[RESOLVED] several trojans found

brothers computer doing bsod after 40min use.
i used bit defenderonline scan, it found variant kazy10178
with stopzilla and cureit [drwebhk],... removed enuf to cure the bsod.
but still get instant bsod when i try to remove google chrome.

here is mbam log...

Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.21.03

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Gary :: GARY-PC [administrator]

Protection: Enabled

11/21/2012 1:11:59 AM
mbam-log-2012-11-21 (01-11-59).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 454374
Time elapsed: 1 hour(s), 10 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

here is MBR log
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-21 03:37:59
-----------------------------
03:37:59.345 OS Version: Windows x64 6.1.7600
03:37:59.345 Number of processors: 2 586 0x170A
03:37:59.345 ComputerName: GARY-PC UserName: Gary
03:38:00.218 Initialize success
03:44:30.059 AVAST engine defs: 12112100
03:45:20.338 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
03:45:20.338 Disk 0 Vendor: ST932032 D005 Size: 305245MB BusType: 3
03:45:20.338 Device \Driver\iaStor -> MajorFunction fffffa80054985e8
03:45:20.338 Disk 0 MBR read successfully
03:45:20.353 Disk 0 MBR scan
03:45:20.369 Disk 0 Windows 7 default MBR code
03:45:20.385 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 100 MB offset 2048
03:45:20.400 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 206848
03:45:20.478 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 290143 MB offset 30926848
03:45:20.572 Disk 0 scanning C:\Windows\system32\drivers
03:45:34.877 Service scanning
03:46:08.043 Modules scanning
03:46:08.043 Disk 0 trace - called modules:
03:46:08.573 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80054985e8]<<
03:46:08.573 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80031c5060]
03:46:08.589 3 CLASSPNP.SYS[fffff88001b3543f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8002e64050]
03:46:08.589 \Driver\iaStor[0xfffffa800547a250] -> IRP_MJ_CREATE -> 0xfffffa80054985e8
03:46:09.805 AVAST engine scan C:\Windows
03:46:15.390 AVAST engine scan C:\Windows\system32
03:52:01.789 AVAST engine scan C:\Windows\system32\drivers
03:52:16.749 AVAST engine scan C:\Users\Gary
03:55:31.594 AVAST engine scan C:\ProgramData
03:59:43.097 Scan finished successfully
04:15:10.878 Disk 0 MBR has been saved successfully to "C:\Users\Gary\Desktop\MBR.dat"
04:15:10.893 The log file has been saved successfully to "C:\Users\Gary\Desktop\aswMBR.txt"

i didn't click on fix mbr
these have been removed i'm hoping

win32 tracur
trojan vundogenta73
ajs[1].jsjs.iframe.356
jstag-1,,,
variant kazy.10178

i have the 2 DDS files ready to send when you need them.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=========================

Post all required logs.

hi broni
here'e the last 2 logs.
i wait for further directions.

.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.4.0
Advanced Audio FX Engine
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Classic Shell
Cozi
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Dock
Dell Getting Started Guide
Dell Support Center
Dell Touchpad
Dell Webcam Central
ESET Online Scanner v3
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist 8.0.0.514
GoToAssist Customer 1.6.0.461
Image Scan Tool
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Intel(R) Rapid Storage Technology
iTunes
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 6 Update 22 (64-bit)
Junk Mail filter update
Live! Cam Avatar Creator
LoJack Factory Installer
Malwarebytes Anti-Malware version 1.65.1.1000
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2010
Microsoft Office Excel Viewer
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Word Viewer 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox (3.6.12)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OpenOffice.org 3.2
Picasa 3
Quicken 2011
Quickset64
QuickTime
Realtek High Definition Audio Driver
Roxio Burn
Secunia PSI
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Shared C Run-time for x64
Skype Toolbars
Skype™ 5.10
STOPzilla
SUPERAntiSpyware
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
WildTangent Games
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
.
==== End Of File ===========================
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455
Run by Gary at 4:56:51 on 2012-11-21
.
============== Running Processes ================
.
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\461\g2ax_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\461\g2ax_comm_customer.exe
C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\461\g2ax_system_customer.exe
\\.\globalroot\systemroot\svchost.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\461\g2ax_user_customer.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\DrWeb\spideragent.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Secunia\PSI\psi.exe
C:\Program Files (x86)\internet explorer\iexplore.exe
C:\Program Files (x86)\internet explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
C:\Users\Gary\Desktop\aswMBR.exe
C:\Program Files (x86)\internet explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://midco.net/
mWinlogon: Userinit = c:\windows\syswow64\userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310}
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.10.1
TCP: Interfaces\{74FE9CF5-AB5B-49A2-8C5F-0784B0576C26} : DHCPNameServer = 192.168.10.1
TCP: Interfaces\{E05FD617-412B-4848-A8BB-30116DCD33C1}\34F657E647279794E6E613 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{E05FD617-412B-4848-A8BB-30116DCD33C1}\34F657E647279794E6E633 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{E05FD617-412B-4848-A8BB-30116DCD33C1}\36865636B607F696E6474616539363667316 : DHCPNameServer = 192.168.10.1
TCP: Interfaces\{E05FD617-412B-4848-A8BB-30116DCD33C1}\37E6F6F6079713937303 : DHCPNameServer = 192.168.10.1
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [Classic Start Menu] C:\Program Files\Classic Shell\ClassicStartMenu.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [SpIDerAgent] "C:\Program Files (x86)\DrWeb\spideragent.exe"
x64-IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310}
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
x64-Notify: GoToAssist Express Customer - C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\461\g2ax_winlogonx64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\a1jjrayo.default\
FF - prefs.js: browser.startup.homepage - hxxp://forestlake.uscable.com/#
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\a1jjrayo.default\extensions\{7E7165E2-0767-448c-852F-5FA8714F2C37}\components\PlainOldFavorites.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: PlainOldFavorites: {7E7165E2-0767-448c-852F-5FA8714F2C37} - %profile%\extensions\{7E7165E2-0767-448c-852F-5FA8714F2C37}
.
============= SERVICES / DRIVERS ===============
.
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
R? OV550I;35mm Film Scanner
R? PSI;PSI
R? RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader
R? SkypeUpdate;Skype Updater
R? WatAdminSvc;Windows Activation Technologies Service
R? yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller
S? !SASCORE;SAS Core Service
S? AERTFilters;Andrea RT Filters Service
S? CtClsFlt;Creative Camera Class Upper Filter Driver
S? DockLoginService;Dock Login Service
S? GoToAssist Remote Support Customer;GoToAssist Remote Support Customer
S? IAStorDataMgrSvc;Intel(R) Rapid Storage Technology
S? L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller
S? MBAMProtector;MBAMProtector
S? MBAMScheduler;MBAMScheduler
S? MBAMService;MBAMService
S? MpFilter;Microsoft Malware Protection Driver
S? NisDrv;Microsoft Network Inspection System
S? NisSrv;Microsoft Network Inspection
S? PxHlpa64;PxHlpa64
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
S? sbapifs;sbapifs
S? SBRE;SBRE
S? SftService;SoftThinks Agent Service
.
=============== Created Last 30 ================
.
2012-11-21 08:56:30 20480 ------w- C:\Windows\svchost.exe
2012-11-21 06:56:42 -------- d-----w- C:\Users\Gary\AppData\Roaming\Malwarebytes
2012-11-21 06:56:21 -------- d-----w- C:\ProgramData\Malwarebytes
2012-11-21 06:56:19 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-11-21 06:56:19 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-20 23:43:52 72448 ----a-w- C:\Windows\System32\drivers\dw_wfp.sys
2012-11-20 23:40:46 972192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{97155990-6D20-42E9-A629-AC0E641AFBEB}\gapaengine.dll
2012-11-20 23:40:11 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{27261194-7FDE-4078-A38E-5E1D3318C17E}\mpengine.dll
2012-11-20 23:30:20 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-11-20 23:30:06 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-11-20 23:29:39 374664 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-11-20 23:02:02 -------- d-----w- C:\Users\Gary\Doctor Web
2012-11-20 22:56:19 -------- d-----w- C:\ProgramData\Doctor Web
2012-11-20 22:56:19 -------- d-----w- C:\Program Files (x86)\DrWeb
2012-11-20 16:05:05 74872 ----a-r- C:\Windows\System32\drivers\sbapifs.sys
2012-11-20 15:09:18 -------- d-----w- C:\Users\Gary\DoctorWeb
2012-11-20 12:22:57 -------- d-----w- C:\Users\Gary\AppData\Roaming\SUPERAntiSpyware.com
2012-11-20 12:21:47 -------- d-----w- C:\ProgramData\!SASCORE
2012-11-20 06:03:10 -------- d-----w- C:\Windows\pss
2012-11-20 05:49:55 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{ECC15FE2-0C10-41AE-8FEB-F94DC5AB553C}\mpengine.dll
2012-11-20 05:32:45 45936 ----a-r- C:\Windows\System32\SBBD.EXE
2012-11-20 05:05:33 -------- d-----w- C:\Program Files (x86)\ESET
2012-11-20 04:56:24 -------- d-----w- C:\Users\Gary\AppData\Roaming\QuickScan
2012-11-20 04:09:31 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2012-11-20 04:09:31 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2012-11-20 04:09:31 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2012-11-20 04:09:31 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2012-11-19 11:05:01 3147264 ----a-w- C:\Windows\System32\win32k.sys
2012-11-19 11:04:26 95744 ----a-w- C:\Windows\System32\synceng.dll
2012-11-19 11:04:25 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-10-24 14:16:38 23416 ----a-r- C:\Windows\SysWow64\SZIO5.dll
2012-10-24 14:16:26 681848 ----a-r- C:\Windows\SysWow64\SZComp5.dll
2012-10-24 14:16:22 509816 ----a-r- C:\Windows\SysWow64\SZBase5.dll
.
==================== Find3M ====================
.
2012-10-17 01:19:34 172688 ----a-w- C:\Windows\System32\g2ax_credential_provider64_461.dll
2012-10-11 15:06:36 29048 ----a-r- C:\Windows\SysWow64\IS3XDat5.dll
2012-10-11 15:06:36 231288 ----a-r- C:\Windows\SysWow64\IS3Win325.dll
2012-10-11 15:06:34 391032 ----a-r- C:\Windows\SysWow64\IS3UI5.dll
2012-10-11 15:06:32 100216 ----a-r- C:\Windows\SysWow64\IS3Svc5.dll
2012-10-11 15:06:26 132984 ----a-r- C:\Windows\SysWow64\IS3HTUI5.dll
2012-10-11 15:06:26 104312 ----a-r- C:\Windows\SysWow64\IS3Inet5.dll
2012-10-11 15:06:24 67448 ----a-r- C:\Windows\SysWow64\IS3Hks5.dll
2012-10-11 15:06:24 460664 ----a-r- C:\Windows\SysWow64\IS3DBA5.dll
2012-10-11 15:06:22 817016 ----a-r- C:\Windows\SysWow64\IS3Base5.dll
2012-10-10 10:58:46 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-10 10:58:46 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-09-14 19:23:40 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:30:38 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-08-31 18:02:20 1656688 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-08-31 04:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-08-31 04:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-08-24 18:05:28 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-24 17:10:47 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
.
============= FINISH: 4:57:53.64 ===============

Download TDSSKiller and save it to your desktop.

• Extract (unzip) its contents to your desktop.
• Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

here's the tdss log file part 1
10:10:57.0211 6256 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
10:10:57.0616 6256 ============================================================
10:10:57.0616 6256 Current date / time: 2012/11/21 10:10:57.0616
10:10:57.0616 6256 SystemInfo:
10:10:57.0616 6256
10:10:57.0616 6256 OS Version: 6.1.7600 ServicePack: 0.0
10:10:57.0616 6256 Product type: Workstation
10:10:57.0616 6256 ComputerName: GARY-PC
10:10:57.0616 6256 UserName: Gary
10:10:57.0616 6256 Windows directory: C:\Windows
10:10:57.0616 6256 System windows directory: C:\Windows
10:10:57.0616 6256 Running under WOW64
10:10:57.0616 6256 Processor architecture: Intel x64
10:10:57.0616 6256 Number of processors: 2
10:10:57.0616 6256 Page size: 0x1000
10:10:57.0616 6256 Boot type: Normal boot
10:10:57.0616 6256 ============================================================
10:10:58.0677 6256 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:10:58.0693 6256 ============================================================
10:10:58.0693 6256 \Device\Harddisk0\DR0:
10:10:58.0693 6256 MBR partitions:
10:10:58.0693 6256 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000
10:10:58.0693 6256 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x236AFAB0
10:10:58.0693 6256 ============================================================
10:10:58.0786 6256 C: <-> \Device\Harddisk0\DR0\Partition2
10:10:58.0786 6256 ============================================================
10:10:58.0786 6256 Initialize success
10:10:58.0786 6256 ============================================================
10:11:06.0196 7312 ============================================================
10:11:06.0196 7312 Scan started
10:11:06.0196 7312 Mode: Manual;
10:11:06.0196 7312 ============================================================
10:11:06.0508 7312 ================ Scan system memory ========================
10:11:06.0508 7312 System memory - ok
10:11:06.0508 7312 ================ Scan services =============================
10:11:06.0633 7312 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
10:11:06.0649 7312 !SASCORE - ok
10:11:06.0820 7312 [ 969C91060CBB5D17CB8440B5F78B4C51 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
10:11:06.0836 7312 1394ohci - ok
10:11:06.0867 7312 [ 794FF35015209B9D44F1360C42C9776D ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
10:11:06.0867 7312 ACPI - ok
10:11:06.0898 7312 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
10:11:06.0898 7312 AcpiPmi - ok
10:11:07.0039 7312 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:11:07.0039 7312 AdobeFlashPlayerUpdateSvc - ok
10:11:07.0086 7312 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
10:11:07.0101 7312 adp94xx - ok
10:11:07.0132 7312 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
10:11:07.0132 7312 adpahci - ok
10:11:07.0164 7312 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
10:11:07.0179 7312 adpu320 - ok
10:11:07.0226 7312 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:11:07.0226 7312 AeLookupSvc - ok
10:11:07.0304 7312 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
10:11:07.0304 7312 AERTFilters - ok
10:11:07.0351 7312 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
10:11:07.0366 7312 AFD - ok
10:11:07.0413 7312 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
10:11:07.0413 7312 agp440 - ok
10:11:07.0444 7312 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
10:11:07.0444 7312 ALG - ok
10:11:07.0476 7312 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
10:11:07.0491 7312 aliide - ok
10:11:07.0507 7312 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
10:11:07.0507 7312 amdide - ok
10:11:07.0538 7312 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
10:11:07.0538 7312 AmdK8 - ok
10:11:07.0554 7312 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
10:11:07.0569 7312 AmdPPM - ok
10:11:07.0600 7312 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
10:11:07.0600 7312 amdsata - ok
10:11:07.0632 7312 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
10:11:07.0632 7312 amdsbs - ok
10:11:07.0663 7312 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys
10:11:07.0663 7312 amdxata - ok
10:11:07.0710 7312 [ 8655A2983A86D6675135B1FF6892055D ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
10:11:07.0725 7312 ApfiltrService - ok
10:11:07.0772 7312 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
10:11:07.0772 7312 AppID - ok
10:11:07.0803 7312 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
10:11:07.0803 7312 AppIDSvc - ok
10:11:07.0819 7312 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
10:11:07.0834 7312 Appinfo - ok
10:11:07.0928 7312 [ 018857EAD9A077A56AEDFC0E5EF7A24A ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:11:07.0928 7312 Apple Mobile Device - ok
10:11:07.0975 7312 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
10:11:07.0975 7312 arc - ok
10:11:07.0990 7312 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
10:11:08.0006 7312 arcsas - ok
10:11:08.0037 7312 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:11:08.0053 7312 AsyncMac - ok
10:11:08.0084 7312 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
10:11:08.0100 7312 atapi - ok
10:11:08.0287 7312 [ F8633CDD09647A64EE8DB550630427FF ] athr C:\Windows\system32\DRIVERS\athrx.sys
10:11:08.0334 7312 athr - ok
10:11:08.0380 7312 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:11:08.0396 7312 AudioEndpointBuilder - ok
10:11:08.0412 7312 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
10:11:08.0412 7312 AudioSrv - ok
10:11:08.0458 7312 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
10:11:08.0474 7312 AxInstSV - ok
10:11:08.0536 7312 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
10:11:08.0536 7312 b06bdrv - ok
10:11:08.0599 7312 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
10:11:08.0599 7312 b57nd60a - ok
10:11:08.0661 7312 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
10:11:08.0661 7312 BDESVC - ok
10:11:08.0677 7312 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
10:11:08.0677 7312 Beep - ok
10:11:08.0724 7312 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
10:11:08.0755 7312 BFE - ok
10:11:08.0802 7312 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\System32\qmgr.dll
10:11:08.0833 7312 BITS - ok
10:11:08.0864 7312 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
10:11:08.0864 7312 blbdrive - ok
10:11:08.0942 7312 [ F832F1505AD8B83474BD9A5B1B985E01 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
10:11:08.0942 7312 Bonjour Service - ok
10:11:08.0989 7312 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:11:08.0989 7312 bowser - ok
10:11:09.0004 7312 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:11:09.0004 7312 BrFiltLo - ok
10:11:09.0020 7312 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:11:09.0020 7312 BrFiltUp - ok
10:11:09.0067 7312 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll
10:11:09.0067 7312 Browser - ok
10:11:09.0098 7312 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
10:11:09.0098 7312 Brserid - ok
10:11:09.0129 7312 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
10:11:09.0145 7312 BrSerWdm - ok
10:11:09.0145 7312 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
10:11:09.0160 7312 BrUsbMdm - ok
10:11:09.0160 7312 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
10:11:09.0160 7312 BrUsbSer - ok
10:11:09.0176 7312 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
10:11:09.0176 7312 BTHMODEM - ok
10:11:09.0207 7312 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
10:11:09.0207 7312 bthserv - ok
10:11:09.0223 7312 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:11:09.0223 7312 cdfs - ok
10:11:09.0301 7312 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
10:11:09.0301 7312 cdrom - ok
10:11:09.0348 7312 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
10:11:09.0348 7312 CertPropSvc - ok
10:11:09.0379 7312 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
10:11:09.0379 7312 circlass - ok
10:11:09.0426 7312 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
10:11:09.0426 7312 CLFS - ok
10:11:09.0504 7312 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:11:09.0504 7312 clr_optimization_v2.0.50727_32 - ok
10:11:09.0550 7312 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:11:09.0550 7312 clr_optimization_v2.0.50727_64 - ok
10:11:09.0660 7312 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:11:09.0675 7312 clr_optimization_v4.0.30319_32 - ok
10:11:09.0706 7312 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:11:09.0706 7312 clr_optimization_v4.0.30319_64 - ok
10:11:09.0722 7312 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
10:11:09.0722 7312 CmBatt - ok
10:11:09.0753 7312 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
10:11:09.0753 7312 cmdide - ok
10:11:09.0784 7312 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
10:11:09.0800 7312 CNG - ok
10:11:09.0816 7312 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
10:11:09.0816 7312 Compbatt - ok
10:11:09.0831 7312 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
10:11:09.0831 7312 CompositeBus - ok
10:11:09.0831 7312 COMSysApp - ok
10:11:09.0862 7312 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
10:11:09.0862 7312 crcdisk - ok
10:11:09.0909 7312 [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:11:09.0925 7312 CryptSvc - ok
10:11:09.0940 7312 [ ED5CF92396A62F4C15110DCDB5E854D9 ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys
10:11:09.0940 7312 CtClsFlt - ok
10:11:09.0987 7312 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
10:11:10.0003 7312 DcomLaunch - ok
10:11:10.0065 7312 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
10:11:10.0081 7312 defragsvc - ok
10:11:10.0112 7312 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:11:10.0112 7312 DfsC - ok
10:11:10.0143 7312 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
10:11:10.0143 7312 Dhcp - ok
10:11:10.0159 7312 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
10:11:10.0159 7312 discache - ok
10:11:10.0174 7312 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
10:11:10.0174 7312 Disk - ok
10:11:10.0221 7312 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:11:10.0221 7312 Dnscache - ok
10:11:10.0299 7312 [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
10:11:10.0299 7312 DockLoginService - ok
10:11:10.0330 7312 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
10:11:10.0330 7312 dot3svc - ok
10:11:10.0393 7312 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
10:11:10.0393 7312 DPS - ok
10:11:10.0424 7312 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:11:10.0424 7312 drmkaud - ok
10:11:10.0471 7312 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:11:10.0502 7312 DXGKrnl - ok
10:11:10.0549 7312 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
10:11:10.0564 7312 EapHost - ok
10:11:10.0658 7312 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
10:11:10.0767 7312 ebdrv - ok
10:11:10.0814 7312 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
10:11:10.0814 7312 EFS - ok
10:11:10.0892 7312 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:11:10.0923 7312 ehRecvr - ok
10:11:10.0923 7312 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
10:11:10.0939 7312 ehSched - ok
10:11:10.0970 7312 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
10:11:10.0970 7312 elxstor - ok
10:11:11.0001 7312 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
10:11:11.0001 7312 ErrDev - ok
10:11:11.0079 7312 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
10:11:11.0079 7312 EventSystem - ok
10:11:11.0110 7312 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
10:11:11.0110 7312 exfat - ok
10:11:11.0157 7312 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:11:11.0157 7312 fastfat - ok
10:11:11.0220 7312 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
10:11:11.0235 7312 Fax - ok
10:11:11.0266 7312 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
10:11:11.0282 7312 fdc - ok
10:11:11.0329 7312 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
10:11:11.0344 7312 fdPHost - ok
10:11:11.0344 7312 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
10:11:11.0344 7312 FDResPub - ok
10:11:11.0360 7312 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:11:11.0360 7312 FileInfo - ok
10:11:11.0438 7312 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:11:11.0438 7312 Filetrace - ok
10:11:11.0438 7312 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
10:11:11.0438 7312 flpydisk - ok
10:11:11.0500 7312 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:11:11.0516 7312 FltMgr - ok
10:11:11.0672 7312 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll
10:11:11.0703 7312 FontCache - ok
10:11:11.0750 7312 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:11:11.0766 7312 FontCache3.0.0.0 - ok
10:11:11.0797 7312 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
10:11:11.0797 7312 FsDepends - ok
10:11:11.0828 7312 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:11:11.0828 7312 Fs_Rec - ok
10:11:11.0859 7312 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
10:11:11.0859 7312 fvevol - ok
10:11:11.0875 7312 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
10:11:11.0875 7312 gagp30kx - ok
10:11:11.0984 7312 [ C1BBCE4B30B45410178EE674C818D10C ] GameConsoleService C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
10:11:12.0000 7312 GameConsoleService - ok
10:11:12.0015 7312 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:11:12.0015 7312 GEARAspiWDM - ok
10:11:12.0062 7312 [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
10:11:12.0078 7312 GoToAssist - ok
10:11:12.0202 7312 [ 6235DD072CAF90F1D81AC5D09C9ECE51 ] GoToAssist Remote Support Customer C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\461\g2ax_service.exe
10:11:12.0218 7312 GoToAssist Remote Support Customer - ok
10:11:12.0296 7312 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
10:11:12.0312 7312 gpsvc - ok
10:11:12.0390 7312 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:11:12.0390 7312 gupdate - ok
10:11:12.0436 7312 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:11:12.0436 7312 gupdatem - ok
10:11:12.0483 7312 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
10:11:12.0483 7312 gusvc - ok
10:11:12.0530 7312 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
10:11:12.0530 7312 hcw85cir - ok
10:11:12.0546 7312 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:11:12.0561 7312 HdAudAddService - ok
10:11:12.0592 7312 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
10:11:12.0608 7312 HDAudBus - ok
10:11:12.0608 7312 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
10:11:12.0608 7312 HidBatt - ok
10:11:12.0624 7312 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
10:11:12.0624 7312 HidBth - ok
10:11:12.0655 7312 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
10:11:12.0655 7312 HidIr - ok
10:11:12.0702 7312 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
10:11:12.0702 7312 hidserv - ok
10:11:12.0717 7312 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
10:11:12.0717 7312 HidUsb - ok
10:11:12.0733 7312 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
10:11:12.0748 7312 hkmsvc - ok
10:11:12.0780 7312 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:11:12.0780 7312 HomeGroupListener - ok
10:11:12.0811 7312 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:11:12.0826 7312 HomeGroupProvider - ok
10:11:12.0842 7312 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
10:11:12.0842 7312 HpSAMD - ok
10:11:12.0889 7312 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:11:12.0920 7312 HTTP - ok
10:11:12.0920 7312 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
10:11:12.0936 7312 hwpolicy - ok
10:11:12.0951 7312 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
10:11:12.0951 7312 i8042prt - ok
10:11:12.0982 7312 [ 2064090C9FAAD92C090D77E50E735B2E ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
10:11:12.0982 7312 iaStor - ok
10:11:13.0076 7312 [ A9BE186ABF28B3D3D698CB855EDF457E ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
10:11:13.0076 7312 IAStorDataMgrSvc - ok
10:11:13.0123 7312 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
10:11:13.0123 7312 iaStorV - ok
10:11:13.0232 7312 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:11:13.0263 7312 idsvc - ok
10:11:13.0544 7312 [ 677AA5991026A65ADA128C4B59CF2BAD ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
10:11:13.0809 7312 igfx - ok
10:11:13.0840 7312 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
10:11:13.0840 7312 iirsp - ok
10:11:13.0903 7312 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
10:11:13.0934 7312 IKEEXT - ok
10:11:14.0043 7312 [ 2FAAEA2DC2719E67FD7C0D51F9E743F7 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
10:11:14.0121 7312 IntcAzAudAddService - ok
10:11:14.0121 7312 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
10:11:14.0137 7312 intelide - ok
10:11:14.0168 7312 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:11:14.0168 7312 intelppm - ok
10:11:14.0215 7312 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:11:14.0215 7312 IPBusEnum - ok
10:11:14.0246 7312 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:11:14.0262 7312 IpFilterDriver - ok
10:11:14.0293 7312 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
10:11:14.0324 7312 iphlpsvc - ok
10:11:14.0355 7312 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
10:11:14.0355 7312 IPMIDRV - ok
10:11:14.0371 7312 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
10:11:14.0371 7312 IPNAT - ok
10:11:14.0433 7312 [ E94503089DF8976F5C4C9D5168E9765F ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
10:11:14.0449 7312 iPod Service - ok
10:11:14.0480 7312 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:11:14.0480 7312 IRENUM - ok
10:11:14.0496 7312 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
10:11:14.0496 7312 isapnp - ok
10:11:14.0527 7312 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
10:11:14.0542 7312 iScsiPrt - ok
10:11:14.0574 7312 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
10:11:14.0574 7312 kbdclass - ok
10:11:14.0589 7312 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
10:11:14.0589 7312 kbdhid - ok
10:11:14.0605 7312 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
10:11:14.0605 7312 KeyIso - ok
10:11:14.0636 7312 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:11:14.0636 7312 KSecDD - ok
10:11:14.0652 7312 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
10:11:14.0652 7312 KSecPkg - ok
10:11:14.0667 7312 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
10:11:14.0667 7312 ksthunk - ok
10:11:14.0714 7312 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
10:11:14.0714 7312 KtmRm - ok
10:11:14.0730 7312 [ 32980B4E711D2EF7128C44DC2CF85706 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
10:11:14.0745 7312 L1C - ok
10:11:14.0792 7312 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\system32\srvsvc.dll
10:11:14.0792 7312 LanmanServer - ok
10:11:14.0839 7312 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:11:14.0839 7312 LanmanWorkstation - ok
10:11:14.0870 7312 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:11:14.0870 7312 lltdio - ok
10:11:14.0917 7312 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:11:14.0917 7312 lltdsvc - ok
10:11:14.0948 7312 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
10:11:14.0948 7312 lmhosts - ok
10:11:14.0979 7312 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
10:11:14.0995 7312 LSI_FC - ok
10:11:14.0995 7312 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
10:11:14.0995 7312 LSI_SAS - ok
10:11:15.0042 7312 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:11:15.0042 7312 LSI_SAS2 - ok
10:11:15.0057 7312 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:11:15.0057 7312 LSI_SCSI - ok
10:11:15.0104 7312 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
10:11:15.0104 7312 luafv - ok
10:11:15.0151 7312 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
10:11:15.0151 7312 MBAMProtector - ok
10:11:15.0260 7312 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
10:11:15.0260 7312 MBAMScheduler - ok
10:11:15.0291 7312 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
10:11:15.0322 7312 MBAMService - ok
10:11:15.0369 7312 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:11:15.0369 7312 Mcx2Svc - ok
10:11:15.0400 7312 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
10:11:15.0400 7312 megasas - ok
10:11:15.0432 7312 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
10:11:15.0432 7312 MegaSR - ok
10:11:15.0510 7312 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
10:11:15.0510 7312 MMCSS - ok
10:11:15.0541 7312 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
10:11:15.0541 7312 Modem - ok
10:11:15.0556 7312 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:11:15.0556 7312 monitor - ok
10:11:15.0588 7312 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
10:11:15.0588 7312 mouclass - ok
10:11:15.0588 7312 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
10:11:15.0588 7312 mouhid - ok
10:11:15.0603 7312 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
10:11:15.0603 7312 mountmgr - ok
10:11:15.0634 7312 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
10:11:15.0634 7312 MpFilter - ok
10:11:15.0666 7312 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
10:11:15.0681 7312 mpio - ok
10:11:15.0681 7312 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:11:15.0697 7312 mpsdrv - ok
10:11:15.0744 7312 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
10:11:15.0775 7312 MpsSvc - ok
10:11:15.0790 7312 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:11:15.0822 7312 MRxDAV - ok
10:11:15.0837 7312 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:11:15.0837 7312 mrxsmb - ok
10:11:15.0853 7312 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:11:15.0884 7312 mrxsmb10 - ok
10:11:15.0900 7312 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:11:15.0900 7312 mrxsmb20 - ok
10:11:15.0900 7312 [ BCCF16D5FB1109162380E3E28DC9E4E5 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
10:11:15.0915 7312 msahci - ok
10:11:15.0915 7312 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
10:11:15.0915 7312 msdsm - ok
10:11:15.0946 7312 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
10:11:15.0962 7312 MSDTC - ok
10:11:15.0978 7312 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:11:15.0978 7312 Msfs - ok
10:11:16.0009 7312 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
10:11:16.0009 7312 mshidkmdf - ok
10:11:16.0009 7312 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
10:11:16.0009 7312 msisadrv - ok
10:11:16.0071 7312 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:11:16.0087 7312 MSiSCSI - ok
10:11:16.0087 7312 msiserver - ok
10:11:16.0118 7312 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:11:16.0134 7312 MSKSSRV - ok
10:11:16.0180 7312 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
10:11:16.0180 7312 MsMpSvc - ok
10:11:16.0180 7312 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:11:16.0180 7312 MSPCLOCK - ok
10:11:16.0212 7312 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:11:16.0212 7312 MSPQM - ok
10:11:16.0227 7312 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:11:16.0243 7312 MsRPC - ok
10:11:16.0258 7312 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
10:11:16.0258 7312 mssmbios - ok
10:11:16.0274 7312 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:11:16.0274 7312 MSTEE - ok
10:11:16.0290 7312 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
10:11:16.0290 7312 MTConfig - ok
10:11:16.0305 7312 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
10:11:16.0336 7312 Mup - ok
10:11:16.0383 7312 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
10:11:16.0383 7312 napagent - ok
10:11:16.0414 7312 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:11:16.0430 7312 NativeWifiP - ok
10:11:16.0477 7312 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
10:11:16.0508 7312 NDIS - ok
10:11:16.0539 7312 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
10:11:16.0539 7312 NdisCap - ok
10:11:16.0555 7312 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:11:16.0555 7312 NdisTapi - ok
10:11:16.0570 7312 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:11:16.0570 7312 Ndisuio - ok
10:11:16.0570 7312 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:11:16.0586 7312 NdisWan - ok
10:11:16.0586 7312 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:11:16.0586 7312 NDProxy - ok
10:11:16.0602 7312 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:11:16.0602 7312 NetBIOS - ok
10:11:16.0617 7312 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
10:11:16.0617 7312 NetBT - ok
10:11:16.0648 7312 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
10:11:16.0648 7312 Netlogon - ok
10:11:16.0680 7312 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
10:11:16.0695 7312 Netman - ok
10:11:16.0726 7312 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
10:11:16.0758 7312 netprofm - ok
10:11:16.0789 7312 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:11:16.0804 7312 NetTcpPortSharing - ok
10:11:16.0820 7312 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
10:11:16.0820 7312 nfrd960 - ok
10:11:16.0882 7312 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
10:11:16.0882 7312 NisDrv - ok
10:11:16.0914 7312 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
10:11:16.0929 7312 NisSrv - ok
10:11:16.0976 7312 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
10:11:16.0992 7312 NlaSvc - ok
10:11:17.0007 7312 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:11:17.0007 7312 Npfs - ok
10:11:17.0023 7312 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
10:11:17.0023 7312 nsi - ok
10:11:17.0054 7312 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:11:17.0054 7312 nsiproxy - ok
10:11:17.0116 7312 [ 184C189D4FC416978550FC599BB4EDDA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:11:17.0179 7312 Ntfs - ok
10:11:17.0194 7312 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
10:11:17.0194 7312 Null - ok
10:11:17.0226 7312 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:11:17.0226 7312 nvraid - ok
10:11:17.0241 7312 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:11:17.0241 7312 nvstor - ok
10:11:17.0272 7312 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
10:11:17.0288 7312 nv_agp - ok
10:11:17.0304 7312 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
10:11:17.0304 7312 ohci1394 - ok
10:11:17.0382 7312 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:11:17.0382 7312 ose - ok
10:11:17.0428 7312 [ 5F79934084DF6DC0635578864376CE54 ] OV550I C:\Windows\system32\Drivers\FilmScan.sys
10:11:17.0428 7312 OV550I - ok
10:11:17.0475 7312 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
10:11:17.0475 7312 p2pimsvc - ok
10:11:17.0506 7312 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
10:11:17.0522 7312 p2psvc - ok
10:11:17.0553 7312 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
10:11:17.0553 7312 Parport - ok
10:11:17.0584 7312 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:11:17.0584 7312 partmgr - ok
10:11:17.0600 7312 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
10:11:17.0600 7312 PcaSvc - ok
10:11:17.0647 7312 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
10:11:17.0647 7312 pci - ok
10:11:17.0662 7312 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
10:11:17.0678 7312 pciide - ok
10:11:17.0694 7312 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
10:11:17.0709 7312 pcmcia - ok
10:11:17.0709 7312 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
10:11:17.0709 7312 pcw - ok
10:11:17.0756 7312 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:11:17.0772 7312 PEAUTH - ok
10:11:17.0834 7312 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
10:11:17.0850 7312 PerfHost - ok
10:11:17.0928 7312 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
10:11:17.0974 7312 pla - ok
10:11:18.0052 7312 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:11:18.0052 7312 PlugPlay - ok
10:11:18.0068 7312 [ 7195581CEC9BB7D12ABE54036ACC2E38 ]

tdss part 2

PNRPAutoReg C:\Windows\system32\pnrpauto.dll
10:11:18.0068 7312 PNRPAutoReg - ok
10:11:18.0099 7312 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
10:11:18.0115 7312 PNRPsvc - ok
10:11:18.0146 7312 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:11:18.0162 7312 PolicyAgent - ok
10:11:18.0177 7312 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
10:11:18.0193 7312 Power - ok
10:11:18.0240 7312 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:11:18.0255 7312 PptpMiniport - ok
10:11:18.0271 7312 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
10:11:18.0271 7312 Processor - ok
10:11:18.0302 7312 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll
10:11:18.0302 7312 ProfSvc - ok
10:11:18.0333 7312 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:11:18.0333 7312 ProtectedStorage - ok
10:11:18.0349 7312 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
10:11:18.0349 7312 Psched - ok
10:11:18.0380 7312 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
10:11:18.0380 7312 PxHlpa64 - ok
10:11:18.0442 7312 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
10:11:18.0489 7312 ql2300 - ok
10:11:18.0520 7312 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
10:11:18.0520 7312 ql40xx - ok
10:11:18.0552 7312 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
10:11:18.0552 7312 QWAVE - ok
10:11:18.0567 7312 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:11:18.0567 7312 QWAVEdrv - ok
10:11:18.0583 7312 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:11:18.0598 7312 RasAcd - ok
10:11:18.0630 7312 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
10:11:18.0630 7312 RasAgileVpn - ok
10:11:18.0661 7312 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
10:11:18.0661 7312 RasAuto - ok
10:11:18.0676 7312 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:11:18.0692 7312 Rasl2tp - ok
10:11:18.0708 7312 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
10:11:18.0723 7312 RasMan - ok
10:11:18.0739 7312 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:11:18.0739 7312 RasPppoe - ok
10:11:18.0770 7312 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:11:18.0770 7312 RasSstp - ok
10:11:18.0801 7312 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:11:18.0801 7312 rdbss - ok
10:11:18.0817 7312 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
10:11:18.0832 7312 rdpbus - ok
10:11:18.0864 7312 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:11:18.0864 7312 RDPCDD - ok
10:11:18.0879 7312 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:11:18.0895 7312 RDPENCDD - ok
10:11:18.0910 7312 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
10:11:18.0910 7312 RDPREFMP - ok
10:11:18.0926 7312 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:11:18.0926 7312 RDPWD - ok
10:11:18.0957 7312 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
10:11:18.0957 7312 rdyboost - ok
10:11:18.0988 7312 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
10:11:19.0004 7312 RemoteAccess - ok
10:11:19.0035 7312 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:11:19.0035 7312 RemoteRegistry - ok
10:11:19.0066 7312 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
10:11:19.0066 7312 RpcEptMapper - ok
10:11:19.0113 7312 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
10:11:19.0113 7312 RpcLocator - ok
10:11:19.0144 7312 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
10:11:19.0160 7312 RpcSs - ok
10:11:19.0207 7312 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:11:19.0207 7312 rspndr - ok
10:11:19.0238 7312 [ 30F463768D5143BFD7B2DF822B53CF4D ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
10:11:19.0254 7312 RSUSBSTOR - ok
10:11:19.0269 7312 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
10:11:19.0269 7312 SamSs - ok
10:11:19.0332 7312 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
10:11:19.0332 7312 SASDIFSV - ok
10:11:19.0378 7312 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
10:11:19.0378 7312 SASKUTIL - ok
10:11:19.0410 7312 [ 6E342316E72F4B6FA39C99E06373A1A3 ] sbapifs C:\Windows\system32\DRIVERS\sbapifs.sys
10:11:19.0410 7312 sbapifs - ok
10:11:19.0441 7312 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
10:11:19.0441 7312 sbp2port - ok
10:11:19.0488 7312 [ 9ACEB2A2362FC87A3825963E61BA9076 ] SBRE C:\Windows\system32\drivers\SBREdrv.sys
10:11:19.0488 7312 SBRE - ok
10:11:19.0519 7312 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:11:19.0534 7312 SCardSvr - ok
10:11:19.0550 7312 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
10:11:19.0550 7312 scfilter - ok
10:11:19.0597 7312 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
10:11:19.0644 7312 Schedule - ok
10:11:19.0690 7312 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
10:11:19.0690 7312 SCPolicySvc - ok
10:11:19.0706 7312 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:11:19.0722 7312 SDRSVC - ok
10:11:19.0753 7312 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:11:19.0753 7312 secdrv - ok
10:11:19.0784 7312 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
10:11:19.0784 7312 seclogon - ok
10:11:19.0800 7312 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
10:11:19.0815 7312 SENS - ok
10:11:19.0846 7312 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
10:11:19.0862 7312 SensrSvc - ok
10:11:19.0893 7312 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
10:11:19.0893 7312 Serenum - ok
10:11:19.0909 7312 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
10:11:19.0909 7312 Serial - ok
10:11:19.0924 7312 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
10:11:19.0924 7312 sermouse - ok
10:11:19.0987 7312 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
10:11:19.0987 7312 SessionEnv - ok
10:11:20.0002 7312 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
10:11:20.0002 7312 sffdisk - ok
10:11:20.0018 7312 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
10:11:20.0018 7312 sffp_mmc - ok
10:11:20.0018 7312 [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
10:11:20.0034 7312 sffp_sd - ok
10:11:20.0034 7312 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
10:11:20.0034 7312 sfloppy - ok
10:11:20.0158 7312 [ 74EC60E20516AAA573BE74F31175270F ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
10:11:20.0252 7312 SftService - ok
10:11:20.0283 7312 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
10:11:20.0299 7312 SharedAccess - ok
10:11:20.0330 7312 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:11:20.0346 7312 ShellHWDetection - ok
10:11:20.0377 7312 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:11:20.0377 7312 SiSRaid2 - ok
10:11:20.0392 7312 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
10:11:20.0392 7312 SiSRaid4 - ok
10:11:20.0470 7312 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
10:11:20.0486 7312 SkypeUpdate - ok
10:11:20.0517 7312 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:11:20.0533 7312 Smb - ok
10:11:20.0580 7312 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:11:20.0595 7312 SNMPTRAP - ok
10:11:20.0626 7312 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
10:11:20.0626 7312 spldr - ok
10:11:20.0658 7312 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\Windows\System32\spoolsv.exe
10:11:20.0673 7312 Spooler - ok
10:11:20.0782 7312 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
10:11:20.0907 7312 sppsvc - ok
10:11:20.0923 7312 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
10:11:20.0938 7312 sppuinotify - ok
10:11:20.0954 7312 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
10:11:20.0970 7312 srv - ok
10:11:20.0985 7312 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:11:21.0001 7312 srv2 - ok
10:11:21.0048 7312 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:11:21.0063 7312 srvnet - ok
10:11:21.0094 7312 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:11:21.0094 7312 SSDPSRV - ok
10:11:21.0110 7312 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:11:21.0110 7312 SstpSvc - ok
10:11:21.0141 7312 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
10:11:21.0141 7312 stexstor - ok
10:11:21.0204 7312 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
10:11:21.0219 7312 stisvc - ok
10:11:21.0235 7312 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
10:11:21.0235 7312 swenum - ok
10:11:21.0266 7312 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
10:11:21.0282 7312 swprv - ok
10:11:21.0328 7312 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
10:11:21.0375 7312 SysMain - ok
10:11:21.0391 7312 szserver - ok
10:11:21.0406 7312 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:11:21.0406 7312 TabletInputService - ok
10:11:21.0422 7312 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
10:11:21.0438 7312 TapiSrv - ok
10:11:21.0469 7312 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
10:11:21.0469 7312 TBS - ok
10:11:21.0562 7312 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:11:21.0625 7312 Tcpip - ok
10:11:21.0687 7312 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
10:11:21.0703 7312 TCPIP6 - ok
10:11:21.0718 7312 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:11:21.0718 7312 tcpipreg - ok
10:11:21.0734 7312 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:11:21.0734 7312 TDPIPE - ok
10:11:21.0750 7312 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:11:21.0750 7312 TDTCP - ok
10:11:21.0750 7312 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:11:21.0750 7312 tdx - ok
10:11:21.0781 7312 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
10:11:21.0781 7312 TermDD - ok
10:11:21.0812 7312 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
10:11:21.0843 7312 TermService - ok
10:11:21.0874 7312 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
10:11:21.0874 7312 Themes - ok
10:11:21.0890 7312 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
10:11:21.0906 7312 THREADORDER - ok
10:11:21.0921 7312 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
10:11:21.0921 7312 TrkWks - ok
10:11:21.0968 7312 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:11:21.0968 7312 TrustedInstaller - ok
10:11:21.0999 7312 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:11:21.0999 7312 tssecsrv - ok
10:11:22.0062 7312 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:11:22.0062 7312 tunnel - ok
10:11:22.0093 7312 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
10:11:22.0093 7312 uagp35 - ok
10:11:22.0124 7312 [ 31BA4A33AFAB6A69EA092B18017F737F ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:11:22.0124 7312 udfs - ok
10:11:22.0171 7312 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:11:22.0186 7312 UI0Detect - ok
10:11:22.0186 7312 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
10:11:22.0186 7312 uliagpkx - ok
10:11:22.0202 7312 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
10:11:22.0202 7312 umbus - ok
10:11:22.0218 7312 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
10:11:22.0218 7312 UmPass - ok
10:11:22.0233 7312 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
10:11:22.0249 7312 upnphost - ok
10:11:22.0249 7312 [ 537A4E03D7103C12D42DFD8FFDB5BDC9 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
10:11:22.0249 7312 usbccgp - ok
10:11:22.0280 7312 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
10:11:22.0280 7312 usbcir - ok
10:11:22.0311 7312 [ FBB21EBE49F6D560DB37AC25FBC68E66 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
10:11:22.0311 7312 usbehci - ok
10:11:22.0342 7312 [ 6B7A8A99C4A459E73C286A6763EA24CC ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
10:11:22.0342 7312 usbhub - ok
10:11:22.0358 7312 [ 8C88AA7617B4CBC2E4BED61D26B33A27 ] usbohci C:\Windows\system32\drivers\usbohci.sys
10:11:22.0374 7312 usbohci - ok
10:11:22.0374 7312 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
10:11:22.0389 7312 usbprint - ok
10:11:22.0420 7312 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:11:22.0420 7312 USBSTOR - ok
10:11:22.0436 7312 [ 0B5B3B2DF3FD1709618ACFA50B8392B0 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
10:11:22.0436 7312 usbuhci - ok
10:11:22.0483 7312 [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
10:11:22.0483 7312 usbvideo - ok
10:11:22.0530 7312 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
10:11:22.0530 7312 UxSms - ok
10:11:22.0545 7312 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
10:11:22.0545 7312 VaultSvc - ok
10:11:22.0561 7312 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
10:11:22.0561 7312 vdrvroot - ok
10:11:22.0639 7312 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
10:11:22.0654 7312 vds - ok
10:11:22.0701 7312 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:11:22.0717 7312 vga - ok
10:11:22.0717 7312 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
10:11:22.0717 7312 VgaSave - ok
10:11:22.0748 7312 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
10:11:22.0748 7312 vhdmp - ok
10:11:22.0748 7312 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
10:11:22.0764 7312 viaide - ok
10:11:22.0779 7312 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
10:11:22.0779 7312 volmgr - ok
10:11:22.0795 7312 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:11:22.0810 7312 volmgrx - ok
10:11:22.0826 7312 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
10:11:22.0842 7312 volsnap - ok
10:11:22.0857 7312 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
10:11:22.0888 7312 vsmraid - ok
10:11:22.0951 7312 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
10:11:22.0998 7312 VSS - ok
10:11:22.0998 7312 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
10:11:22.0998 7312 vwifibus - ok
10:11:23.0013 7312 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
10:11:23.0013 7312 vwififlt - ok
10:11:23.0044 7312 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
10:11:23.0060 7312 W32Time - ok
10:11:23.0076 7312 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
10:11:23.0076 7312 WacomPen - ok
10:11:23.0107 7312 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
10:11:23.0122 7312 WANARP - ok
10:11:23.0154 7312 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:11:23.0154 7312 Wanarpv6 - ok
10:11:23.0216 7312 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
10:11:23.0247 7312 WatAdminSvc - ok
10:11:23.0325 7312 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
10:11:23.0356 7312 wbengine - ok
10:11:23.0372 7312 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
10:11:23.0372 7312 WbioSrvc - ok
10:11:23.0388 7312 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:11:23.0403 7312 wcncsvc - ok
10:11:23.0403 7312 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:11:23.0403 7312 WcsPlugInService - ok
10:11:23.0450 7312 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
10:11:23.0466 7312 Wd - ok
10:11:23.0512 7312 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:11:23.0544 7312 Wdf01000 - ok
10:11:23.0559 7312 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:11:23.0575 7312 WdiServiceHost - ok
10:11:23.0575 7312 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:11:23.0575 7312 WdiSystemHost - ok
10:11:23.0622 7312 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
10:11:23.0622 7312 WebClient - ok
10:11:23.0637 7312 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:11:23.0653 7312 Wecsvc - ok
10:11:23.0668 7312 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:11:23.0668 7312 wercplsupport - ok
10:11:23.0700 7312 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
10:11:23.0715 7312 WerSvc - ok
10:11:23.0762 7312 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
10:11:23.0762 7312 WfpLwf - ok
10:11:23.0778 7312 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
10:11:23.0793 7312 WimFltr - ok
10:11:23.0793 7312 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
10:11:23.0793 7312 WIMMount - ok
10:11:23.0840 7312 WinDefend - ok
10:11:23.0840 7312 WinHttpAutoProxySvc - ok
10:11:23.0902 7312 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:11:23.0902 7312 Winmgmt - ok
10:11:24.0012 7312 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
10:11:24.0074 7312 WinRM - ok
10:11:24.0152 7312 [ 4D52C872018AF7E18D078978DCC3F6F2 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
10:11:24.0152 7312 WinUsb - ok
10:11:24.0199 7312 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
10:11:24.0230 7312 Wlansvc - ok
10:11:24.0246 7312 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
10:11:24.0246 7312 WmiAcpi - ok
10:11:24.0277 7312 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:11:24.0277 7312 wmiApSrv - ok
10:11:24.0308 7312 WMPNetworkSvc - ok
10:11:24.0339 7312 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:11:24.0339 7312 WPCSvc - ok
10:11:24.0370 7312 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:11:24.0386 7312 WPDBusEnum - ok
10:11:24.0417 7312 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:11:24.0417 7312 ws2ifsl - ok
10:11:24.0448 7312 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\System32\wscsvc.dll
10:11:24.0464 7312 wscsvc - ok
10:11:24.0464 7312 WSearch - ok
10:11:24.0542 7312 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
10:11:24.0620 7312 wuauserv - ok
10:11:24.0682 7312 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
10:11:24.0682 7312 WudfPf - ok
10:11:24.0714 7312 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
10:11:24.0729 7312 WUDFRd - ok
10:11:24.0745 7312 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:11:24.0745 7312 wudfsvc - ok
10:11:24.0792 7312 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
10:11:24.0807 7312 WwanSvc - ok
10:11:24.0854 7312 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
10:11:24.0854 7312 yukonw7 - ok
10:11:24.0885 7312 ================ Scan global ===============================
10:11:24.0916 7312 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
10:11:24.0948 7312 [ 79CDA06F75AD5373DD447F57575C4400 ] C:\Windows\system32\winsrv.dll
10:11:24.0963 7312 [ 79CDA06F75AD5373DD447F57575C4400 ] C:\Windows\system32\winsrv.dll
10:11:24.0994 7312 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
10:11:25.0026 7312 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
10:11:25.0026 7312 [Global] - ok
10:11:25.0026 7312 ================ Scan MBR ==================================
10:11:25.0057 7312 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:11:25.0057 7312 Suspicious mbr (Forged): \Device\Harddisk0\DR0
10:11:25.0119 7312 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
10:11:25.0119 7312 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
10:11:25.0119 7312 ================ Scan VBR ==================================
10:11:25.0119 7312 [ B4A651EA79A9998884DA67ECFFB5E2E7 ] \Device\Harddisk0\DR0\Partition1
10:11:25.0135 7312 \Device\Harddisk0\DR0\Partition1 - ok
10:11:25.0150 7312 [ 42830D70BBEF9B5EC0B23BAAE40FA686 ] \Device\Harddisk0\DR0\Partition2
10:11:25.0150 7312 \Device\Harddisk0\DR0\Partition2 - ok
10:11:25.0150 7312 ============================================================
10:11:25.0150 7312 Scan finished
10:11:25.0150 7312 ============================================================
10:11:25.0166 7024 Detected object count: 1
10:11:25.0166 7024 Actual detected object count: 1
10:13:16.0488 7024 \Device\Harddisk0\DR0\# - copied to quarantine
10:13:16.0581 7024 \Device\Harddisk0\DR0 - copied to quarantine
10:13:19.0358 7024 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
10:13:19.0561 7024 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
10:13:19.0655 7024 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
10:13:20.0606 7024 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
10:13:20.0684 7024 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
10:13:20.0684 7024 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
10:13:20.0715 7024 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
10:13:20.0903 7024 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
10:13:20.0965 7024 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
10:13:21.0027 7024 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
10:13:21.0043 7024 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
10:13:21.0043 7024 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
10:13:21.0074 7024 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
10:13:21.0261 7024 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
10:13:21.0261 7024 \Device\Harddisk0\DR0 - ok
10:13:21.0651 7024 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
10:14:40.0322 2480 Deinitialize success

Good :)

Re-run MBAM and post new log.

========================

Uninstall STOPzilla, very questionable program.

=======================

You're not running any AV program.

Install ONE of these:

- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html

- free Microsoft Security Essentials: http://windows.microsoft.com/en-GB/w...ity-essentials
Note for Windows 8 users: Microsoft Security Essentials comes preinstalled and renamed as Windows Defender.
You can keep it or you have to disable it before installing another AV program. How to...

- free Comodo Antivirus: http://www.comodo.com/home/internet-.../antivirus.php

Update, run full scan, report on any findings.



=======================================

• Download RogueKiller on the desktop
• Close all the running programs
• Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

howzit
thanks for the quick replies!
mbam is updated and running a full scan now of c and d drive
i installed MSE yesterday. just checked it....was able to get update and in the quarantine as of 2:25 this afternoon is...
trojan DOS/aleureon.j
win64/alureon.gen!l
alereon gen!F
did not check remove all yet, because mbam is running

re; stopzilla
i tried to remove it the correct way but it would not un-install.
so i went into windows explorer and manually deleted the stopzilla files.
perhaps in the future ccleaner will remove what is left of it.

new mbam log
and i removed the ones in MSE. it looke like by the info given bekow that it was
picking up the one from tdss

Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.21.08

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Gary :: GARY-PC [administrator]

Protection: Enabled

11/21/2012 2:13:06 PM
mbam-log-2012-11-21 (14-13-06).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 454475
Time elapsed: 1 hour(s), 8 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\TDSSKiller_Quarantine\21.11.2012_10.10.57\mbr0000\tdlfs0000\tsk0002.dta (Trojan.Agent.MRGGen) -> Quarantined and deleted successfully.
C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

howzit broni
if you need to take a break for the holiday ,will understand if you can't answer for awhile.
i will be gone all day tom, so will have to quit sometime soon this eve.

here is rk 1 RogueKiller V8.3.1 [Nov 20 2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files...3-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : Gary [Admin rights]
Mode : Scan -- Date : 11/21/2012 16:47:05

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9320325AS +++++
--- User ---
[MBR] 960a118855db4d669c86488acc6e6502
[BSP] 2b0c1181ee2b162061b5e39b92e8b82e : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 290143 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_11212012_02d1647.txt >>
RKreport[1]_S_11212012_02d1647.txt


******here is rk2 for you*********

RogueKiller V8.3.1 [Nov 20 2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files...3-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : Gary [Admin rights]
Mode : Remove -- Date : 11/21/2012 16:50:25

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9320325AS +++++
--- User ---
[MBR] 960a118855db4d669c86488acc6e6502
[BSP] 2b0c1181ee2b162061b5e39b92e8b82e : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 290143 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_11212012_02d1650.txt >>
RKreport[1]_S_11212012_02d1647.txt ; RKreport[2]_D_11212012_02d1650.txt

Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/...-in-windows-7/
- Vista: http://www.howtogeek.com/howto/windo...ystem-restore/
- XP: http://support.microsoft.com/kb/948247

===========================

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  If the connection is not there use restore point you created prior to running Combofix.
• Double click on combofix.exe & follow the prompts.

• NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

thanks broni
i will get back to this fri am
that computer is not acting strange at all,no symptoms
and it will be off anyway .
don't eat too much