Jump to content

av18

Members
  • Posts

    16
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Thank you so much. i still have TFC, msert, and NTREGOPT in my desktop and i was wondering if i could delete them
  2. Well is looks goodand its working. otl txtt: OTL logfile created on: 10/6/2012 3:31:27 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.96 Gb Total Physical Memory | 1.05 Gb Available Physical Memory | 53.80% Memory free 3.92 Gb Paging File | 2.85 Gb Available in Paging File | 72.79% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74.16 Gb Total Space | 55.03 Gb Free Space | 74.20% Space Free | Partition Type: NTFS Computer Name: 755SDBIMSO-11 | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/09/28 11:54:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe PRC - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe PRC - [2012/09/12 17:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe PRC - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010/11/20 14:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe ========== Modules (No Company Name) ========== MOD - [2011/11/03 10:41:10 | 001,516,576 | ---- | M] () -- C:\Program Files\WOT\WOT.dll MOD - [2011/10/05 03:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL ========== Services (SafeList) ========== SRV - [2012/09/20 16:02:40 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/09/12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/04/30 10:28:52 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2009/07/13 18:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\User\AppData\Local\Temp\catchme.sys -- (catchme) DRV - [2012/08/30 22:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2010/11/20 14:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/20 14:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010/11/20 14:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc) DRV - [2010/11/20 14:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010/11/20 14:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010/11/20 14:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010/11/20 14:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD) DRV - [2010/11/20 14:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010/11/20 14:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2009/06/05 19:12:34 | 000,219,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6232.sys -- (e1express) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sdbroadband.org/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) O1 HOSTS File: ([2012/09/28 22:20:19 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll () O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll () O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F8923FBD-AD44-4769-AB0F-B3BB0F86B3E9}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll () O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/10/04 18:13:00 | 000,000,000 | ---D | C] -- C:\Users\User\DoctorWeb [2012/10/04 15:25:43 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\TFC.exe [2012/10/03 16:51:20 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\QuickScan [2012/10/03 16:44:18 | 000,693,265 | ---- | C] (Farbar) -- C:\Users\User\Desktop\FSS.exe [2012/10/01 17:14:43 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012/10/01 16:31:46 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro [2012/10/01 16:31:46 | 000,000,000 | ---D | C] -- C:\rsit [2012/10/01 14:38:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt [2012/09/28 22:21:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/09/28 22:21:32 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012/09/28 22:21:32 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\temp [2012/09/28 22:14:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/09/28 22:14:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/09/28 22:14:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/09/28 22:12:54 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/09/28 22:10:59 | 004,757,745 | R--- | C] (Swearware) -- C:\Users\User\Desktop\ComboFix.exe [2012/09/28 14:44:25 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\RK_Quarantine [2012/09/28 14:37:20 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012/09/28 14:34:24 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\User\Desktop\tdsskiller.exe [2012/09/28 14:26:20 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\User\Desktop\aswMBR.exe [2012/09/28 11:57:55 | 000,000,000 | ---D | C] -- C:\_OTL [2012/09/28 11:54:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe [2012/09/28 11:36:16 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2012/09/28 11:34:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2012/09/28 11:34:06 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT [2012/09/28 11:29:44 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\User\Desktop\erunt-setup.exe [2012/09/27 16:44:28 | 000,000,000 | ---D | C] -- C:\FRST [2012/09/26 16:32:03 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\ElevatedDiagnostics [2012/09/26 15:44:16 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012/09/25 15:48:00 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\OneNote Notebooks [2012/09/22 23:38:54 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\alejandro's work [2012/09/09 22:13:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012/09/09 22:13:23 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012/09/09 19:14:45 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\INTEL ========== Files - Modified Within 30 Days ========== [2012/10/06 15:14:39 | 000,021,904 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/10/06 15:14:39 | 000,021,904 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/10/06 15:11:48 | 000,623,940 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/10/06 15:11:48 | 000,106,316 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/10/06 15:07:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/10/06 15:07:22 | 1576,488,960 | -HS- | M] () -- C:\hiberfil.sys [2012/10/06 00:05:11 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/10/05 10:29:35 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/10/04 20:29:59 | 000,003,166 | ---- | M] () -- C:\Users\User\Desktop\DrWeb.csv [2012/10/04 17:44:40 | 094,640,824 | ---- | M] () -- C:\Users\User\Desktop\drweb-cureit.exe [2012/10/04 15:25:43 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\TFC.exe [2012/10/03 16:44:21 | 000,693,265 | ---- | M] (Farbar) -- C:\Users\User\Desktop\FSS.exe [2012/10/01 16:34:57 | 000,881,724 | ---- | M] () -- C:\Users\User\Desktop\SecurityCheck.exe [2012/10/01 16:30:09 | 000,781,383 | ---- | M] () -- C:\Users\User\Desktop\RSIT.exe [2012/09/28 22:20:19 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012/09/28 22:11:27 | 004,757,745 | R--- | M] (Swearware) -- C:\Users\User\Desktop\ComboFix.exe [2012/09/28 14:43:34 | 001,412,096 | ---- | M] () -- C:\Users\User\Desktop\RogueKiller.exe [2012/09/28 14:34:34 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\User\Desktop\tdsskiller.exe [2012/09/28 14:31:56 | 000,000,512 | ---- | M] () -- C:\Users\User\Desktop\MBR.dat [2012/09/28 14:26:49 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\User\Desktop\aswMBR.exe [2012/09/28 13:02:22 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2012/09/28 11:54:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe [2012/09/28 11:34:07 | 000,000,894 | ---- | M] () -- C:\Users\User\Desktop\NTREGOPT.lnk [2012/09/28 11:34:07 | 000,000,875 | ---- | M] () -- C:\Users\User\Desktop\ERUNT.lnk [2012/09/28 11:30:19 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\User\Desktop\erunt-setup.exe [2012/09/25 21:21:18 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif [2012/09/25 15:47:59 | 000,001,276 | ---- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2012/09/12 15:04:13 | 000,000,112 | ---- | M] () -- C:\ProgramData\Rdo6j2N2K.dat [2012/09/11 17:38:50 | 000,000,001 | ---- | M] () -- C:\ProgramData\Mpnp38C2.exe_.b [2012/09/09 22:13:24 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys ========== Files Created - No Company Name ========== [2012/10/04 20:29:58 | 000,003,166 | ---- | C] () -- C:\Users\User\Desktop\DrWeb.csv [2012/10/04 17:09:53 | 094,640,824 | ---- | C] () -- C:\Users\User\Desktop\drweb-cureit.exe [2012/10/01 16:34:57 | 000,881,724 | ---- | C] () -- C:\Users\User\Desktop\SecurityCheck.exe [2012/10/01 16:30:09 | 000,781,383 | ---- | C] () -- C:\Users\User\Desktop\RSIT.exe [2012/09/28 22:14:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/09/28 22:14:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/09/28 22:14:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/09/28 22:14:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/09/28 22:14:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/09/28 14:43:34 | 001,412,096 | ---- | C] () -- C:\Users\User\Desktop\RogueKiller.exe [2012/09/28 14:31:56 | 000,000,512 | ---- | C] () -- C:\Users\User\Desktop\MBR.dat [2012/09/28 13:02:22 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2012/09/28 11:34:07 | 000,000,894 | ---- | C] () -- C:\Users\User\Desktop\NTREGOPT.lnk [2012/09/28 11:34:07 | 000,000,875 | ---- | C] () -- C:\Users\User\Desktop\ERUNT.lnk [2012/09/25 15:47:59 | 000,001,276 | ---- | C] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2012/09/11 17:39:09 | 000,000,112 | ---- | C] () -- C:\ProgramData\Rdo6j2N2K.dat [2012/09/11 17:38:50 | 000,000,001 | ---- | C] () -- C:\ProgramData\Mpnp38C2.exe_.b [2012/09/09 22:13:24 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012/04/30 13:05:53 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll [2010/11/20 14:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe ========== ZeroAccess Check ========== [2009/07/13 21:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 18:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012/08/21 19:40:49 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Foxit Software [2012/10/03 17:06:53 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\QuickScan ========== Purity Check ========== < End of report > extras txt OTL Extras logfile created on: 10/6/2012 3:31:27 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.96 Gb Total Physical Memory | 1.05 Gb Available Physical Memory | 53.80% Memory free 3.92 Gb Paging File | 2.85 Gb Available in Paging File | 72.79% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74.16 Gb Total Space | 55.03 Gb Free Space | 74.20% Space Free | Partition Type: NTFS Computer Name: 755SDBIMSO-11 | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{42140787-BBA6-4FE1-8433-795E9049D869}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{54275D38-A4A1-4913-88B0-56C9C45889CC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "TCP Query User{1DC92431-A0F2-4DDE-9570-79D293969612}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{BC2764B0-D764-4D0F-B4FF-6BEA486A8D12}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR "{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10 "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{9507C52B-E482-4914-85A6-D4786ADD3512}" = Foxit Reader "{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client "{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP) "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4) "{C0DA129B-1E45-494D-A362-5CD0109C306B}" = WOT for Internet Explorer "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "7-Zip" = 7-Zip 9.20 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "CCleaner" = CCleaner "ERUNT_is1" = ERUNT 1.1j "ESET Online Scanner" = ESET Online Scanner v3 "HDMI" = Intel® Graphics Media Accelerator Driver "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "KLiteCodecPack_is1" = K-Lite Codec Pack 8.7.0 (Full) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft Security Client" = Microsoft Security Essentials ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 9/12/2012 5:08:23 PM | Computer Name = 755sdbiMSO-11 | Source = Application Error | ID = 1000 Description = Faulting application name: Mpnp38C2.exe, version: 0.0.0.0, time stamp: 0x48810d14 Faulting module name: Mpnp38C2.exe, version: 0.0.0.0, time stamp: 0x48810d14 Exception code: 0x80000003 Fault offset: 0x000021a0 Faulting process id: 0x15b8 Faulting application start time: 0x01cd912aba8fd0b8 Faulting application path: C:\ProgramData\Mpnp38C2.exe Faulting module path: C:\ProgramData\Mpnp38C2.exe Report Id: fc02a79b-fd1d-11e1-90c2-00219b3d4c0a Error - 9/12/2012 5:10:28 PM | Computer Name = 755sdbiMSO-11 | Source = Application Error | ID = 1000 Description = Faulting application name: Mpnp38C2.exe, version: 0.0.0.0, time stamp: 0x48810d14 Faulting module name: Mpnp38C2.exe, version: 0.0.0.0, time stamp: 0x48810d14 Exception code: 0x80000003 Fault offset: 0x000021a0 Faulting process id: 0xf30 Faulting application start time: 0x01cd912affb4ac07 Faulting application path: C:\ProgramData\Mpnp38C2.exe Faulting module path: C:\ProgramData\Mpnp38C2.exe Report Id: 467bd051-fd1e-11e1-90c2-00219b3d4c0a Error - 9/12/2012 5:11:14 PM | Computer Name = 755sdbiMSO-11 | Source = Application Error | ID = 1000 Description = Faulting application name: Mpnp38C2.exe, version: 0.0.0.0, time stamp: 0x48810d14 Faulting module name: Mpnp38C2.exe, version: 0.0.0.0, time stamp: 0x48810d14 Exception code: 0x80000003 Fault offset: 0x000021a0 Faulting process id: 0x1440 Faulting application start time: 0x01cd912b1d8836b4 Faulting application path: C:\ProgramData\Mpnp38C2.exe Faulting module path: C:\ProgramData\Mpnp38C2.exe Report Id: 618de8c8-fd1e-11e1-90c2-00219b3d4c0a Error - 9/12/2012 5:14:10 PM | Computer Name = 755sdbiMSO-11 | Source = Application Error | ID = 1000 Description = Faulting application name: Mpnp38C2.exe, version: 0.0.0.0, time stamp: 0x48810d14 Faulting module name: Mpnp38C2.exe, version: 0.0.0.0, time stamp: 0x48810d14 Exception code: 0x80000003 Fault offset: 0x000021a0 Faulting process id: 0x1128 Faulting application start time: 0x01cd912b87348ee6 Faulting application path: C:\ProgramData\Mpnp38C2.exe Faulting module path: C:\ProgramData\Mpnp38C2.exe Report Id: cabe622f-fd1e-11e1-90c2-00219b3d4c0a Error - 9/12/2012 5:14:10 PM | Computer Name = 755sdbiMSO-11 | Source = Application Error | ID = 1000 Description = Faulting application name: Mpnp38C2.exe, version: 0.0.0.0, time stamp: 0x48810d14 Faulting module name: Mpnp38C2.exe, version: 0.0.0.0, time stamp: 0x48810d14 Exception code: 0x80000003 Fault offset: 0x000021a0 Faulting process id: 0x1714 Faulting application start time: 0x01cd912b862eb788 Faulting application path: C:\ProgramData\Mpnp38C2.exe Faulting module path: C:\ProgramData\Mpnp38C2.exe Report Id: cabe893f-fd1e-11e1-90c2-00219b3d4c0a Error - 9/12/2012 5:15:05 PM | Computer Name = 755sdbiMSO-11 | Source = Application Error | ID = 1000 Description = Faulting application name: Mpnp38C2.exe, version: 0.0.0.0, time stamp: 0x48810d14 Faulting module name: Mpnp38C2.exe, version: 0.0.0.0, time stamp: 0x48810d14 Exception code: 0x80000003 Fault offset: 0x000021a0 Faulting process id: 0x1394 Faulting application start time: 0x01cd912ba87079a5 Faulting application path: C:\ProgramData\Mpnp38C2.exe Faulting module path: C:\ProgramData\Mpnp38C2.exe Report Id: ebca3be1-fd1e-11e1-90c2-00219b3d4c0a Error - 9/12/2012 5:15:42 PM | Computer Name = 755sdbiMSO-11 | Source = Application Error | ID = 1000 Description = Faulting application name: Mpnp38C2.exe, version: 0.0.0.0, time stamp: 0x48810d14 Faulting module name: Mpnp38C2.exe, version: 0.0.0.0, time stamp: 0x48810d14 Exception code: 0x80000003 Fault offset: 0x000021a0 Faulting process id: 0x11c0 Faulting application start time: 0x01cd912bbbcff825 Faulting application path: C:\ProgramData\Mpnp38C2.exe Faulting module path: C:\ProgramData\Mpnp38C2.exe Report Id: 01d95590-fd1f-11e1-90c2-00219b3d4c0a Error - 9/12/2012 5:15:42 PM | Computer Name = 755sdbiMSO-11 | Source = Application Error | ID = 1000 Description = Faulting application name: Mpnp38C2.exe, version: 0.0.0.0, time stamp: 0x48810d14 Faulting module name: Mpnp38C2.exe, version: 0.0.0.0, time stamp: 0x48810d14 Exception code: 0x80000003 Fault offset: 0x000021a0 Faulting process id: 0x1300 Faulting application start time: 0x01cd912bbbcfd114 Faulting application path: C:\ProgramData\Mpnp38C2.exe Faulting module path: C:\ProgramData\Mpnp38C2.exe Report Id: 01f190c6-fd1f-11e1-90c2-00219b3d4c0a Error - 9/12/2012 5:16:53 PM | Computer Name = 755sdbiMSO-11 | Source = Application Error | ID = 1000 Description = Faulting application name: Mpnp38C2.exe, version: 0.0.0.0, time stamp: 0x48810d14 Faulting module name: Mpnp38C2.exe, version: 0.0.0.0, time stamp: 0x48810d14 Exception code: 0x80000003 Fault offset: 0x000021a0 Faulting process id: 0x938 Faulting application start time: 0x01cd912be4fa32df Faulting application path: C:\ProgramData\Mpnp38C2.exe Faulting module path: C:\ProgramData\Mpnp38C2.exe Report Id: 2c2fbb4d-fd1f-11e1-90c2-00219b3d4c0a Error - 9/12/2012 6:07:19 PM | Computer Name = 755sdbiMSO-11 | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 9/28/2012 5:39:23 PM | Computer Name = 755sdbiMSO-11 | Source = DCOM | ID = 10005 Description = Error - 9/28/2012 5:39:33 PM | Computer Name = 755sdbiMSO-11 | Source = DCOM | ID = 10005 Description = Error - 9/28/2012 5:39:37 PM | Computer Name = 755sdbiMSO-11 | Source = DCOM | ID = 10005 Description = Error - 9/28/2012 5:49:17 PM | Computer Name = 755sdbiMSO-11 | Source = DCOM | ID = 10005 Description = Error - 9/28/2012 5:49:17 PM | Computer Name = 755sdbiMSO-11 | Source = Microsoft Antimalware | ID = 2001 Description = %%860 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.466.0 Update Source: %%859 Update Stage: %%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode Error - 9/28/2012 6:21:42 PM | Computer Name = 755sdbiMSO-11 | Source = Microsoft Antimalware | ID = 2001 Description = %%860 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.466.0 Update Source: %%859 Update Stage: %%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode Error - 9/29/2012 1:14:48 AM | Computer Name = 755sdbiMSO-11 | Source = DCOM | ID = 10005 Description = Error - 9/29/2012 1:16:01 AM | Computer Name = 755sdbiMSO-11 | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 9/29/2012 1:17:42 AM | Computer Name = 755sdbiMSO-11 | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 9/29/2012 1:20:21 AM | Computer Name = 755sdbiMSO-11 | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. < End of report >
  3. the complete scan i did with MSE didnt find anything but there are some stuff that was moved to quarentine and i dont know if i have to delete them: Trijan:JS/Tadtruss.A Trojan:JS/Tadtruss.A Trojan:DOS/Alureon.J Here is the MBAM log Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Database version: v2012.10.05.07 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 User :: 755SDBIMSO-11 [administrator] 10/5/2012 10:33:55 AM mbam-log-2012-10-05 (10-33-55).txt Scan type: Full scan (A:\|C:\|D:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 245442 Time elapsed: 20 minute(s), 53 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 1 C:\Users\User\AppData\Local\INTEL\cwyqnivp.dll (Spyware.Password) -> Delete on reboot. Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|INTEL (Spyware.Password) -> Data: rundll32.exe C:\Users\User\AppData\Local\INTEL\cwyqnivp.dll,SonyUsbDataRecive -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|INTEL Update (Spyware.Password) -> Data: rundll32.exe C:\Users\User\AppData\Local\INTEL\cwyqnivp.dll,SonyUsbDataRecive -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Users\User\AppData\Local\INTEL\cwyqnivp.dll (Spyware.Password) -> Delete on reboot. (end)
  4. Microsoft safety scanner results Trojan:DOS/Alureon.J Partially removed, manual steps required drweb-cureit results: i couldnt see the icon you mentioned but here is the report: {A7B2134C-9692-9E90-354A-8A12F5FEADCD}-E8DF.exe;C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy;Trojan.Fakealert.32747;Deleted.; {D2648F4C-6F56-A249-F893-60A065F60578}-0139fb44238a.exe;C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy;Trojan.Inject1.10222;Incurable.Moved.; meld[2].js;C:\Documents and Settings\User\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\H00PYX5F;Probably SCRIPT.Virus;; meld[1].js;C:\Documents and Settings\User\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\J0OEOHS3;Probably SCRIPT.Virus;; meld[1].js;C:\Documents and Settings\User\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\LU05WAVB;Probably SCRIPT.Virus;; 40784-15[1].js\JSFile_1[0][1067];C:\Documents and Settings\User\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WALE4W;Probably SCRIPT.Virus;; 40784-15[1].js;C:\Documents and Settings\User\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WALE4W;Container contains infected objects;Moved.; 40784-15[1].js;C:\Documents and Settings\User\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WALE4W;Probably SCRIPT.Virus;Invalid path to file ; meld[2].js;C:\Documents and Settings\User\AppData\Local\Application Data\Temporary Internet Files\Content.IE5\H00PYX5F;Probably SCRIPT.Virus;; meld[1].js;C:\Documents and Settings\User\AppData\Local\Application Data\Temporary Internet Files\Content.IE5\J0OEOHS3;Probably SCRIPT.Virus;; meld[1].js;C:\Documents and Settings\User\AppData\Local\Application Data\Temporary Internet Files\Content.IE5\LU05WAVB;Probably SCRIPT.Virus;; meld[2].js;C:\Documents and Settings\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H00PYX5F;Probably SCRIPT.Virus;; meld[1].js;C:\Documents and Settings\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J0OEOHS3;Probably SCRIPT.Virus;; meld[1].js;C:\Documents and Settings\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LU05WAVB;Probably SCRIPT.Virus;; 40784-15[1].js\JSFile_1[0][1067];C:\Documents and Settings\User\DoctorWeb\Quarantine\40784-15[1].js;Probably SCRIPT.Virus;; 40784-15[1].js;C:\Documents and Settings\User\DoctorWeb\Quarantine;Container contains infected objects;Moved.; 40784-15[1].js;C:\Documents and Settings\User\DoctorWeb\Quarantine;Probably SCRIPT.Virus;Invalid path to file ; {D2648F4C-6F56-A249-F893-60A065F60578}-0139fb44238a.exe;C:\Documents and Settings\User\DoctorWeb\Quarantine;Trojan.Inject1.10222;Incurable.Moved.; meld[2].js;C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H00PYX5F;Probably SCRIPT.Virus;; meld[1].js;C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J0OEOHS3;Probably SCRIPT.Virus;; meld[1].js;C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LU05WAVB;Probably SCRIPT.Virus;;
  5. FSS.txt results Farbar Service Scanner Version: 19-09-2012 Ran by User (administrator) on 03-10-2012 at 16:46:05 Running from "C:\Users\User\Desktop" Microsoft Windows 7 Professional Service Pack 1 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is set to Demand. The default start type is Auto. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 Other Services: ============== File Check: ======== C:\Windows\system32\nsisvc.dll => MD5 is legit C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit C:\Windows\system32\dhcpcore.dll => MD5 is legit C:\Windows\system32\Drivers\afd.sys => MD5 is legit C:\Windows\system32\Drivers\tdx.sys => MD5 is legit C:\Windows\system32\Drivers\tcpip.sys [2012-09-11 16:58] - [2012-08-22 10:16] - 1292144 ____A (Microsoft Corporation) A5EBB8F648000E88B7D9390B514976BF C:\Windows\system32\dnsrslvr.dll => MD5 is legit C:\Windows\system32\mpssvc.dll => MD5 is legit C:\Windows\system32\bfe.dll => MD5 is legit C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit C:\Windows\system32\SDRSVC.dll => MD5 is legit C:\Windows\system32\vssvc.exe => MD5 is legit C:\Windows\system32\wscsvc.dll => MD5 is legit C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\system32\wuaueng.dll => MD5 is legit C:\Windows\system32\qmgr.dll => MD5 is legit C:\Windows\system32\es.dll => MD5 is legit C:\Windows\system32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit **** End of log **** i went and did the quickscan bitdefender but couldnt see the view log button you mentioned. it came out with this "Your system is infected with Gen:Variant.Barys.6082 Clean your computer with Bitdefender Antivirus Plus 2012!" i dont know if you have seen this issue by looking at my logs but sometimes when i click a link in google it redirects me to another web page with a red WOT marking.
  6. i dont know what you ment by "Keep a written list of any changes from my list of services below. That way you and I have a reference document." But everything you listed was there and checkmarked already
  7. the eset log ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=b22c04e9343aa64db6f91c455a0d803f # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-10-02 12:49:00 # local_time=2012-10-01 05:49:00 (-0800, Pacific Daylight Time) # country="United States" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=5893 16776574 100 94 12722471 100682354 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=72102 # found=12 # cleaned=12 # scan_time=1377 C:\ProgramData\Microsoft\Windows\DRM\9EFC.tmp a variant of Win32/Kryptik.AMLF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\ProgramData\Microsoft\Windows\DRM\B2CA.tmp a variant of Win32/Kryptik.AMLF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\ProgramData\Mpnp38C2.exe.vir a variant of Win32/Injector.WJR trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Users\User\AppData\Roaming\ED98.exe.vir a variant of Win32/Injector.WJR trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Windows\assembly\GAC\Desktop.ini.vir Win32/Sirefef.EZ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\TDSSKiller_Quarantine\28.09.2012_14.35.14\mbr0000\tdlfs0000\tsk0001.dta Win32/Olmarik.AYI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\TDSSKiller_Quarantine\28.09.2012_14.35.14\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\TDSSKiller_Quarantine\28.09.2012_14.35.14\mbr0000\tdlfs0000\tsk0003.dta a variant of Win32/Rootkit.Kryptik.NP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\TDSSKiller_Quarantine\28.09.2012_14.35.14\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\TDSSKiller_Quarantine\28.09.2012_14.35.14\mbr0000\tdlfs0000\tsk0008.dta Win32/Olmarik.AFK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\TDSSKiller_Quarantine\28.09.2012_14.35.14\mbr0000\tdlfs0000\tsk0009.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\09282012_115755\C_Windows\assembly\GAC\Desktop.ini Win32/Sirefef.EZ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
  8. Here is the rest of the stuff RSIT txt log maximized Logfile of random's system information tool 1.09 (written by random/random) Run by User at 2012-10-01 16:31:46 Microsoft Windows 7 Professional Service Pack 1 System drive C: has 56 GB (74%) free of 76 GB Total RAM: 2005 MB (60% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 4:32:18 PM, on 10/1/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16450) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Windows\system32\SearchProtocolHost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Users\User\Desktop\RSIT.exe C:\Program Files\trend micro\User.exe C:\Windows\system32\SearchFilterHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sdbroadband.org/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [iNTEL] rundll32.exe C:\Users\User\AppData\Local\INTEL\cwyqnivp.dll,SonyUsbDataRecive O4 - HKCU\..\Run: [iNTEL Update] rundll32.exe C:\Users\User\AppData\Local\INTEL\cwyqnivp.dll,SonyUsbDataRecive O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- End of file - 3755 bytes ======Scheduled tasks folder====== C:\Windows\tasks\Adobe Flash Player Updater.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27 63944] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7}] WOT Helper - C:\Program Files\WOT\WOT.dll [2011-11-03 1516576] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {71576546-354D-41c9-AAE8-31F2EC22BF0D} - WOT - C:\Program Files\WOT\WOT.dll [2011-11-03 1516576] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2012-09-12 947176] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2011-10-24 421888] "SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-08-01 1282048] "IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-09-23 141848] "HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-09-23 173592] "Persistence"=C:\Windows\system32\igfxpers.exe [2009-09-23 150552] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-07-27 919008] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "INTEL"=C:\Users\User\AppData\Local\INTEL\cwyqnivp.dll [2012-09-09 759296] "INTEL Update"=C:\Users\User\AppData\Local\INTEL\cwyqnivp.dll [2012-09-09 759296] C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\Windows\system32\igfxdev.dll [2009-09-23 218112] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2012-04-30 203776] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "vidc.uyvy"=msyuv.dll "vidc.yuy2"=msyuv.dll "vidc.yvyu"=msyuv.dll "vidc.iyuv"=iyuv_32.dll "vidc.i420"=iyuv_32.dll "vidc.yvu9"=tsbyuv.dll "msacm.l3acm"=C:\Windows\System32\l3codeca.acm "vidc.cvid"=iccvid.dll "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 ======List of files/folders created in the last 1 month====== 2012-10-01 16:31:46 ----D---- C:\rsit 2012-10-01 16:31:46 ----D---- C:\Program Files\trend micro 2012-10-01 14:38:44 ----D---- C:\Windows\system32\appmgmt 2012-09-28 22:21:33 ----SHD---- C:\$RECYCLE.BIN 2012-09-28 22:21:32 ----D---- C:\Windows\temp 2012-09-28 22:21:31 ----A---- C:\ComboFix.txt 2012-09-28 22:14:45 ----A---- C:\Windows\zip.exe 2012-09-28 22:14:45 ----A---- C:\Windows\SWSC.exe 2012-09-28 22:14:45 ----A---- C:\Windows\SWREG.exe 2012-09-28 22:14:45 ----A---- C:\Windows\sed.exe 2012-09-28 22:14:45 ----A---- C:\Windows\PEV.exe 2012-09-28 22:14:45 ----A---- C:\Windows\NIRCMD.exe 2012-09-28 22:14:45 ----A---- C:\Windows\MBR.exe 2012-09-28 22:14:45 ----A---- C:\Windows\grep.exe 2012-09-28 22:12:54 ----D---- C:\Qoobox 2012-09-28 14:37:20 ----D---- C:\TDSSKiller_Quarantine 2012-09-28 14:35:14 ----A---- C:\TDSSKiller.2.8.10.0_28.09.2012_14.35.14_log.txt 2012-09-28 11:57:55 ----D---- C:\_OTL 2012-09-28 11:36:16 ----D---- C:\Windows\ERDNT 2012-09-28 11:34:06 ----D---- C:\Program Files\ERUNT 2012-09-27 16:44:28 ----D---- C:\FRST 2012-09-26 16:18:17 ----A---- C:\Windows\ntbtlog.txt 2012-09-26 15:44:16 ----D---- C:\Windows\Minidump 2012-09-25 15:30:52 ----A---- C:\Windows\system32\OxpsConverter.exe 2012-09-23 00:21:32 ----A---- C:\Windows\system32\vbscript.dll 2012-09-23 00:21:32 ----A---- C:\Windows\system32\mshtmled.dll 2012-09-23 00:21:31 ----A---- C:\Windows\system32\msfeeds.dll 2012-09-23 00:21:31 ----A---- C:\Windows\system32\jsproxy.dll 2012-09-23 00:21:31 ----A---- C:\Windows\system32\ieUnatt.exe 2012-09-23 00:21:31 ----A---- C:\Windows\system32\ieui.dll 2012-09-23 00:21:30 ----A---- C:\Windows\system32\wininet.dll 2012-09-23 00:21:30 ----A---- C:\Windows\system32\jscript.dll 2012-09-23 00:21:29 ----A---- C:\Windows\system32\url.dll 2012-09-23 00:21:29 ----A---- C:\Windows\system32\jscript9.dll 2012-09-23 00:21:29 ----A---- C:\Windows\system32\iertutil.dll 2012-09-23 00:21:27 ----A---- C:\Windows\system32\urlmon.dll 2012-09-23 00:21:26 ----A---- C:\Windows\system32\ieframe.dll 2012-09-23 00:21:25 ----A---- C:\Windows\system32\mshtml.dll 2012-09-11 17:39:09 ----A---- C:\ProgramData\Rdo6j2N2K.dat 2012-09-11 16:58:36 ----A---- C:\Windows\system32\drivers\tcpip.sys 2012-09-11 16:58:36 ----A---- C:\Windows\system32\drivers\netio.sys 2012-09-11 16:58:36 ----A---- C:\Windows\system32\drivers\ndis.sys 2012-09-11 16:58:36 ----A---- C:\Windows\system32\drivers\FWPKCLNT.SYS 2012-09-11 16:58:35 ----A---- C:\Windows\system32\drivers\RNDISMP.sys 2012-09-11 16:58:34 ----A---- C:\Windows\system32\d3d10level9.dll 2012-09-09 22:13:23 ----D---- C:\Program Files\CCleaner ======List of files/folders modified in the last 1 month====== 2012-10-01 16:31:46 ----RD---- C:\Program Files 2012-10-01 16:31:26 ----D---- C:\Windows\system32\drivers 2012-10-01 16:21:36 ----D---- C:\Windows\system32\config 2012-10-01 14:40:23 ----SHD---- C:\Windows\Installer 2012-10-01 14:40:23 ----D---- C:\Program Files\Common Files 2012-10-01 14:40:15 ----D---- C:\Windows\System32 2012-10-01 14:40:01 ----SHD---- C:\System Volume Information 2012-10-01 14:36:30 ----D---- C:\Windows\inf 2012-10-01 14:36:30 ----A---- C:\Windows\system32\PerfStringBackup.INI 2012-09-28 22:21:32 ----D---- C:\Windows 2012-09-28 22:20:23 ----A---- C:\Windows\system.ini 2012-09-28 22:20:19 ----D---- C:\Windows\system32\drivers\etc 2012-09-28 22:18:51 ----D---- C:\ProgramData 2012-09-28 22:17:46 ----D---- C:\Windows\AppPatch 2012-09-28 13:02:20 ----D---- C:\Windows\system32\drivers\UMDF 2012-09-26 16:20:08 ----D---- C:\Windows\system32\catroot2 2012-09-26 16:11:51 ----D---- C:\Windows\Prefetch 2012-09-26 15:39:20 ----D---- C:\Windows\Web 2012-09-26 15:16:59 ----D---- C:\Windows\system32\sysprep 2012-09-25 21:21:17 ----D---- C:\Program Files\Microsoft Security Client 2012-09-25 21:21:04 ----D---- C:\Windows\system32\catroot 2012-09-25 21:20:29 ----D---- C:\Windows\winsxs 2012-09-25 15:48:03 ----SD---- C:\Users\User\AppData\Roaming\Microsoft 2012-09-24 17:27:13 ----D---- C:\Windows\system32\migration 2012-09-24 17:27:13 ----D---- C:\Program Files\Internet Explorer 2012-09-20 16:02:37 ----A---- C:\Windows\system32\FlashPlayerApp.exe 2012-09-12 11:13:13 ----D---- C:\Windows\system32\DriverStore 2012-09-11 22:58:09 ----D---- C:\Windows\debug 2012-09-11 22:58:08 ----A---- C:\Windows\system32\MRT.exe 2012-09-09 22:28:39 ----D---- C:\Windows\SchCache 2012-09-09 22:18:08 ----D---- C:\Windows\Panther 2012-09-09 22:18:08 ----D---- C:\Windows\Logs 2012-09-09 22:13:25 ----D---- C:\Windows\system32\Tasks 2012-09-05 23:17:57 ----D---- C:\Windows\system32\FxsTmp ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2012-08-30 193552] R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-13 12368] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440] R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096] R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-13 8704] R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys [2007-08-03 347648] R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6232.sys [2009-06-05 219352] R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-09-23 4808192] S3 aic78xx;aic78xx; C:\Windows\system32\drivers\djsvs.sys [2009-07-13 70720] S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-13 53312] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888] S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-13 78336] S3 catchme;catchme; \??\C:\Users\User\AppData\Local\Temp\catchme.sys [] S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-20 62464] S3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 99272] S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632] S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632] S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-13 52304] S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032] S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224] S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264] S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-13 53328] S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\drivers\viac7.sys [2009-07-13 52736] S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360] S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920] S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960] R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-13 20992] R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe [2012-09-12 20472] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-20 250288] S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-13 20992] S3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-09-12 287824] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-13 20992] S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-13 20992] S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-13 20992] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-04-30 1343400] -----------------EOF----------------- RSIT minimized txt log info.txt logfile of random's system information tool 1.09 2012-10-01 16:32:19 ======Uninstall list====== Update for Microsoft Office 2007 (KB2508958)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438} 7-Zip 9.20-->"C:\Program Files\7-Zip\Uninstall.exe" Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall Adobe AIR-->MsiExec.exe /I{47FA2C44-D148-4DBC-AF60-B91934AA4842} Adobe Flash Player 11 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe -maintain activex Adobe Flash Player 11 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_278_Plugin.exe -maintain plugin Adobe Reader X (10.1.4)-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AA1000000001} Adobe Shockwave Player 11.6-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe" CCleaner-->"C:\Program Files\CCleaner\uninst.exe" CDBurnerXP-->"C:\Program Files\CDBurnerXP\unins000.exe" ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe" Foxit Reader-->MsiExec.exe /I{9507C52B-E482-4914-85A6-D4786ADD3512} Intel® Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall K-Lite Codec Pack 8.7.0 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe" Malwarebytes Anti-Malware version 1.61.0.1400-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {98333358-268C-4164-B6D4-C96DF5153727} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {98333358-268C-4164-B6D4-C96DF5153727} Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6E107EB7-8B55-48BF-ACCB-199F86A2CD93} Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE} Microsoft Office File Validation Add-In-->MsiExec.exe /I{90140000-2005-0000-0000-0000000FF1CE} Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE} Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE} Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {1FF96026-A04A-4C3E-B50A-BB7022654D0F} Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {71F055E8-E2C6-4214-BB3D-BFE03561B89E} Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {2314F9A1-126F-45CC-8A5E-DFAF866F3FBC} Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE} Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE} Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE} Microsoft Security Client-->MsiExec.exe /X{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD} Microsoft Security Essentials-->C:\Program Files\Microsoft Security Client\Setup.exe /x Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Paint.NET v3.5.10-->MsiExec.exe /X{529125EF-E3AC-4B74-97E6-F688A7C0F1BF} QuickTime-->MsiExec.exe /I{7BE15435-2D3E-4B58-867F-9C75BED0208C} Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DB31DEDD-BF95-31E7-A9B7-5480561CEFF3} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {67A5F99B-5EBA-3812-8D2E-BC251490DD3F} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {8DDEFC7E-0C61-3D11-AFC6-5414F2DAFD01} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4952F442-5C1A-38EB-8C23-B18EFE77E20C} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {9EC88EA8-4ABE-393C-87BD-90EABB1C4C9B} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {86BB5A25-8CC3-33CE-A393-CF28901682B2} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {16EEC04A-B924-37E0-97CF-422DCEFC1B63} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {C4D978AA-2668-3404-96DE-96E2AFC62FD7} /parameterfolder Client Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C6997D22-CC93-4ED9-AD8A-02C3F3D2F1F9} Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5DD3FF90-B302-45B2-A188-C5EA7ACD5D46} Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {D33B9EF5-3801-496A-A2D6-B7F4BE972D75} Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B145DBBB-7778-4A5D-9D2B-DA6569F02391} Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A0D5F849-D9D5-48ED-99D0-C74D7BFA6A09} Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {E34960DB-2A93-45DB-A208-02650F7AB09C} Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {2623A96B-78E5-42CC-AB55-6A3969B32E36} Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {293FB6BE-D3EB-4162-B522-F9108040B9FE} Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {31C0F635-15AD-4AA3-A3C6-B542B403D0EE} Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3069CE04-082C-4669-9BA1-E6AA66330C1F} Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {2B3C041A-A7F2-4A24-968D-4BEB6A123D15} Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {EF5B5C7F-20CB-4A3A-AC3D-F5DE2C2BFDC7} Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B4C12F08-B0EF-4CC4-AD5F-381DD62BF640} Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7BCF7F6B-4AC0-4915-83B2-5CFF6BE9BF77} Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AEA16A27-0B97-4670-818F-A98D06EC0A6F} Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0EF0D4FB-BB23-4515-AAEA-1240AC2DA525} Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {075C2272-0881-46D3-B3A5-1D83D6940270} SoundMAX-->C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe -runfromtemp -l0x0009 -removeonly swMSM-->MsiExec.exe /I{612C34C7-5E90-47D8-9B5C-0F717DD82726} Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D} Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5E9CF3A4-ADB3-3080-A8BF-976A28340758} /parameterfolder Client Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {81EBB9D7-173C-32E3-B477-149C8DE075E4} /parameterfolder Client Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D9961AC-7C99-36A2-9EF0-34678AED5384} /parameterfolder Client Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42} Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9} Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245} Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876} Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C} Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726} WOT for Internet Explorer-->MsiExec.exe /X{C0DA129B-1E45-494D-A362-5CD0109C306B} ======System event log====== Computer Name: 755sdbiMSO-11 Event Code: 27 Message: Intel® 82566DM-2 Gigabit Network Connection Link has been disconnected. Record Number: 4089 Source Name: e1express Time Written: 20120620231906.697623-000 Event Type: Warning User: Computer Name: 755sdbiMSO-11 Event Code: 27 Message: Intel® 82566DM-2 Gigabit Network Connection Link has been disconnected. Record Number: 4079 Source Name: e1express Time Written: 20120620231854.997602-000 Event Type: Warning User: Computer Name: 755sdbiMSO Event Code: 29 Message: The shadow copies of volume C: were aborted during detection. Record Number: 3266 Source Name: volsnap Time Written: 20120614182544.744805-000 Event Type: Error User: Computer Name: temp-PC Event Code: 41 Message: The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly. Record Number: 2786 Source Name: Microsoft-Windows-Kernel-Power Time Written: 20120531033007.835209-000 Event Type: Critical User: NT AUTHORITY\SYSTEM Computer Name: 755sdbiMSO Event Code: 10010 Message: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout. Record Number: 2444 Source Name: Microsoft-Windows-DistributedCOM Time Written: 20120530035940.000000-000 Event Type: Error User: =====Application event log===== Computer Name: 755sdbiMSO Event Code: 10 Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Record Number: 1429 Source Name: Microsoft-Windows-WMI Time Written: 20120531044744.000000-000 Event Type: Error User: Computer Name: temp-PC Event Code: 1530 Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 0 user registry handles leaked from \Registry\User\S-1-5-21-251844935-3515722939-3818351654-1000: Record Number: 1396 Source Name: Microsoft-Windows-User Profiles Service Time Written: 20120531044257.793286-000 Event Type: Warning User: NT AUTHORITY\SYSTEM Computer Name: temp-PC Event Code: 10 Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Record Number: 1348 Source Name: Microsoft-Windows-WMI Time Written: 20120531034302.000000-000 Event Type: Error User: Computer Name: temp-PC Event Code: 1008 Message: The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}. Record Number: 1322 Source Name: Microsoft-Windows-Search Time Written: 20120531033242.000000-000 Event Type: Warning User: Computer Name: temp-PC Event Code: 10 Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Record Number: 1319 Source Name: Microsoft-Windows-WMI Time Written: 20120531033202.000000-000 Event Type: Error User: =====Security event log===== Computer Name: 755sdbiMSO Event Code: 4624 Message: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: 755SDBIMSO$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x208 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Record Number: 965 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20120530035741.087182-000 Event Type: Audit Success User: Computer Name: 755sdbiMSO Event Code: 4672 Message: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 964 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20120530035740.525581-000 Event Type: Audit Success User: Computer Name: 755sdbiMSO Event Code: 4624 Message: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: 755SDBIMSO$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x208 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Record Number: 963 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20120530035740.525581-000 Event Type: Audit Success User: Computer Name: 755sdbiMSO Event Code: 4738 Message: A user account was changed. Subject: Security ID: S-1-5-21-3816556195-1033989280-200491657-1000 Account Name: User Account Domain: 755SDBIMSO Logon ID: 0x1fac9 Target Account: Security ID: S-1-5-21-3816556195-1033989280-200491657-500 Account Name: Administrator Account Domain: 755SDBIMSO Changed Attributes: SAM Account Name: - Display Name: - User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: 0x211 New UAC Value: 0x211 User Account Control: - User Parameters: - SID History: - Logon Hours: - Additional Information: Privileges: - Record Number: 962 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20120530035726.891157-000 Event Type: Audit Success User: Computer Name: 755sdbiMSO Event Code: 1102 Message: The audit log was cleared. Subject: Security ID: S-1-5-21-3816556195-1033989280-200491657-1000 Account Name: User Domain Name: 755SDBIMSO Logon ID: 0x1fac9 Record Number: 961 Source Name: Microsoft-Windows-Eventlog Time Written: 20120530035726.579157-000 Event Type: Audit Success User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;C:\Program Files\QuickTime\QTSystem "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\ "NUMBER_OF_PROCESSORS"=2 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel "PROCESSOR_REVISION"=0f0b "windows_tracing_logfile"=C:\BVTBin\Tests\installpackage\csilogfile.log "windows_tracing_flags"=3 "CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip "QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip -----------------EOF----------------- Security check checkup.txt log Results of screen317's Security Check version 0.99.51 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials (On Access scanning disabled!) Error obtaining update status for antivirus! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.61.0.1400 CCleaner Adobe Flash Player 11.4.402.278 Adobe Reader X (10.1.4) ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log``````````````````````
  9. Sorry for not replying sooner Otl.exe resuts ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\\706DDF77-644C-4ED4-B2AE-0EE658CD5C28 not found. ========== COMMANDS ========== Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.69.0 log created on 10012012_143017 i couldnt find the java auto updater to remove it should i continue to step 3?
  10. here is the here is the combo fix log ComboFix 12-09-27.03 - User 09/28/2012 22:16:06.1.2 - x86 NETWORK Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2005.1563 [GMT -7:00] Running from: c:\users\User\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Mpnp38C2.exe c:\programdata\Mpnp38C2.exe.b c:\users\User\AppData\Roaming\ED98.exe c:\windows\assembly\GAC\Desktop.ini . . ((((((((((((((((((((((((( Files Created from 2012-08-28 to 2012-09-29 ))))))))))))))))))))))))))))))) . . 2012-09-29 05:19 . 2012-09-29 05:20 -------- d-----w- c:\users\User\AppData\Local\temp 2012-09-29 05:19 . 2012-09-29 05:19 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-09-28 22:22 . 2012-09-28 22:22 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BB5390E4-67C9-4132-8DB2-E5121E5B6E33}\offreg.dll 2012-09-28 22:21 . 2012-09-28 22:22 -------- d-----w- c:\windows\system32\MpEngineStore 2012-09-28 21:37 . 2012-09-28 21:37 -------- d-----w- C:\TDSSKiller_Quarantine 2012-09-28 18:57 . 2012-09-28 18:57 -------- d-----w- C:\_OTL 2012-09-28 18:34 . 2012-09-28 18:34 -------- d-----w- c:\program files\ERUNT 2012-09-27 23:44 . 2012-09-27 23:44 -------- d-----w- C:\FRST 2012-09-26 23:51 . 2012-09-26 23:51 126464 ----a-w- c:\programdata\Microsoft\Windows\DRM\9EFC.tmp 2012-09-26 23:32 . 2012-09-27 03:17 -------- d-----w- c:\users\User\AppData\Local\ElevatedDiagnostics 2012-09-26 22:16 . 2012-09-26 22:16 126464 ----a-w- c:\programdata\Microsoft\Windows\DRM\B2CA.tmp 2012-09-26 02:17 . 2012-08-30 08:17 6980552 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BB5390E4-67C9-4132-8DB2-E5121E5B6E33}\mpengine.dll 2012-09-25 22:30 . 2012-08-21 20:12 245760 ----a-w- c:\windows\system32\OxpsConverter.exe 2012-09-25 00:38 . 2012-08-30 08:17 6980552 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-09-11 23:58 . 2012-08-22 17:16 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-09-11 23:58 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-09-11 23:58 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys 2012-09-11 23:58 . 2012-08-22 17:16 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-09-11 23:58 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys 2012-09-11 23:58 . 2012-08-02 16:57 490496 ----a-w- c:\windows\system32\d3d10level9.dll 2012-09-10 05:13 . 2012-09-10 05:13 -------- d-----w- c:\program files\CCleaner 2012-09-10 02:14 . 2012-09-11 01:04 -------- d-----w- c:\users\User\AppData\Local\INTEL 2012-08-31 05:03 . 2012-08-31 05:03 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-09-20 23:02 . 2012-04-30 20:03 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-09-20 23:02 . 2012-04-30 20:03 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-08-31 05:03 . 2012-03-21 03:44 99272 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2012-07-18 17:47 . 2012-08-15 21:15 2345984 ----a-w- c:\windows\system32\win32k.sys 2012-07-04 21:14 . 2012-08-15 21:15 41984 ----a-w- c:\windows\system32\browcli.dll 2012-07-04 21:14 . 2012-08-15 21:15 102912 ----a-w- c:\windows\system32\browser.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "INTEL"="c:\users\User\AppData\Local\INTEL\cwyqnivp.dll" [2012-09-10 759296] "INTEL Update"="c:\users\User\AppData\Local\INTEL\cwyqnivp.dll" [2012-09-10 759296] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 947176] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-08-01 1282048] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "706DDF77-644C-4ED4-B2AE-0EE658CD5C28"="start" [X] . c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 52132708 *Deregistered* - 52132708 . Contents of the 'Scheduled Tasks' folder . 2012-09-26 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-30 23:02] . . ------- Supplementary Scan ------- . uStart Page = hxxp://sdbroadband.org/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . SafeBoot-52132708.sys . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-09-28 22:21:30 ComboFix-quarantined-files.txt 2012-09-29 05:21 . Pre-Run: 57,894,744,064 bytes free Post-Run: 57,972,199,424 bytes free . - - End Of File - - 61D0B0D299E82D91C03634FA4FF6A384 its seems ok but when i logged in to the user account it gave me a messaege saying it couldt find "random numbers".exe before loading up the desktop.
  11. here is the OTL log ========== FILES ========== C:\Windows\assembly\GAC\Desktop.ini moved successfully. C:\Windows\Minidump\092712-25521-01.dmp moved successfully. C:\Windows\Minidump\092612-21091-01.dmp moved successfully. C:\Windows\Minidump\092612-19593-01.dmp moved successfully. C:\Windows\Minidump\092612-19344-01.dmp moved successfully. C:\Windows\Minidump\092612-24429-01.dmp moved successfully. C:\Windows\Minidump\092612-22074-01.dmp moved successfully. C:\Windows\Minidump\092612-23275-01.dmp moved successfully. C:\Windows\Minidump\092612-16816-01.dmp moved successfully. C:\Windows\Minidump\092612-15912-01.dmp moved successfully. C:\Windows\Minidump\092612-15818-01.dmp moved successfully. C:\Windows\MEMORY.DMP moved successfully. recycler not found in C:\ ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce\\Malwarebytes Anti-Malware (cleanup) deleted successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully Unable to start System Restore Service. Error code 1084 [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 56466 bytes User: Default User ->Flash cache emptied: 0 bytes User: Public User: User ->Flash cache emptied: 81670 bytes Total Flash Files Cleaned = 0.00 mb [EMPTYJAVA] User: All Users User: Default User: Default User User: Public User: User ->Java cache emptied: 280 bytes Total Java Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 09282012_115755 Here is the aswmbr log aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-09-28 14:28:05 ----------------------------- 14:28:05.213 OS Version: Windows 6.1.7601 Service Pack 1 14:28:05.213 Number of processors: 2 586 0xF0B 14:28:05.213 ComputerName: 755SDBIMSO-11 UserName: User 14:28:06.164 Initialize success 14:30:50.307 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 14:30:50.307 Disk 0 Vendor: ST380815AS 4.ADA Size: 76293MB BusType: 11 14:30:50.307 Disk 0 MBR read successfully 14:30:50.307 Disk 0 MBR scan 14:30:50.323 Disk 0 Windows 7 default MBR code 14:30:50.323 Disk 0 MBR hidden 14:30:50.323 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 356 MB offset 2048 14:30:50.339 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 75935 MB offset 731136 14:30:50.339 Disk 0 scanning sectors +156247952 14:30:50.401 Disk 0 scanning C:\Windows\system32\drivers 14:30:55.502 Service scanning 14:31:05.533 Modules scanning 14:31:10.634 Scan finished successfully 14:31:56.436 Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat" 14:31:56.436 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR.txt" Here is the Tdsskiller log: 14:35:14.0135 0844 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24 14:35:14.0728 0844 ============================================================ 14:35:14.0728 0844 Current date / time: 2012/09/28 14:35:14.0728 14:35:14.0728 0844 SystemInfo: 14:35:14.0728 0844 14:35:14.0728 0844 OS Version: 6.1.7601 ServicePack: 1.0 14:35:14.0728 0844 Product type: Workstation 14:35:14.0728 0844 ComputerName: 755SDBIMSO-11 14:35:14.0728 0844 UserName: User 14:35:14.0728 0844 Windows directory: C:\Windows 14:35:14.0728 0844 System windows directory: C:\Windows 14:35:14.0728 0844 Processor architecture: Intel x86 14:35:14.0728 0844 Number of processors: 2 14:35:14.0728 0844 Page size: 0x1000 14:35:14.0728 0844 Boot type: Safe boot with network 14:35:14.0728 0844 ============================================================ 14:35:15.0695 0844 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0xDDDD, SectorsPerTrack: 0x15, TracksPerCylinder: 0x83, Type 'K0', Flags 0x00000050 14:35:15.0695 0844 ============================================================ 14:35:15.0695 0844 \Device\Harddisk0\DR0: 14:35:15.0695 0844 MBR partitions: 14:35:15.0695 0844 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xB2000 14:35:15.0695 0844 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xB2800, BlocksNum 0x944FF90 14:35:15.0695 0844 ============================================================ 14:35:15.0726 0844 C: <-> \Device\Harddisk0\DR0\Partition2 14:35:15.0726 0844 ============================================================ 14:35:15.0726 0844 Initialize success 14:35:15.0726 0844 ============================================================ 14:35:27.0520 3104 ============================================================ 14:35:27.0520 3104 Scan started 14:35:27.0520 3104 Mode: Manual; 14:35:27.0520 3104 ============================================================ 14:35:28.0004 3104 ================ Scan system memory ======================== 14:35:28.0004 3104 System memory - ok 14:35:28.0004 3104 ================ Scan services ============================= 14:35:28.0144 3104 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 14:35:28.0144 3104 1394ohci - ok 14:35:28.0175 3104 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys 14:35:28.0175 3104 ACPI - ok 14:35:28.0222 3104 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 14:35:28.0222 3104 AcpiPmi - ok 14:35:28.0269 3104 [ 3DB3FB83217627D9A0CB8BAE6CC5B491 ] ADIHdAudAddService C:\Windows\system32\drivers\ADIHdAud.sys 14:35:28.0269 3104 ADIHdAudAddService - ok 14:35:28.0347 3104 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 14:35:28.0347 3104 AdobeARMservice - ok 14:35:28.0394 3104 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 14:35:28.0394 3104 AdobeFlashPlayerUpdateSvc - ok 14:35:28.0440 3104 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 14:35:28.0440 3104 adp94xx - ok 14:35:28.0472 3104 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\drivers\adpahci.sys 14:35:28.0472 3104 adpahci - ok 14:35:28.0503 3104 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 14:35:28.0503 3104 adpu320 - ok 14:35:28.0534 3104 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 14:35:28.0550 3104 AeLookupSvc - ok 14:35:28.0596 3104 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys 14:35:28.0596 3104 AFD - ok 14:35:28.0628 3104 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys 14:35:28.0628 3104 agp440 - ok 14:35:28.0659 3104 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\drivers\djsvs.sys 14:35:28.0659 3104 aic78xx - ok 14:35:28.0674 3104 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe 14:35:28.0674 3104 ALG - ok 14:35:28.0721 3104 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys 14:35:28.0721 3104 aliide - ok 14:35:28.0737 3104 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys 14:35:28.0737 3104 amdagp - ok 14:35:28.0768 3104 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys 14:35:28.0768 3104 amdide - ok 14:35:28.0799 3104 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 14:35:28.0799 3104 AmdK8 - ok 14:35:28.0815 3104 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys 14:35:28.0815 3104 AmdPPM - ok 14:35:28.0846 3104 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys 14:35:28.0846 3104 amdsata - ok 14:35:28.0877 3104 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 14:35:28.0877 3104 amdsbs - ok 14:35:28.0908 3104 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys 14:35:28.0908 3104 amdxata - ok 14:35:28.0940 3104 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys 14:35:28.0940 3104 AppID - ok 14:35:28.0955 3104 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll 14:35:28.0971 3104 AppIDSvc - ok 14:35:28.0986 3104 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll 14:35:28.0986 3104 Appinfo - ok 14:35:29.0018 3104 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll 14:35:29.0018 3104 AppMgmt - ok 14:35:29.0033 3104 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\drivers\arc.sys 14:35:29.0033 3104 arc - ok 14:35:29.0064 3104 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\drivers\arcsas.sys 14:35:29.0064 3104 arcsas - ok 14:35:29.0096 3104 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 14:35:29.0096 3104 AsyncMac - ok 14:35:29.0111 3104 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys 14:35:29.0111 3104 atapi - ok 14:35:29.0142 3104 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 14:35:29.0142 3104 AudioEndpointBuilder - ok 14:35:29.0174 3104 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll 14:35:29.0174 3104 Audiosrv - ok 14:35:29.0205 3104 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll 14:35:29.0205 3104 AxInstSV - ok 14:35:29.0236 3104 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\drivers\bxvbdx.sys 14:35:29.0236 3104 b06bdrv - ok 14:35:29.0283 3104 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys 14:35:29.0283 3104 b57nd60x - ok 14:35:29.0298 3104 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll 14:35:29.0314 3104 BDESVC - ok 14:35:29.0330 3104 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys 14:35:29.0330 3104 Beep - ok 14:35:29.0361 3104 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll 14:35:29.0361 3104 BFE - ok 14:35:29.0392 3104 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll 14:35:29.0423 3104 BITS - ok 14:35:29.0454 3104 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 14:35:29.0454 3104 blbdrive - ok 14:35:29.0470 3104 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 14:35:29.0470 3104 bowser - ok 14:35:29.0501 3104 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 14:35:29.0501 3104 BrFiltLo - ok 14:35:29.0517 3104 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 14:35:29.0517 3104 BrFiltUp - ok 14:35:29.0548 3104 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll 14:35:29.0548 3104 Browser - ok 14:35:29.0564 3104 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys 14:35:29.0564 3104 Brserid - ok 14:35:29.0579 3104 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 14:35:29.0579 3104 BrSerWdm - ok 14:35:29.0610 3104 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 14:35:29.0610 3104 BrUsbMdm - ok 14:35:29.0610 3104 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 14:35:29.0610 3104 BrUsbSer - ok 14:35:29.0642 3104 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 14:35:29.0642 3104 BTHMODEM - ok 14:35:29.0688 3104 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll 14:35:29.0688 3104 bthserv - ok 14:35:29.0720 3104 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 14:35:29.0720 3104 cdfs - ok 14:35:29.0751 3104 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 14:35:29.0751 3104 cdrom - ok 14:35:29.0798 3104 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll 14:35:29.0798 3104 CertPropSvc - ok 14:35:29.0813 3104 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\drivers\circlass.sys 14:35:29.0813 3104 circlass - ok 14:35:29.0844 3104 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys 14:35:29.0844 3104 CLFS - ok 14:35:29.0907 3104 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 14:35:29.0907 3104 clr_optimization_v2.0.50727_32 - ok 14:35:29.0985 3104 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 14:35:30.0016 3104 clr_optimization_v4.0.30319_32 - ok 14:35:30.0032 3104 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys 14:35:30.0032 3104 CmBatt - ok 14:35:30.0047 3104 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys 14:35:30.0063 3104 cmdide - ok 14:35:30.0094 3104 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys 14:35:30.0094 3104 CNG - ok 14:35:30.0110 3104 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\drivers\compbatt.sys 14:35:30.0110 3104 Compbatt - ok 14:35:30.0141 3104 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys 14:35:30.0141 3104 CompositeBus - ok 14:35:30.0141 3104 COMSysApp - ok 14:35:30.0172 3104 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 14:35:30.0172 3104 crcdisk - ok 14:35:30.0188 3104 [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc C:\Windows\system32\cryptsvc.dll 14:35:30.0188 3104 CryptSvc - ok 14:35:30.0219 3104 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys 14:35:30.0234 3104 CSC - ok 14:35:30.0250 3104 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll 14:35:30.0266 3104 CscService - ok 14:35:30.0297 3104 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll 14:35:30.0297 3104 DcomLaunch - ok 14:35:30.0328 3104 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll 14:35:30.0344 3104 defragsvc - ok 14:35:30.0375 3104 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 14:35:30.0375 3104 DfsC - ok 14:35:30.0406 3104 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll 14:35:30.0406 3104 Dhcp - ok 14:35:30.0422 3104 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys 14:35:30.0422 3104 discache - ok 14:35:30.0453 3104 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\drivers\disk.sys 14:35:30.0453 3104 Disk - ok 14:35:30.0484 3104 [ 2A958EF85DB1B61FFCA65044FA4BCE9E ] dmvsc C:\Windows\system32\drivers\dmvsc.sys 14:35:30.0484 3104 dmvsc - ok 14:35:30.0515 3104 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll 14:35:30.0515 3104 Dnscache - ok 14:35:30.0546 3104 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll 14:35:30.0546 3104 dot3svc - ok 14:35:30.0578 3104 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll 14:35:30.0578 3104 DPS - ok 14:35:30.0609 3104 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 14:35:30.0609 3104 drmkaud - ok 14:35:30.0640 3104 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 14:35:30.0656 3104 DXGKrnl - ok 14:35:30.0687 3104 [ 0535BFBEDB9378DDD15BDF9957D57D71 ] e1express C:\Windows\system32\DRIVERS\e1e6232.sys 14:35:30.0687 3104 e1express - ok 14:35:30.0702 3104 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll 14:35:30.0718 3104 EapHost - ok 14:35:30.0796 3104 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\drivers\evbdx.sys 14:35:30.0874 3104 ebdrv - ok 14:35:30.0905 3104 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe 14:35:30.0905 3104 EFS - ok 14:35:30.0968 3104 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 14:35:30.0968 3104 ehRecvr - ok 14:35:30.0999 3104 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe 14:35:30.0999 3104 ehSched - ok 14:35:31.0046 3104 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\drivers\elxstor.sys 14:35:31.0046 3104 elxstor - ok 14:35:31.0061 3104 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys 14:35:31.0061 3104 ErrDev - ok 14:35:31.0092 3104 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll 14:35:31.0092 3104 EventSystem - ok 14:35:31.0124 3104 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys 14:35:31.0124 3104 exfat - ok 14:35:31.0139 3104 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys 14:35:31.0139 3104 fastfat - ok 14:35:31.0170 3104 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe 14:35:31.0170 3104 Fax - ok 14:35:31.0202 3104 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys 14:35:31.0202 3104 fdc - ok 14:35:31.0217 3104 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll 14:35:31.0217 3104 fdPHost - ok 14:35:31.0233 3104 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll 14:35:31.0233 3104 FDResPub - ok 14:35:31.0248 3104 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 14:35:31.0264 3104 FileInfo - ok 14:35:31.0264 3104 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 14:35:31.0264 3104 Filetrace - ok 14:35:31.0264 3104 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 14:35:31.0264 3104 flpydisk - ok 14:35:31.0295 3104 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 14:35:31.0295 3104 FltMgr - ok 14:35:31.0342 3104 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll 14:35:31.0358 3104 FontCache - ok 14:35:31.0404 3104 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 14:35:31.0404 3104 FontCache3.0.0.0 - ok 14:35:31.0420 3104 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 14:35:31.0420 3104 FsDepends - ok 14:35:31.0451 3104 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 14:35:31.0451 3104 Fs_Rec - ok 14:35:31.0482 3104 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 14:35:31.0482 3104 fvevol - ok 14:35:31.0514 3104 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 14:35:31.0514 3104 gagp30kx - ok 14:35:31.0545 3104 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll 14:35:31.0545 3104 gpsvc - ok 14:35:31.0576 3104 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 14:35:31.0576 3104 hcw85cir - ok 14:35:31.0607 3104 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 14:35:31.0607 3104 HdAudAddService - ok 14:35:31.0638 3104 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 14:35:31.0638 3104 HDAudBus - ok 14:35:31.0654 3104 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 14:35:31.0654 3104 HidBatt - ok 14:35:31.0685 3104 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\drivers\hidbth.sys 14:35:31.0685 3104 HidBth - ok 14:35:31.0685 3104 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\drivers\hidir.sys 14:35:31.0685 3104 HidIr - ok 14:35:31.0716 3104 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll 14:35:31.0716 3104 hidserv - ok 14:35:31.0763 3104 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 14:35:31.0763 3104 HidUsb - ok 14:35:31.0794 3104 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll 14:35:31.0794 3104 hkmsvc - ok 14:35:31.0841 3104 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll 14:35:31.0841 3104 HomeGroupListener - ok 14:35:31.0872 3104 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 14:35:31.0872 3104 HomeGroupProvider - ok 14:35:31.0904 3104 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 14:35:31.0904 3104 HpSAMD - ok 14:35:31.0935 3104 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys 14:35:31.0950 3104 HTTP - ok 14:35:31.0966 3104 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 14:35:31.0966 3104 hwpolicy - ok 14:35:31.0997 3104 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 14:35:31.0997 3104 i8042prt - ok 14:35:32.0028 3104 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 14:35:32.0044 3104 iaStorV - ok 14:35:32.0075 3104 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 14:35:32.0106 3104 idsvc - ok 14:35:32.0216 3104 [ 9467514EA189475A6E7FDC5D7BDE9D3F ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys 14:35:32.0309 3104 igfx - ok 14:35:32.0340 3104 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\drivers\iirsp.sys 14:35:32.0340 3104 iirsp - ok 14:35:32.0372 3104 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll 14:35:32.0403 3104 IKEEXT - ok 14:35:32.0403 3104 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys 14:35:32.0403 3104 intelide - ok 14:35:32.0450 3104 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 14:35:32.0450 3104 intelppm - ok 14:35:32.0465 3104 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 14:35:32.0465 3104 IPBusEnum - ok 14:35:32.0481 3104 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 14:35:32.0481 3104 IpFilterDriver - ok 14:35:32.0543 3104 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 14:35:32.0559 3104 iphlpsvc - ok 14:35:32.0574 3104 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 14:35:32.0574 3104 IPMIDRV - ok 14:35:32.0590 3104 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys 14:35:32.0590 3104 IPNAT - ok 14:35:32.0621 3104 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys 14:35:32.0621 3104 IRENUM - ok 14:35:32.0637 3104 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys 14:35:32.0637 3104 isapnp - ok 14:35:32.0668 3104 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 14:35:32.0668 3104 iScsiPrt - ok 14:35:32.0699 3104 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 14:35:32.0699 3104 kbdclass - ok 14:35:32.0730 3104 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 14:35:32.0730 3104 kbdhid - ok 14:35:32.0762 3104 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe 14:35:32.0762 3104 KeyIso - ok 14:35:32.0777 3104 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 14:35:32.0777 3104 KSecDD - ok 14:35:32.0793 3104 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 14:35:32.0793 3104 KSecPkg - ok 14:35:32.0824 3104 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll 14:35:32.0824 3104 KtmRm - ok 14:35:32.0855 3104 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll 14:35:32.0855 3104 LanmanServer - ok 14:35:32.0886 3104 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 14:35:32.0886 3104 LanmanWorkstation - ok 14:35:32.0933 3104 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 14:35:32.0933 3104 lltdio - ok 14:35:32.0949 3104 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll 14:35:32.0949 3104 lltdsvc - ok 14:35:32.0996 3104 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll 14:35:32.0996 3104 lmhosts - ok 14:35:33.0011 3104 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 14:35:33.0011 3104 LSI_FC - ok 14:35:33.0042 3104 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 14:35:33.0042 3104 LSI_SAS - ok 14:35:33.0058 3104 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 14:35:33.0058 3104 LSI_SAS2 - ok 14:35:33.0089 3104 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 14:35:33.0089 3104 LSI_SCSI - ok 14:35:33.0105 3104 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys 14:35:33.0120 3104 luafv - ok 14:35:33.0167 3104 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 14:35:33.0167 3104 Mcx2Svc - ok 14:35:33.0214 3104 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\drivers\megasas.sys 14:35:33.0214 3104 megasas - ok 14:35:33.0245 3104 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 14:35:33.0245 3104 MegaSR - ok 14:35:33.0261 3104 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll 14:35:33.0261 3104 MMCSS - ok 14:35:33.0276 3104 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys 14:35:33.0276 3104 Modem - ok 14:35:33.0308 3104 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 14:35:33.0308 3104 monitor - ok 14:35:33.0323 3104 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 14:35:33.0323 3104 mouclass - ok 14:35:33.0354 3104 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 14:35:33.0354 3104 mouhid - ok 14:35:33.0386 3104 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 14:35:33.0386 3104 mountmgr - ok 14:35:33.0417 3104 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys 14:35:33.0417 3104 MpFilter - ok 14:35:33.0448 3104 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys 14:35:33.0448 3104 mpio - ok 14:35:33.0464 3104 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 14:35:33.0464 3104 mpsdrv - ok 14:35:33.0495 3104 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll 14:35:33.0510 3104 MpsSvc - ok 14:35:33.0526 3104 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 14:35:33.0526 3104 MRxDAV - ok 14:35:33.0557 3104 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 14:35:33.0557 3104 mrxsmb - ok 14:35:33.0573 3104 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 14:35:33.0573 3104 mrxsmb10 - ok 14:35:33.0588 3104 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 14:35:33.0588 3104 mrxsmb20 - ok 14:35:33.0620 3104 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys 14:35:33.0620 3104 msahci - ok 14:35:33.0635 3104 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys 14:35:33.0635 3104 msdsm - ok 14:35:33.0651 3104 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe 14:35:33.0651 3104 MSDTC - ok 14:35:33.0682 3104 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys 14:35:33.0682 3104 Msfs - ok 14:35:33.0698 3104 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 14:35:33.0698 3104 mshidkmdf - ok 14:35:33.0713 3104 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 14:35:33.0713 3104 msisadrv - ok 14:35:33.0760 3104 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 14:35:33.0760 3104 MSiSCSI - ok 14:35:33.0760 3104 msiserver - ok 14:35:33.0791 3104 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 14:35:33.0791 3104 MSKSSRV - ok 14:35:33.0838 3104 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe 14:35:33.0854 3104 MsMpSvc - ok 14:35:33.0869 3104 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 14:35:33.0869 3104 MSPCLOCK - ok 14:35:33.0869 3104 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 14:35:33.0869 3104 MSPQM - ok 14:35:33.0900 3104 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 14:35:33.0900 3104 MsRPC - ok 14:35:33.0916 3104 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 14:35:33.0916 3104 mssmbios - ok 14:35:33.0916 3104 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 14:35:33.0916 3104 MSTEE - ok 14:35:33.0947 3104 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 14:35:33.0947 3104 MTConfig - ok 14:35:33.0963 3104 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys 14:35:33.0963 3104 Mup - ok 14:35:33.0994 3104 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll 14:35:33.0994 3104 napagent - ok 14:35:34.0025 3104 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 14:35:34.0025 3104 NativeWifiP - ok 14:35:34.0056 3104 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys 14:35:34.0072 3104 NDIS - ok 14:35:34.0088 3104 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 14:35:34.0088 3104 NdisCap - ok 14:35:34.0119 3104 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 14:35:34.0119 3104 NdisTapi - ok 14:35:34.0134 3104 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 14:35:34.0134 3104 Ndisuio - ok 14:35:34.0166 3104 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 14:35:34.0166 3104 NdisWan - ok 14:35:34.0166 3104 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 14:35:34.0166 3104 NDProxy - ok 14:35:34.0197 3104 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 14:35:34.0197 3104 NetBIOS - ok 14:35:34.0197 3104 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 14:35:34.0212 3104 NetBT - ok 14:35:34.0212 3104 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe 14:35:34.0212 3104 Netlogon - ok 14:35:34.0244 3104 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll 14:35:34.0244 3104 Netman - ok 14:35:34.0259 3104 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll 14:35:34.0275 3104 netprofm - ok 14:35:34.0290 3104 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 14:35:34.0290 3104 NetTcpPortSharing - ok 14:35:34.0322 3104 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 14:35:34.0322 3104 nfrd960 - ok 14:35:34.0384 3104 [ 2CD24A6AF497D0E9B9BF3DA924ED05E6 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys 14:35:34.0384 3104 NisDrv - ok 14:35:34.0400 3104 [ 3B846434055F80D9E89D0742F3ADAD34 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe 14:35:34.0415 3104 NisSrv - ok 14:35:34.0431 3104 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll 14:35:34.0431 3104 NlaSvc - ok 14:35:34.0478 3104 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys 14:35:34.0478 3104 Npfs - ok 14:35:34.0509 3104 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll 14:35:34.0524 3104 nsi - ok 14:35:34.0556 3104 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 14:35:34.0556 3104 nsiproxy - ok 14:35:34.0602 3104 [ 81189C3D7763838E55C397759D49007A ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 14:35:34.0634 3104 Ntfs - ok 14:35:34.0649 3104 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys 14:35:34.0665 3104 Null - ok 14:35:34.0680 3104 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys 14:35:34.0680 3104 nvraid - ok 14:35:34.0696 3104 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys 14:35:34.0696 3104 nvstor - ok 14:35:34.0712 3104 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 14:35:34.0712 3104 nv_agp - ok 14:35:34.0758 3104 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 14:35:34.0774 3104 odserv - ok 14:35:34.0805 3104 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 14:35:34.0805 3104 ohci1394 - ok 14:35:34.0852 3104 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 14:35:34.0852 3104 ose - ok 14:35:34.0883 3104 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 14:35:34.0899 3104 p2pimsvc - ok 14:35:34.0930 3104 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll 14:35:34.0930 3104 p2psvc - ok 14:35:34.0961 3104 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys 14:35:34.0961 3104 Parport - ok 14:35:34.0992 3104 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys 14:35:34.0992 3104 partmgr - ok 14:35:35.0024 3104 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys 14:35:35.0024 3104 Parvdm - ok 14:35:35.0024 3104 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll 14:35:35.0039 3104 PcaSvc - ok 14:35:35.0055 3104 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys 14:35:35.0055 3104 pci - ok 14:35:35.0070 3104 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys 14:35:35.0070 3104 pciide - ok 14:35:35.0102 3104 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 14:35:35.0102 3104 pcmcia - ok 14:35:35.0133 3104 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys 14:35:35.0133 3104 pcw - ok 14:35:35.0148 3104 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys 14:35:35.0148 3104 PEAUTH - ok 14:35:35.0195 3104 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll 14:35:35.0211 3104 PeerDistSvc - ok 14:35:35.0273 3104 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll 14:35:35.0320 3104 pla - ok 14:35:35.0351 3104 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll 14:35:35.0351 3104 PlugPlay - ok 14:35:35.0382 3104 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 14:35:35.0382 3104 PNRPAutoReg - ok 14:35:35.0398 3104 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 14:35:35.0398 3104 PNRPsvc - ok 14:35:35.0429 3104 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 14:35:35.0429 3104 PolicyAgent - ok 14:35:35.0460 3104 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll 14:35:35.0460 3104 Power - ok 14:35:35.0492 3104 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 14:35:35.0492 3104 PptpMiniport - ok 14:35:35.0523 3104 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\drivers\processr.sys 14:35:35.0523 3104 Processor - ok 14:35:35.0554 3104 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll 14:35:35.0554 3104 ProfSvc - ok 14:35:35.0570 3104 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe 14:35:35.0570 3104 ProtectedStorage - ok 14:35:35.0585 3104 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys 14:35:35.0585 3104 Psched - ok 14:35:35.0616 3104 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 14:35:35.0648 3104 ql2300 - ok 14:35:35.0663 3104 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 14:35:35.0679 3104 ql40xx - ok 14:35:35.0710 3104 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll 14:35:35.0710 3104 QWAVE - ok 14:35:35.0726 3104 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 14:35:35.0726 3104 QWAVEdrv - ok 14:35:35.0726 3104 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 14:35:35.0726 3104 RasAcd - ok 14:35:35.0772 3104 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 14:35:35.0772 3104 RasAgileVpn - ok 14:35:35.0772 3104 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll 14:35:35.0788 3104 RasAuto - ok 14:35:35.0788 3104 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 14:35:35.0788 3104 Rasl2tp - ok 14:35:35.0819 3104 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll 14:35:35.0819 3104 RasMan - ok 14:35:35.0850 3104 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 14:35:35.0850 3104 RasPppoe - ok 14:35:35.0882 3104 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 14:35:35.0882 3104 RasSstp - ok 14:35:35.0897 3104 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 14:35:35.0897 3104 rdbss - ok 14:35:35.0913 3104 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 14:35:35.0913 3104 rdpbus - ok 14:35:35.0928 3104 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 14:35:35.0928 3104 RDPCDD - ok 14:35:35.0944 3104 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys 14:35:35.0944 3104 RDPDR - ok 14:35:35.0960 3104 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 14:35:35.0960 3104 RDPENCDD - ok 14:35:35.0975 3104 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 14:35:35.0975 3104 RDPREFMP - ok 14:35:35.0991 3104 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 14:35:35.0991 3104 RDPWD - ok 14:35:36.0022 3104 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 14:35:36.0022 3104 rdyboost - ok 14:35:36.0053 3104 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll 14:35:36.0053 3104 RemoteAccess - ok 14:35:36.0069 3104 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll 14:35:36.0084 3104 RemoteRegistry - ok 14:35:36.0100 3104 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 14:35:36.0100 3104 RpcEptMapper - ok 14:35:36.0131 3104 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe 14:35:36.0131 3104 RpcLocator - ok 14:35:36.0147 3104 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll 14:35:36.0147 3104 RpcSs - ok 14:35:36.0178 3104 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 14:35:36.0178 3104 rspndr - ok 14:35:36.0194 3104 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys 14:35:36.0194 3104 s3cap - ok 14:35:36.0209 3104 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe 14:35:36.0209 3104 SamSs - ok 14:35:36.0240 3104 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 14:35:36.0240 3104 sbp2port - ok 14:35:36.0256 3104 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll 14:35:36.0272 3104 SCardSvr - ok 14:35:36.0272 3104 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 14:35:36.0272 3104 scfilter - ok 14:35:36.0318 3104 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll 14:35:36.0334 3104 Schedule - ok 14:35:36.0350 3104 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll 14:35:36.0350 3104 SCPolicySvc - ok 14:35:36.0365 3104 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll 14:35:36.0365 3104 SDRSVC - ok 14:35:36.0381 3104 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys 14:35:36.0381 3104 secdrv - ok 14:35:36.0396 3104 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll 14:35:36.0412 3104 seclogon - ok 14:35:36.0428 3104 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll 14:35:36.0428 3104 SENS - ok 14:35:36.0443 3104 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll 14:35:36.0443 3104 SensrSvc - ok 14:35:36.0474 3104 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 14:35:36.0474 3104 Serenum - ok 14:35:36.0474 3104 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys 14:35:36.0474 3104 Serial - ok 14:35:36.0490 3104 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\drivers\sermouse.sys 14:35:36.0490 3104 sermouse - ok 14:35:36.0506 3104 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll 14:35:36.0521 3104 SessionEnv - ok 14:35:36.0537 3104 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 14:35:36.0537 3104 sffdisk - ok 14:35:36.0568 3104 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 14:35:36.0568 3104 sffp_mmc - ok 14:35:36.0568 3104 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 14:35:36.0568 3104 sffp_sd - ok 14:35:36.0584 3104 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 14:35:36.0584 3104 sfloppy - ok 14:35:36.0599 3104 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll 14:35:36.0615 3104 SharedAccess - ok 14:35:36.0646 3104 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 14:35:36.0662 3104 ShellHWDetection - ok 14:35:36.0693 3104 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys 14:35:36.0693 3104 sisagp - ok 14:35:36.0724 3104 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 14:35:36.0724 3104 SiSRaid2 - ok 14:35:36.0740 3104 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 14:35:36.0740 3104 SiSRaid4 - ok 14:35:36.0771 3104 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys 14:35:36.0771 3104 Smb - ok 14:35:36.0786 3104 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 14:35:36.0786 3104 SNMPTRAP - ok 14:35:36.0802 3104 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys 14:35:36.0802 3104 spldr - ok 14:35:36.0849 3104 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe 14:35:36.0849 3104 Spooler - ok 14:35:36.0942 3104 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe 14:35:37.0005 3104 sppsvc - ok 14:35:37.0020 3104 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll 14:35:37.0020 3104 sppuinotify - ok 14:35:37.0036 3104 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys 14:35:37.0052 3104 srv - ok 14:35:37.0067 3104 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 14:35:37.0083 3104 srv2 - ok 14:35:37.0098 3104 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 14:35:37.0098 3104 srvnet - ok 14:35:37.0130 3104 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 14:35:37.0130 3104 SSDPSRV - ok 14:35:37.0145 3104 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll 14:35:37.0145 3104 SstpSvc - ok 14:35:37.0176 3104 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\drivers\stexstor.sys 14:35:37.0176 3104 stexstor - ok 14:35:37.0208 3104 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll 14:35:37.0223 3104 StiSvc - ok 14:35:37.0239 3104 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys 14:35:37.0239 3104 storflt - ok 14:35:37.0254 3104 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll 14:35:37.0254 3104 StorSvc - ok 14:35:37.0270 3104 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys 14:35:37.0270 3104 storvsc - ok 14:35:37.0301 3104 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 14:35:37.0301 3104 swenum - ok 14:35:37.0317 3104 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll 14:35:37.0317 3104 swprv - ok 14:35:37.0348 3104 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll 14:35:37.0379 3104 SysMain - ok 14:35:37.0395 3104 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll 14:35:37.0395 3104 TabletInputService - ok 14:35:37.0410 3104 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll 14:35:37.0426 3104 TapiSrv - ok 14:35:37.0442 3104 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll 14:35:37.0442 3104 TBS - ok 14:35:37.0488 3104 [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip C:\Windows\system32\drivers\tcpip.sys 14:35:37.0520 3104 Tcpip - ok 14:35:37.0566 3104 [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 14:35:37.0566 3104 TCPIP6 - ok 14:35:37.0598 3104 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 14:35:37.0598 3104 tcpipreg - ok 14:35:37.0598 3104 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 14:35:37.0598 3104 TDPIPE - ok 14:35:37.0629 3104 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 14:35:37.0629 3104 TDTCP - ok 14:35:37.0644 3104 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 14:35:37.0644 3104 tdx - ok 14:35:37.0676 3104 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 14:35:37.0676 3104 TermDD - ok 14:35:37.0707 3104 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll 14:35:37.0722 3104 TermService - ok 14:35:37.0738 3104 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll 14:35:37.0738 3104 Themes - ok 14:35:37.0754 3104 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll 14:35:37.0754 3104 THREADORDER - ok 14:35:37.0769 3104 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll 14:35:37.0769 3104 TrkWks - ok 14:35:37.0816 3104 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 14:35:37.0816 3104 TrustedInstaller - ok 14:35:37.0847 3104 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 14:35:37.0847 3104 tssecsrv - ok 14:35:37.0863 3104 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 14:35:37.0863 3104 TsUsbFlt - ok 14:35:37.0878 3104 [ 01246F0BAAD7B68EC0F472AA41E33282 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys 14:35:37.0878 3104 TsUsbGD - ok 14:35:37.0910 3104 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 14:35:37.0910 3104 tunnel - ok 14:35:37.0941 3104 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\drivers\uagp35.sys 14:35:37.0941 3104 uagp35 - ok 14:35:37.0972 3104 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys 14:35:37.0972 3104 udfs - ok 14:35:38.0003 3104 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe 14:35:38.0003 3104 UI0Detect - ok 14:35:38.0019 3104 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 14:35:38.0019 3104 uliagpkx - ok 14:35:38.0050 3104 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys 14:35:38.0050 3104 umbus - ok 14:35:38.0066 3104 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\drivers\umpass.sys 14:35:38.0066 3104 UmPass - ok 14:35:38.0097 3104 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll 14:35:38.0097 3104 UmRdpService - ok 14:35:38.0128 3104 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll 14:35:38.0128 3104 upnphost - ok 14:35:38.0159 3104 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 14:35:38.0159 3104 usbccgp - ok 14:35:38.0190 3104 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys 14:35:38.0190 3104 usbcir - ok 14:35:38.0206 3104 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 14:35:38.0206 3104 usbehci - ok 14:35:38.0222 3104 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 14:35:38.0237 3104 usbhub - ok 14:35:38.0253 3104 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys 14:35:38.0253 3104 usbohci - ok 14:35:38.0253 3104 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\drivers\usbprint.sys 14:35:38.0253 3104 usbprint - ok 14:35:38.0268 3104 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 14:35:38.0284 3104 USBSTOR - ok 14:35:38.0284 3104 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 14:35:38.0284 3104 usbuhci - ok 14:35:38.0315 3104 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll 14:35:38.0315 3104 UxSms - ok 14:35:38.0315 3104 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe 14:35:38.0315 3104 VaultSvc - ok 14:35:38.0362 3104 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 14:35:38.0362 3104 vdrvroot - ok 14:35:38.0378 3104 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe 14:35:38.0393 3104 vds - ok 14:35:38.0424 3104 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 14:35:38.0424 3104 vga - ok 14:35:38.0440 3104 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys 14:35:38.0440 3104 VgaSave - ok 14:35:38.0471 3104 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 14:35:38.0471 3104 vhdmp - ok 14:35:38.0487 3104 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys 14:35:38.0487 3104 viaagp - ok 14:35:38.0502 3104 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\drivers\viac7.sys 14:35:38.0502 3104 ViaC7 - ok 14:35:38.0518 3104 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys 14:35:38.0518 3104 viaide - ok 14:35:38.0534 3104 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys 14:35:38.0534 3104 vmbus - ok 14:35:38.0580 3104 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys 14:35:38.0580 3104 VMBusHID - ok 14:35:38.0596 3104 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys 14:35:38.0596 3104 volmgr - ok 14:35:38.0627 3104 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 14:35:38.0627 3104 volmgrx - ok 14:35:38.0658 3104 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys 14:35:38.0658 3104 volsnap - ok 14:35:38.0690 3104 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 14:35:38.0690 3104 vsmraid - ok 14:35:38.0721 3104 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe 14:35:38.0752 3104 VSS - ok 14:35:38.0768 3104 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 14:35:38.0768 3104 vwifibus - ok 14:35:38.0783 3104 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll 14:35:38.0783 3104 W32Time - ok 14:35:38.0814 3104 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\drivers\wacompen.sys 14:35:38.0814 3104 WacomPen - ok 14:35:38.0830 3104 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 14:35:38.0830 3104 WANARP - ok 14:35:38.0830 3104 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 14:35:38.0830 3104 Wanarpv6 - ok 14:35:38.0892 3104 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 14:35:38.0939 3104 WatAdminSvc - ok 14:35:38.0986 3104 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe 14:35:39.0017 3104 wbengine - ok 14:35:39.0033 3104 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 14:35:39.0033 3104 WbioSrvc - ok 14:35:39.0048 3104 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll 14:35:39.0064 3104 wcncsvc - ok 14:35:39.0064 3104 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 14:35:39.0064 3104 WcsPlugInService - ok 14:35:39.0080 3104 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\drivers\wd.sys 14:35:39.0080 3104 Wd - ok 14:35:39.0111 3104 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 14:35:39.0126 3104 Wdf01000 - ok 14:35:39.0142 3104 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll 14:35:39.0142 3104 WdiServiceHost - ok 14:35:39.0158 3104 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll 14:35:39.0158 3104 WdiSystemHost - ok 14:35:39.0158 3104 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll 14:35:39.0173 3104 WebClient - ok 14:35:39.0189 3104 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll 14:35:39.0189 3104 Wecsvc - ok 14:35:39.0204 3104 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll 14:35:39.0204 3104 wercplsupport - ok 14:35:39.0220 3104 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll 14:35:39.0220 3104 WerSvc - ok 14:35:39.0236 3104 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 14:35:39.0236 3104 WfpLwf - ok 14:35:39.0251 3104 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys 14:35:39.0251 3104 WIMMount - ok 14:35:39.0298 3104 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll 14:35:39.0314 3104 WinDefend - ok 14:35:39.0314 3104 WinHttpAutoProxySvc - ok 14:35:39.0360 3104 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 14:35:39.0360 3104 Winmgmt - ok 14:35:39.0407 3104 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll 14:35:39.0423 3104 WinRM - ok 14:35:39.0485 3104 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 14:35:39.0485 3104 WinUsb - ok 14:35:39.0516 3104 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll 14:35:39.0548 3104 Wlansvc - ok 14:35:39.0563 3104 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 14:35:39.0563 3104 WmiAcpi - ok 14:35:39.0579 3104 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 14:35:39.0594 3104 wmiApSrv - ok 14:35:39.0672 3104 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 14:35:39.0688 3104 WMPNetworkSvc - ok 14:35:39.0704 3104 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll 14:35:39.0704 3104 WPCSvc - ok 14:35:39.0719 3104 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 14:35:39.0735 3104 WPDBusEnum - ok 14:35:39.0750 3104 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 14:35:39.0750 3104 ws2ifsl - ok 14:35:39.0782 3104 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll 14:35:39.0782 3104 wscsvc - ok 14:35:39.0782 3104 WSearch - ok 14:35:39.0844 3104 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll 14:35:39.0891 3104 wuauserv - ok 14:35:39.0906 3104 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 14:35:39.0906 3104 WudfPf - ok 14:35:39.0938 3104 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 14:35:39.0938 3104 WUDFRd - ok 14:35:39.0953 3104 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 14:35:39.0969 3104 wudfsvc - ok 14:35:39.0984 3104 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll 14:35:39.0984 3104 WwanSvc - ok 14:35:40.0000 3104 ================ Scan global =============================== 14:35:40.0016 3104 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll 14:35:40.0062 3104 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll 14:35:40.0125 3104 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll 14:35:40.0203 3104 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll 14:35:40.0250 3104 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe 14:35:40.0250 3104 [Global] - ok 14:35:40.0250 3104 ================ Scan MBR ================================== 14:35:40.0265 3104 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 14:35:40.0265 3104 Suspicious mbr (Forged): \Device\Harddisk0\DR0 14:35:40.0328 3104 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected 14:35:40.0328 3104 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0) 14:35:40.0328 3104 ================ Scan VBR ================================== 14:35:40.0328 3104 [ 0AA03C355CF731218437ABAA860D9E16 ] \Device\Harddisk0\DR0\Partition1 14:35:40.0328 3104 \Device\Harddisk0\DR0\Partition1 - ok 14:35:40.0343 3104 [ 6D0C30ED9D3AF9BC6F8BC8F7236D9034 ] \Device\Harddisk0\DR0\Partition2 14:35:40.0343 3104 \Device\Harddisk0\DR0\Partition2 - ok 14:35:40.0343 3104 ============================================================ 14:35:40.0343 3104 Scan finished 14:35:40.0343 3104 ============================================================ 14:35:40.0406 1992 Detected object count: 1 14:35:40.0406 1992 Actual detected object count: 1 14:37:21.0416 1992 \Device\Harddisk0\DR0\# - copied to quarantine 14:37:21.0416 1992 \Device\Harddisk0\DR0 - copied to quarantine 14:37:21.0431 1992 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine 14:37:21.0447 1992 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine 14:37:21.0447 1992 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine 14:37:21.0463 1992 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine 14:37:21.0463 1992 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine 14:37:21.0463 1992 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine 14:37:21.0463 1992 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine 14:37:21.0463 1992 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine 14:37:21.0463 1992 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine 14:37:21.0463 1992 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine 14:37:21.0463 1992 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine 14:37:21.0478 1992 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine 14:37:21.0509 1992 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot 14:37:21.0509 1992 \Device\Harddisk0\DR0 - ok 14:37:22.0586 1992 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure 14:37:53.0131 3224 Deinitialize success Here is the RK report: RogueKiller V8.1.0 [09/28/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo...13-roguekiller/ Website: http://tigzy.geeksto...roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version Started in : Safe mode with network support User : User [Admin rights] Mode : Scan -- Date : 09/28/2012 14:45:45 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 9 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : INTEL (rundll32.exe C:\Users\User\AppData\Local\INTEL\cwyqnivp.dll,SonyUsbDataRecive) -> FOUND [RUN][sUSP PATH] HKCU\[...]\Run : INTEL Update (rundll32.exe C:\Users\User\AppData\Local\INTEL\cwyqnivp.dll,SonyUsbDataRecive) -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-251844935-3515722939-3818351654-1000[...]\Run : INTEL (rundll32.exe C:\Users\User\AppData\Local\INTEL\cwyqnivp.dll,SonyUsbDataRecive) -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-251844935-3515722939-3818351654-1000[...]\Run : INTEL Update (rundll32.exe C:\Users\User\AppData\Local\INTEL\cwyqnivp.dll,SonyUsbDataRecive) -> FOUND [RUN][bLPATH] HKLM\[...]\RunOnce : 706DDF77-644C-4ED4-B2AE-0EE658CD5C28 (cmd.exe /C start /D "C:\Users\User\AppData\Local\Temp" /B 706DDF77-644C-4ED4-B2AE-0EE658CD5C28.exe -postboot) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-251844935-3515722939-3818351654-1000\$aba5e582a07b337a4bdcc00b0fcc8ba4\n.) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC\Desktop.ini --> FOUND [ZeroAccess][FILE] n : C:\$recycle.bin\S-1-5-21-251844935-3515722939-3818351654-1000\$aba5e582a07b337a4bdcc00b0fcc8ba4\n --> FOUND [ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-251844935-3515722939-3818351654-1000\$aba5e582a07b337a4bdcc00b0fcc8ba4\U --> FOUND [ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-251844935-3515722939-3818351654-1000\$aba5e582a07b337a4bdcc00b0fcc8ba4\L --> FOUND ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ÿþ1 ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST380815AS ATA Device +++++ --- User --- [MBR] dbda9103535be0195f016258f5f66e0d [bSP] 979d62a1edf2708c3cf6c8c602335b03 : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 356 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 731136 | Size: 75935 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt
  12. I decided to go with your option of removing the malware. Does step 4 need to be done in normal mode because i went on normal mode, disabled the antivirus, went to download the aswMBR.exe and the computer restarted itself.
  13. sorry for the dalay. here you go: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-09-2012 Ran by SYSTEM at 27-09-2012 15:44:34 Running from F:\ Windows 7 Professional Service Pack 1 (X86) OS Language: English(US) The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [947176 2012-09-12] (Microsoft Corporation) HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.) HKLM\...\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe [1282048 2007-08-01] (Analog Devices, Inc.) HKLM\...\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.) HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated) HKU\User\...\Run: [iNTEL] rundll32.exe C:\Users\User\AppData\Local\INTEL\cwyqnivp.dll,SonyUsbDataRecive [759296 2012-09-09] () HKU\User\...\Run: [iNTEL Update] rundll32.exe C:\Users\User\AppData\Local\INTEL\cwyqnivp.dll,SonyUsbDataRecive [759296 2012-09-09] () HKLM\...\Runonce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [x] Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Startup: C:\Users\User\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ==================== Services (Whitelisted) =================== 2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [20472 2012-09-12] (Microsoft Corporation) 3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [287824 2012-09-12] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== 3 e1express; C:\Windows\System32\DRIVERS\e1e6232.sys [219352 2009-06-05] (Intel Corporation) 0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [193552 2012-08-30] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2012-09-27 15:44 - 2012-09-27 15:44 - 00000000 ____D C:\FRST 2012-09-27 14:28 - 2012-09-27 14:28 - 00146776 ____A C:\Windows\Minidump\092712-25521-01.dmp 2012-09-26 15:57 - 2012-09-26 15:57 - 00146776 ____A C:\Windows\Minidump\092612-21091-01.dmp 2012-09-26 15:29 - 2012-09-26 15:29 - 00146768 ____A C:\Windows\Minidump\092612-19593-01.dmp 2012-09-26 15:18 - 2012-09-26 15:18 - 00146776 ____A C:\Windows\Minidump\092612-19344-01.dmp 2012-09-26 15:13 - 2012-09-26 15:13 - 00146768 ____A C:\Windows\Minidump\092612-24429-01.dmp 2012-09-26 15:08 - 2012-09-26 15:08 - 00146768 ____A C:\Windows\Minidump\092612-22074-01.dmp 2012-09-26 15:03 - 2012-09-26 15:03 - 00146768 ____A C:\Windows\Minidump\092612-23275-01.dmp 2012-09-26 14:58 - 2012-09-26 14:58 - 00146768 ____A C:\Windows\Minidump\092612-16816-01.dmp 2012-09-26 14:53 - 2012-09-26 14:53 - 00146768 ____A C:\Windows\Minidump\092612-15912-01.dmp 2012-09-26 14:48 - 2012-09-26 14:48 - 00146776 ____A C:\Windows\Minidump\092612-15818-01.dmp 2012-09-26 14:44 - 2012-09-27 14:28 - 176022260 ____A C:\Windows\MEMORY.DMP 2012-09-26 14:44 - 2012-09-27 14:28 - 00000000 ____D C:\Windows\Minidump 2012-09-26 14:44 - 2012-09-26 14:44 - 00146768 ____A C:\Windows\Minidump\092612-20982-01.dmp 2012-09-26 14:39 - 2012-09-26 14:39 - 00001682 ____A C:\Windows\PFRO.log 2012-09-25 14:48 - 2012-09-25 14:48 - 00000000 ____D C:\Users\User\Documents\OneNote Notebooks 2012-09-25 14:30 - 2012-08-21 12:12 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe 2012-09-22 23:21 - 2012-08-23 23:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-09-22 23:21 - 2012-08-23 23:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-09-22 23:21 - 2012-08-23 22:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-09-22 23:21 - 2012-08-23 22:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-09-22 23:21 - 2012-08-23 22:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-09-22 23:21 - 2012-08-23 22:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-09-22 23:21 - 2012-08-23 22:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-09-22 23:21 - 2012-08-23 22:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-09-22 23:21 - 2012-08-23 22:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-09-22 23:21 - 2012-08-23 22:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2012-09-22 23:21 - 2012-08-23 22:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-09-22 23:21 - 2012-08-23 22:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2012-09-22 23:21 - 2012-08-23 22:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-09-22 23:21 - 2012-08-23 22:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-09-22 23:21 - 2012-08-23 22:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-09-22 23:21 - 2012-08-23 22:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-09-22 22:38 - 2012-09-25 19:23 - 00000000 ____D C:\Users\User\Documents\alejandro's work 2012-09-13 15:50 - 2012-09-13 15:50 - 00087552 ____A C:\Users\User\AppData\Roaming\ED98.exe 2012-09-11 16:39 - 2012-09-12 14:04 - 00000112 ____A C:\Users\All Users\Rdo6j2N2K.dat 2012-09-11 16:38 - 2012-09-12 12:47 - 00087552 ____A C:\Users\All Users\Mpnp38C2.exe 2012-09-11 16:38 - 2012-09-11 16:38 - 00000001 ____A C:\Users\All Users\Mpnp38C2.exe_.b 2012-09-11 16:38 - 2012-09-11 16:38 - 00000001 ____A C:\Users\All Users\Mpnp38C2.exe.b 2012-09-11 15:58 - 2012-08-22 09:16 - 01292144 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2012-09-11 15:58 - 2012-08-22 09:16 - 00712048 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys 2012-09-11 15:58 - 2012-08-22 09:16 - 00240496 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys 2012-09-11 15:58 - 2012-08-22 09:16 - 00187760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS 2012-09-11 15:58 - 2012-08-02 08:57 - 00490496 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll 2012-09-11 15:58 - 2012-07-04 11:45 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys 2012-09-11 15:53 - 2012-09-27 14:38 - 00001512 ____A C:\Windows\setupact.log 2012-09-11 15:53 - 2012-09-11 15:53 - 00000000 ____A C:\Windows\setuperr.log 2012-09-09 21:13 - 2012-09-09 21:13 - 00000965 ____A C:\Users\Public\Desktop\CCleaner.lnk 2012-09-09 21:13 - 2012-09-09 21:13 - 00000000 ____D C:\Program Files\CCleaner 2012-09-09 18:14 - 2012-09-10 17:04 - 00000000 ____D C:\Users\User\AppData\Local\INTEL 2012-08-30 21:03 - 2012-08-30 21:03 - 00193552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys ==================== 3 Months Modified Files ================== 2012-09-27 14:38 - 2012-09-11 15:53 - 00001512 ____A C:\Windows\setupact.log 2012-09-27 14:38 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-09-27 14:33 - 2010-11-20 13:01 - 00726316 ____A C:\Windows\System32\PerfStringBackup.INI 2012-09-27 14:28 - 2012-09-27 14:28 - 00146776 ____A C:\Windows\Minidump\092712-25521-01.dmp 2012-09-27 14:28 - 2012-09-26 14:44 - 176022260 ____A C:\Windows\MEMORY.DMP 2012-09-26 15:57 - 2012-09-26 15:57 - 00146776 ____A C:\Windows\Minidump\092612-21091-01.dmp 2012-09-26 15:56 - 2012-05-29 20:16 - 01484806 ____A C:\Windows\WindowsUpdate.log 2012-09-26 15:29 - 2012-09-26 15:29 - 00146768 ____A C:\Windows\Minidump\092612-19593-01.dmp 2012-09-26 15:18 - 2012-09-26 15:18 - 00146776 ____A C:\Windows\Minidump\092612-19344-01.dmp 2012-09-26 15:13 - 2012-09-26 15:13 - 00146768 ____A C:\Windows\Minidump\092612-24429-01.dmp 2012-09-26 15:08 - 2012-09-26 15:08 - 00146768 ____A C:\Windows\Minidump\092612-22074-01.dmp 2012-09-26 15:03 - 2012-09-26 15:03 - 00146768 ____A C:\Windows\Minidump\092612-23275-01.dmp 2012-09-26 15:01 - 2012-04-30 12:03 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-09-26 14:58 - 2012-09-26 14:58 - 00146768 ____A C:\Windows\Minidump\092612-16816-01.dmp 2012-09-26 14:53 - 2012-09-26 14:53 - 00146768 ____A C:\Windows\Minidump\092612-15912-01.dmp 2012-09-26 14:48 - 2012-09-26 14:48 - 00146776 ____A C:\Windows\Minidump\092612-15818-01.dmp 2012-09-26 14:44 - 2012-09-26 14:44 - 00146768 ____A C:\Windows\Minidump\092612-20982-01.dmp 2012-09-26 14:41 - 2009-07-13 20:53 - 00029212 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-09-26 14:39 - 2012-09-26 14:39 - 00001682 ____A C:\Windows\PFRO.log 2012-09-26 14:07 - 2009-07-13 20:34 - 00021904 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-09-26 14:07 - 2009-07-13 20:34 - 00021904 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-09-25 20:21 - 2012-04-30 10:50 - 00001945 ____A C:\Windows\epplauncher.mif 2012-09-20 15:02 - 2012-04-30 12:03 - 00696240 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2012-09-20 15:02 - 2012-04-30 12:03 - 00073136 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2012-09-13 15:50 - 2012-09-13 15:50 - 00087552 ____A C:\Users\User\AppData\Roaming\ED98.exe 2012-09-12 14:04 - 2012-09-11 16:39 - 00000112 ____A C:\Users\All Users\Rdo6j2N2K.dat 2012-09-12 12:47 - 2012-09-11 16:38 - 00087552 ____A C:\Users\All Users\Mpnp38C2.exe 2012-09-11 21:58 - 2012-04-30 09:31 - 62164608 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-09-11 16:38 - 2012-09-11 16:38 - 00000001 ____A C:\Users\All Users\Mpnp38C2.exe_.b 2012-09-11 16:38 - 2012-09-11 16:38 - 00000001 ____A C:\Users\All Users\Mpnp38C2.exe.b 2012-09-11 15:53 - 2012-09-11 15:53 - 00000000 ____A C:\Windows\setuperr.log 2012-09-09 21:13 - 2012-09-09 21:13 - 00000965 ____A C:\Users\Public\Desktop\CCleaner.lnk 2012-08-30 21:03 - 2012-08-30 21:03 - 00193552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys 2012-08-30 21:03 - 2012-03-20 19:44 - 00099272 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys 2012-08-23 23:27 - 2012-09-22 23:21 - 12319744 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-08-23 23:03 - 2012-09-22 23:21 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-08-23 22:59 - 2012-09-22 23:21 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-08-23 22:51 - 2012-09-22 23:21 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-08-23 22:51 - 2012-09-22 23:21 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-08-23 22:51 - 2012-09-22 23:21 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-08-23 22:49 - 2012-09-22 23:21 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-08-23 22:48 - 2012-09-22 23:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-08-23 22:47 - 2012-09-22 23:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-08-23 22:47 - 2012-09-22 23:21 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2012-08-23 22:47 - 2012-09-22 23:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-08-23 22:45 - 2012-09-22 23:21 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2012-08-23 22:44 - 2012-09-22 23:21 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-08-23 22:44 - 2012-09-22 23:21 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-08-23 22:43 - 2012-09-22 23:21 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-08-23 22:40 - 2012-09-22 23:21 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-08-22 09:16 - 2012-09-11 15:58 - 01292144 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2012-08-22 09:16 - 2012-09-11 15:58 - 00712048 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys 2012-08-22 09:16 - 2012-09-11 15:58 - 00240496 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys 2012-08-22 09:16 - 2012-09-11 15:58 - 00187760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS 2012-08-21 12:12 - 2012-09-25 14:30 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe 2012-08-16 09:21 - 2009-07-13 20:33 - 00308496 ____A C:\Windows\System32\FNTCACHE.DAT 2012-08-02 08:57 - 2012-09-11 15:58 - 00490496 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll 2012-07-18 09:47 - 2012-08-15 13:15 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-07-04 13:16 - 2012-08-15 13:15 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll 2012-07-04 13:14 - 2012-08-15 13:15 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll 2012-07-04 13:14 - 2012-08-15 13:15 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll 2012-07-04 11:45 - 2012-09-11 15:58 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys ZeroAccess: C:\$Recycle.Bin\S-1-5-21-251844935-3515722939-3818351654-1000\$aba5e582a07b337a4bdcc00b0fcc8ba4 ZeroAccess: C:\Windows\assembly\GAC\Desktop.ini ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2012-09-10 20:04:33 Restore point made on: 2012-09-11 21:57:42 Restore point made on: 2012-09-18 20:15:31 Restore point made on: 2012-09-22 15:52:13 Restore point made on: 2012-09-22 23:21:13 Restore point made on: 2012-09-25 20:20:12 ==================== Memory info =========================== Percentage of memory in use: 19% Total physical RAM: 2004.59 MB Available physical RAM: 1608.75 MB Total Pagefile: 2004.59 MB Available Pagefile: 1608.38 MB Total Virtual: 2047.88 MB Available Virtual: 1956.68 MB ==================== Partitions ============================= 2 Drive c: () (Fixed) (Total:74.16 GB) (Free:54.84 GB) NTFS 4 Drive f: () (Removable) (Total:3.73 GB) (Free:3.73 GB) FAT32 5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS 6 Drive y: (System Reserved) (Fixed) (Total:0.35 GB) (Free:0.32 GB) NTFS ==>[system with boot components (obtained from reading drive)] Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 74 GB 0 B Disk 1 Online 3822 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 356 MB 1024 KB Partition 2 Primary 74 GB 357 MB ========================================================= Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 Y System Rese NTFS Partition 356 MB Healthy ========================================================= Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C NTFS Partition 74 GB Healthy ========================================================= Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 3818 MB 4032 KB ========================================================= Disk: 1 Partition 1 Type : 0C Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 F FAT32 Removable 3818 MB Healthy ========================================================= Last Boot: 2012-09-08 15:12 ==================== End Of Log ============================
  14. I performed a quick scan on malwarebytes and deleted some files. then it asked me to reboot which i did. but now when it gets to the member login and i login a message appears saying c:\programdata\malwarebytes\malwarebytes anti-malware\cleanup.dll module not found i click ok and it loads up my regular screen without my background. After about a minute a blue screen pops up and the computer restarts. I can get access through safe mode but not in regular mode because this happens every time. can someone help me please! my DDS . DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1 Run by User at 17:40:15 on 2012-09-26 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2005.250 [GMT -7:00] . AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\Explorer.EXE C:\Windows\system32\ctfmon.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://sdbroadband.org/ BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll uRun: [iNTEL] rundll32.exe c:\users\user\appdata\local\intel\cwyqnivp.dll,SonyUsbDataRecive uRun: [iNTEL Update] rundll32.exe c:\users\user\appdata\local\intel\cwyqnivp.dll,SonyUsbDataRecive mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "c:\programdata\malwarebytes\malwarebytes' anti-malware\cleanup.dll",ProcessCleanupScript StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL LSP: mswsock.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{F8923FBD-AD44-4769-AB0F-B3BB0F86B3E9} : DhcpNameServer = 192.168.1.1 Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll Notify: igfxcui - igfxdev.dll . ============= SERVICES / DRIVERS =============== . S0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-27 63960] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-30 250288] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-11 62464] S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 99272] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224] S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264] . =============== Created Last 30 ================ . 2012-09-26 23:51:18 126464 ----a-w- c:\programdata\microsoft\windows\drm\9EFC.tmp 2012-09-26 23:32:03 -------- d-----w- c:\users\user\appdata\local\ElevatedDiagnostics 2012-09-26 22:16:46 126464 ----a-w- c:\programdata\microsoft\windows\drm\B2CA.tmp 2012-09-26 02:17:23 6980552 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{bb5390e4-67c9-4132-8db2-e5121e5b6e33}\mpengine.dll 2012-09-25 22:30:52 245760 ----a-w- c:\windows\system32\OxpsConverter.exe 2012-09-25 00:38:14 6980552 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll 2012-09-13 23:50:16 87552 ----a-w- c:\users\user\appdata\roaming\ED98.exe 2012-09-12 00:38:50 87552 ----a-w- c:\programdata\Mpnp38C2.exe 2012-09-11 23:58:36 712048 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-09-11 23:58:36 240496 ----a-w- c:\windows\system32\drivers\netio.sys 2012-09-11 23:58:36 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-09-11 23:58:36 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-09-11 23:58:35 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys 2012-09-11 23:58:34 490496 ----a-w- c:\windows\system32\d3d10level9.dll 2012-09-10 05:13:23 -------- d-----w- c:\program files\CCleaner 2012-09-10 02:14:45 -------- d-----w- c:\users\user\appdata\local\INTEL 2012-08-31 05:03:50 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys . ==================== Find3M ==================== . 2012-09-20 23:02:37 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-09-20 23:02:37 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-08-31 05:03:50 99272 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll 2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-07-18 17:47:53 2345984 ----a-w- c:\windows\system32\win32k.sys 2012-07-04 21:14:34 41984 ----a-w- c:\windows\system32\browcli.dll 2012-07-04 21:14:34 102912 ----a-w- c:\windows\system32\browser.dll My ATTACH . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume1 Install Date: 5/30/2012 8:31:56 PM System Uptime: 9/26/2012 4:57:08 PM (1 hours ago) . Motherboard: Dell Inc. | | 0DR845 Processor: Intel® Core™2 Duo CPU E6550 @ 2.33GHz | CPU | 2327/1333mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 74 GiB total, 54.887 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: Description: PCI Serial Port Device ID: PCI\VEN_8086&DEV_29B7&SUBSYS_02111028&REV_02\3&172E68DD&1&1B Manufacturer: Name: PCI Serial Port PNP Device ID: PCI\VEN_8086&DEV_29B7&SUBSYS_02111028&REV_02\3&172E68DD&1&1B Service: . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: Security Processor Loader Driver Device ID: ROOT\LEGACY_SPLDR\0000 Manufacturer: Name: Security Processor Loader Driver PNP Device ID: ROOT\LEGACY_SPLDR\0000 Service: spldr . Class GUID: Description: PCI Simple Communications Controller Device ID: PCI\VEN_8086&DEV_29B4&SUBSYS_02111028&REV_02\3&172E68DD&1&18 Manufacturer: Name: PCI Simple Communications Controller PNP Device ID: PCI\VEN_8086&DEV_29B4&SUBSYS_02111028&REV_02\3&172E68DD&1&18 Service: . ==== System Restore Points =================== . RP45: 9/10/2012 9:04:25 PM - Windows Update RP46: 9/11/2012 10:57:33 PM - Windows Update RP47: 9/18/2012 9:15:21 PM - Windows Update RP48: 9/22/2012 4:52:01 PM - Windows Update RP49: 9/23/2012 12:21:05 AM - Windows Update RP50: 9/25/2012 9:20:02 PM - Windows Update . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) 7-Zip 9.20 Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.4) Adobe Shockwave Player 11.6 CCleaner CDBurnerXP Foxit Reader Intel® Graphics Media Accelerator Driver Java Auto Updater Java™ 6 Update 31 Java™ 7 Update 4 JavaFX 2.1.0 K-Lite Codec Pack 8.7.0 (Full) Malwarebytes Anti-Malware version 1.61.0.1400 Microsoft .NET Framework 4 Client Profile Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Paint.NET v3.5.10 QuickTime Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition SoundMAX swMSM Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) WOT for Internet Explorer . ==== Event Viewer Messages From Past Week ======== . 9/26/2012 4:58:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 9/26/2012 4:58:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 9/26/2012 4:58:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 9/26/2012 4:58:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 9/26/2012 4:57:44 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter spldr Wanarpv6 9/26/2012 4:57:36 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x83179487, 0x8972f754, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 092612-21091-01. 9/26/2012 4:47:12 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 9/26/2012 4:29:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 9/26/2012 4:29:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 9/26/2012 4:29:27 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf 9/26/2012 4:29:27 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 9/26/2012 4:29:27 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 9/26/2012 4:29:27 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 9/26/2012 4:29:27 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 9/26/2012 4:29:27 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 9/26/2012 4:29:26 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 9/26/2012 4:29:26 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 9/26/2012 4:29:26 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 9/26/2012 4:29:26 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 9/26/2012 4:29:26 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 9/26/2012 4:29:22 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x831b9487, 0x97303754, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 092612-19593-01. 9/26/2012 4:18:34 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x831ba487, 0x975fe754, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 092612-19344-01. 9/26/2012 4:13:39 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x831df487, 0xab523754, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 092612-24429-01. 9/26/2012 4:08:14 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x831b8487, 0x96ebb754, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 092612-22074-01. 9/26/2012 4:03:18 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x83006487, 0x8a7f6754, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 092612-23275-01. 9/26/2012 3:58:27 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x831b4487, 0x8a7aa754, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 092612-16816-01. 9/26/2012 3:53:39 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x831b8487, 0x8c2b3754, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 092612-15912-01. 9/26/2012 3:48:54 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x831b5487, 0xab167754, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 092612-15818-01. 9/26/2012 3:44:17 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x831c9487, 0x915dd754, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 092612-20982-01. 9/26/2012 3:41:32 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 9/26/2012 3:41:32 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 9/26/2012 3:41:32 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 9/26/2012 3:41:32 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 9/26/2012 3:41:32 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 9/26/2012 3:41:32 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 9/26/2012 3:41:32 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 9/26/2012 3:41:32 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 9/26/2012 3:41:32 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 9/26/2012 3:41:32 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 9/26/2012 3:41:32 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 9/26/2012 3:21:09 PM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance. 9/25/2012 6:08:17 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. . ==== End Of File =========================== Attach.txt DDS.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.