604 8036  [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC        C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
13:16:10.0620 8036  HPSLPSVC - ok
13:16:10.0698 8036  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
13:16:10.0713 8036  HTTP - ok
13:16:10.0760 8036  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
13:16:10.0760 8036  hwpolicy - ok
13:16:10.0791 8036  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
13:16:10.0807 8036  i8042prt - ok
13:16:10.0854 8036  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
13:16:10.0854 8036  iaStorV - ok
13:16:10.0916 8036  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:16:10.0932 8036  idsvc - ok
13:16:10.0978 8036  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
13:16:10.0978 8036  iirsp - ok
13:16:11.0025 8036  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
13:16:11.0041 8036  IKEEXT - ok
13:16:11.0088 8036  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
13:16:11.0088 8036  intelide - ok
13:16:11.0119 8036  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
13:16:11.0119 8036  intelppm - ok
13:16:11.0150 8036  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
13:16:11.0150 8036  IPBusEnum - ok
13:16:11.0181 8036  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:16:11.0197 8036  IpFilterDriver - ok
13:16:11.0244 8036  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
13:16:11.0244 8036  iphlpsvc - ok
13:16:11.0259 8036  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
13:16:11.0259 8036  IPMIDRV - ok
13:16:11.0275 8036  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
13:16:11.0275 8036  IPNAT - ok
13:16:11.0322 8036  [ 0FF335D687C85097725A53458160E81E ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
13:16:11.0322 8036  iPod Service - ok
13:16:11.0353 8036  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
13:16:11.0353 8036  IRENUM - ok
13:16:11.0353 8036  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
13:16:11.0353 8036  isapnp - ok
13:16:11.0400 8036  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
13:16:11.0400 8036  iScsiPrt - ok
13:16:11.0415 8036  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
13:16:11.0415 8036  kbdclass - ok
13:16:11.0446 8036  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
13:16:11.0446 8036  kbdhid - ok
13:16:11.0446 8036  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
13:16:11.0446 8036  KeyIso - ok
13:16:11.0493 8036  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
13:16:11.0493 8036  KSecDD - ok
13:16:11.0540 8036  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
13:16:11.0540 8036  KSecPkg - ok
13:16:11.0556 8036  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
13:16:11.0556 8036  ksthunk - ok
13:16:11.0587 8036  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
13:16:11.0602 8036  KtmRm - ok
13:16:11.0650 8036  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
13:16:11.0650 8036  LanmanServer - ok
13:16:11.0681 8036  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:16:11.0681 8036  LanmanWorkstation - ok
13:16:11.0728 8036  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
13:16:11.0728 8036  lltdio - ok
13:16:11.0759 8036  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
13:16:11.0759 8036  lltdsvc - ok
13:16:11.0775 8036  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
13:16:11.0775 8036  lmhosts - ok
13:16:11.0822 8036  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
13:16:11.0822 8036  LSI_FC - ok
13:16:11.0837 8036  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
13:16:11.0837 8036  LSI_SAS - ok
13:16:11.0853 8036  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:16:11.0853 8036  LSI_SAS2 - ok
13:16:11.0869 8036  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:16:11.0869 8036  LSI_SCSI - ok
13:16:11.0884 8036  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
13:16:11.0884 8036  luafv - ok
13:16:11.0915 8036  MBAMProtector - ok
13:16:11.0993 8036  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
13:16:12.0009 8036  MBAMScheduler - ok
13:16:12.0040 8036  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
13:16:12.0056 8036  MBAMService - ok
13:16:12.0103 8036  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
13:16:12.0103 8036  Mcx2Svc - ok
13:16:12.0118 8036  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
13:16:12.0118 8036  megasas - ok
13:16:12.0134 8036  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
13:16:12.0134 8036  MegaSR - ok
13:16:12.0181 8036  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
13:16:12.0196 8036  MMCSS - ok
13:16:12.0212 8036  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
13:16:12.0212 8036  Modem - ok
13:16:12.0227 8036  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
13:16:12.0227 8036  monitor - ok
13:16:12.0290 8036  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
13:16:12.0290 8036  mouclass - ok
13:16:12.0305 8036  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
13:16:12.0305 8036  mouhid - ok
13:16:12.0352 8036  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
13:16:12.0352 8036  mountmgr - ok
13:16:12.0415 8036  [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
13:16:12.0415 8036  MpFilter - ok
13:16:12.0430 8036  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
13:16:12.0430 8036  mpio - ok
13:16:12.0461 8036  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
13:16:12.0461 8036  mpsdrv - ok
13:16:12.0508 8036  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
13:16:12.0524 8036  MpsSvc - ok
13:16:12.0571 8036  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
13:16:12.0571 8036  MRxDAV - ok
13:16:12.0617 8036  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
13:16:12.0617 8036  mrxsmb - ok
13:16:12.0680 8036  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:16:12.0680 8036  mrxsmb10 - ok
13:16:12.0695 8036  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:16:12.0695 8036  mrxsmb20 - ok
13:16:12.0711 8036  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
13:16:12.0711 8036  msahci - ok
13:16:12.0742 8036  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
13:16:12.0742 8036  msdsm - ok
13:16:12.0758 8036  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
13:16:12.0773 8036  MSDTC - ok
13:16:12.0805 8036  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
13:16:12.0805 8036  Msfs - ok
13:16:12.0805 8036  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
13:16:12.0820 8036  mshidkmdf - ok
13:16:12.0867 8036  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
13:16:12.0867 8036  msisadrv - ok
13:16:12.0898 8036  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
13:16:12.0898 8036  MSiSCSI - ok
13:16:12.0898 8036  msiserver - ok
13:16:12.0929 8036  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
13:16:12.0929 8036  MSKSSRV - ok
13:16:13.0023 8036  [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
13:16:13.0023 8036  MsMpSvc - ok
13:16:13.0039 8036  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
13:16:13.0039 8036  MSPCLOCK - ok
13:16:13.0054 8036  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
13:16:13.0054 8036  MSPQM - ok
13:16:13.0101 8036  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
13:16:13.0101 8036  MsRPC - ok
13:16:13.0148 8036  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
13:16:13.0148 8036  mssmbios - ok
13:16:13.0163 8036  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
13:16:13.0163 8036  MSTEE - ok
13:16:13.0179 8036  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
13:16:13.0179 8036  MTConfig - ok
13:16:13.0195 8036  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
13:16:13.0195 8036  Mup - ok
13:16:13.0241 8036  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
13:16:13.0241 8036  napagent - ok
13:16:13.0257 8036  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
13:16:13.0273 8036  NativeWifiP - ok
13:16:13.0335 8036  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
13:16:13.0351 8036  NDIS - ok
13:16:13.0366 8036  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
13:16:13.0366 8036  NdisCap - ok
13:16:13.0397 8036  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
13:16:13.0397 8036  NdisTapi - ok
13:16:13.0429 8036  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
13:16:13.0429 8036  Ndisuio - ok
13:16:13.0475 8036  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
13:16:13.0491 8036  NdisWan - ok
13:16:13.0522 8036  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
13:16:13.0522 8036  NDProxy - ok
13:16:13.0600 8036  [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
13:16:13.0600 8036  Net Driver HPZ12 - ok
13:16:13.0616 8036  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
13:16:13.0647 8036  NetBIOS - ok
13:16:13.0678 8036  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
13:16:13.0678 8036  NetBT - ok
13:16:13.0694 8036  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
13:16:13.0694 8036  Netlogon - ok
13:16:13.0741 8036  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
13:16:13.0741 8036  Netman - ok
13:16:13.0756 8036  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
13:16:13.0772 8036  netprofm - ok
13:16:13.0787 8036  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:16:13.0787 8036  NetTcpPortSharing - ok
13:16:13.0803 8036  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
13:16:13.0803 8036  nfrd960 - ok
13:16:13.0912 8036  [ 162100E0BC8377710F9D170631921C03 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
13:16:13.0912 8036  NisDrv - ok
13:16:13.0928 8036  [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
13:16:13.0928 8036  NisSrv - ok
13:16:13.0943 8036  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
13:16:13.0959 8036  NlaSvc - ok
13:16:13.0975 8036  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
13:16:13.0975 8036  Npfs - ok
13:16:13.0990 8036  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
13:16:14.0006 8036  nsi - ok
13:16:14.0006 8036  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
13:16:14.0006 8036  nsiproxy - ok
13:16:14.0084 8036  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
13:16:14.0099 8036  Ntfs - ok
13:16:14.0131 8036  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
13:16:14.0131 8036  Null - ok
13:16:14.0333 8036  [ FCBA1C22727939E7CFF9EB08FE9692AB ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:16:14.0427 8036  nvlddmkm - ok
13:16:14.0474 8036  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
13:16:14.0474 8036  nvraid - ok
13:16:14.0521 8036  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
13:16:14.0521 8036  nvstor - ok
13:16:14.0567 8036  [ 10C232F6CFFD51D2332898AE7AE0FF23 ] nvsvc           C:\Windows\system32\nvvsvc.exe
13:16:14.0583 8036  nvsvc - ok
13:16:14.0739 8036  [ 4789E020D2617046862D1790FC235FF6 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
13:16:14.0755 8036  nvUpdatusService - ok
13:16:14.0801 8036  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
13:16:14.0801 8036  nv_agp - ok
13:16:14.0895 8036  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:16:14.0895 8036  odserv - ok
13:16:14.0926 8036  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
13:16:14.0926 8036  ohci1394 - ok
13:16:14.0957 8036  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:16:14.0957 8036  ose - ok
13:16:14.0989 8036  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
13:16:15.0004 8036  p2pimsvc - ok
13:16:15.0020 8036  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
13:16:15.0035 8036  p2psvc - ok
13:16:15.0051 8036  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
13:16:15.0067 8036  Parport - ok
13:16:15.0113 8036  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
13:16:15.0113 8036  partmgr - ok
13:16:15.0129 8036  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
13:16:15.0129 8036  PcaSvc - ok
13:16:15.0160 8036  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
13:16:15.0160 8036  pci - ok
13:16:15.0176 8036  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
13:16:15.0191 8036  pciide - ok
13:16:15.0207 8036  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
13:16:15.0207 8036  pcmcia - ok
13:16:15.0223 8036  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
13:16:15.0223 8036  pcw - ok
13:16:15.0238 8036  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
13:16:15.0238 8036  PEAUTH - ok
13:16:15.0316 8036  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
13:16:15.0316 8036  PerfHost - ok
13:16:15.0379 8036  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
13:16:15.0394 8036  pla - ok
13:16:15.0457 8036  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
13:16:15.0457 8036  PlugPlay - ok
13:16:15.0535 8036  [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
13:16:15.0535 8036  Pml Driver HPZ12 - ok
13:16:15.0535 8036  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
13:16:15.0550 8036  PNRPAutoReg - ok
13:16:15.0566 8036  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
13:16:15.0566 8036  PNRPsvc - ok
13:16:15.0581 8036  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
13:16:15.0597 8036  PolicyAgent - ok
13:16:15.0628 8036  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
13:16:15.0628 8036  Power - ok
13:16:15.0675 8036  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
13:16:15.0675 8036  PptpMiniport - ok
13:16:15.0691 8036  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
13:16:15.0691 8036  Processor - ok
13:16:15.0737 8036  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
13:16:15.0737 8036  ProfSvc - ok
13:16:15.0753 8036  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:16:15.0753 8036  ProtectedStorage - ok
13:16:15.0815 8036  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
13:16:15.0815 8036  Psched - ok
13:16:15.0847 8036  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
13:16:15.0878 8036  ql2300 - ok
13:16:15.0878 8036  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
13:16:15.0893 8036  ql40xx - ok
13:16:15.0909 8036  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
13:16:15.0909 8036  QWAVE - ok
13:16:15.0925 8036  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
13:16:15.0925 8036  QWAVEdrv - ok
13:16:16.0018 8036  [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr         C:\Windows\WindowsMobile\rapimgr.dll
13:16:16.0034 8036  RapiMgr - ok
13:16:16.0034 8036  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
13:16:16.0034 8036  RasAcd - ok
13:16:16.0065 8036  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
13:16:16.0081 8036  RasAgileVpn - ok
13:16:16.0081 8036  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
13:16:16.0081 8036  RasAuto - ok
13:16:16.0127 8036  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
13:16:16.0127 8036  Rasl2tp - ok
13:16:16.0190 8036  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
13:16:16.0190 8036  RasMan - ok
13:16:16.0221 8036  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
13:16:16.0221 8036  RasPppoe - ok
13:16:16.0221 8036  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
13:16:16.0221 8036  RasSstp - ok
13:16:16.0237 8036  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
13:16:16.0237 8036  rdbss - ok
13:16:16.0252 8036  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
13:16:16.0252 8036  rdpbus - ok
13:16:16.0268 8036  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
13:16:16.0268 8036  RDPCDD - ok
13:16:16.0299 8036  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
13:16:16.0299 8036  RDPENCDD - ok
13:16:16.0299 8036  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
13:16:16.0299 8036  RDPREFMP - ok
13:16:16.0346 8036  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
13:16:16.0346 8036  RDPWD - ok
13:16:16.0393 8036  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
13:16:16.0408 8036  rdyboost - ok
13:16:16.0424 8036  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
13:16:16.0424 8036  RemoteAccess - ok
13:16:16.0455 8036  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
13:16:16.0471 8036  RemoteRegistry - ok
13:16:16.0517 8036  [ 71700B4C5797DA5412E9250E26894586 ] RimUsb          C:\Windows\system32\Drivers\RimUsb_AMD64.sys
13:16:16.0533 8036  RimUsb - ok
13:16:16.0580 8036  [ C903D49655B4AAE46673F0AAA6BE0F58 ] RimVSerPort     C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
13:16:16.0580 8036  RimVSerPort - ok
13:16:16.0627 8036  [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM       C:\Windows\system32\Drivers\RootMdm.sys
13:16:16.0627 8036  ROOTMODEM - ok
13:16:16.0658 8036  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
13:16:16.0658 8036  RpcEptMapper - ok
13:16:16.0673 8036  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
13:16:16.0673 8036  RpcLocator - ok
13:16:16.0736 8036  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
13:16:16.0736 8036  RpcSs - ok
13:16:16.0751 8036  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
13:16:16.0751 8036  rspndr - ok
13:16:16.0798 8036  [ ABCB5A38A0D85BDF69B7877E1AD1EED5 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
13:16:16.0814 8036  RTL8167 - ok
13:16:16.0814 8036  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
13:16:16.0814 8036  SamSs - ok
13:16:16.0861 8036  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
13:16:16.0861 8036  sbp2port - ok
13:16:16.0876 8036  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
13:16:16.0876 8036  SCardSvr - ok
13:16:16.0907 8036  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
13:16:16.0907 8036  scfilter - ok
13:16:16.0970 8036  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
13:16:16.0985 8036  Schedule - ok
13:16:17.0032 8036  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
13:16:17.0032 8036  SCPolicySvc - ok
13:16:17.0079 8036  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
13:16:17.0079 8036  SDRSVC - ok
13:16:17.0110 8036  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
13:16:17.0126 8036  secdrv - ok
13:16:17.0126 8036  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
13:16:17.0126 8036  seclogon - ok
13:16:17.0141 8036  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
13:16:17.0141 8036  SENS - ok
13:16:17.0157 8036  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
13:16:17.0157 8036  SensrSvc - ok
13:16:17.0188 8036  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
13:16:17.0188 8036  Serenum - ok
13:16:17.0204 8036  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
13:16:17.0204 8036  Serial - ok
13:16:17.0219 8036  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
13:16:17.0219 8036  sermouse - ok
13:16:17.0266 8036  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
13:16:17.0266 8036  SessionEnv - ok
13:16:17.0313 8036  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
13:16:17.0313 8036  sffdisk - ok
13:16:17.0313 8036  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
13:16:17.0313 8036  sffp_mmc - ok
13:16:17.0329 8036  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
13:16:17.0329 8036  sffp_sd - ok
13:16:17.0344 8036  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
13:16:17.0344 8036  sfloppy - ok
13:16:17.0375 8036  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
13:16:17.0375 8036  SharedAccess - ok
13:16:17.0407 8036  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:16:17.0407 8036  ShellHWDetection - ok
13:16:17.0438 8036  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:16:17.0438 8036  SiSRaid2 - ok
13:16:17.0438 8036  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
13:16:17.0438 8036  SiSRaid4 - ok
13:16:17.0469 8036  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
13:16:17.0469 8036  Smb - ok
13:16:17.0500 8036  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
13:16:17.0500 8036  SNMPTRAP - ok
13:16:17.0500 8036  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
13:16:17.0500 8036  spldr - ok
13:16:17.0547 8036  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
13:16:17.0563 8036  Spooler - ok
13:16:17.0656 8036  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
13:16:17.0703 8036  sppsvc - ok
13:16:17.0719 8036  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
13:16:17.0719 8036  sppuinotify - ok
13:16:17.0765 8036  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
13:16:17.0765 8036  srv - ok
13:16:17.0812 8036  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
13:16:17.0828 8036  srv2 - ok
13:16:17.0843 8036  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
13:16:17.0843 8036  srvnet - ok
13:16:17.0875 8036  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
13:16:17.0875 8036  SSDPSRV - ok
13:16:17.0890 8036  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
13:16:17.0890 8036  SstpSvc - ok
13:16:17.0953 8036  [ 5A19667A580B1CE886EAF968B9743F45 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
13:16:17.0968 8036  Stereo Service - ok
13:16:17.0999 8036  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
13:16:17.0999 8036  stexstor - ok
13:16:18.0046 8036  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
13:16:18.0062 8036  stisvc - ok
13:16:18.0109 8036  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
13:16:18.0109 8036  swenum - ok
13:16:18.0140 8036  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
13:16:18.0140 8036  swprv - ok
13:16:18.0202 8036  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
13:16:18.0233 8036  SysMain - ok
13:16:18.0265 8036  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:16:18.0280 8036  TabletInputService - ok
13:16:18.0296 8036  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
13:16:18.0296 8036  TapiSrv - ok
13:16:18.0311 8036  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
13:16:18.0311 8036  TBS - ok
13:16:18.0389 8036  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
13:16:18.0421 8036  Tcpip - ok
13:16:18.0452 8036  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
13:16:18.0467 8036  TCPIP6 - ok
13:16:18.0499 8036  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
13:16:18.0499 8036  tcpipreg - ok
13:16:18.0530 8036  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
13:16:18.0530 8036  TDPIPE - ok
13:16:18.0561 8036  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
13:16:18.0561 8036  TDTCP - ok
13:16:18.0592 8036  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
13:16:18.0592 8036  tdx - ok
13:16:18.0592 8036  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
13:16:18.0592 8036  TermDD - ok
13:16:18.0623 8036  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
13:16:18.0639 8036  TermService - ok
13:16:18.0670 8036  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
13:16:18.0670 8036  Themes - ok
13:16:18.0686 8036  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
13:16:18.0686 8036  THREADORDER - ok
13:16:18.0701 8036  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
13:16:18.0701 8036  TrkWks - ok
13:16:18.0764 8036  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:16:18.0764 8036  TrustedInstaller - ok
13:16:18.0795 8036  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
13:16:18.0811 8036  tssecsrv - ok
13:16:18.0857 8036  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
13:16:18.0857 8036  TsUsbFlt - ok
13:16:18.0904 8036  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
13:16:18.0904 8036  tunnel - ok
13:16:18.0920 8036  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
13:16:18.0920 8036  uagp35 - ok
13:16:18.0935 8036  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
13:16:18.0935 8036  udfs - ok
13:16:18.0967 8036  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
13:16:18.0967 8036  UI0Detect - ok
13:16:18.0982 8036  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
13:16:18.0982 8036  uliagpkx - ok
13:16:19.0013 8036  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
13:16:19.0029 8036  umbus - ok
13:16:19.0029 8036  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
13:16:19.0029 8036  UmPass - ok
13:16:19.0045 8036  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
13:16:19.0045 8036  upnphost - ok
13:16:19.0091 8036  [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
13:16:19.0107 8036  USBAAPL64 - ok
13:16:19.0154 8036  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
13:16:19.0154 8036  usbccgp - ok
13:16:19.0169 8036  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
13:16:19.0169 8036  usbcir - ok
13:16:19.0216 8036  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
13:16:19.0216 8036  usbehci - ok
13:16:19.0310 8036  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
13:16:19.0310 8036  usbhub - ok
13:16:19.0325 8036  [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
13:16:19.0325 8036  usbohci - ok
13:16:19.0357 8036  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
13:16:19.0357 8036  usbprint - ok
13:16:19.0403 8036  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
13:16:19.0403 8036  usbscan - ok
13:16:19.0450 8036  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:16:19.0450 8036  USBSTOR - ok
13:16:19.0481 8036  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
13:16:19.0481 8036  usbuhci - ok
13:16:19.0528 8036  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
13:16:19.0544 8036  usbvideo - ok
13:16:19.0591 8036  [ 7B28E2FBE75115660FAB31079C0A9F29 ] usb_rndisx      C:\Windows\system32\drivers\usb8023x.sys
13:16:19.0591 8036  usb_rndisx - ok
13:16:19.0606 8036  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
13:16:19.0622 8036  UxSms - ok
13:16:19.0637 8036  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
13:16:19.0637 8036  VaultSvc - ok
13:16:19.0684 8036  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
13:16:19.0700 8036  vdrvroot - ok
13:16:19.0731 8036  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
13:16:19.0747 8036  vds - ok
13:16:19.0778 8036  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
13:16:19.0778 8036  vga - ok
13:16:19.0778 8036  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
13:16:19.0793 8036  VgaSave - ok
13:16:19.0840 8036  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
13:16:19.0840 8036  vhdmp - ok
13:16:19.0856 8036  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
13:16:19.0856 8036  viaide - ok
13:16:19.0856 8036  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
13:16:19.0856 8036  volmgr - ok
13:16:19.0903 8036  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
13:16:19.0903 8036  volmgrx - ok
13:16:19.0918 8036  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
13:16:19.0918 8036  volsnap - ok
13:16:19.0934 8036  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
13:16:19.0949 8036  vsmraid - ok
13:16:19.0996 8036  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
13:16:20.0027 8036  VSS - ok
13:16:20.0043 8036  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
13:16:20.0043 8036  vwifibus - ok
13:16:20.0059 8036  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
13:16:20.0059 8036  W32Time - ok
13:16:20.0074 8036  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
13:16:20.0074 8036  WacomPen - ok
13:16:20.0121 8036  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
13:16:20.0121 8036  WANARP - ok
13:16:20.0121 8036  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
13:16:20.0121 8036  Wanarpv6 - ok
13:16:20.0199 8036  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
13:16:20.0215 8036  WatAdminSvc - ok
13:16:20.0277 8036  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
13:16:20.0293 8036  wbengine - ok
13:16:20.0324 8036  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
13:16:20.0324 8036  WbioSrvc - ok
13:16:20.0371 8036  [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm        C:\Windows\WindowsMobile\wcescomm.dll
13:16:20.0371 8036  WcesComm - ok
13:16:20.0417 8036  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
13:16:20.0417 8036  wcncsvc - ok
13:16:20.0433 8036  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:16:20.0433 8036  WcsPlugInService - ok
13:16:20.0449 8036  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
13:16:20.0449 8036  Wd - ok
13:16:20.0495 8036  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
13:16:20.0495 8036  Wdf01000 - ok
13:16:20.0511 8036  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
13:16:20.0511 8036  WdiServiceHost - ok
13:16:20.0527 8036  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
13:16:20.0527 8036  WdiSystemHost - ok
13:16:20.0558 8036  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
13:16:20.0573 8036  WebClient - ok
13:16:20.0573 8036  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
13:16:20.0589 8036  Wecsvc - ok
13:16:20.0589 8036  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
13:16:20.0589 8036  wercplsupport - ok
13:16:20.0667 8036  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
13:16:20.0667 8036  WerSvc - ok
13:16:20.0729 8036  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
13:16:20.0729 8036  WfpLwf - ok
13:16:20.0776 8036  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
13:16:20.0776 8036  WIMMount - ok
13:16:20.0839 8036  WinDefend - ok
13:16:20.0870 8036  WinHttpAutoProxySvc - ok
13:16:20.0948 8036  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
13:16:20.0948 8036  Winmgmt - ok
13:16:21.0010 8036  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
13:16:21.0041 8036  WinRM - ok
13:16:21.0088 8036  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
13:16:21.0088 8036  WinUsb - ok
13:16:21.0119 8036  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
13:16:21.0135 8036  Wlansvc - ok
13:16:21.0353 8036  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:16:21.0369 8036  wlidsvc - ok
13:16:21.0431 8036  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
13:16:21.0431 8036  WmiAcpi - ok
13:16:21.0463 8036  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
13:16:21.0463 8036  wmiApSrv - ok
13:16:21.0478 8036  WMPNetworkSvc - ok
13:16:21.0494 8036  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
13:16:21.0509 8036  WPCSvc - ok
13:16:21.0556 8036  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
13:16:21.0556 8036  WPDBusEnum - ok
13:16:21.0572 8036  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
13:16:21.0572 8036  ws2ifsl - ok
13:16:21.0587 8036  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
13:16:21.0587 8036  wscsvc - ok
13:16:21.0587 8036  WSearch - ok
13:16:21.0681 8036  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
13:16:21.0712 8036  wuauserv - ok
13:16:21.0743 8036  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
13:16:21.0743 8036  WudfPf - ok
13:16:21.0775 8036  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
13:16:21.0775 8036  WUDFRd - ok
13:16:21.0806 8036  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
13:16:21.0821 8036  wudfsvc - ok
13:16:21.0837 8036  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
13:16:21.0853 8036  WwanSvc - ok
13:16:21.0884 8036  ================ Scan global ===============================
13:16:21.0899 8036  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
13:16:21.0946 8036  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
13:16:21.0946 8036  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
13:16:21.0977 8036  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
13:16:22.0009 8036  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
13:16:22.0009 8036  [Global] - ok
13:16:22.0009 8036  ================ Scan MBR ==================================
13:16:22.0024 8036  [ 6F9A1D528242BC09104B85E0BECF5554 ] \Device\Harddisk0\DR0
13:16:22.0024 8036  Suspicious mbr (Forged): \Device\Harddisk0\DR0
13:16:22.0040 8036  \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - infected
13:16:22.0040 8036  \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0)
13:16:22.0087 8036  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
13:16:22.0087 8036  \Device\Harddisk0\DR0 - detected TDSS File System (1)
13:16:22.0102 8036  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk5\DR5
13:16:22.0289 8036  \Device\Harddisk5\DR5 - ok
13:16:22.0289 8036  ================ Scan VBR ==================================
13:16:22.0321 8036  [ 379A4553416F7C331C224659E7765318 ] \Device\Harddisk0\DR0\Partition1
13:16:22.0321 8036  \Device\Harddisk0\DR0\Partition1 - ok
13:16:22.0336 8036  [ 0FCC8008B25F9AE615AA3A47A5A698B9 ] \Device\Harddisk0\DR0\Partition2
13:16:22.0336 8036  \Device\Harddisk0\DR0\Partition2 - ok
13:16:22.0336 8036  [ 5A97247C2510FEC805D9CF08F0565D7C ] \Device\Harddisk5\DR5\Partition1
13:16:22.0336 8036  \Device\Harddisk5\DR5\Partition1 - ok
13:16:22.0336 8036  ============================================================
13:16:22.0336 8036  Scan finished
13:16:22.0336 8036  ============================================================
13:16:22.0352 8116  Detected object count: 2
13:16:22.0352 8116  Actual detected object count: 2
13:16:42.0647 8116  \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - skipped by user
13:16:42.0647 8116  \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - User select action: Skip
13:16:42.0647 8116  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
13:16:42.0647 8116  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
 



#4 makaveli3005

makaveli3005
  • Topic Starter

  • Members
  • 107 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 24 July 2013 - 01:11 PM

2. MBAM:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.24.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Andrew :: ANDREW-PC [administrator]

7/24/2013 1:19:32 PM
mbam-log-2013-07-24 (13-19-32).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 378672
Time elapsed: 50 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



#5 makaveli3005

makaveli3005
  • Topic Starter

  • Members
  • 107 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 24 July 2013 - 01:16 PM

3. Minitoolbox:

 

 

 

MiniToolBox by Farbar  Version: 13-07-2013
Ran by Andrew (administrator) on 24-07-2013 at 14:15:21
Running from "C:\Users\Andrew\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DRELKJSU"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/24/2013 11:27:17 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15585

Error: (07/24/2013 11:27:17 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15585

Error: (07/24/2013 11:27:17 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/23/2013 06:18:11 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12995

Error: (07/23/2013 06:18:11 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12995

Error: (07/23/2013 06:18:11 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/23/2013 06:18:10 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11997

Error: (07/23/2013 06:18:10 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11997

Error: (07/23/2013 06:18:10 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/23/2013 06:18:09 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10998

System errors:
=============
Error: (07/24/2013 11:27:24 AM) (Source: Microsoft-Windows-HAL) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition.  Please check for updated firmware for your system.

Error: (07/24/2013 09:48:37 AM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (07/24/2013 09:48:37 AM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (07/24/2013 09:46:26 AM) (Source: Service Control Manager) (User: )
Description: The MBAMService service depends on the MBAMProtector service which failed to start because of the following error:
%%2

Error: (07/24/2013 09:46:11 AM) (Source: Service Control Manager) (User: )
Description: The MBAMProtector service failed to start due to the following error:
%%2

Error: (07/24/2013 00:09:05 AM) (Source: Service Control Manager) (User: )
Description: The Windows Mobile-based device connectivity service terminated with service-specific error %%-2147023834.

Error: (07/24/2013 00:08:52 AM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (07/24/2013 00:08:52 AM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (07/24/2013 00:08:08 AM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (07/24/2013 00:06:32 AM) (Source: Service Control Manager) (User: )
Description: The MBAMService service depends on the MBAMProtector service which failed to start because of the following error:
%%2

Microsoft Office Sessions:
=========================
Error: (05/24/2012 03:34:53 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 27 seconds with 0 seconds of active time.  This session ended with a crash.

CodeIntegrity Errors:
===================================
  Date: 2013-05-28 04:51:26.311
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Andrew\Desktop\BlackBerry\Derya Baby\Windows\System32\fveapibase.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-28 04:51:25.968
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Andrew\Desktop\BlackBerry\Derya Baby\Windows\System32\fveapibase.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-28 04:51:25.765
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Andrew\Desktop\BlackBerry\Derya Baby\Windows\System32\fveapibase.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-28 04:51:25.562
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Andrew\Desktop\BlackBerry\Derya Baby\Windows\System32\fveapibase.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-28 04:48:15.422
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Andrew\Desktop\BlackBerry\Derya Baby\Windows\System32\drivers\appid.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-28 04:48:15.235
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Andrew\Desktop\BlackBerry\Derya Baby\Windows\System32\drivers\appid.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-28 04:48:15.032
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Andrew\Desktop\BlackBerry\Derya Baby\Windows\System32\drivers\appid.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-28 04:48:14.845
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Andrew\Desktop\BlackBerry\Derya Baby\Windows\System32\drivers\appid.sys because the set of per-page image hashes could not be found on the system.

  Date: 2012-07-15 19:55:41.118
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Andrew\Desktop\BlackBerry\Derya Baby\Windows\System32\fveapibase.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-07-15 19:55:41.012
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Andrew\Desktop\BlackBerry\Derya Baby\Windows\System32\fveapibase.dll because the set of per-page image hashes could not be found on the system.

=========================== Installed Programs ============================

3GP Player 2011 (Version: 1.3)
4500_G510gm_Help (Version: 000.0.439.000)
4500G510gm (Version: 000.0.423.000)
4500G510gm_Software_Min (Version: 000.0.423.000)
64 Bit HP CIO Components Installer (Version: 7.2.8)
Acrobat.com (Version: 2.1.0)
Acrobat.com (Version: 2.1.0.0)
Adobe AIR (Version: 1.5.3.9130)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Reader 9.4.0 (Version: 9.4.0)
Adobe Shockwave Player 11.5 (Version: 11.5.8.612)
AOL Instant Messenger
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Bing Bar (Version: 7.1.355.0)
BitTorrent (Version: 7.6.1)
BlackBerry Desktop Software 6.0.1 (Version: 6.0.1.18)
BlackBerry Device Software Updater (Version: 6.0.1.6)
BlackBerry Device Software v5.0.0 for the BlackBerry 8530 smartphone (Version: 5.0.0.1030 (Platform 4.2.0.451))
Bonjour (Version: 3.0.0.10)
BufferChm (Version: 130.0.331.000)
CDBurnerXP (Version: 4.4.0.2838)
D3DX10 (Version: 15.4.2368.0902)
Destinations (Version: 140.0.77.000)
DeviceDiscovery (Version: 130.0.372.000)
DivX Setup (Version: 2.1.2.2)
DocMgr (Version: 130.0.000.000)
DocProc (Version: 13.0.0.0)
Fax (Version: 130.0.418.000)
Google Chrome (Version: 28.0.1500.72)
Google Update Helper (Version: 1.3.21.153)
GPBaseService2 (Version: 130.0.371.000)
HP Customer Participation Program 13.0 (Version: 13.0)
HP Document Manager 2.0 (Version: 2.0)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Officejet 4500 G510g-m (Version: 13.0)
HP Officejet 4620 series Basic Device Software (Version: 28.0.1315.0)
HP Officejet 4620 series Help (Version: 6.0.0)
HP Officejet 4620 series Product Improvement Study (Version: 28.0.1315.0)
HP Smart Web Printing 4.5 (Version: 4.5)
HP Solution Center 13.0 (Version: 13.0)
HP Update (Version: 5.003.003.001)
HPDiagnosticAlert (Version: 1.00.0000)
HPProductAssistant (Version: 130.0.371.000)
I.R.I.S. OCR (Version: 12.3.4.0)
iDealshare VideoGo 4.1.9.4892
iTunes (Version: 11.0.4.4)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
MarketResearch (Version: 130.0.374.000)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Publisher 2007 (Version: 12.0.6612.1000)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office XP Professional with FrontPage (Version: 10.0.6626.0)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.6612.1000)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Network64 (Version: 130.0.374.000)
Network64 (Version: 140.0.221.000)
Norton Security Scan (Version: 3.0.1.8)
NVIDIA 3D Vision Driver 311.06 (Version: 311.06)
NVIDIA Control Panel 311.06 (Version: 311.06)
NVIDIA Graphics Driver 311.06 (Version: 311.06)
NVIDIA Install Application (Version: 2.1002.108.688)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1106)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
PVSonyDll (Version: 1.00.0001)
QuickTime (Version: 7.74.80.86)
Scan (Version: 140.0.80.000)
SmartWebPrinting (Version: 130.0.373.000)
SolutionCenter (Version: 130.0.373.000)
SpyHunter (Version: 4.1.11)
Status (Version: 130.0.373.000)
Toolbox (Version: 130.0.648.000)
TrayApp (Version: 130.0.376.000)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Publisher 2007 Help (KB963667)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
Viewpoint Media Player
WebM Media Foundation Components (Version: 1.0.0.0)
WebReg (Version: 130.0.132.017)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
WinRAR archiver

========================= Memory info: ===================================

Percentage of memory in use: 64%
Total physical RAM: 4059.49 MB
Available physical RAM: 1445.42 MB
Total Pagefile: 8117.17 MB
Available Pagefile: 4887.44 MB
Total Virtual: 4095.88 MB
Available Virtual: 3971.32 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:931.41 GB) (Free:209.66 GB) NTFS
3 Drive d: () (CDROM) (Total:0.05 GB) (Free:0 GB) CDFS
9 Drive j: (BLACKBERRY) (Removable) (Total:1.83 GB) (Free:1.83 GB) FAT
10 Drive k: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

========================= Users: ========================================

User accounts for \\ANDREW-PC

Administrator            Andrew                   Guest                   
Mom                      UpdatusUser             

**** End of log ****



#6 GodfatherKing

GodfatherKing

  • Members
  • 587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:48 PM

Posted 24 July 2013 - 01:25 PM

You may stop the other scans, you do have two rootkits. 

 

Rerun TDDSKiller with the same instructions, but this time:

 

Choose to cure:

 

13:16:42.0647 8116  \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - skipped by user
13:16:42.0647 8116  \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - User select action: Skip

13:16:42.0647 8116  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
13:16:42.0647 8116  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip


If you have received help from me and I don't have respond to you for almost >= 3 days, send me a Private Message.  :hello:


#7 makaveli3005

makaveli3005
  • Topic Starter

  • Members
  • 107 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 24 July 2013 - 06:51 PM

C:\Program Files\Alienware\alienware\Documents and Settings\Desktop\SDFix.exe Win32/PrcView application
C:\Program Files\Alienware\alienware\Documents and Settings\Desktop\Norton.Antivirus.v2007.Incl.Keygen\KeyGen.zip a variant of Win32/Keygen.AF application
C:\Program Files\Alienware\alienware\Program Files\Common Files\mwzr\mwzrd\vocabulary Win32/TrojanDownloader.TSUpdate.J trojan
C:\Program Files\Alienware\alienware\Program Files\Limewire\New\Incomplete\KGFB2SGCMZF452LDFLWWZQDEZF3ANXGA\Driver Updater Pro 2.2.8.0.zip a variant of Win32/VB.NKT trojan
C:\Program Files\Alienware\alienware\Program Files\Limewire\New\kevin\Microsoft Office Home and Student 2007 Activation Keys.zip probably unknown NewHeur_PE virus
C:\Program Files\Alienware\alienware\Program Files\Limewire\New\winmpg\keygen.exe probably a variant of Win32/Agent.GCSTYBJ trojan
C:\Program Files (x86)\AIM\Sysfiles\WxBug.EXE Win32/Adware.WBug.A application
C:\Qoobox\Quarantine\C\Users\Andrew\wevtapi.dll.vir Win64/Agent.AC trojan
C:\Qoobox\Quarantine\C\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\7r83o9ll.default\extensions\{89a975b8-184d-4d38-b364-0def2a0438b8}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan
C:\Qoobox\Quarantine\C\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\7r83o9ll.default\extensions\{ebaa9375-3b82-40f7-bdf8-5f4e92372a4b}\chrome\xulcache.jar.vir JS/Agent.NDO trojan
C:\Qoobox\Quarantine\C\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\7d59ltae.default\extensions\{89a975b8-184d-4d38-b364-0def2a0438b8}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan
C:\Qoobox\Quarantine\C\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\7d59ltae.default\extensions\{ebaa9375-3b82-40f7-bdf8-5f4e92372a4b}\chrome\xulcache.jar.vir JS/Agent.NDO trojan
C:\Users\Andrew\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\5b0baa7e-2463c52d Java/Agent.EX trojan
C:\Users\Andrew\Desktop\Documents and Settings\Desktop\SDFix.exe Win32/PrcView application
C:\Users\Andrew\Desktop\Documents and Settings\Desktop\Norton.Antivirus.v2007.Incl.Keygen\KeyGen.zip a variant of Win32/Keygen.AF application
C:\Users\Andrew\Desktop\Program Files\Common Files\mwzr\mwzrd\vocabulary Win32/TrojanDownloader.TSUpdate.J trojan
C:\Users\Andrew\Desktop\Program Files\Limewire\New\Incomplete\KGFB2SGCMZF452LDFLWWZQDEZF3ANXGA\Driver Updater Pro 2.2.8.0.zip a variant of Win32/VB.NKT trojan
C:\Users\Andrew\Desktop\Program Files\Limewire\New\kevin\Microsoft Office Home and Student 2007 Activation Keys.zip probably unknown NewHeur_PE virus
C:\Users\Andrew\Desktop\Program Files\Limewire\New\winmpg\keygen.exe probably a variant of Win32/Agent.GCSTYBJ trojan
C:\Users\Andrew\Downloads\Ulead DVD Movie Factory 6.0 PLUS (keygen)-vibept\Ulead DVD Movie Factory 6.0 PLUS (keygen)\KEYGEN+KEY\keygen [CORE].exe a variant of Win32/Keygen.BH application
C:\Users\Mom\AppData\Local\temp\jar_cache3814847482405743609.tmp a variant of Java/Exploit.CVE-2012-1723.AM trojan
C:\Users\Mom\AppData\LocalLow\AskToolbar\setup.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\Mom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\690e1631-7f922f83 multiple threats
C:\Users\Mom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\70fe0c07-39316bd2 multiple threats
 



#8 makaveli3005

makaveli3005
  • Topic Starter

  • Members
  • 107 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 24 July 2013 - 07:40 PM

well i did what you said and reran tddskiller i clicked cure to the first one and the 2nd did not let me click cure so i clicked delete immeditely after it was done the blue screen of death came up now windows will no longer load i tried to repair it it says unable to repair i tried to system restore to an earlier date still nothing even though it says successful windows just keeps rebooting please help its even worse im scared ill loose all my information which i cant have that happen



#9 makaveli3005

makaveli3005
  • Topic Starter

  • Members
  • 107 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 24 July 2013 - 07:49 PM

windows wont even load in safe mode just keeps restarting



#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,313 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:48 PM

Posted 25 July 2013 - 12:10 AM

Hello, lets have a look at your Master boot record as its likely something went wrong there.

Try this please. You will need a USB drive.

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Remove the USB & CD and insert it in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Press Tool at the top
  • Choose Open Terminal
  • Type the following and press enter:

    dd if=/dev/sda of=mbr.bin bs=512 count=1
  • Press Enter
  • After it has finished a file will be located on your USB drive named mbr.bin
  • Remove the USB drive and insert it back in your working computer and navigate to mbr.bin, zip it up and attach it to your next reply.
This will allow me to have a look at the MasterBootRecord of your drive and see if it is infected.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 makaveli3005

makaveli3005
  • Topic Starter

  • Members
  • 107 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 25 July 2013 - 04:47 AM

Is there any other way to do this with out burning a cd if not ill try to find someone with a cd burner.



#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,313 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:48 PM

Posted 25 July 2013 - 06:05 AM

Yes, you can make a bootable flashdrive.

Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer
  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK
  • Select the DiskImage option then click the browse button located on the right side of the textbox field.
  • Browse to and select the xpud-0.9.2.iso file you downloaded
  • Verify the correct drive letter is selected for your USB device then click OK
  • It will install a little bootable OS on your USB device
  • Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
  • After it has completed do not choose to reboot the clean computer simply close the installer
You'll now need to set your computer to boot from USB instead of CD, the rest of the instructions are identical.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,313 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:48 PM

Posted 04 August 2013 - 03:45 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users