Inactive Windows 7 reboot in one minute sirefef help

R

Rob Thie

Posts: 13   +0
Thank you for any help. When booting win7 at desktop I get an error message system errror and will reboot after 1 minute. MS Security Ess. sees the virus as 3 different "sirefef" viruses. when prompted to remove, removal starts but virus times out and reboots. Here are the frst.txt and services.txt files.

Thank you for your time....


Rob
 

Attachments

  • FRST.txt
    29 KB · Views: 1
  • Search.txt
    588 bytes · Views: 1
Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 14-08-2012
Ran by SYSTEM at 14-08-2012 20:33:15
Running from G:\
Windows 7 Ultimate N (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [NUSB3MON] "C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [11438696 2011-10-25] (Realtek Semiconductor)
HKLM\...\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM\...\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [Monitor] "C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe" [268640 2011-11-12] (LeapFrog Enterprises, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2012-03-06] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2221352 2008-06-08] (Nero AG)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
HKU\Bethanie\...\Run: [CrashDumps] rundll32.exe "C:\Users\Bethanie\AppData\Local\Macromedia\CrashDumps\bgtoh.dll",CreateInstance [1675776 2012-08-10] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
AppInit_DLLs:

================================ Services (Whitelisted) ==================

2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [11552 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [214952 2012-03-26] (Microsoft Corporation)
2 RRAANXGN; C:\Windows\srvany.exe [13312 1997-05-15] ()
2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe /launchService [x]
2 PSI_SVC_2; "c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe" [x]

========================== Drivers (Whitelisted) =============

2 cpuz135; \??\C:\Windows\system32\drivers\cpuz135_x32.sys [24328 2012-03-09] (CPUID)
3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [61704 2011-09-22] (FTDI Ltd.)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [63872 2011-02-10] (Renesas Electronics Corporation)
3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [141952 2011-02-10] (Renesas Electronics Corporation)
3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [162720 2009-04-14] (Realtek Semiconductor Corp.)
3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [73696 2005-08-17] (MCCI)
3 USBNET; C:\Windows\System32\DRIVERS\vnetusbl.sys [107648 2004-03-26] (Cisco-Linksys LLC.)
2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [x]
3 fdrawcmd; \??\C:\Windows\system32\drivers\fdrawcmd.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-08-14 19:37 - 2012-08-14 19:37 - 00000000 ____D C:\FRST
2012-08-14 19:17 - 2012-08-14 19:17 - 00000000 ____D C:\Windows\pss
2012-08-14 18:45 - 2012-08-14 21:39 - 04009167 ____A C:\Users\Robert\Desktop\ServicesRepair.exe
2012-08-14 18:45 - 2012-08-14 21:38 - 02030547 ____A C:\Users\Robert\Desktop\EZ_Sirefix.exe
2012-08-14 18:45 - 2012-08-14 21:38 - 00138120 ____A (ESET) C:\Users\Robert\Desktop\ESETSirefefRemover.exe
2012-08-14 18:44 - 2012-08-14 18:44 - 00000000 ____D C:\Users\Public\Desktop\CC Support
2012-08-14 10:19 - 2012-08-14 10:19 - 00043480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\zesrqcun.sys
2012-08-14 06:06 - 2012-08-14 06:06 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-08-14 06:03 - 2012-08-14 06:04 - 10288512 ____A (Microsoft Corporation) C:\Users\Bethanie\Downloads\mseinstall(3).exe
2012-08-14 06:03 - 2012-08-14 06:03 - 10288512 ____A (Microsoft Corporation) C:\Users\Bethanie\Downloads\mseinstall(2).exe
2012-08-14 06:02 - 2012-08-14 06:02 - 10288512 ____A (Microsoft Corporation) C:\Users\Bethanie\Downloads\mseinstall(1).exe
2012-08-14 05:57 - 2012-08-14 05:57 - 00143856 ____A C:\Windows\Minidump\081412-19406-01.dmp
2012-08-14 05:54 - 2012-08-14 05:54 - 00143856 ____A C:\Windows\Minidump\081412-22947-01.dmp
2012-08-14 05:52 - 2012-08-14 05:52 - 00148016 ____A C:\Windows\Minidump\081412-25802-01.dmp
2012-08-14 04:50 - 2012-08-14 04:50 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-08-11 04:27 - 2012-08-11 04:27 - 00217118 ____A C:\Users\Robert\Documents\metro0812.xps
2012-08-07 17:22 - 2012-08-07 17:22 - 00546736 ____A C:\Windows\Minidump\080712-16442-01.dmp
2012-08-04 19:43 - 2012-08-04 20:23 - 00000000 ____D C:\Users\Bethanie\Desktop\iPad Photos
2012-08-03 18:32 - 2012-08-03 18:32 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-08-01 16:13 - 2012-08-01 16:13 - 00139688 ____A C:\Windows\Minidump\080112-32729-01.dmp
2012-07-31 19:34 - 2012-07-31 19:34 - 00139688 ____A C:\Windows\Minidump\073112-28485-01.dmp
2012-07-31 19:30 - 2012-07-31 19:30 - 00139632 ____A C:\Windows\Minidump\073112-22386-01.dmp
2012-07-31 19:18 - 2012-07-31 19:18 - 00143808 ____A C:\Windows\Minidump\073112-38001-01.dmp
2012-07-31 19:13 - 2012-07-31 19:13 - 00143808 ____A C:\Windows\Minidump\073112-43555-01.dmp
2012-07-31 18:51 - 2012-07-31 18:51 - 00139688 ____A C:\Windows\Minidump\073112-39811-01.dmp
2012-07-31 18:49 - 2012-07-31 18:49 - 00139688 ____A C:\Windows\Minidump\073112-31949-01.dmp
2012-07-31 18:43 - 2012-07-31 18:43 - 00889416 ____A (Microsoft Corporation) C:\Users\Robert\Downloads\dotNetFx40_Full_setup.exe
2012-07-31 18:39 - 2012-07-31 18:39 - 00509264 ____A (Microsoft Corporation) C:\Users\Robert\Downloads\winsdk_web.exe
2012-07-31 18:23 - 2012-07-31 18:23 - 00971464 ____A (Microsoft Corporation) C:\Users\Robert\Downloads\sdksetup.exe
2012-07-31 18:20 - 2012-07-31 18:41 - 00000000 ____D C:\Users\All Users\Package Cache
2012-07-31 18:18 - 2012-07-31 18:19 - 00962368 ____A (Microsoft Corporation) C:\Users\Robert\Downloads\wdksetup.exe
2012-07-31 18:06 - 2012-07-31 18:06 - 01348940 ____A C:\Users\Robert\Downloads\7642v1D.zip
2012-07-31 18:03 - 2012-07-31 18:25 - 380235842 ____A C:\Users\Robert\Downloads\ati_system_drive_mb.zip
2012-07-31 17:58 - 2012-07-31 17:58 - 00143808 ____A C:\Windows\Minidump\073112-30544-01.dmp
2012-07-31 17:44 - 2012-07-31 17:44 - 00143808 ____A C:\Windows\Minidump\073112-25630-01.dmp
2012-07-31 17:39 - 2012-07-31 17:39 - 00143808 ____A C:\Windows\Minidump\073112-18954-01.dmp
2012-07-31 17:34 - 2012-07-31 17:34 - 00143808 ____A C:\Windows\Minidump\073112-39702-01.dmp
2012-07-31 17:15 - 2012-07-31 17:15 - 00143808 ____A C:\Windows\Minidump\073112-43508-01.dmp
2012-07-31 17:10 - 2012-07-31 17:10 - 00143808 ____A C:\Windows\Minidump\073112-33509-01.dmp
2012-07-31 17:05 - 2012-07-31 17:05 - 00143808 ____A C:\Windows\Minidump\073112-47767-01.dmp
2012-07-31 16:02 - 2012-07-31 16:02 - 00000000 ____D C:\Windows\Sun
2012-07-31 14:46 - 2012-07-31 14:46 - 00143808 ____A C:\Windows\Minidump\073112-18735-01.dmp
2012-07-31 14:18 - 2012-07-31 14:18 - 00143856 ____A C:\Windows\Minidump\073112-20420-01.dmp
2012-07-31 14:13 - 2012-07-31 14:13 - 00143856 ____A C:\Windows\Minidump\073112-22167-01.dmp
2012-07-31 14:08 - 2012-07-31 14:08 - 00143856 ____A C:\Windows\Minidump\073112-17035-01.dmp
2012-07-31 14:04 - 2012-07-31 14:04 - 00143856 ____A C:\Windows\Minidump\073112-17659-01.dmp
2012-07-31 13:59 - 2012-07-31 13:59 - 00143856 ____A C:\Windows\Minidump\073112-17799-01.dmp
2012-07-31 04:48 - 2012-07-31 04:48 - 00143856 ____A C:\Windows\Minidump\073112-18376-01.dmp
2012-07-31 04:44 - 2012-07-31 04:44 - 00143808 ____A C:\Windows\Minidump\073112-16957-01.dmp
2012-07-30 17:25 - 2012-07-30 17:25 - 00143856 ____A C:\Windows\Minidump\073012-18938-01.dmp
2012-07-30 17:21 - 2012-07-30 17:21 - 00143856 ____A C:\Windows\Minidump\073012-16348-01.dmp
2012-07-30 17:17 - 2012-07-30 17:17 - 00143856 ____A C:\Windows\Minidump\073012-16645-01.dmp
2012-07-30 17:12 - 2012-07-30 17:12 - 00143856 ____A C:\Windows\Minidump\073012-16536-01.dmp
2012-07-30 17:08 - 2012-07-30 17:08 - 00143856 ____A C:\Windows\Minidump\073012-16676-01.dmp
2012-07-30 17:03 - 2012-07-30 17:03 - 00143856 ____A C:\Windows\Minidump\073012-16411-01.dmp
2012-07-30 16:59 - 2012-07-30 16:59 - 00143856 ____A C:\Windows\Minidump\073012-17472-01.dmp
2012-07-30 16:54 - 2012-07-30 16:54 - 00143856 ____A C:\Windows\Minidump\073012-19141-01.dmp
2012-07-30 16:50 - 2012-07-30 16:50 - 00143856 ____A C:\Windows\Minidump\073012-17690-01.dmp
2012-07-30 16:45 - 2012-07-30 16:45 - 00143856 ____A C:\Windows\Minidump\073012-16208-01.dmp
2012-07-30 16:41 - 2012-07-30 16:41 - 00143856 ____A C:\Windows\Minidump\073012-16629-01.dmp
2012-07-30 16:36 - 2012-07-30 16:36 - 00143856 ____A C:\Windows\Minidump\073012-16255-01.dmp
2012-07-30 16:32 - 2012-07-30 16:32 - 00143856 ____A C:\Windows\Minidump\073012-18049-01.dmp
2012-07-30 16:28 - 2012-07-30 16:28 - 00143856 ____A C:\Windows\Minidump\073012-16692-01.dmp
2012-07-30 16:23 - 2012-07-30 16:23 - 00143856 ____A C:\Windows\Minidump\073012-18657-01.dmp
2012-07-30 16:19 - 2012-07-30 16:19 - 00143856 ____A C:\Windows\Minidump\073012-18470-01.dmp
2012-07-30 16:14 - 2012-07-30 16:14 - 00143856 ____A C:\Windows\Minidump\073012-18548-01.dmp
2012-07-30 16:09 - 2012-07-30 16:10 - 00143856 ____A C:\Windows\Minidump\073012-20389-02.dmp
2012-07-30 16:05 - 2012-07-30 16:05 - 00143856 ____A C:\Windows\Minidump\073012-20872-01.dmp
2012-07-30 16:00 - 2012-07-30 16:00 - 00143856 ____A C:\Windows\Minidump\073012-20623-01.dmp
2012-07-30 15:55 - 2012-07-30 15:55 - 00143856 ____A C:\Windows\Minidump\073012-20482-02.dmp
2012-07-30 15:50 - 2012-07-30 15:50 - 00143856 ____A C:\Windows\Minidump\073012-20436-02.dmp
2012-07-30 15:45 - 2012-07-30 15:45 - 00143856 ____A C:\Windows\Minidump\073012-20685-03.dmp
2012-07-30 15:40 - 2012-07-30 15:40 - 00143856 ____A C:\Windows\Minidump\073012-19890-01.dmp
2012-07-28 05:19 - 2012-07-28 05:19 - 00000000 ____D C:\Program Files\AMD APP
2012-07-25 17:11 - 2012-07-25 17:11 - 00001394 ____A C:\Users\Bethanie\Desktop\Adobe DNG Converter - Shortcut (2).lnk
2012-07-25 17:00 - 2012-07-25 17:07 - 92942912 ____A C:\Users\Bethanie\Downloads\DNGConverter_7_1.exe
2012-07-15 17:14 - 2009-04-20 11:23 - 00123904 ____A (Hewlett-Packard Company) C:\Windows\System32\hpf3l70w.dll
2012-07-15 17:13 - 2012-07-15 17:13 - 00000000 ____D C:\Users\All Users\HP
2012-07-15 17:13 - 2009-08-17 10:26 - 00452408 ____A (Hewlett-Packard) C:\Windows\System32\hpzids01.dll
2012-07-15 17:09 - 2012-07-15 17:12 - 76725184 ____A C:\Users\Bethanie\Downloads\OJ4500vG510g-m_basic_13_en.exe

============ 3 Months Modified Files ========================

2012-08-14 21:38 - 2012-08-14 18:45 - 02030547 ____A C:\Users\Robert\Desktop\EZ_Sirefix.exe
2012-08-14 21:38 - 2012-08-14 18:45 - 00138120 ____A (ESET) C:\Users\Robert\Desktop\ESETSirefefRemover.exe
2012-08-14 18:57 - 2009-07-13 20:07 - 00050353 ____A C:\Windows\setupact.log
2012-08-14 18:55 - 2012-06-11 20:40 - 00000105 ____A C:\Windows\nextgen.ini
2012-08-14 18:55 - 2009-07-13 20:17 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-14 18:00 - 2011-12-20 03:21 - 00562448 ____A C:\Windows\PFRO.log
2012-08-14 10:19 - 2012-08-14 10:19 - 00043480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\zesrqcun.sys
2012-08-14 06:09 - 2012-04-29 20:56 - 00001945 ____A C:\Windows\epplauncher.mif
2012-08-14 06:07 - 2011-12-17 08:56 - 01838794 ____A C:\Windows\WindowsUpdate.log
2012-08-14 06:06 - 2011-12-17 09:03 - 00742892 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-14 06:04 - 2012-08-14 06:03 - 10288512 ____A (Microsoft Corporation) C:\Users\Bethanie\Downloads\mseinstall(3).exe
2012-08-14 06:04 - 2009-07-13 20:02 - 00014832 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-14 06:04 - 2009-07-13 20:02 - 00014832 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-14 06:03 - 2012-08-14 06:03 - 10288512 ____A (Microsoft Corporation) C:\Users\Bethanie\Downloads\mseinstall(2).exe
2012-08-14 06:02 - 2012-08-14 06:02 - 10288512 ____A (Microsoft Corporation) C:\Users\Bethanie\Downloads\mseinstall(1).exe
2012-08-14 05:57 - 2012-08-14 05:57 - 00143856 ____A C:\Windows\Minidump\081412-19406-01.dmp
2012-08-14 05:56 - 2012-07-10 17:28 - 265629713 ____A C:\Windows\MEMORY.DMP
2012-08-14 05:55 - 2012-05-07 07:38 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-14 05:54 - 2012-08-14 05:54 - 00143856 ____A C:\Windows\Minidump\081412-22947-01.dmp
2012-08-14 05:52 - 2012-08-14 05:52 - 00148016 ____A C:\Windows\Minidump\081412-25802-01.dmp
2012-08-14 05:52 - 2009-07-13 20:17 - 00032618 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-11 04:27 - 2012-08-11 04:27 - 00217118 ____A C:\Users\Robert\Documents\metro0812.xps
2012-08-07 17:22 - 2012-08-07 17:22 - 00546736 ____A C:\Windows\Minidump\080712-16442-01.dmp
2012-08-04 16:55 - 2012-05-07 07:38 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-08-04 16:55 - 2011-12-17 09:58 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-08-01 16:13 - 2012-08-01 16:13 - 00139688 ____A C:\Windows\Minidump\080112-32729-01.dmp
2012-07-31 19:34 - 2012-07-31 19:34 - 00139688 ____A C:\Windows\Minidump\073112-28485-01.dmp
2012-07-31 19:30 - 2012-07-31 19:30 - 00139632 ____A C:\Windows\Minidump\073112-22386-01.dmp
2012-07-31 19:18 - 2012-07-31 19:18 - 00143808 ____A C:\Windows\Minidump\073112-38001-01.dmp
2012-07-31 19:13 - 2012-07-31 19:13 - 00143808 ____A C:\Windows\Minidump\073112-43555-01.dmp
2012-07-31 18:51 - 2012-07-31 18:51 - 00139688 ____A C:\Windows\Minidump\073112-39811-01.dmp
2012-07-31 18:49 - 2012-07-31 18:49 - 00139688 ____A C:\Windows\Minidump\073112-31949-01.dmp
2012-07-31 18:43 - 2012-07-31 18:43 - 00889416 ____A (Microsoft Corporation) C:\Users\Robert\Downloads\dotNetFx40_Full_setup.exe
2012-07-31 18:39 - 2012-07-31 18:39 - 00509264 ____A (Microsoft Corporation) C:\Users\Robert\Downloads\winsdk_web.exe
2012-07-31 18:25 - 2012-07-31 18:03 - 380235842 ____A C:\Users\Robert\Downloads\ati_system_drive_mb.zip
2012-07-31 18:23 - 2012-07-31 18:23 - 00971464 ____A (Microsoft Corporation) C:\Users\Robert\Downloads\sdksetup.exe
2012-07-31 18:19 - 2012-07-31 18:18 - 00962368 ____A (Microsoft Corporation) C:\Users\Robert\Downloads\wdksetup.exe
2012-07-31 18:06 - 2012-07-31 18:06 - 01348940 ____A C:\Users\Robert\Downloads\7642v1D.zip
2012-07-31 17:58 - 2012-07-31 17:58 - 00143808 ____A C:\Windows\Minidump\073112-30544-01.dmp
2012-07-31 17:44 - 2012-07-31 17:44 - 00143808 ____A C:\Windows\Minidump\073112-25630-01.dmp
2012-07-31 17:39 - 2012-07-31 17:39 - 00143808 ____A C:\Windows\Minidump\073112-18954-01.dmp
2012-07-31 17:34 - 2012-07-31 17:34 - 00143808 ____A C:\Windows\Minidump\073112-39702-01.dmp
2012-07-31 17:15 - 2012-07-31 17:15 - 00143808 ____A C:\Windows\Minidump\073112-43508-01.dmp
2012-07-31 17:10 - 2012-07-31 17:10 - 00143808 ____A C:\Windows\Minidump\073112-33509-01.dmp
2012-07-31 17:05 - 2012-07-31 17:05 - 00143808 ____A C:\Windows\Minidump\073112-47767-01.dmp
2012-07-31 14:46 - 2012-07-31 14:46 - 00143808 ____A C:\Windows\Minidump\073112-18735-01.dmp
2012-07-31 14:18 - 2012-07-31 14:18 - 00143856 ____A C:\Windows\Minidump\073112-20420-01.dmp
2012-07-31 14:13 - 2012-07-31 14:13 - 00143856 ____A C:\Windows\Minidump\073112-22167-01.dmp
2012-07-31 14:08 - 2012-07-31 14:08 - 00143856 ____A C:\Windows\Minidump\073112-17035-01.dmp
2012-07-31 14:04 - 2012-07-31 14:04 - 00143856 ____A C:\Windows\Minidump\073112-17659-01.dmp
2012-07-31 13:59 - 2012-07-31 13:59 - 00143856 ____A C:\Windows\Minidump\073112-17799-01.dmp
2012-07-31 04:48 - 2012-07-31 04:48 - 00143856 ____A C:\Windows\Minidump\073112-18376-01.dmp
2012-07-31 04:44 - 2012-07-31 04:44 - 00143808 ____A C:\Windows\Minidump\073112-16957-01.dmp
2012-07-30 17:25 - 2012-07-30 17:25 - 00143856 ____A C:\Windows\Minidump\073012-18938-01.dmp
2012-07-30 17:21 - 2012-07-30 17:21 - 00143856 ____A C:\Windows\Minidump\073012-16348-01.dmp
2012-07-30 17:17 - 2012-07-30 17:17 - 00143856 ____A C:\Windows\Minidump\073012-16645-01.dmp
2012-07-30 17:12 - 2012-07-30 17:12 - 00143856 ____A C:\Windows\Minidump\073012-16536-01.dmp
2012-07-30 17:08 - 2012-07-30 17:08 - 00143856 ____A C:\Windows\Minidump\073012-16676-01.dmp
2012-07-30 17:03 - 2012-07-30 17:03 - 00143856 ____A C:\Windows\Minidump\073012-16411-01.dmp
2012-07-30 16:59 - 2012-07-30 16:59 - 00143856 ____A C:\Windows\Minidump\073012-17472-01.dmp
2012-07-30 16:54 - 2012-07-30 16:54 - 00143856 ____A C:\Windows\Minidump\073012-19141-01.dmp
2012-07-30 16:50 - 2012-07-30 16:50 - 00143856 ____A C:\Windows\Minidump\073012-17690-01.dmp
2012-07-30 16:45 - 2012-07-30 16:45 - 00143856 ____A C:\Windows\Minidump\073012-16208-01.dmp
2012-07-30 16:41 - 2012-07-30 16:41 - 00143856 ____A C:\Windows\Minidump\073012-16629-01.dmp
2012-07-30 16:36 - 2012-07-30 16:36 - 00143856 ____A C:\Windows\Minidump\073012-16255-01.dmp
2012-07-30 16:32 - 2012-07-30 16:32 - 00143856 ____A C:\Windows\Minidump\073012-18049-01.dmp
2012-07-30 16:28 - 2012-07-30 16:28 - 00143856 ____A C:\Windows\Minidump\073012-16692-01.dmp
2012-07-30 16:23 - 2012-07-30 16:23 - 00143856 ____A C:\Windows\Minidump\073012-18657-01.dmp
2012-07-30 16:19 - 2012-07-30 16:19 - 00143856 ____A C:\Windows\Minidump\073012-18470-01.dmp
2012-07-30 16:14 - 2012-07-30 16:14 - 00143856 ____A C:\Windows\Minidump\073012-18548-01.dmp
2012-07-30 16:10 - 2012-07-30 16:09 - 00143856 ____A C:\Windows\Minidump\073012-20389-02.dmp
2012-07-30 16:05 - 2012-07-30 16:05 - 00143856 ____A C:\Windows\Minidump\073012-20872-01.dmp
2012-07-30 16:00 - 2012-07-30 16:00 - 00143856 ____A C:\Windows\Minidump\073012-20623-01.dmp
2012-07-30 15:55 - 2012-07-30 15:55 - 00143856 ____A C:\Windows\Minidump\073012-20482-02.dmp
2012-07-30 15:50 - 2012-07-30 15:50 - 00143856 ____A C:\Windows\Minidump\073012-20436-02.dmp
2012-07-30 15:45 - 2012-07-30 15:45 - 00143856 ____A C:\Windows\Minidump\073012-20685-03.dmp
2012-07-30 15:40 - 2012-07-30 15:40 - 00143856 ____A C:\Windows\Minidump\073012-19890-01.dmp
2012-07-28 06:28 - 2011-12-17 09:44 - 00000426 ____A C:\Windows\BRWMARK.INI
2012-07-27 12:57 - 2012-05-31 11:20 - 00000063 ____A C:\Users\Bethanie\AppData\Roaming\default.pls
2012-07-25 17:11 - 2012-07-25 17:11 - 00001394 ____A C:\Users\Bethanie\Desktop\Adobe DNG Converter - Shortcut (2).lnk
2012-07-25 17:07 - 2012-07-25 17:00 - 92942912 ____A C:\Users\Bethanie\Downloads\DNGConverter_7_1.exe
2012-07-15 17:12 - 2012-07-15 17:09 - 76725184 ____A C:\Users\Bethanie\Downloads\OJ4500vG510g-m_basic_13_en.exe
2012-07-12 17:36 - 2012-07-12 22:08 - 11050569 ____A C:\Users\Bethanie\Downloads\MATRIX-TM User Guide Version 4.7.rar
2012-07-12 17:36 - 2012-07-12 17:35 - 11050569 ____A C:\Users\Robert\Downloads\MATRIX-TM User Guide Version 4.7.rar
2012-07-12 17:15 - 2009-07-13 20:02 - 01957976 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-11 20:31 - 2011-12-17 10:19 - 57442464 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-11 14:21 - 2012-07-11 14:21 - 25807325 ____A C:\Users\Bethanie\Desktop\068.MOV
2012-07-04 14:46 - 2012-07-04 14:46 - 23424007 ____A C:\Users\Bethanie\Desktop\053.MOV
2012-07-04 14:38 - 2012-07-04 14:38 - 45696737 ____A C:\Users\Bethanie\Desktop\051.MOV
2012-06-24 10:27 - 2012-06-24 10:27 - 11747728 ____A (Applian Technologies) C:\Users\Bethanie\Downloads\RCATSetup.exe
2012-06-24 10:23 - 2012-06-24 10:23 - 00463080 ____A (CNET Download.com) C:\Users\Bethanie\Downloads\cnet2_RCATSetup_exe(1).exe
2012-06-24 10:16 - 2012-06-24 10:16 - 00463080 ____A (CNET Download.com) C:\Users\Bethanie\Downloads\cnet2_RCATSetup_exe.exe
2012-06-24 06:36 - 2012-06-24 06:36 - 00001091 ____A C:\Users\Bethanie\Desktop\Pictures - Shortcut.lnk
2012-06-20 18:21 - 2012-06-20 18:21 - 16478098 ____A C:\Users\Robert\Downloads\redsn0w_win_0.9.14b1.zip
2012-06-20 17:55 - 2012-06-20 17:55 - 711381012 ____A C:\Users\Robert\Desktop\sn0wbreeze_iPhone_3GS-5.1.1-9B206.ipsw
2012-06-20 17:38 - 2012-06-20 17:37 - 27039376 ____A C:\Users\Robert\Downloads\sn0wbreeze-v2.9.6.zip
2012-06-20 16:52 - 2012-06-20 16:46 - 720391327 ____A C:\Users\Robert\Downloads\iPhone2,1_5.1.1_9B206_Restore.ipsw
2012-06-17 21:28 - 2012-06-17 21:28 - 19570930 ____A C:\Users\Bethanie\Downloads\redsn0w_win_0.9.13dev1.zip
2012-06-17 21:25 - 2012-06-17 21:19 - 718181968 ____A C:\Users\Bethanie\Downloads\iPhone2,1_5.0.1_9A405_Restore.ipsw
2012-06-17 19:46 - 2012-06-17 19:43 - 396281280 ____A C:\Users\Bethanie\Downloads\iPhone2,1_4.0_8A293_Restore.ipsw
2012-06-17 18:14 - 2012-06-17 18:13 - 14820003 ____A C:\Users\Robert\Downloads\redsn0w_win_0.9.10b4.zip
2012-06-17 18:08 - 2012-06-17 18:08 - 00661600 ____A (OptimumInstaller) C:\Users\Robert\Downloads\Setup.exe
2012-06-17 17:53 - 2012-06-17 17:53 - 16388409 ____A C:\Users\Robert\Downloads\redsn0w_win_0.9.12b1.zip
2012-06-13 14:27 - 2011-12-17 13:57 - 00002013 ____A C:\Users\Bethanie\Desktop\ProDPI ROES.lnk
2012-06-11 22:09 - 2011-12-17 09:53 - 00165968 ____A C:\Users\Robert\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-11 21:55 - 2012-06-11 21:55 - 00000912 ____A C:\Users\Robert\Desktop\Acura Catalog.lnk
2012-06-11 21:42 - 2012-06-11 21:42 - 00000912 ____A C:\Users\Robert\Desktop\Honda Catalog.lnk
2012-06-11 20:46 - 2011-12-17 09:36 - 00165968 ____A C:\Users\Bethanie\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-11 20:40 - 2012-06-11 20:40 - 00001460 ____A C:\Users\Public\Desktop\Interactive Network.lnk
2012-06-11 18:44 - 2012-07-11 20:30 - 02344448 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-11 12:50 - 2012-06-11 12:50 - 00159232 ____A C:\Windows\System32\clinfo.exe
2012-06-11 12:50 - 2012-06-11 12:50 - 00065024 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OpenVideo.dll
2012-06-11 12:50 - 2012-06-11 12:50 - 00056320 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OVDecode.dll
2012-06-11 12:49 - 2012-06-11 12:49 - 13008896 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\amdocl.dll
2012-06-08 20:46 - 2012-07-11 08:34 - 12868608 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-05 21:09 - 2012-07-11 08:34 - 01389568 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 21:09 - 2012-07-11 08:34 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-02 14:19 - 2012-06-18 15:59 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-18 15:59 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-18 15:59 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 14:19 - 2012-06-18 15:59 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-18 15:59 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-18 15:59 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:12 - 2012-06-18 15:59 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:12 - 2012-06-18 15:59 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:12 - 2012-06-18 15:59 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-01 20:51 - 2012-07-11 08:34 - 00134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 20:51 - 2012-07-11 08:34 - 00067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 20:50 - 2012-07-11 08:34 - 00369336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 20:48 - 2012-07-11 08:34 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 20:47 - 2012-07-11 08:34 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll


ZeroAccess:
C:\Windows\Installer\{9e45835f-334a-e86e-6943-1ce6470e69d5}
C:\Windows\Installer\{9e45835f-334a-e86e-6943-1ce6470e69d5}\@
C:\Windows\Installer\{9e45835f-334a-e86e-6943-1ce6470e69d5}\L
C:\Windows\Installer\{9e45835f-334a-e86e-6943-1ce6470e69d5}\n
C:\Windows\Installer\{9e45835f-334a-e86e-6943-1ce6470e69d5}\U
C:\Windows\Installer\{9e45835f-334a-e86e-6943-1ce6470e69d5}\L\00000004.@
C:\Windows\Installer\{9e45835f-334a-e86e-6943-1ce6470e69d5}\L\201d3dde

ZeroAccess:
C:\Windows\assembly\GAC\Desktop.ini

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe A302BBFF2A7278C0E239EE5D471D86A9 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 14%
Total physical RAM: 3583.18 MB
Available physical RAM: 3067.77 MB
Total Pagefile: 3581.46 MB
Available Pagefile: 3064.49 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.2 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:390.53 GB) (Free:284.94 GB) NTFS
2 Drive e: () (Fixed) (Total:1472.39 GB) (Free:513.77 GB) NTFS
4 Drive g: (LEGO 2GB) (Removable) (Total:1.87 GB) (Free:1.86 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 1863 GB 0 B
Disk 1 Online 1914 MB 0 B
Disk 2 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 390 GB 101 MB
Partition 3 Primary 1472 GB 390 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 390 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E NTFS Partition 1472 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 1914 MB 0 B

==================================================================================

Disk: 1
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

==================================================================================

Last Boot: 2012-08-07 06:40

======================= End Of Log ==========================
 
Farbar Recovery Scan Tool Version: 14-08-2012
Ran by SYSTEM at 2012-08-14 20:38:23
Running from G:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

C:\Windows\System32\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) A302BBFF2A7278C0E239EE5D471D86A9

=== End Of Search ===
 
Hello, and welcome to TechSpot.


rulesx.png
Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

FRST Fixlist

Please run the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
Replace: C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe C:\Windows\System32\services.exe
C:\Windows\Installer\{9e45835f-334a-e86e-6943-1ce6470e69d5}
C:\Windows\assembly\GAC\Desktop.ini
end
Click to expand...

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now, please enter System Recovery Options then select Command Prompt.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.
 
Hello DragonMasterJay,

Here is the fixlog, there is no reboot problem anymore. Thank you sooo much for your help. Do you rec. any other procedures? Can I run a system scan with security essentials? Thank you again for your time and for repairing my computer.

Rob


Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 14-08-2012
Ran by SYSTEM at 2012-08-15 16:44:12 Run:1
Running from G:\

==============================================

C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe copied successfully to C:\Windows\System32\services.exe
C:\Windows\Installer\{9e45835f-334a-e86e-6943-1ce6470e69d5} moved successfully.
C:\Windows\assembly\GAC\Desktop.ini moved successfully.

==== End of Fixlog ====
 
You're welcome, but not done just yet. With infections like these, other infections are probably present still...

ComboFix

Please download ComboFix
combofix.gif
by sUBs
From BleepingComputer.com

Please save the file to your Desktop, but rename it first to svchost.exe

Important information about ComboFix

Before the download:
  • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
  • It is important to rename ComboFix before the download.
  • Please do not rename ComboFix to other names, but only the one indicated.
After the download:
  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
Running ComboFix:
  • Double click on svchost.exe & follow the prompts.
  • It will attempt to install the Recovery Console:
  • When ComboFix finishes, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" in your next reply.
Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.
 
hello again, here is the latest....

ComboFix 12-08-16.01 - Robert 08/16/2012 19:05:22.1.6 - x86 MINIMAL
Microsoft Windows 7 Ultimate N 6.1.7600.0.1252.1.1033.18.3327.2305 [GMT -7:00]
Running from: c:\users\Robert\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\EC481FA554.sys
c:\windows\regsvr.exe
c:\windows\regsvr32.exe
c:\windows\system\system.ini
c:\windows\system32\~GLH0a71.TMP
c:\windows\system32\~GLH0a72.TMP
.
.
((((((((((((((((((((((((( Files Created from 2012-07-17 to 2012-08-17 )))))))))))))))))))))))))))))))
.
.
2012-08-17 02:09 . 2012-08-17 02:09 -------- d-----w- c:\users\Robert\AppData\Local\temp
2012-08-17 02:09 . 2012-08-17 02:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-17 02:09 . 2012-08-17 02:09 -------- d-----w- c:\users\Bethanie\AppData\Local\temp
2012-08-15 03:37 . 2012-08-15 03:37 -------- d-----w- C:\FRST
2012-08-14 18:19 . 2012-08-14 18:19 43480 ----a-w- c:\windows\system32\drivers\zesrqcun.sys
2012-08-14 14:10 . 2012-02-09 21:17 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3ACD9528-538C-446C-8E4B-46DD6306CC71}\gapaengine.dll
2012-08-14 14:09 . 2012-07-16 09:41 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8F626BB0-D35A-4231-A3FA-012AB081C7A4}\mpengine.dll
2012-08-14 14:06 . 2012-08-14 14:06 -------- d-----w- c:\program files\Microsoft Security Client
2012-08-14 12:50 . 2012-08-14 12:50 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-08-14 12:38 . 2012-08-14 12:38 124416 ----a-w- c:\programdata\Microsoft\Windows\DRM\5CC0.tmp
2012-08-04 02:32 . 2012-08-04 02:32 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-01 02:20 . 2012-08-01 02:41 -------- d-----w- c:\programdata\Package Cache
2012-08-01 00:02 . 2012-08-01 00:02 -------- d-----w- c:\windows\Sun
2012-07-30 13:41 . 2012-07-30 13:41 111104 ----a-w- c:\programdata\Microsoft\Windows\DRM\E8F7.tmp
2012-07-28 13:19 . 2012-07-28 13:19 -------- d-----w- c:\program files\AMD APP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-05 00:55 . 2012-05-07 15:38 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-05 00:55 . 2011-12-17 17:58 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-12 02:44 . 2012-07-12 04:30 2344448 ----a-w- c:\windows\system32\win32k.sys
2012-06-11 20:50 . 2012-06-11 20:50 159232 ----a-w- c:\windows\system32\clinfo.exe
2012-06-11 20:50 . 2012-06-11 20:50 65024 ----a-w- c:\windows\system32\OpenVideo.dll
2012-06-11 20:50 . 2012-06-11 20:50 56320 ----a-w- c:\windows\system32\OVDecode.dll
2012-06-11 20:49 . 2012-06-11 20:49 13008896 ----a-w- c:\windows\system32\amdocl.dll
2012-06-06 05:09 . 2012-07-11 16:34 1389568 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:09 . 2012-07-11 16:34 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-02 22:19 . 2012-06-18 23:59 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-18 23:59 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-18 23:59 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-18 23:59 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-18 23:59 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-18 23:59 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-18 23:59 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-18 23:59 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:12 . 2012-06-18 23:59 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 04:51 . 2012-07-11 16:34 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:51 . 2012-07-11 16:34 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:50 . 2012-07-11 16:34 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 04:48 . 2012-07-11 16:34 225280 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:47 . 2012-07-11 16:34 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-21 23:15 . 2011-12-17 17:04 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-10-25 11438696]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-27 1159168]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-07 421736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 931200]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AML Device Install.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AML Device Install.lnk
backup=c:\windows\pss\AML Device Install.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
2012-05-26 13:32 4327744 ----a-w- c:\users\Robert\AppData\Local\Akamai\netsession_win.exe
.
R1 MpKsl5ca33218;MpKsl5ca33218;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8F626BB0-D35A-4231-A3FA-012AB081C7A4}\MpKsl5ca33218.sys [x]
R1 MpKsl5f2e2afa;MpKsl5f2e2afa;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8F626BB0-D35A-4231-A3FA-012AB081C7A4}\MpKsl5f2e2afa.sys [x]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
R2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [x]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [x]
R2 RRAANXGN;RRAANXGN;c:\windows\srvany.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
R3 fdrawcmd;Low-level Floppy Driver;c:\windows\system32\drivers\fdrawcmd.sys [x]
R3 LeapFrog-USBLAN;LeapFrog-USBLAN;c:\windows\system32\DRIVERS\btblan.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
R3 USBNET;Instant Wireless USB Network Adapter ver.2.6 Driver;c:\windows\system32\DRIVERS\vnetusbl.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-07 00:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
Trusted Zone: 164.109.25.72
Trusted Zone: 207.130.86.35
Trusted Zone: acura.com
Trusted Zone: acuraclientpurchaseexperience.com
Trusted Zone: acurainfo.programhq.com
Trusted Zone: acuraspinplay.programhq.com
Trusted Zone: ahm-ownerlink.com
Trusted Zone: ahm.com
Trusted Zone: ahmdealer.com
Trusted Zone: honda.com
Trusted Zone: honda.vo.llnwd.net
Trusted Zone: hondaadcmd.com
Trusted Zone: hondacars.com
Trusted Zone: hondainfo.programhq.com
Trusted Zone: hondamap.com
Trusted Zone: hondaprofessional.com
Trusted Zone: hondaspinplay.programhq.com
Trusted Zone: hondasso.com
Trusted Zone: jdpa.com
Trusted Zone: jdpower.com
Trusted Zone: mylcchonda.com
Trusted Zone: pcsc.acurasrs.com
Trusted Zone: prospectingacurasrs.com
Trusted Zone: travelhq.com
Trusted Zone: xmradio.com
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\3t97onhd.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=164&systemid=406&sr=0&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
AddRemove-Settlers3Deinstall - c:\bluebyte\Settlers3\DeIsL1.isu
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-16 19:11:39
ComboFix-quarantined-files.txt 2012-08-17 02:11
.
Pre-Run: 304,858,181,632 bytes free
Post-Run: 313,992,347,648 bytes free
.
- - End Of File - - 6CEC4A69EC0B21E23EA1397F0A5155F4
 
ComboFix Script

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the codebox below into it:
    ClearJavaCache::

    File::
    c:\windows\system32\drivers\zesrqcun.sys

    DDS::
    uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
    Click to expand...
  • Save this as CFScript.txt, in the same location as ComboFix.exe

    CFScriptB-4.gif
  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • Please post the contents of the log in your next reply.
 
hello,
I have been running ComboFix in safe mode. The system will BSOD with an atasys malfunction. I resently removed some virus prior to this malfunction but after you resolved the 1 minute restart issue I noticed that it crashes randomly. here is the next txt doc. thank you againfor your time.

rob

ComboFix 12-08-16.01 - Robert 08/17/2012 15:27:52.2.6 - x86 MINIMAL
Microsoft Windows 7 Ultimate N 6.1.7600.0.1252.1.1033.18.3327.2408 [GMT -7:00]
Running from: c:\users\Robert\Desktop\ComboFix.exe
Command switches used :: c:\users\Robert\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\windows\system32\drivers\zesrqcun.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\zesrqcun.sys
.
.
((((((((((((((((((((((((( Files Created from 2012-07-17 to 2012-08-17 )))))))))))))))))))))))))))))))
.
.
2012-08-17 22:32 . 2012-08-17 22:32 -------- d-----w- c:\users\Robert\AppData\Local\temp
2012-08-17 22:32 . 2012-08-17 22:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-17 22:32 . 2012-08-17 22:32 -------- d-----w- c:\users\Bethanie\AppData\Local\temp
2012-08-17 22:22 . 2012-08-17 22:25 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EED814F7-1FF8-4DDE-8200-342344E822CC}\offreg.dll
2012-08-17 22:22 . 2012-08-17 22:25 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8F626BB0-D35A-4231-A3FA-012AB081C7A4}\offreg.dll
2012-08-17 01:51 . 2012-08-17 01:51 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8F626BB0-D35A-4231-A3FA-012AB081C7A4}\MpKsl5ca33218.sys
2012-08-15 03:37 . 2012-08-15 03:37 -------- d-----w- C:\FRST
2012-08-14 14:10 . 2012-02-09 21:17 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3ACD9528-538C-446C-8E4B-46DD6306CC71}\gapaengine.dll
2012-08-14 14:09 . 2012-07-16 09:41 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8F626BB0-D35A-4231-A3FA-012AB081C7A4}\mpengine.dll
2012-08-14 14:06 . 2012-08-14 14:06 -------- d-----w- c:\program files\Microsoft Security Client
2012-08-14 12:50 . 2012-08-14 12:50 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-08-14 12:38 . 2012-08-14 12:38 124416 ----a-w- c:\programdata\Microsoft\Windows\DRM\5CC0.tmp
2012-08-04 02:32 . 2012-08-04 02:32 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-01 02:20 . 2012-08-01 02:41 -------- d-----w- c:\programdata\Package Cache
2012-08-01 00:02 . 2012-08-01 00:02 -------- d-----w- c:\windows\Sun
2012-07-30 13:41 . 2012-07-30 13:41 111104 ----a-w- c:\programdata\Microsoft\Windows\DRM\E8F7.tmp
2012-07-28 13:19 . 2012-07-28 13:19 -------- d-----w- c:\program files\AMD APP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-05 00:55 . 2012-05-07 15:38 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-05 00:55 . 2011-12-17 17:58 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-12 02:44 . 2012-07-12 04:30 2344448 ----a-w- c:\windows\system32\win32k.sys
2012-06-11 20:50 . 2012-06-11 20:50 159232 ----a-w- c:\windows\system32\clinfo.exe
2012-06-11 20:50 . 2012-06-11 20:50 65024 ----a-w- c:\windows\system32\OpenVideo.dll
2012-06-11 20:50 . 2012-06-11 20:50 56320 ----a-w- c:\windows\system32\OVDecode.dll
2012-06-11 20:49 . 2012-06-11 20:49 13008896 ----a-w- c:\windows\system32\amdocl.dll
2012-06-06 05:09 . 2012-07-11 16:34 1389568 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:09 . 2012-07-11 16:34 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-02 22:19 . 2012-06-18 23:59 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-18 23:59 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-18 23:59 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-18 23:59 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-18 23:59 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-18 23:59 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-18 23:59 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-18 23:59 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:12 . 2012-06-18 23:59 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 04:51 . 2012-07-11 16:34 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:51 . 2012-07-11 16:34 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:50 . 2012-07-11 16:34 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 04:48 . 2012-07-11 16:34 225280 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:47 . 2012-07-11 16:34 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-21 23:15 . 2011-12-17 17:04 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-17_02.10.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-20 21:27 . 2012-08-17 22:25 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-02-20 21:27 . 2012-08-17 02:00 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-08-17 01:44 . 2012-08-17 22:22 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2012-08-17 01:44 . 2012-08-17 01:56 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2012-08-17 01:44 . 2012-08-17 01:56 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2012-08-17 01:44 . 2012-08-17 22:22 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2012-08-17 01:44 . 2012-08-17 22:22 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
- 2012-08-17 01:44 . 2012-08-17 01:56 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
+ 2012-02-20 21:27 . 2012-08-17 22:25 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-02-20 21:27 . 2012-08-17 02:00 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-02-20 21:27 . 2012-08-17 02:00 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-02-20 21:27 . 2012-08-17 22:25 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-08-17 22:22 . 2012-08-17 22:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-17 01:09 . 2012-08-17 02:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-17 22:22 . 2012-08-17 22:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-17 01:09 . 2012-08-17 02:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-12-17 17:02 . 2012-08-17 22:25 212992 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-12-17 17:02 . 2012-08-17 02:00 212992 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:08 . 2012-08-17 22:25 557056 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:08 . 2012-08-17 02:00 557056 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-12-17 17:02 . 2012-08-17 02:00 3424256 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-12-17 17:02 . 2012-08-17 22:25 3424256 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-10-25 11438696]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-27 1159168]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-07 421736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 931200]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AML Device Install.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AML Device Install.lnk
backup=c:\windows\pss\AML Device Install.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
2012-05-26 13:32 4327744 ----a-w- c:\users\Robert\AppData\Local\Akamai\netsession_win.exe
.
R1 MpKsl5ca33218;MpKsl5ca33218;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8F626BB0-D35A-4231-A3FA-012AB081C7A4}\MpKsl5ca33218.sys [x]
R1 MpKsl5f2e2afa;MpKsl5f2e2afa;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8F626BB0-D35A-4231-A3FA-012AB081C7A4}\MpKsl5f2e2afa.sys [x]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
R2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [x]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [x]
R2 RRAANXGN;RRAANXGN;c:\windows\srvany.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
R3 fdrawcmd;Low-level Floppy Driver;c:\windows\system32\drivers\fdrawcmd.sys [x]
R3 LeapFrog-USBLAN;LeapFrog-USBLAN;c:\windows\system32\DRIVERS\btblan.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
R3 USBNET;Instant Wireless USB Network Adapter ver.2.6 Driver;c:\windows\system32\DRIVERS\vnetusbl.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-07 00:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
Trusted Zone: 164.109.25.72
Trusted Zone: 207.130.86.35
Trusted Zone: acura.com
Trusted Zone: acuraclientpurchaseexperience.com
Trusted Zone: acurainfo.programhq.com
Trusted Zone: acuraspinplay.programhq.com
Trusted Zone: ahm-ownerlink.com
Trusted Zone: ahm.com
Trusted Zone: ahmdealer.com
Trusted Zone: honda.com
Trusted Zone: honda.vo.llnwd.net
Trusted Zone: hondaadcmd.com
Trusted Zone: hondacars.com
Trusted Zone: hondainfo.programhq.com
Trusted Zone: hondamap.com
Trusted Zone: hondaprofessional.com
Trusted Zone: hondaspinplay.programhq.com
Trusted Zone: hondasso.com
Trusted Zone: jdpa.com
Trusted Zone: jdpower.com
Trusted Zone: mylcchonda.com
Trusted Zone: pcsc.acurasrs.com
Trusted Zone: prospectingacurasrs.com
Trusted Zone: travelhq.com
Trusted Zone: xmradio.com
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\3t97onhd.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=164&systemid=406&sr=0&q=
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-17 15:34:26
ComboFix-quarantined-files.txt 2012-08-17 22:34
ComboFix2.txt 2012-08-17 02:11
.
Pre-Run: 314,188,513,280 bytes free
Post-Run: 314,027,495,424 bytes free
.
- - End Of File - - 1CFA7D0FC2C8DB715AEF43497271EE88
 
It's TDL4 or other MBR infection... please do the following:

1st. TDSSKiller (removes most of the infection)

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg


-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg


------------------------

Click the Start Scan button.

tdss_3.jpg


-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue


tdss_4.jpg


----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


tdss_5.jpg



--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

2nd. aswMBR (checks MBR for other strains)


Please download aswMBR from here

  • Save aswMBR.exe to your Desktop
  • Double click aswMBR.exe to run it
  • Click the Scan button to start the scan as illustrated below

aswMBR_Scan.jpg


Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

  • Once the scan finishes click Save log to save the log to your Desktop
    aswMBR_SaveLog.png

  • Copy and paste the contents of aswMBR.txt back here for review

3rd. MBRCheck (verifies MBR and would confirm infection of aswMBR scan)

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.
  • Double-click on MBRCheck.exe to run it.
  • It will open a black window...please do not fix anything (if it gives you an option).
  • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  • A log named MBRCheck_date_time.txt (I.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
  • Please copy and paste the contents of that log in your next reply.


Please make sure all three; TDSSKiller, aswMBR, and MBRCheck; logs are posted to your next reply.
 
hello, here are the logs.
One other issue I was having is the "FLEXnet Licensing Service" Whenever I try and use photoshop I will get a BSOD related to this service. I would appriciate any feedback. Thank you for your time.

Rob

Start:

06:09:30.0041 2012 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
06:09:30.0041 2012 ============================================================
06:09:30.0041 2012 Current date / time: 2012/08/18 06:09:30.0041
06:09:30.0041 2012 SystemInfo:
06:09:30.0041 2012
06:09:30.0041 2012 OS Version: 6.1.7600 ServicePack: 0.0
06:09:30.0041 2012 Product type: Workstation
06:09:30.0041 2012 ComputerName: PHOTOEDITING
06:09:30.0041 2012 UserName: Robert
06:09:30.0041 2012 Windows directory: C:\Windows
06:09:30.0041 2012 System windows directory: C:\Windows
06:09:30.0041 2012 Processor architecture: Intel x86
06:09:30.0041 2012 Number of processors: 6
06:09:30.0041 2012 Page size: 0x1000
06:09:30.0041 2012 Boot type: Safe boot
06:09:30.0041 2012 ============================================================
06:09:30.0977 2012 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
06:09:30.0977 2012 ============================================================
06:09:30.0977 2012 \Device\Harddisk0\DR0:
06:09:30.0977 2012 MBR partitions:
06:09:30.0977 2012 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
06:09:30.0977 2012 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x30D0D800
06:09:30.0977 2012 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x30D40000, BlocksNum 0xB80C8000
06:09:30.0977 2012 ============================================================
06:09:31.0024 2012 C: <-> \Device\Harddisk0\DR0\Partition1
06:09:31.0070 2012 D: <-> \Device\Harddisk0\DR0\Partition2
06:09:31.0070 2012 ============================================================
06:09:31.0070 2012 Initialize success
06:09:31.0070 2012 ============================================================
06:09:36.0874 2044 ============================================================
06:09:36.0874 2044 Scan started
06:09:36.0874 2044 Mode: Manual; SigCheck; TDLFS;
06:09:36.0874 2044 ============================================================
06:09:39.0026 2044 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
06:09:39.0073 2044 1394ohci - ok
06:09:39.0089 2044 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
06:09:39.0104 2044 ACPI - ok
06:09:39.0151 2044 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
06:09:39.0167 2044 AcpiPmi - ok
06:09:39.0229 2044 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
06:09:39.0245 2044 AdobeARMservice - ok
06:09:39.0307 2044 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
06:09:39.0307 2044 AdobeFlashPlayerUpdateSvc - ok
06:09:39.0338 2044 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
06:09:39.0354 2044 adp94xx - ok
06:09:39.0385 2044 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
06:09:39.0385 2044 adpahci - ok
06:09:39.0432 2044 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
06:09:39.0448 2044 adpu320 - ok
06:09:39.0463 2044 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
06:09:39.0479 2044 AeLookupSvc - ok
06:09:39.0557 2044 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
06:09:39.0588 2044 AFD - ok
06:09:39.0604 2044 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
06:09:39.0604 2044 agp440 - ok
06:09:39.0619 2044 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
06:09:39.0635 2044 aic78xx - ok
06:09:39.0697 2044 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
06:09:39.0728 2044 ALG - ok
06:09:39.0744 2044 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
06:09:39.0744 2044 aliide - ok
06:09:39.0806 2044 AMD External Events Utility (ec98ca8298f67926fa50876348534b1d) C:\Windows\system32\atiesrxx.exe
06:09:39.0822 2044 AMD External Events Utility - ok
06:09:39.0916 2044 AMD FUEL Service - ok
06:09:39.0931 2044 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
06:09:39.0947 2044 amdagp - ok
06:09:39.0947 2044 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
06:09:39.0962 2044 amdide - ok
06:09:39.0978 2044 amdiox86 (ff258424f0b2ef25eb98f04ee386e6e3) C:\Windows\system32\DRIVERS\amdiox86.sys
06:09:39.0994 2044 amdiox86 - ok
06:09:40.0009 2044 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
06:09:40.0025 2044 AmdK8 - ok
06:09:40.0274 2044 amdkmdag (65b44179cf184b08e86097bffbf03f24) C:\Windows\system32\DRIVERS\atikmdag.sys
06:09:40.0430 2044 amdkmdag - ok
06:09:42.0209 2044 amdkmdap (5e1c65524ff1713711ce27879d813384) C:\Windows\system32\DRIVERS\atikmpag.sys
06:09:42.0224 2044 amdkmdap - ok
06:09:42.0396 2044 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
06:09:42.0396 2044 AmdPPM - ok
06:09:42.0412 2044 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
06:09:42.0427 2044 amdsata - ok
06:09:42.0443 2044 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
06:09:42.0443 2044 amdsbs - ok
06:09:42.0474 2044 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
06:09:42.0474 2044 amdxata - ok
06:09:42.0536 2044 AODDriver4.01 - ok
06:09:42.0552 2044 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
06:09:42.0568 2044 AppID - ok
06:09:42.0630 2044 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
06:09:42.0646 2044 AppIDSvc - ok
06:09:42.0661 2044 Appinfo (7dead9e3f65dcb2794f2711003bbf650) C:\Windows\System32\appinfo.dll
06:09:42.0692 2044 Appinfo - ok
06:09:42.0786 2044 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
06:09:42.0786 2044 Apple Mobile Device - ok
06:09:42.0848 2044 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
06:09:42.0848 2044 AppMgmt - ok
06:09:42.0864 2044 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
06:09:42.0880 2044 arc - ok
06:09:42.0911 2044 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
06:09:42.0926 2044 arcsas - ok
06:09:42.0958 2044 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
06:09:42.0973 2044 AsyncMac - ok
06:09:43.0004 2044 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
06:09:43.0004 2044 atapi - ok
06:09:43.0082 2044 AtiHDAudioService (4d201d8b576be4473405b2a86a2d28b3) C:\Windows\system32\drivers\AtihdW73.sys
06:09:43.0082 2044 AtiHDAudioService - ok
06:09:43.0129 2044 AtiPcie (4ffe74e33bd9170950116f0ca46eac89) C:\Windows\system32\DRIVERS\AtiPcie.sys
06:09:43.0129 2044 AtiPcie - ok
06:09:43.0160 2044 AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
06:09:43.0176 2044 AudioEndpointBuilder - ok
06:09:43.0192 2044 Audiosrv (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
06:09:43.0207 2044 Audiosrv - ok
06:09:43.0254 2044 AxInstSV (dd6a431b43e34b91a767d1ce33728175) C:\Windows\System32\AxInstSV.dll
06:09:43.0285 2044 AxInstSV - ok
06:09:43.0301 2044 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
06:09:43.0316 2044 b06bdrv - ok
06:09:43.0348 2044 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
06:09:43.0363 2044 b57nd60x - ok
06:09:43.0379 2044 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
06:09:43.0410 2044 BDESVC - ok
06:09:43.0426 2044 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
06:09:43.0472 2044 Beep - ok
06:09:43.0597 2044 BFE (85ac71c045ceb054ed48a7841aae0c11) C:\Windows\System32\bfe.dll
06:09:43.0613 2044 BFE - ok
06:09:43.0675 2044 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
06:09:43.0691 2044 blbdrive - ok
06:09:43.0800 2044 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
06:09:43.0816 2044 Bonjour Service - ok
06:09:43.0862 2044 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
06:09:43.0878 2044 bowser - ok
06:09:43.0894 2044 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
06:09:43.0909 2044 BrFiltLo - ok
06:09:43.0925 2044 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
06:09:43.0940 2044 BrFiltUp - ok
06:09:44.0003 2044 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
06:09:44.0018 2044 BridgeMP - ok
06:09:44.0065 2044 Browser (598e1280e7ff3744f4b8329366cc5635) C:\Windows\System32\browser.dll
06:09:44.0096 2044 Browser - ok
06:09:44.0112 2044 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
06:09:44.0112 2044 Brserid - ok
06:09:44.0143 2044 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
06:09:44.0159 2044 BrSerWdm - ok
06:09:44.0159 2044 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
06:09:44.0174 2044 BrUsbMdm - ok
06:09:44.0174 2044 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
06:09:44.0190 2044 BrUsbSer - ok
06:09:44.0221 2044 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
06:09:44.0237 2044 BTHMODEM - ok
06:09:44.0252 2044 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
06:09:44.0268 2044 bthserv - ok
06:09:44.0393 2044 catchme - ok
06:09:44.0408 2044 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
06:09:44.0440 2044 cdfs - ok
06:09:44.0471 2044 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
06:09:44.0486 2044 cdrom - ok
06:09:44.0549 2044 CertPropSvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
06:09:44.0564 2044 CertPropSvc - ok
06:09:44.0611 2044 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
06:09:44.0611 2044 circlass - ok
06:09:44.0642 2044 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
06:09:44.0658 2044 CLFS - ok
06:09:44.0767 2044 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
06:09:44.0783 2044 clr_optimization_v2.0.50727_32 - ok
06:09:44.0876 2044 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
06:09:44.0892 2044 clr_optimization_v4.0.30319_32 - ok
06:09:44.0892 2044 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
06:09:44.0908 2044 CmBatt - ok
06:09:44.0908 2044 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
06:09:44.0923 2044 cmdide - ok
06:09:45.0001 2044 CNG (db5e008b3744dd60c8498cbbf2a1cfa6) C:\Windows\system32\Drivers\cng.sys
06:09:45.0032 2044 CNG - ok
06:09:45.0048 2044 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
06:09:45.0048 2044 Compbatt - ok
06:09:45.0079 2044 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
06:09:45.0095 2044 CompositeBus - ok
06:09:45.0110 2044 COMSysApp - ok
06:09:45.0188 2044 cpuz135 (26ce59f9fc8639fd7fed53ce3b785015) C:\Windows\system32\drivers\cpuz135_x32.sys
06:09:45.0188 2044 cpuz135 - ok
06:09:45.0204 2044 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
06:09:45.0204 2044 crcdisk - ok
06:09:45.0282 2044 CryptSvc (520a108a2657f4bca7fced9ca7d885de) C:\Windows\system32\cryptsvc.dll
06:09:45.0298 2044 CryptSvc - ok
06:09:45.0344 2044 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
06:09:45.0376 2044 CSC - ok
06:09:45.0438 2044 CscService (56fb5f222ea30d3d3fc459879772cb73) C:\Windows\System32\cscsvc.dll
06:09:45.0454 2044 CscService - ok
06:09:45.0500 2044 DcomLaunch (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
06:09:45.0516 2044 DcomLaunch - ok
06:09:45.0563 2044 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
06:09:45.0594 2044 defragsvc - ok
06:09:45.0688 2044 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
06:09:45.0688 2044 DfsC - ok
06:09:45.0734 2044 Dhcp (c56495fbd770712367cad35e5de72da6) C:\Windows\system32\dhcpcore.dll
06:09:45.0750 2044 Dhcp - ok
06:09:45.0844 2044 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
06:09:45.0875 2044 discache - ok
06:09:45.0922 2044 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
06:09:45.0922 2044 Disk - ok
06:09:45.0937 2044 Dnscache (b15be77a2bacf9c3177d27518afe26a9) C:\Windows\System32\dnsrslvr.dll
06:09:45.0953 2044 Dnscache - ok
06:09:45.0968 2044 dot3svc (4408c85c21eea48eb0ce486baeef0502) C:\Windows\System32\dot3svc.dll
06:09:45.0984 2044 dot3svc - ok
06:09:46.0000 2044 DPS (7fa81c6e11caa594adb52084da73a1e5) C:\Windows\system32\dps.dll
06:09:46.0015 2044 DPS - ok
06:09:46.0078 2044 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
06:09:46.0093 2044 drmkaud - ok
06:09:46.0124 2044 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
06:09:46.0140 2044 DXGKrnl - ok
06:09:46.0156 2044 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
06:09:46.0187 2044 EapHost - ok
06:09:46.0280 2044 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
06:09:46.0343 2044 ebdrv - ok
06:09:48.0293 2044 EFS (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\System32\lsass.exe
06:09:48.0308 2044 EFS - ok
06:09:48.0371 2044 ehRecvr (1697c39978cd69f6fbc15302edcece1f) C:\Windows\ehome\ehRecvr.exe
06:09:48.0386 2044 ehRecvr - ok
06:09:48.0433 2044 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
06:09:48.0449 2044 ehSched - ok
06:09:48.0527 2044 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
06:09:48.0542 2044 elxstor - ok
06:09:48.0589 2044 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
06:09:48.0589 2044 ErrDev - ok
06:09:48.0636 2044 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
06:09:48.0667 2044 EventSystem - ok
06:09:48.0667 2044 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
06:09:48.0683 2044 exfat - ok
06:09:48.0730 2044 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
06:09:48.0761 2044 fastfat - ok
06:09:48.0776 2044 Fax (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\Windows\system32\fxssvc.exe
06:09:48.0792 2044 Fax - ok
06:09:48.0808 2044 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
06:09:48.0823 2044 fdc - ok
06:09:48.0901 2044 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
06:09:48.0932 2044 fdPHost - ok
06:09:48.0964 2044 fdrawcmd - ok
06:09:49.0010 2044 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
06:09:49.0026 2044 FDResPub - ok
06:09:49.0042 2044 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
06:09:49.0042 2044 FileInfo - ok
06:09:49.0042 2044 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
06:09:49.0057 2044 Filetrace - ok
06:09:49.0135 2044 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
06:09:49.0166 2044 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
06:09:49.0166 2044 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
06:09:49.0182 2044 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
06:09:49.0198 2044 flpydisk - ok
06:09:49.0229 2044 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
06:09:49.0229 2044 FltMgr - ok
06:09:49.0276 2044 FontCache (7fe4995528a7529a761875151ee3d512) C:\Windows\system32\FntCache.dll
06:09:49.0307 2044 FontCache - ok
06:09:49.0385 2044 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
06:09:49.0385 2044 FontCache3.0.0.0 - ok
06:09:49.0400 2044 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
06:09:49.0400 2044 FsDepends - ok
06:09:49.0447 2044 Fs_Rec (500a9814fd9446a8126858a5a7f7d273) C:\Windows\system32\drivers\Fs_Rec.sys
06:09:49.0447 2044 Fs_Rec - ok
06:09:49.0510 2044 FTDIBUS (aae37f0f2f613218dce17b42a18c38db) C:\Windows\system32\drivers\ftdibus.sys
06:09:49.0510 2044 FTDIBUS - ok
06:09:49.0541 2044 FTSER2K (48bfd1ba45c9c9e7ab339e25abfba1d2) C:\Windows\system32\drivers\ftser2k.sys
06:09:49.0556 2044 FTSER2K - ok
06:09:49.0603 2044 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
06:09:49.0619 2044 fvevol - ok
06:09:49.0634 2044 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
06:09:49.0634 2044 gagp30kx - ok
06:09:49.0697 2044 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
06:09:49.0697 2044 GEARAspiWDM - ok
06:09:49.0759 2044 gpsvc (8ba3c04702bf8f927ab36ae8313ca4ee) C:\Windows\System32\gpsvc.dll
06:09:49.0775 2044 gpsvc - ok
06:09:49.0822 2044 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
06:09:49.0837 2044 hcw85cir - ok
06:09:49.0884 2044 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
06:09:49.0900 2044 HdAudAddService - ok
06:09:49.0915 2044 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
06:09:49.0931 2044 HDAudBus - ok
06:09:49.0978 2044 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
06:09:49.0978 2044 HidBatt - ok
06:09:50.0009 2044 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
06:09:50.0009 2044 HidBth - ok
06:09:50.0040 2044 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
06:09:50.0056 2044 HidIr - ok
06:09:50.0071 2044 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
06:09:50.0087 2044 hidserv - ok
06:09:50.0118 2044 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
06:09:50.0134 2044 HidUsb - ok
06:09:50.0165 2044 hkmsvc (741c2a45ca8407e374aaba3e330b7872) C:\Windows\system32\kmsvc.dll
06:09:50.0180 2044 hkmsvc - ok
06:09:50.0196 2044 HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\Windows\system32\ListSvc.dll
06:09:50.0212 2044 HomeGroupListener - ok
06:09:50.0258 2044 HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\Windows\system32\provsvc.dll
06:09:50.0290 2044 HomeGroupProvider - ok
06:09:50.0305 2044 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
06:09:50.0321 2044 HpSAMD - ok
06:09:50.0352 2044 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
06:09:50.0368 2044 HTTP - ok
06:09:50.0383 2044 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
06:09:50.0399 2044 hwpolicy - ok
06:09:50.0399 2044 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
06:09:50.0414 2044 i8042prt - ok
06:09:50.0461 2044 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
06:09:50.0477 2044 iaStorV - ok
06:09:50.0602 2044 idsvc (5af815eb5bc9802e5a064e2ba62bfc0c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
06:09:50.0617 2044 idsvc - ok
06:09:50.0664 2044 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
06:09:50.0664 2044 iirsp - ok
06:09:51.0444 2044 IKEEXT (fac0ee6562b121b1399d6e855583f7a5) C:\Windows\System32\ikeext.dll
06:09:51.0491 2044 IKEEXT - ok
06:09:51.0678 2044 IntcAzAudAddService (460ab663158db7cc24e04ddc02fba687) C:\Windows\system32\drivers\RTKVHDA.sys
06:09:51.0756 2044 IntcAzAudAddService - ok
06:09:53.0597 2044 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
06:09:53.0597 2044 intelide - ok
06:09:53.0628 2044 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
06:09:53.0628 2044 intelppm - ok
06:09:53.0644 2044 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
06:09:53.0675 2044 IPBusEnum - ok
06:09:53.0690 2044 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
06:09:53.0706 2044 IpFilterDriver - ok
06:09:53.0800 2044 iphlpsvc (477397b432a256a50ee7e4339eb9ea14) C:\Windows\System32\iphlpsvc.dll
06:09:53.0831 2044 iphlpsvc - ok
06:09:53.0846 2044 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
06:09:53.0862 2044 IPMIDRV - ok
06:09:53.0878 2044 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
06:09:53.0909 2044 IPNAT - ok
06:09:53.0987 2044 iPod Service (ce004777b92dea56fe14ec900d20baa4) C:\Program Files\iPod\bin\iPodService.exe
06:09:54.0002 2044 iPod Service - ok
06:09:54.0018 2044 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
06:09:54.0018 2044 IRENUM - ok
06:09:54.0080 2044 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
06:09:54.0080 2044 isapnp - ok
06:09:54.0096 2044 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
06:09:54.0112 2044 iScsiPrt - ok
06:09:54.0127 2044 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
06:09:54.0143 2044 kbdclass - ok
06:09:54.0143 2044 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
06:09:54.0174 2044 kbdhid - ok
06:09:54.0236 2044 KeyIso (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
06:09:54.0236 2044 KeyIso - ok
06:09:54.0283 2044 KSecDD (52fc17c8589f11747d01d3cf592673d0) C:\Windows\system32\Drivers\ksecdd.sys
06:09:54.0299 2044 KSecDD - ok
06:09:54.0314 2044 KSecPkg (3e5474b03568cfab834da3c38e8c9efa) C:\Windows\system32\Drivers\ksecpkg.sys
06:09:54.0330 2044 KSecPkg - ok
06:09:54.0377 2044 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
06:09:54.0392 2044 KtmRm - ok
06:09:54.0455 2044 LanmanServer (8f6bf790d3168224c16f2af68a84438c) C:\Windows\System32\srvsvc.dll
06:09:54.0470 2044 LanmanServer - ok
06:09:54.0720 2044 LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\Windows\System32\wkssvc.dll
06:09:54.0736 2044 LanmanWorkstation - ok
06:09:54.0985 2044 LeapFrog Connect Device Service (3c879d04bb6466e2853c3155b635cc45) C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
06:09:55.0094 2044 LeapFrog Connect Device Service - ok
06:09:56.0888 2044 LeapFrog-USBLAN (5cffda921fe0c9e9ebde3150d3c81594) C:\Windows\system32\DRIVERS\btblan.sys
06:09:56.0904 2044 LeapFrog-USBLAN - ok
06:09:56.0966 2044 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
06:09:56.0982 2044 lltdio - ok
06:09:57.0013 2044 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
06:09:57.0029 2044 lltdsvc - ok
06:09:57.0044 2044 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
06:09:57.0060 2044 lmhosts - ok
06:09:57.0107 2044 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
06:09:57.0122 2044 LSI_FC - ok
06:09:57.0138 2044 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
06:09:57.0154 2044 LSI_SAS - ok
06:09:57.0232 2044 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
06:09:57.0247 2044 LSI_SAS2 - ok
06:09:57.0263 2044 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
06:09:57.0278 2044 LSI_SCSI - ok
06:09:57.0497 2044 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
06:09:57.0528 2044 luafv - ok
06:09:57.0575 2044 Mcx2Svc (e2b0887816ed336685954e3d8fdaa51d) C:\Windows\system32\Mcx2Svc.dll
06:09:57.0575 2044 Mcx2Svc - ok
06:09:57.0590 2044 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
06:09:57.0590 2044 megasas - ok
06:09:57.0622 2044 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
06:09:57.0637 2044 MegaSR - ok
06:09:57.0700 2044 Microsoft SharePoint Workspace Audit Service - ok
06:09:57.0715 2044 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
06:09:57.0762 2044 MMCSS - ok
06:09:57.0762 2044 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
06:09:57.0809 2044 Modem - ok
06:09:57.0856 2044 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
06:09:57.0871 2044 monitor - ok
06:09:57.0918 2044 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
06:09:57.0918 2044 mouclass - ok
06:09:57.0934 2044 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
06:09:57.0949 2044 mouhid - ok
06:09:57.0965 2044 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
06:09:57.0980 2044 mountmgr - ok
06:09:58.0043 2044 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
06:09:58.0043 2044 MozillaMaintenance - ok
06:09:58.0136 2044 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
06:09:58.0152 2044 MpFilter - ok
06:09:58.0168 2044 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
06:09:58.0183 2044 mpio - ok
06:09:58.0308 2044 MpKsl5ca33218 (a69630d039c38018689190234f866d77) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8F626BB0-D35A-4231-A3FA-012AB081C7A4}\MpKsl5ca33218.sys
06:09:58.0324 2044 MpKsl5ca33218 - ok
06:09:58.0386 2044 MpKsl5f2e2afa (a69630d039c38018689190234f866d77) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8F626BB0-D35A-4231-A3FA-012AB081C7A4}\MpKsl5f2e2afa.sys
06:09:58.0386 2044 Suspicious file (Forged): C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8F626BB0-D35A-4231-A3FA-012AB081C7A4}\MpKsl5f2e2afa.sys. Real md5: a69630d039c38018689190234f866d77, Fake md5: 4137ee420481d10734da3018d0325582
06:09:58.0386 2044 MpKsl5f2e2afa ( ForgedFile.Multi.Generic ) - warning
06:09:58.0386 2044 MpKsl5f2e2afa - detected ForgedFile.Multi.Generic (1)
06:09:58.0417 2044 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
06:09:58.0448 2044 mpsdrv - ok
06:09:58.0464 2044 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
06:09:58.0495 2044 MRxDAV - ok
06:09:58.0526 2044 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
06:09:58.0542 2044 mrxsmb - ok
06:09:58.0573 2044 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
06:09:58.0589 2044 mrxsmb10 - ok
06:09:58.0604 2044 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
06:09:58.0604 2044 mrxsmb20 - ok
06:09:58.0651 2044 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
06:09:58.0651 2044 msahci - ok
06:09:58.0667 2044 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
06:09:58.0682 2044 msdsm - ok
06:09:58.0698 2044 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
06:09:58.0714 2044 MSDTC - ok
06:09:58.0792 2044 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
06:09:58.0823 2044 Msfs - ok
06:09:58.0838 2044 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
06:09:58.0854 2044 mshidkmdf - ok
06:09:58.0870 2044 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
06:09:58.0885 2044 msisadrv - ok
06:09:58.0901 2044 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
06:09:58.0932 2044 MSiSCSI - ok
06:09:58.0932 2044 msiserver - ok
06:09:58.0948 2044 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
06:09:58.0963 2044 MSKSSRV - ok
06:09:59.0041 2044 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) C:\Program Files\Microsoft Security Client\MsMpEng.exe
06:09:59.0057 2044 MsMpSvc - ok
06:09:59.0088 2044 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
06:09:59.0119 2044 MSPCLOCK - ok
06:09:59.0150 2044 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
06:09:59.0166 2044 MSPQM - ok
06:09:59.0182 2044 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
06:09:59.0182 2044 MsRPC - ok
06:09:59.0228 2044 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
06:09:59.0228 2044 mssmbios - ok
06:09:59.0244 2044 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
06:09:59.0260 2044 MSTEE - ok
06:09:59.0275 2044 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
06:09:59.0275 2044 MTConfig - ok
06:09:59.0306 2044 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
06:09:59.0306 2044 Mup - ok
06:09:59.0369 2044 napagent (80284f1985c70c86f0b5f86da2dfe1df) C:\Windows\system32\qagentRT.dll
06:09:59.0400 2044 napagent - ok
06:09:59.0447 2044 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
06:09:59.0462 2044 NativeWifiP - ok
06:09:59.0525 2044 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
06:09:59.0540 2044 NDIS - ok
06:09:59.0587 2044 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
06:09:59.0603 2044 NdisCap - ok
06:09:59.0618 2044 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
06:09:59.0634 2044 NdisTapi - ok
06:09:59.0665 2044 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
06:09:59.0681 2044 Ndisuio - ok
06:09:59.0712 2044 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
06:09:59.0728 2044 NdisWan - ok
06:09:59.0743 2044 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
06:09:59.0759 2044 NDProxy - ok
06:09:59.0899 2044 Nero BackItUp Scheduler 3 (2aae889742376edc5c3203dfb74f28fd) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
06:09:59.0915 2044 Nero BackItUp Scheduler 3 - ok
06:09:59.0946 2044 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
06:09:59.0977 2044 NetBIOS - ok
06:10:00.0008 2044 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
06:10:00.0040 2044 NetBT - ok
06:10:00.0055 2044 Netlogon (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
06:10:00.0071 2044 Netlogon - ok
06:10:00.0149 2044 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
06:10:00.0180 2044 Netman - ok
06:10:00.0196 2044 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
06:10:00.0227 2044 netprofm - ok
06:10:00.0320 2044 NetTcpPortSharing (fe2aa5a684b0dd9b1fae57b7817c198b) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
06:10:00.0320 2044 NetTcpPortSharing - ok
06:10:00.0367 2044 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
06:10:00.0383 2044 nfrd960 - ok
06:10:00.0398 2044 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
06:10:00.0398 2044 NisDrv - ok
06:10:00.0461 2044 NisSrv (290c0d4c4889398797f8df3be00b9698) C:\Program Files\Microsoft Security Client\NisSrv.exe
06:10:00.0461 2044 NisSrv - ok
06:10:00.0523 2044 NlaSvc (2226496e34bd40734946a054b1cd657f) C:\Windows\System32\nlasvc.dll
06:10:00.0570 2044 NlaSvc - ok
06:10:00.0664 2044 NMIndexingService (cb992ae1506985d9167e85883b4c3240) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
06:10:00.0679 2044 NMIndexingService - ok
06:10:00.0695 2044 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
06:10:00.0710 2044 Npfs - ok
06:10:00.0726 2044 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
06:10:00.0742 2044 nsi - ok
06:10:00.0757 2044 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
06:10:00.0788 2044 nsiproxy - ok
06:10:00.0851 2044 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
06:10:00.0882 2044 Ntfs - ok
06:10:00.0913 2044 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
06:10:00.0944 2044 Null - ok
06:10:00.0976 2044 nusb3hub (bad636ee7ff5bf539854bba33868efc2) C:\Windows\system32\DRIVERS\nusb3hub.sys
06:10:01.0007 2044 nusb3hub - ok
06:10:01.0054 2044 nusb3xhc (dfafdc3051e04ffafddc4872394c1fc8) C:\Windows\system32\DRIVERS\nusb3xhc.sys
06:10:01.0069 2044 nusb3xhc - ok
06:10:01.0116 2044 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
06:10:01.0132 2044 nvraid - ok
06:10:01.0132 2044 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
06:10:01.0147 2044 nvstor - ok
06:10:01.0178 2044 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
06:10:01.0194 2044 nv_agp - ok
06:10:01.0210 2044 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
06:10:01.0210 2044 ohci1394 - ok
06:10:01.0303 2044 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
06:10:01.0303 2044 ose - ok
06:10:01.0475 2044 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
06:10:01.0568 2044 osppsvc - ok
06:10:03.0285 2044 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
06:10:03.0300 2044 p2pimsvc - ok
06:10:03.0316 2044 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
06:10:03.0331 2044 p2psvc - ok
06:10:03.0378 2044 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
06:10:03.0394 2044 Parport - ok
06:10:03.0441 2044 partmgr (66d3415c159741ade7038a277efff99f) C:\Windows\system32\drivers\partmgr.sys
06:10:03.0441 2044 partmgr - ok
06:10:03.0456 2044 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
06:10:03.0472 2044 Parvdm - ok
06:10:03.0487 2044 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
06:10:03.0519 2044 PcaSvc - ok
06:10:03.0909 2044 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
06:10:03.0909 2044 pci - ok
06:10:03.0924 2044 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
06:10:03.0924 2044 pciide - ok
06:10:03.0940 2044 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
06:10:03.0955 2044 pcmcia - ok
06:10:03.0971 2044 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
06:10:03.0971 2044 pcw - ok
06:10:04.0002 2044 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
06:10:04.0033 2044 PEAUTH - ok
06:10:04.0080 2044 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
06:10:04.0111 2044 PeerDistSvc - ok
06:10:04.0174 2044 pla (9c1bff7910c89a1d12e57343475840cb) C:\Windows\system32\pla.dll
06:10:04.0221 2044 pla - ok
06:10:05.0921 2044 PLFlash DeviceIoControl Service (875e4e0661f3a5994df9e5e3a0a4f96b) C:\Windows\system32\IoctlSvc.exe
06:10:05.0921 2044 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
06:10:05.0921 2044 PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
06:10:05.0983 2044 PlugPlay (71def5ec79774c798342d0ea16e41780) C:\Windows\system32\umpnpmgr.dll
06:10:05.0999 2044 PlugPlay - ok
06:10:06.0015 2044 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
06:10:06.0030 2044 PNRPAutoReg - ok
06:10:06.0061 2044 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
06:10:06.0077 2044 PNRPsvc - ok
06:10:06.0093 2044 PolicyAgent (48e1b75c6dc0232fd92baae4bd344721) C:\Windows\System32\ipsecsvc.dll
06:10:06.0124 2044 PolicyAgent - ok
06:10:06.0155 2044 Power (dbff83f709a91049621c1d35dd45c92c) C:\Windows\system32\umpo.dll
06:10:06.0171 2044 Power - ok
06:10:06.0233 2044 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
06:10:06.0249 2044 PptpMiniport - ok
06:10:06.0295 2044 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
06:10:06.0311 2044 Processor - ok
06:10:06.0342 2044 ProfSvc (aea3bdbdba667aa6f678cb38907e4f5e) C:\Windows\system32\profsvc.dll
06:10:06.0358 2044 ProfSvc - ok
06:10:06.0389 2044 ProtectedStorage (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
06:10:06.0389 2044 ProtectedStorage - ok
06:10:06.0451 2044 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
06:10:06.0467 2044 Psched - ok
06:10:06.0545 2044 PSI_SVC_2 (543a4ef0923bf70d126625b034ef25af) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
06:10:06.0561 2044 PSI_SVC_2 - ok
06:10:06.0607 2044 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
06:10:06.0639 2044 ql2300 - ok
06:10:08.0339 2044 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
06:10:08.0355 2044 ql40xx - ok
06:10:08.0401 2044 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
06:10:08.0433 2044 QWAVE - ok
06:10:08.0479 2044 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
06:10:08.0479 2044 QWAVEdrv - ok
06:10:08.0495 2044 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
06:10:08.0526 2044 RasAcd - ok
06:10:08.0557 2044 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
06:10:08.0573 2044 RasAgileVpn - ok
06:10:08.0604 2044 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
06:10:08.0620 2044 RasAuto - ok
06:10:08.0682 2044 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
06:10:08.0713 2044 Rasl2tp - ok
06:10:08.0745 2044 RasMan (0ce66ec736b7fc526d78f7624c7d2a94) C:\Windows\System32\rasmans.dll
06:10:08.0760 2044 RasMan - ok
06:10:08.0807 2044 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
06:10:08.0823 2044 RasPppoe - ok
06:10:08.0854 2044 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
06:10:08.0869 2044 RasSstp - ok
06:10:08.0885 2044 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
06:10:08.0916 2044 rdbss - ok
06:10:08.0963 2044 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
06:10:08.0979 2044 rdpbus - ok
06:10:08.0979 2044 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
06:10:09.0010 2044 RDPCDD - ok
06:10:09.0041 2044 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
06:10:09.0057 2044 RDPDR - ok
06:10:09.0103 2044 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
06:10:09.0119 2044 RDPENCDD - ok
06:10:09.0119 2044 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
06:10:09.0135 2044 RDPREFMP - ok
06:10:09.0181 2044 RDPWD (c5b8d47a4688de9d335204ea757c2240) C:\Windows\system32\drivers\RDPWD.sys
06:10:09.0197 2044 RDPWD - ok
06:10:09.0228 2044 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
06:10:09.0244 2044 rdyboost - ok
06:10:09.0244 2044 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
06:10:09.0275 2044 RemoteAccess - ok
06:10:09.0291 2044 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
06:10:09.0306 2044 RemoteRegistry - ok
06:10:09.0353 2044 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
06:10:09.0369 2044 RpcEptMapper - ok
06:10:09.0431 2044 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
06:10:09.0431 2044 RpcLocator - ok
06:10:09.0478 2044 RpcSs (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
06:10:09.0493 2044 RpcSs - ok
06:10:09.0540 2044 RRAANXGN (c9b18abe9063a33e77f6be81cc8df0c5) C:\Windows\srvany.exe
06:10:09.0540 2044 RRAANXGN ( UnsignedFile.Multi.Generic ) - warning
06:10:09.0540 2044 RRAANXGN - detected UnsignedFile.Multi.Generic (1)
06:10:09.0556 2044 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
06:10:09.0571 2044 rspndr - ok
06:10:09.0618 2044 RTHDMIAzAudService (4e406227a7b15385047f96ea3dc63eee) C:\Windows\system32\drivers\RtHDMIV.sys
06:10:09.0634 2044 RTHDMIAzAudService - ok
06:10:09.0712 2044 RTL8167 (3849d5d73bdd9b7bc4e3305ddc345b2c) C:\Windows\system32\DRIVERS\Rt86win7.sys
06:10:09.0727 2044 RTL8167 - ok
 
06:10:09.0743 2044 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
06:10:09.0759 2044 s3cap - ok
06:10:09.0774 2044 SamSs (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
06:10:09.0790 2044 SamSs - ok
06:10:09.0837 2044 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
06:10:09.0837 2044 sbp2port - ok
06:10:09.0852 2044 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
06:10:09.0868 2044 SCardSvr - ok
06:10:09.0899 2044 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
06:10:09.0915 2044 scfilter - ok
06:10:09.0946 2044 Schedule (df1e5c82e4d09cf8105cc644980c4803) C:\Windows\system32\schedsvc.dll
06:10:09.0993 2044 Schedule - ok
06:10:10.0008 2044 SCPolicySvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
06:10:10.0024 2044 SCPolicySvc - ok
06:10:10.0055 2044 SDRSVC (5fd90abdbfaee85986802622cbb03446) C:\Windows\System32\SDRSVC.dll
06:10:10.0071 2044 SDRSVC - ok
06:10:10.0086 2044 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
06:10:10.0117 2044 secdrv - ok
06:10:10.0133 2044 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
06:10:10.0164 2044 seclogon - ok
06:10:10.0180 2044 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
06:10:10.0195 2044 SENS - ok
06:10:10.0227 2044 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
06:10:10.0227 2044 SensrSvc - ok
06:10:10.0258 2044 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
06:10:10.0258 2044 Serenum - ok
06:10:10.0289 2044 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
06:10:10.0305 2044 Serial - ok
06:10:10.0320 2044 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
06:10:10.0336 2044 sermouse - ok
06:10:10.0367 2044 SessionEnv (8f55ce568c543d5adf45c409d16718fc) C:\Windows\system32\sessenv.dll
06:10:10.0383 2044 SessionEnv - ok
06:10:10.0429 2044 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
06:10:10.0445 2044 sffdisk - ok
06:10:10.0461 2044 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
06:10:10.0476 2044 sffp_mmc - ok
06:10:10.0492 2044 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
06:10:10.0507 2044 sffp_sd - ok
06:10:10.0539 2044 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
06:10:10.0554 2044 sfloppy - ok
06:10:10.0632 2044 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
06:10:10.0648 2044 SharedAccess - ok
06:10:10.0679 2044 ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\Windows\System32\shsvcs.dll
06:10:10.0695 2044 ShellHWDetection - ok
06:10:10.0710 2044 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
06:10:10.0710 2044 sisagp - ok
06:10:10.0726 2044 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
06:10:10.0726 2044 SiSRaid2 - ok
06:10:10.0741 2044 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
06:10:10.0741 2044 SiSRaid4 - ok
06:10:10.0741 2044 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
06:10:10.0757 2044 Smb - ok
06:10:10.0804 2044 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
06:10:10.0804 2044 SNMPTRAP - ok
06:10:10.0851 2044 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
06:10:10.0866 2044 spldr - ok
06:10:10.0882 2044 Spooler (d1bb750eb51694de183e08b9c33be5b2) C:\Windows\System32\spoolsv.exe
06:10:10.0897 2044 Spooler - ok
06:10:10.0991 2044 sppsvc (4c287f9069fedbd791178876ee9de536) C:\Windows\system32\sppsvc.exe
06:10:11.0053 2044 sppsvc - ok
06:10:12.0707 2044 sppuinotify (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\Windows\system32\sppuinotify.dll
06:10:12.0723 2044 sppuinotify - ok
06:10:12.0816 2044 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
06:10:12.0832 2044 srv - ok
06:10:12.0863 2044 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
06:10:12.0863 2044 srv2 - ok
06:10:12.0910 2044 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
06:10:12.0925 2044 srvnet - ok
06:10:12.0957 2044 sscdbus (d5dffeaa1e15d4effabb9d9a3068ac5b) C:\Windows\system32\DRIVERS\sscdbus.sys
06:10:12.0972 2044 sscdbus - ok
06:10:13.0003 2044 sscdmdfl (8a1be0c347814f482f493aea619d57f6) C:\Windows\system32\DRIVERS\sscdmdfl.sys
06:10:13.0003 2044 sscdmdfl - ok
06:10:13.0019 2044 sscdmdm (5ab0b1987f682a59b15b78f84c6ad7d0) C:\Windows\system32\DRIVERS\sscdmdm.sys
06:10:13.0035 2044 sscdmdm - ok
06:10:13.0066 2044 sscdserd (751e66eb32efa80633b80f5d7ff0a1d8) C:\Windows\system32\DRIVERS\sscdserd.sys
06:10:13.0066 2044 sscdserd - ok
06:10:13.0097 2044 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
06:10:13.0113 2044 SSDPSRV - ok
06:10:13.0128 2044 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
06:10:13.0144 2044 SstpSvc - ok
06:10:13.0159 2044 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
06:10:13.0175 2044 stexstor - ok
06:10:13.0206 2044 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
06:10:13.0222 2044 StillCam - ok
06:10:13.0253 2044 StiSvc (a22825e7bb7018e8af3e229a5af17221) C:\Windows\System32\wiaservc.dll
06:10:13.0284 2044 StiSvc - ok
06:10:13.0300 2044 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
06:10:13.0315 2044 storflt - ok
06:10:13.0331 2044 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
06:10:13.0347 2044 storvsc - ok
06:10:13.0378 2044 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
06:10:13.0393 2044 swenum - ok
06:10:13.0425 2044 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
06:10:13.0440 2044 swprv - ok
06:10:13.0503 2044 SysMain (04105c8da62353589c29bdaeb8d88bd8) C:\Windows\system32\sysmain.dll
06:10:13.0549 2044 SysMain - ok
06:10:13.0565 2044 TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\Windows\System32\TabSvc.dll
06:10:13.0596 2044 TabletInputService - ok
06:10:13.0643 2044 TapiSrv (2f46b0c70a4adc8c90cf825da3b4feaf) C:\Windows\System32\tapisrv.dll
06:10:13.0659 2044 TapiSrv - ok
06:10:13.0799 2044 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
06:10:13.0830 2044 TBS - ok
06:10:13.0908 2044 Tcpip (55e9965552741f3850cb22cbba9671ed) C:\Windows\system32\drivers\tcpip.sys
06:10:13.0955 2044 Tcpip - ok
06:10:13.0971 2044 TCPIP6 (55e9965552741f3850cb22cbba9671ed) C:\Windows\system32\DRIVERS\tcpip.sys
06:10:13.0986 2044 TCPIP6 - ok
06:10:14.0017 2044 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
06:10:14.0033 2044 tcpipreg - ok
06:10:14.0049 2044 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
06:10:14.0049 2044 TDPIPE - ok
06:10:14.0095 2044 TDTCP (7156308896d34ea75a582f9a09e50c17) C:\Windows\system32\drivers\tdtcp.sys
06:10:14.0111 2044 TDTCP - ok
06:10:14.0127 2044 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
06:10:14.0142 2044 tdx - ok
06:10:14.0173 2044 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
06:10:14.0189 2044 TermDD - ok
06:10:14.0220 2044 TermService (a01e50a04d7b1960b33e92b9080e6a94) C:\Windows\System32\termsrv.dll
06:10:14.0236 2044 TermService - ok
06:10:14.0267 2044 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
06:10:14.0283 2044 Themes - ok
06:10:14.0298 2044 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
06:10:14.0314 2044 THREADORDER - ok
06:10:14.0376 2044 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
06:10:14.0392 2044 TrkWks - ok
06:10:14.0439 2044 TrustedInstaller (41a4c781d2286208d397d72099304133) C:\Windows\servicing\TrustedInstaller.exe
06:10:14.0439 2044 TrustedInstaller - ok
06:10:14.0470 2044 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
06:10:14.0485 2044 tssecsrv - ok
06:10:14.0517 2044 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
06:10:14.0548 2044 tunnel - ok
06:10:14.0563 2044 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
06:10:14.0579 2044 uagp35 - ok
06:10:14.0610 2044 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
06:10:14.0626 2044 udfs - ok
06:10:14.0735 2044 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
06:10:14.0751 2044 UI0Detect - ok
06:10:14.0766 2044 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
06:10:14.0766 2044 uliagpkx - ok
06:10:14.0813 2044 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
06:10:14.0813 2044 umbus - ok
06:10:14.0829 2044 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
06:10:14.0844 2044 UmPass - ok
06:10:14.0860 2044 UmRdpService (8ecaca5454844f66386f7be4ae0d7cd1) C:\Windows\System32\umrdp.dll
06:10:14.0875 2044 UmRdpService - ok
06:10:14.0907 2044 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
06:10:14.0938 2044 upnphost - ok
06:10:14.0969 2044 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
06:10:14.0985 2044 USBAAPL - ok
06:10:15.0016 2044 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys
06:10:15.0016 2044 usbccgp - ok
06:10:15.0031 2044 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
06:10:15.0047 2044 usbcir - ok
06:10:15.0172 2044 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys
06:10:15.0187 2044 usbehci - ok
06:10:15.0234 2044 usbfilter (56e89c8e05a987a49ffa595428fb9767) C:\Windows\system32\DRIVERS\usbfilter.sys
06:10:15.0234 2044 usbfilter - ok
06:10:15.0265 2044 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
06:10:15.0281 2044 usbhub - ok
06:10:15.0328 2044 USBNET (64d91cb46928af2924eb0a98e0767c70) C:\Windows\system32\DRIVERS\vnetusbl.sys
06:10:15.0343 2044 USBNET - ok
06:10:15.0390 2044 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\DRIVERS\usbohci.sys
06:10:15.0406 2044 usbohci - ok
06:10:15.0421 2044 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
06:10:15.0421 2044 usbprint - ok
06:10:15.0453 2044 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
06:10:15.0468 2044 USBSTOR - ok
06:10:15.0484 2044 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\drivers\usbuhci.sys
06:10:15.0515 2044 usbuhci - ok
06:10:15.0531 2044 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
06:10:15.0546 2044 UxSms - ok
06:10:15.0593 2044 VaultSvc (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
06:10:15.0593 2044 VaultSvc - ok
06:10:15.0609 2044 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
06:10:15.0624 2044 vdrvroot - ok
06:10:15.0655 2044 vds (8c4e7c49d3641bc9e299e466a7f8867d) C:\Windows\System32\vds.exe
06:10:15.0671 2044 vds - ok
06:10:15.0718 2044 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
06:10:15.0733 2044 vga - ok
06:10:15.0749 2044 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
06:10:15.0780 2044 VgaSave - ok
06:10:15.0811 2044 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
06:10:15.0827 2044 vhdmp - ok
06:10:15.0827 2044 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
06:10:15.0843 2044 viaagp - ok
06:10:15.0843 2044 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
06:10:15.0858 2044 ViaC7 - ok
06:10:15.0889 2044 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
06:10:15.0889 2044 viaide - ok
06:10:15.0921 2044 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
06:10:15.0936 2044 vmbus - ok
06:10:15.0983 2044 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
06:10:15.0999 2044 VMBusHID - ok
06:10:16.0045 2044 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
06:10:16.0061 2044 volmgr - ok
06:10:16.0108 2044 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
06:10:16.0108 2044 volmgrx - ok
06:10:16.0123 2044 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
06:10:16.0139 2044 volsnap - ok
06:10:16.0186 2044 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
06:10:16.0186 2044 vsmraid - ok
06:10:16.0217 2044 VSS (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\Windows\system32\vssvc.exe
06:10:16.0248 2044 VSS - ok
06:10:16.0264 2044 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
06:10:16.0264 2044 vwifibus - ok
06:10:16.0326 2044 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
06:10:16.0357 2044 W32Time - ok
06:10:16.0389 2044 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
06:10:16.0404 2044 WacomPen - ok
06:10:16.0420 2044 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
06:10:16.0451 2044 WANARP - ok
06:10:16.0467 2044 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
06:10:16.0482 2044 Wanarpv6 - ok
06:10:16.0576 2044 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
06:10:16.0607 2044 WatAdminSvc - ok
06:10:16.0654 2044 wbengine (7790b77fe1e5ee47dcc66247095bb4c9) C:\Windows\system32\wbengine.exe
06:10:16.0685 2044 wbengine - ok
06:10:16.0701 2044 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
06:10:16.0732 2044 WbioSrvc - ok
06:10:16.0779 2044 wcncsvc (6d9b75275c3e3a5f51aef81affadb2b6) C:\Windows\System32\wcncsvc.dll
06:10:16.0779 2044 wcncsvc - ok
06:10:16.0794 2044 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
06:10:16.0810 2044 WcsPlugInService - ok
06:10:16.0872 2044 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
06:10:16.0872 2044 Wd - ok
06:10:16.0919 2044 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
06:10:16.0919 2044 WDC_SAM - ok
06:10:16.0935 2044 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
06:10:16.0950 2044 Wdf01000 - ok
06:10:16.0966 2044 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
06:10:16.0981 2044 WdiServiceHost - ok
06:10:16.0981 2044 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
06:10:16.0997 2044 WdiSystemHost - ok
06:10:17.0013 2044 WebClient (bb5ec38f8d4600119b4720bc5d4211f1) C:\Windows\System32\webclnt.dll
06:10:17.0044 2044 WebClient - ok
06:10:17.0091 2044 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
06:10:17.0106 2044 Wecsvc - ok
06:10:17.0137 2044 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
06:10:17.0169 2044 wercplsupport - ok
06:10:17.0231 2044 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
06:10:17.0247 2044 WerSvc - ok
06:10:17.0278 2044 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
06:10:17.0309 2044 WfpLwf - ok
06:10:17.0309 2044 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
06:10:17.0325 2044 WIMMount - ok
06:10:17.0449 2044 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
06:10:17.0465 2044 WinDefend - ok
06:10:17.0465 2044 WinHttpAutoProxySvc - ok
06:10:17.0527 2044 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
06:10:17.0543 2044 Winmgmt - ok
06:10:17.0605 2044 WinRM (c4f5d3901d1b41d602ddc196e0b95b51) C:\Windows\system32\WsmSvc.dll
06:10:17.0652 2044 WinRM - ok
06:10:17.0761 2044 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
06:10:17.0761 2044 WinUsb - ok
06:10:17.0824 2044 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
06:10:17.0839 2044 Wlansvc - ok
06:10:17.0886 2044 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
06:10:17.0886 2044 WmiAcpi - ok
06:10:17.0917 2044 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
06:10:17.0917 2044 wmiApSrv - ok
06:10:18.0042 2044 WMPNetworkSvc (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe
06:10:18.0073 2044 WMPNetworkSvc - ok
06:10:18.0105 2044 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
06:10:18.0120 2044 WPCSvc - ok
06:10:18.0136 2044 WPDBusEnum (b7f658a2ebc07129538ad9ab35212637) C:\Windows\system32\wpdbusenum.dll
06:10:18.0136 2044 WPDBusEnum - ok
06:10:18.0183 2044 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
06:10:18.0214 2044 ws2ifsl - ok
06:10:18.0292 2044 wscsvc (a661a76333057b383a06e65f0073222f) C:\Windows\system32\wscsvc.dll
06:10:18.0292 2044 wscsvc - ok
06:10:18.0292 2044 WSearch - ok
06:10:18.0432 2044 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
06:10:18.0479 2044 wuauserv - ok
06:10:20.0164 2044 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
06:10:20.0195 2044 WudfPf - ok
06:10:20.0226 2044 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
06:10:20.0242 2044 WUDFRd - ok
06:10:20.0429 2044 wudfsvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\Windows\System32\WUDFSvc.dll
06:10:20.0445 2044 wudfsvc - ok
06:10:20.0460 2044 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
06:10:20.0476 2044 WwanSvc - ok
06:10:20.0523 2044 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
06:10:20.0585 2044 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
06:10:20.0585 2044 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
06:10:20.0647 2044 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
06:10:20.0647 2044 \Device\Harddisk0\DR0 - detected TDSS File System (1)
06:10:20.0647 2044 Boot (0x1200) (d019cbabfe2ccc3bf26798656220d025) \Device\Harddisk0\DR0\Partition0
06:10:20.0647 2044 \Device\Harddisk0\DR0\Partition0 - ok
06:10:20.0679 2044 Boot (0x1200) (ae13f1bcb499575599839fa4845a5d19) \Device\Harddisk0\DR0\Partition1
06:10:20.0694 2044 \Device\Harddisk0\DR0\Partition1 - ok
06:10:20.0725 2044 Boot (0x1200) (96d531c2ae5ceadb21e32da82a7c0bda) \Device\Harddisk0\DR0\Partition2
06:10:20.0725 2044 \Device\Harddisk0\DR0\Partition2 - ok
06:10:20.0725 2044 ============================================================
06:10:20.0725 2044 Scan finished
06:10:20.0725 2044 ============================================================
06:10:20.0725 2036 Detected object count: 6
06:10:20.0741 2036 Actual detected object count: 6
06:12:48.0395 2036 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
06:12:48.0395 2036 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:12:48.0395 2036 MpKsl5f2e2afa ( ForgedFile.Multi.Generic ) - skipped by user
06:12:48.0395 2036 MpKsl5f2e2afa ( ForgedFile.Multi.Generic ) - User select action: Skip
06:12:48.0426 2036 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
06:12:48.0426 2036 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:12:48.0442 2036 RRAANXGN ( UnsignedFile.Multi.Generic ) - skipped by user
06:12:48.0442 2036 RRAANXGN ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:12:48.0863 2036 \Device\Harddisk0\DR0\# - copied to quarantine
06:12:48.0863 2036 \Device\Harddisk0\DR0 - copied to quarantine
06:12:48.0972 2036 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
06:12:49.0004 2036 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
06:12:49.0019 2036 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
06:12:49.0019 2036 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
06:12:49.0035 2036 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
06:12:49.0066 2036 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
06:12:49.0082 2036 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
06:12:49.0097 2036 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
06:12:49.0097 2036 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
06:12:49.0097 2036 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
06:12:49.0097 2036 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
06:12:49.0097 2036 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
06:12:49.0097 2036 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
06:12:49.0097 2036 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
06:12:49.0113 2036 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
06:12:49.0113 2036 \Device\Harddisk0\DR0 - ok
06:12:49.0113 2036 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
06:12:49.0113 2036 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
06:12:49.0113 2036 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
06:12:58.0005 2008 Deinitialize success
 
log2:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-18 06:18:19
-----------------------------
06:18:19.964 OS Version: Windows 6.1.7600
06:18:19.964 Number of processors: 6 586 0xA00
06:18:19.964 ComputerName: PHOTOEDITING UserName: Robert
06:18:24.800 Initialize success
06:18:59.214 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
06:18:59.214 Disk 0 Vendor: ST2000DL003-9VT166 CC32 Size: 1907729MB BusType: 3
06:18:59.229 Disk 0 MBR read successfully
06:18:59.229 Disk 0 MBR scan
06:18:59.229 Disk 0 Windows 7 default MBR code
06:18:59.245 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
06:18:59.261 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 399899 MB offset 206848
06:18:59.276 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 1507728 MB offset 819200000
06:18:59.307 Disk 0 scanning sectors +3907026944
06:18:59.370 Disk 0 scanning C:\Windows\system32\drivers
06:19:05.750 Service scanning
06:19:17.513 Modules scanning
06:19:21.459 Disk 0 trace - called modules:
06:19:21.491 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
06:19:21.491 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x856d4030]
06:19:21.491 3 CLASSPNP.SYS[8b7bc59e] -> nt!IofCallDriver -> [0x84dbf330]
06:19:21.506 5 ACPI.sys[8b21e3b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x85bc4030]
06:19:21.506 Scan finished successfully
06:20:46.043 Disk 0 MBR has been saved successfully to "C:\Users\Robert\Desktop\MBR.dat"
06:20:46.074 The log file has been saved successfully to "C:\Users\Robert\Desktop\aswMBR.txt"

log3:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: MSI
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: MSI
System Product Name: MS-7642
Logical Drives Mask: 0x0000005c

Kernel Drivers (total 134):
0x8263E000 \SystemRoot\system32\ntkrnlpa.exe
0x82607000 \SystemRoot\system32\halmacpi.dll
0x80B9A000 \SystemRoot\system32\kdcom.dll
0x8B03A000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x8B045000 \SystemRoot\system32\PSHED.dll
0x8B056000 \SystemRoot\system32\BOOTVID.dll
0x8B05E000 \SystemRoot\system32\CLFS.SYS
0x8B0A0000 \SystemRoot\system32\CI.dll
0x8B14B000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8B1BC000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8B215000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x8B25D000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x8B266000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x8B26E000 \SystemRoot\system32\DRIVERS\pci.sys
0x8B298000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x8B2A3000 \SystemRoot\System32\drivers\partmgr.sys
0x8B2B4000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8B2C4000 \SystemRoot\System32\drivers\volmgrx.sys
0x8B30F000 \SystemRoot\system32\DRIVERS\pciide.sys
0x8B316000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8B324000 \SystemRoot\System32\drivers\mountmgr.sys
0x8B33A000 \SystemRoot\system32\DRIVERS\atapi.sys
0x8B343000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x8B366000 \SystemRoot\system32\drivers\amdxata.sys
0x8B36F000 \SystemRoot\system32\drivers\fltmgr.sys
0x8B3A3000 \SystemRoot\system32\drivers\fileinfo.sys
0x8B408000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B537000 \SystemRoot\System32\Drivers\msrpc.sys
0x8B562000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8B575000 \SystemRoot\System32\Drivers\cng.sys
0x8B5D2000 \SystemRoot\System32\drivers\pcw.sys
0x8B5E0000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8B63F000 \SystemRoot\system32\drivers\ndis.sys
0x8B6F6000 \SystemRoot\system32\drivers\NETIO.SYS
0x8B734000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8B814000 \SystemRoot\System32\drivers\tcpip.sys
0x8B95E000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B98F000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x8B998000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8B759000 \SystemRoot\System32\drivers\rdyboost.sys
0x8B9DF000 \SystemRoot\System32\Drivers\mup.sys
0x8B9EF000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8B786000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8B800000 \SystemRoot\system32\DRIVERS\disk.sys
0x8B7B8000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8B9F7000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x8B9D7000 \SystemRoot\System32\Drivers\Null.SYS
0x8B611000 \SystemRoot\System32\Drivers\Beep.SYS
0x8B618000 \SystemRoot\System32\drivers\vga.sys
0x8B3DC000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8B624000 \SystemRoot\System32\drivers\watchdog.sys
0x8B631000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8B5E9000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8B3B4000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8B1CA000 \SystemRoot\system32\DRIVERS\nusb3xhc.sys
0x8B811000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8B200000 \SystemRoot\system32\DRIVERS\usbfilter.sys
0x8B000000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8B5F7000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8B01F000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x95209000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x95254000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x95263000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x95271000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x9527E000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x95288000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x95292000 \SystemRoot\system32\DRIVERS\termdd.sys
0x952A2000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x952AF000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x952BC000 \SystemRoot\system32\DRIVERS\swenum.sys
0x952BE000 \SystemRoot\system32\DRIVERS\ks.sys
0x952F2000 \SystemRoot\system32\DRIVERS\amdiox86.sys
0x95302000 \SystemRoot\system32\DRIVERS\umbus.sys
0x95310000 \SystemRoot\system32\DRIVERS\nusb3hub.sys
0x95320000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x96090000 \SystemRoot\System32\win32k.sys
0x95364000 \SystemRoot\System32\drivers\Dxapi.sys
0x9536E000 \SystemRoot\System32\Drivers\crashdmp.sys
0x9537B000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x95386000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x9538F000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x962E0000 \SystemRoot\System32\drivers\dxg.sys
0x96310000 \SystemRoot\System32\TSDDD.dll
0x96390000 \SystemRoot\System32\framebuf.dll
0x963A0000 \SystemRoot\System32\ATMFD.DLL
0x953A0000 \SystemRoot\system32\drivers\WudfPf.sys
0x953BA000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x953D1000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x953E8000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8B7DD000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x953F3000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8B7F0000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8B600000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xA2212000 \SystemRoot\System32\Drivers\fastfat.SYS
0xA223C000 \??\C:\Users\Robert\AppData\Local\Temp\aswMBR.sys
0x76E60000 \Windows\System32\ntdll.dll
0x47C40000 \Windows\System32\smss.exe
0x770A0000 \Windows\System32\apisetschema.dll
0x002C0000 \Windows\System32\autochk.exe
0x76FC0000 \Windows\System32\user32.dll
0x76E30000 \Windows\System32\imagehlp.dll
0x76DD0000 \Windows\System32\shlwapi.dll
0x76FB0000 \Windows\System32\lpk.dll
0x76D30000 \Windows\System32\usp10.dll
0x76C80000 \Windows\System32\rpcrt4.dll
0x76C20000 \Windows\System32\difxapi.dll
0x76BD0000 \Windows\System32\gdi32.dll
0x76A70000 \Windows\System32\ole32.dll
0x76A20000 \Windows\System32\Wldap32.dll
0x76880000 \Windows\System32\setupapi.dll
0x76800000 \Windows\System32\comdlg32.dll
0x767C0000 \Windows\System32\ws2_32.dll
0x75B70000 \Windows\System32\shell32.dll
0x75A70000 \Windows\System32\wininet.dll
0x75990000 \Windows\System32\kernel32.dll
0x75900000 \Windows\System32\clbcatq.dll
0x75860000 \Windows\System32\advapi32.dll
0x76FA0000 \Windows\System32\nsi.dll
0x75850000 \Windows\System32\normaliz.dll
0x75650000 \Windows\System32\iertutil.dll
0x75630000 \Windows\System32\imm32.dll
0x75560000 \Windows\System32\msctf.dll
0x754B0000 \Windows\System32\msvcrt.dll
0x754A0000 \Windows\System32\psapi.dll
0x75410000 \Windows\System32\oleaut32.dll
0x753F0000 \Windows\System32\sechost.dll
0x752B0000 \Windows\System32\urlmon.dll
0x75260000 \Windows\System32\KernelBase.dll
0x751D0000 \Windows\System32\comctl32.dll
0x751B0000 \Windows\System32\devobj.dll
0x75090000 \Windows\System32\crypt32.dll
0x75060000 \Windows\System32\cfgmgr32.dll
0x75030000 \Windows\System32\wintrust.dll
0x75020000 \Windows\System32\msasn1.dll

Processes (total 23):
0 System Idle Process
4 System
292 C:\Windows\System32\smss.exe
388 csrss.exe
424 C:\Windows\System32\wininit.exe
432 csrss.exe
472 C:\Windows\System32\services.exe
492 C:\Windows\System32\lsass.exe
500 C:\Windows\System32\lsm.exe
600 C:\Windows\System32\svchost.exe
676 C:\Windows\System32\svchost.exe
740 C:\Program Files\Microsoft Security Client\MsMpEng.exe
784 C:\Windows\System32\svchost.exe
836 C:\Windows\System32\winlogon.exe
856 C:\Windows\System32\svchost.exe
916 C:\Windows\System32\svchost.exe
972 C:\Windows\System32\svchost.exe
996 C:\Windows\System32\svchost.exe
1376 C:\Windows\explorer.exe
1424 C:\Windows\System32\ctfmon.exe
1676 C:\Users\Robert\Desktop\MBRCheck.exe
1560 C:\Windows\System32\conhost.exe
748 <unknown>

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000061`a8000000 (NTFS)

PhysicalDrive0 Model Number: ST2000DL003-9VT166, Rev: CC32

Size Device Name MBR Status
--------------------------------------------
1863 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!
 
Excellent work! Let me know if that error persists in the next couple rounds of scans, please.

Scan for malware

bf_new.gif
Please download Malwarebytes Anti-Malware from HERE.


Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Copy and paste the entire report in your next reply.
 
Okay, operation seems to be normal as of yet. Thank you for all your help.

Log:

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.19.06

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
Robert :: PHOTOEDITING [administrator]

Protection: Enabled

8/19/2012 1:11:09 PM
mbam-log-2012-08-19 (13-11-09).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 219575
Time elapsed: 12 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Robert\Downloads\Setup.exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.

(end)
 
ESET Online Scan

Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
  • Click Start or wait for the scanner to load.
  • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, there are a couple of things to keep in mind:
  • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
  • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
  • Open the logfile from wherever you saved it
  • Copy and paste the contents in your next reply.
 
eset scan log

C:\ProgramData\Microsoft\Windows\DRM\5CC0.tmp Win32/Olmarik.AYD trojan cleaned by deleting - quarantined
C:\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\03.08.2012_19.31.33\mbr0000\tdlfs0000\tsk0001.dta Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\03.08.2012_19.31.33\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\03.08.2012_19.31.33\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AYH trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\03.08.2012_19.31.33\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AL trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\18.08.2012_06.09.30\mbr0000\tdlfs0000\tsk0001.dta Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\18.08.2012_06.09.30\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\18.08.2012_06.09.30\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AYH trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\18.08.2012_06.09.30\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AL trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\18.08.2012_06.09.30\mbr0000\tdlfs0000\tsk0005.dta a variant of Win32/Rootkit.Kryptik.NP trojan cleaned by deleting - quarantined
C:\Users\Bethanie\AppData\Local\Macromedia\CrashDumps\bgtoh.dll a variant of Win32/Kryptik.AKQH trojan cleaned by deleting - quarantined
C:\Users\Bethanie\AppData\Roaming\Mozilla\Firefox\Profiles\q6nvbut9.default\extensions\rfxnwgshau@rfxnwgshau.org.xpi JS/Redirector.NCA trojan deleted - quarantined
C:\Users\Bethanie\AppData\Roaming\Mozilla\Firefox\Profiles\q6nvbut9.default\extensions\plugin@yontoo.com\content\overlay.js Win32/Adware.Yontoo application cleaned by deleting - quarantined
C:\Users\Bethanie\Downloads\cnet2_RCATSetup_exe(1).exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Users\Bethanie\Downloads\cnet2_RCATSetup_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
 
Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
 
# AdwCleaner v1.801 - Logfile created 08/23/2012 at 15:46:30
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Ultimate N (32 bits)
# User : Robert - PHOTOEDITING
# Boot Mode : Normal
# Running from : C:\Users\Robert\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Robert\AppData\Local\Ilivid Player
Folder Found : C:\Users\Bethanie\AppData\Roaming\Mozilla\Firefox\Profiles\q6nvbut9.default\extensions\plugin@yontoo.com
Folder Found : C:\ProgramData\boost_interprocess
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Program Files\Ilivid
File Found : C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\3t97onhd.default\searchplugins\Search_Results.xml
File Found : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml

***** [Registry] *****

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7600.16385

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Users\Bethanie\AppData\Roaming\Mozilla\Firefox\Profiles\q6nvbut9.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\3t97onhd.default\prefs.js

Found : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=164&systemid=406&sr=0&q=");

*************************

AdwCleaner[R1].txt - [2256 octets] - [23/08/2012 15:46:30]

########## EOF - C:\AdwCleaner[R1].txt - [2384 octets] ##########
 
Remove the Adware.
  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
Please post the log.
 
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files\Ilivid
File Deleted : C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\3t97onhd.default\searchplugins\Search_Results.xml
File Deleted : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7600.16385

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Users\Bethanie\AppData\Roaming\Mozilla\Firefox\Profiles\q6nvbut9.default\prefs.js

C:\Users\Bethanie\AppData\Roaming\Mozilla\Firefox\Profiles\q6nvbut9.default\user.js ... Deleted !

[OK] File is clean.

Profile name : default
File : C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\3t97onhd.default\prefs.js

Deleted : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=164&systemid=406&sr=0&q=");

*************************

AdwCleaner[R1].txt - [2385 octets] - [23/08/2012 15:46:30]
AdwCleaner[S1].txt - [2454 octets] - [24/08/2012 04:01:04]

########## EOF - C:\AdwCleaner[S1].txt - [2582 octets] ##########
 
ESET Online Scan

Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
  • Click Start or wait for the scanner to load.
  • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, there are a couple of things to keep in mind:
  • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
  • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
  • Open the logfile from wherever you saved it
  • Copy and paste the contents in your next reply.
 
Hello. Are you still with us?

Your thread has been marked as "Inactive" because of your lack of reply. Please let us know how your computer is running, or if you want to continue in this topic.

Thanks.
 
You must log in or register to reply here.

Similar threads

Libertybrick
Solved Windows has encountered a critical error and will restart in one minute.
Replies
23
Views
16K
Broni
Broni
D
Solved PC Shutting Down During Malware Scans, Presumed Malware Infection (Windows 7)
2
Replies
27
Views
7K
Broni
Broni
Iyan Eisinerg
Help my father--I deleted OS files, error messages...(
Replies
1
Views
1K
MaikuTech
MaikuTech

Latest posts

Back