Need help, please

[Poorsoul]

Hello,

I am experiencing a very nasty malware infection. Malwarebytes shows nothing infected, but on a boot time scan, avast is detecting sirefef-PL, bitcoinminer-U, DNSchanger-VJ, and JS:ScriptPE-inf, yet can do nothing to remove this problem.

It appears that my ability to use system restore is gone, PING.EXE *32 is constantly launched, and periodic attempts to direct my browser to a site are attempted. I am not certain which site, since noscript was blocking the connection (even though a new tab would get opened) and then I later installed avast and it blocks the attempts now.

I would sincerely appreciate any kind of help in getting my system clean again!

Per the "I'm infected- what do I do now" thread, I have run malwarebytes and posted a log and also run DDS.scr and attached both log files. Please let me know what else I can do to assist you.

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.05.17.02

Windows 7 x64 NTFS

Internet Explorer 8.0.7600.16385

XXXX :: XXXX-PC [administrator]

5/17/2012 9:28:43 AM

mbam-log-2012-05-17 (09-28-43).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 204012

Time elapsed: 3 minute(s), 51 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

DDS.txt

Attach.txt

[MrCharlie]

(Please use the default font and don't put logs in code)

Welcome to the forum

Your computer is infected with a nasty rootkit. Please read the following information first.

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall

http://www.dslreports.com/faq/10063

I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards and......

• There's a possibility that you'll lose your internet connections which I may not be able to correct and will require a repair install.
  
• There's also a possibility that during the cleaning procedure the computer will become unusable (won't boot) which will result in a repair install or complete format and install.
  
• I strongly suggest you back up all of the important items on the system before we continue.
  

Please let me know you have read this and agree to it.

Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

--------------------------------------

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options, they're not all bad!)

Post back the report.

MrC

[Poorsoul]

Thank you for your fast response. I understand that you may not be able to get rid of this completely and I am prepared to format my system as a last resort if I must. (I was almost at that point when I came here for help)

Here is the roguekiller report:

RogueKiller V7.4.4 [05/08/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version

Started in : Normal mode

User: XXXX [Admin rights]

Mode: Scan -- Date: 05/17/2012 10:48:54

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 4 ¤¤¤

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDS721050CLA362 ATA Device +++++

--- User ---

[MBR] 79afe5bcbfc5f257e57928f6acf34914

[bSP] 1f84320b928eeee4fd2e6532c395516f : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[2].txt >>

RKreport[1].txt ; RKreport[2].txt

[MrCharlie]

I expected to get a different result from RogueKiller.

Please do this......

Please make sure system restore is running and create a new restore point before continuing.

XP <===> Vista & W7

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

------------------------

Click the Start Scan button.

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

[Poorsoul]

Ok, I have created a restore point. Here is the logfile generated from TDSSKiller:

11:12:44.0587 0628 TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:57

11:12:44.0981 0628 ============================================================

11:12:44.0981 0628 Current date / time: 2012/05/17 11:12:44.0981

11:12:44.0981 0628 SystemInfo:

11:12:44.0981 0628

11:12:44.0981 0628 OS Version: 6.1.7600 ServicePack: 0.0

11:12:44.0981 0628 Product type: Workstation

11:12:44.0981 0628 ComputerName: XXXX-PC

11:12:44.0981 0628 UserName: XXXX

11:12:44.0981 0628 Windows directory: C:\Windows

11:12:44.0981 0628 System windows directory: C:\Windows

11:12:44.0981 0628 Running under WOW64

11:12:44.0981 0628 Processor architecture: Intel x64

11:12:44.0981 0628 Number of processors: 4

11:12:44.0981 0628 Page size: 0x1000

11:12:44.0981 0628 Boot type: Normal boot

11:12:44.0981 0628 ============================================================

11:12:46.0255 0628 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

11:12:46.0262 0628 ============================================================

11:12:46.0262 0628 \Device\Harddisk0\DR0:

11:12:46.0264 0628 MBR partitions:

11:12:46.0264 0628 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

11:12:46.0264 0628 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000

11:12:46.0264 0628 ============================================================

11:12:46.0290 0628 C: <-> \Device\Harddisk0\DR0\Partition1

11:12:46.0290 0628 ============================================================

11:12:46.0290 0628 Initialize success

11:12:46.0290 0628 ============================================================

11:12:55.0221 3096 ============================================================

11:12:55.0221 3096 Scan started

11:12:55.0221 3096 Mode: Manual; SigCheck; TDLFS;

11:12:55.0221 3096 ============================================================

11:12:56.0479 3096 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys

11:12:56.0596 3096 1394ohci - ok

11:12:56.0650 3096 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys

11:12:56.0666 3096 ACPI - ok

11:12:56.0692 3096 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys

11:12:56.0741 3096 AcpiPmi - ok

11:12:56.0875 3096 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

11:12:56.0888 3096 AdobeFlashPlayerUpdateSvc - ok

11:12:56.0977 3096 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

11:12:56.0994 3096 adp94xx - ok

11:12:57.0032 3096 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

11:12:57.0047 3096 adpahci - ok

11:12:57.0089 3096 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

11:12:57.0102 3096 adpu320 - ok

11:12:57.0130 3096 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

11:12:57.0166 3096 AeLookupSvc - ok

11:12:57.0238 3096 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys

11:12:57.0317 3096 AFD - ok

11:12:57.0368 3096 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys

11:12:57.0379 3096 agp440 - ok

11:12:57.0406 3096 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

11:12:57.0427 3096 ALG - ok

11:12:57.0450 3096 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys

11:12:57.0461 3096 aliide - ok

11:12:57.0479 3096 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys

11:12:57.0490 3096 amdide - ok

11:12:57.0515 3096 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

11:12:57.0552 3096 AmdK8 - ok

11:12:57.0566 3096 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

11:12:57.0590 3096 AmdPPM - ok

11:12:57.0612 3096 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys

11:12:57.0624 3096 amdsata - ok

11:12:57.0654 3096 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

11:12:57.0667 3096 amdsbs - ok

11:12:57.0683 3096 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys

11:12:57.0694 3096 amdxata - ok

11:12:57.0725 3096 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys

11:12:57.0751 3096 AppID - ok

11:12:57.0769 3096 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

11:12:57.0810 3096 AppIDSvc - ok

11:12:57.0823 3096 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll

11:12:57.0861 3096 Appinfo - ok

11:12:57.0915 3096 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

11:12:57.0927 3096 arc - ok

11:12:57.0952 3096 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

11:12:57.0964 3096 arcsas - ok

11:12:58.0146 3096 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

11:12:58.0156 3096 aspnet_state - ok

11:12:58.0209 3096 aswFsBlk (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys

11:12:58.0235 3096 aswFsBlk - ok

11:12:58.0270 3096 aswMonFlt (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys

11:12:58.0280 3096 aswMonFlt - ok

11:12:58.0320 3096 aswRdr (1b96a5867abd4fa6135d8298fcccf9c6) C:\Windows\System32\Drivers\aswrdr2.sys

11:12:58.0330 3096 aswRdr - ok

11:12:58.0445 3096 aswSnx (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys

11:12:58.0468 3096 aswSnx - ok

11:12:58.0516 3096 aswSP (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys

11:12:58.0531 3096 aswSP - ok

11:12:58.0551 3096 aswTdi (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys

11:12:58.0562 3096 aswTdi - ok

11:12:58.0607 3096 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

11:12:58.0656 3096 AsyncMac - ok

11:12:58.0671 3096 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys

11:12:58.0681 3096 atapi - ok

11:12:58.0740 3096 atksgt (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys

11:12:58.0755 3096 atksgt - ok

11:12:58.0812 3096 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll

11:12:58.0857 3096 AudioEndpointBuilder - ok

11:12:58.0864 3096 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll

11:12:58.0900 3096 AudioSrv - ok

11:12:59.0023 3096 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

11:12:59.0033 3096 avast! Antivirus - ok

11:12:59.0083 3096 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll

11:12:59.0118 3096 AxInstSV - ok

11:12:59.0174 3096 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

11:12:59.0199 3096 b06bdrv - ok

11:12:59.0235 3096 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

11:12:59.0261 3096 b57nd60a - ok

11:12:59.0317 3096 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

11:12:59.0349 3096 BDESVC - ok

11:12:59.0371 3096 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

11:12:59.0407 3096 Beep - ok

11:12:59.0472 3096 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll

11:12:59.0526 3096 BITS - ok

11:12:59.0545 3096 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

11:12:59.0568 3096 blbdrive - ok

11:12:59.0632 3096 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys

11:12:59.0696 3096 bowser - ok

11:12:59.0734 3096 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

11:12:59.0764 3096 BrFiltLo - ok

11:12:59.0776 3096 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

11:12:59.0790 3096 BrFiltUp - ok

11:12:59.0812 3096 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys

11:12:59.0851 3096 BridgeMP - ok

11:12:59.0879 3096 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll

11:12:59.0912 3096 Browser - ok

11:12:59.0937 3096 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

11:12:59.0961 3096 Brserid - ok

11:12:59.0981 3096 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

11:13:00.0007 3096 BrSerWdm - ok

11:13:00.0034 3096 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

11:13:00.0071 3096 BrUsbMdm - ok

11:13:00.0079 3096 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

11:13:00.0103 3096 BrUsbSer - ok

11:13:00.0123 3096 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

11:13:00.0138 3096 BTHMODEM - ok

11:13:00.0175 3096 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

11:13:00.0216 3096 bthserv - ok

11:13:00.0240 3096 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

11:13:00.0282 3096 cdfs - ok

11:13:00.0319 3096 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys

11:13:00.0340 3096 cdrom - ok

11:13:00.0378 3096 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll

11:13:00.0421 3096 CertPropSvc - ok

11:13:00.0438 3096 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

11:13:00.0464 3096 circlass - ok

11:13:00.0492 3096 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

11:13:00.0508 3096 CLFS - ok

11:13:00.0568 3096 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

11:13:00.0579 3096 clr_optimization_v2.0.50727_32 - ok

11:13:00.0607 3096 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

11:13:00.0617 3096 clr_optimization_v2.0.50727_64 - ok

11:13:00.0736 3096 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

11:13:00.0747 3096 clr_optimization_v4.0.30319_32 - ok

11:13:00.0775 3096 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

11:13:00.0787 3096 clr_optimization_v4.0.30319_64 - ok

11:13:00.0815 3096 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

11:13:00.0838 3096 CmBatt - ok

11:13:00.0850 3096 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys

11:13:00.0861 3096 cmdide - ok

11:13:00.0922 3096 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys

11:13:00.0982 3096 CNG - ok

11:13:01.0005 3096 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

11:13:01.0015 3096 Compbatt - ok

11:13:01.0035 3096 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys

11:13:01.0062 3096 CompositeBus - ok

11:13:01.0071 3096 COMSysApp - ok

11:13:01.0087 3096 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

11:13:01.0097 3096 crcdisk - ok

11:13:01.0129 3096 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll

11:13:01.0171 3096 CryptSvc - ok

11:13:01.0220 3096 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll

11:13:01.0268 3096 DcomLaunch - ok

11:13:01.0306 3096 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

11:13:01.0351 3096 defragsvc - ok

11:13:01.0454 3096 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys

11:13:01.0486 3096 DfsC - ok

11:13:01.0558 3096 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll

11:13:01.0589 3096 Dhcp - ok

11:13:01.0608 3096 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

11:13:01.0647 3096 discache - ok

11:13:01.0681 3096 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

11:13:01.0693 3096 Disk - ok

11:13:01.0758 3096 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll

11:13:01.0836 3096 Dnscache - ok

11:13:01.0891 3096 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll

11:13:01.0931 3096 dot3svc - ok

11:13:01.0953 3096 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll

11:13:01.0993 3096 DPS - ok

11:13:02.0023 3096 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

11:13:02.0037 3096 drmkaud - ok

11:13:02.0199 3096 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys

11:13:02.0225 3096 DXGKrnl - ok

11:13:02.0261 3096 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

11:13:02.0304 3096 EapHost - ok

11:13:02.0489 3096 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

11:13:02.0555 3096 ebdrv - ok

11:13:02.0669 3096 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe

11:13:02.0707 3096 EFS - ok

11:13:02.0780 3096 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

11:13:02.0800 3096 elxstor - ok

11:13:02.0809 3096 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys

11:13:02.0834 3096 ErrDev - ok

11:13:02.0879 3096 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

11:13:02.0920 3096 EventSystem - ok

11:13:02.0948 3096 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

11:13:02.0990 3096 exfat - ok

11:13:03.0018 3096 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

11:13:03.0057 3096 fastfat - ok

11:13:03.0122 3096 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe

11:13:03.0166 3096 Fax - ok

11:13:03.0187 3096 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

11:13:03.0207 3096 fdc - ok

11:13:03.0237 3096 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

11:13:03.0269 3096 fdPHost - ok

11:13:03.0279 3096 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

11:13:03.0311 3096 FDResPub - ok

11:13:03.0321 3096 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

11:13:03.0332 3096 FileInfo - ok

11:13:03.0341 3096 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

11:13:03.0384 3096 Filetrace - ok

11:13:03.0404 3096 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

11:13:03.0416 3096 flpydisk - ok

11:13:03.0450 3096 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys

11:13:03.0465 3096 FltMgr - ok

11:13:03.0537 3096 FontCache (8ac4cb4ea61e41009fae9ae7b2b5da3a) C:\Windows\system32\FntCache.dll

11:13:03.0595 3096 FontCache - ok

11:13:03.0644 3096 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

11:13:03.0654 3096 FontCache3.0.0.0 - ok

11:13:03.0703 3096 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

11:13:03.0714 3096 FsDepends - ok

11:13:03.0770 3096 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys

11:13:03.0781 3096 Fs_Rec - ok

11:13:03.0856 3096 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys

11:13:03.0872 3096 fvevol - ok

11:13:03.0906 3096 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

11:13:03.0917 3096 gagp30kx - ok

11:13:03.0981 3096 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll

11:13:04.0021 3096 gpsvc - ok

11:13:04.0039 3096 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

11:13:04.0065 3096 hcw85cir - ok

11:13:04.0216 3096 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys

11:13:04.0260 3096 HdAudAddService - ok

11:13:04.0323 3096 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys

11:13:04.0349 3096 HDAudBus - ok

11:13:04.0364 3096 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

11:13:04.0385 3096 HidBatt - ok

11:13:04.0405 3096 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

11:13:04.0425 3096 HidBth - ok

11:13:04.0451 3096 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

11:13:04.0480 3096 HidIr - ok

11:13:04.0504 3096 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll

11:13:04.0545 3096 hidserv - ok

11:13:04.0577 3096 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys

11:13:04.0600 3096 HidUsb - ok

11:13:04.0624 3096 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll

11:13:04.0666 3096 hkmsvc - ok

11:13:04.0689 3096 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll

11:13:04.0725 3096 HomeGroupListener - ok

11:13:04.0750 3096 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll

11:13:04.0771 3096 HomeGroupProvider - ok

11:13:04.0797 3096 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys

11:13:04.0809 3096 HpSAMD - ok

11:13:04.0866 3096 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys

11:13:04.0906 3096 HTTP - ok

11:13:04.0926 3096 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys

11:13:04.0937 3096 hwpolicy - ok

11:13:04.0961 3096 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

11:13:04.0975 3096 i8042prt - ok

11:13:05.0018 3096 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys

11:13:05.0036 3096 iaStorV - ok

11:13:05.0099 3096 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

11:13:05.0105 3096 IDriverT ( UnsignedFile.Multi.Generic ) - warning

11:13:05.0105 3096 IDriverT - detected UnsignedFile.Multi.Generic (1)

11:13:05.0180 3096 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

11:13:05.0203 3096 idsvc - ok

11:13:05.0301 3096 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

11:13:05.0312 3096 iirsp - ok

11:13:05.0385 3096 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll

11:13:05.0440 3096 IKEEXT - ok

11:13:05.0457 3096 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys

11:13:05.0468 3096 intelide - ok

11:13:05.0501 3096 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

11:13:05.0523 3096 intelppm - ok

11:13:05.0552 3096 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

11:13:05.0600 3096 IPBusEnum - ok

11:13:05.0623 3096 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys

11:13:05.0658 3096 IpFilterDriver - ok

11:13:05.0717 3096 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll

11:13:05.0756 3096 iphlpsvc - ok

11:13:05.0776 3096 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys

11:13:05.0789 3096 IPMIDRV - ok

11:13:05.0815 3096 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

11:13:05.0852 3096 IPNAT - ok

11:13:05.0877 3096 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

11:13:05.0894 3096 IRENUM - ok

11:13:05.0906 3096 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys

11:13:05.0916 3096 isapnp - ok

11:13:05.0944 3096 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys

11:13:05.0959 3096 iScsiPrt - ok

11:13:05.0982 3096 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

11:13:05.0994 3096 kbdclass - ok

11:13:06.0019 3096 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys

11:13:06.0041 3096 kbdhid - ok

11:13:06.0089 3096 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

11:13:06.0102 3096 KeyIso - ok

11:13:06.0121 3096 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys

11:13:06.0133 3096 KSecDD - ok

11:13:06.0154 3096 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys

11:13:06.0167 3096 KSecPkg - ok

11:13:06.0211 3096 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

11:13:06.0248 3096 ksthunk - ok

11:13:06.0300 3096 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

11:13:06.0345 3096 KtmRm - ok

11:13:06.0407 3096 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll

11:13:06.0434 3096 LanmanServer - ok

11:13:06.0466 3096 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll

11:13:06.0501 3096 LanmanWorkstation - ok

11:13:06.0553 3096 lirsgt (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys

11:13:06.0563 3096 lirsgt - ok

11:13:06.0589 3096 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

11:13:06.0620 3096 lltdio - ok

11:13:06.0672 3096 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

11:13:06.0718 3096 lltdsvc - ok

11:13:06.0729 3096 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

11:13:06.0760 3096 lmhosts - ok

11:13:06.0789 3096 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

11:13:06.0801 3096 LSI_FC - ok

11:13:06.0825 3096 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

11:13:06.0837 3096 LSI_SAS - ok

11:13:06.0851 3096 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

11:13:06.0862 3096 LSI_SAS2 - ok

11:13:06.0886 3096 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

11:13:06.0898 3096 LSI_SCSI - ok

11:13:06.0916 3096 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

11:13:06.0953 3096 luafv - ok

11:13:06.0975 3096 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

11:13:06.0986 3096 megasas - ok

11:13:07.0014 3096 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

11:13:07.0029 3096 MegaSR - ok

11:13:07.0062 3096 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

11:13:07.0108 3096 MMCSS - ok

11:13:07.0142 3096 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

11:13:07.0187 3096 Modem - ok

11:13:07.0213 3096 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

11:13:07.0233 3096 monitor - ok

11:13:07.0254 3096 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

11:13:07.0265 3096 mouclass - ok

11:13:07.0281 3096 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

11:13:07.0294 3096 mouhid - ok

11:13:07.0309 3096 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys

11:13:07.0321 3096 mountmgr - ok

11:13:07.0402 3096 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

11:13:07.0414 3096 MozillaMaintenance - ok

11:13:07.0437 3096 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys

11:13:07.0450 3096 mpio - ok

11:13:07.0474 3096 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

11:13:07.0505 3096 mpsdrv - ok

11:13:07.0522 3096 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys

11:13:07.0552 3096 MRxDAV - ok

11:13:07.0611 3096 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys

11:13:07.0646 3096 mrxsmb - ok

11:13:07.0691 3096 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys

11:13:07.0707 3096 mrxsmb10 - ok

11:13:07.0740 3096 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys

11:13:07.0776 3096 mrxsmb20 - ok

11:13:07.0800 3096 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys

11:13:07.0811 3096 msahci - ok

11:13:07.0833 3096 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys

11:13:07.0846 3096 msdsm - ok

11:13:07.0874 3096 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

11:13:07.0890 3096 MSDTC - ok

11:13:07.0929 3096 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

11:13:07.0959 3096 Msfs - ok

11:13:07.0978 3096 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

11:13:08.0016 3096 mshidkmdf - ok

11:13:08.0032 3096 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys

11:13:08.0043 3096 msisadrv - ok

11:13:08.0084 3096 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

11:13:08.0116 3096 MSiSCSI - ok

11:13:08.0119 3096 msiserver - ok

11:13:08.0159 3096 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

11:13:08.0195 3096 MSKSSRV - ok

11:13:08.0207 3096 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

11:13:08.0238 3096 MSPCLOCK - ok

11:13:08.0249 3096 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

11:13:08.0292 3096 MSPQM - ok

11:13:08.0328 3096 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys

11:13:08.0344 3096 MsRPC - ok

11:13:08.0373 3096 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

11:13:08.0384 3096 mssmbios - ok

11:13:08.0410 3096 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

11:13:08.0447 3096 MSTEE - ok

11:13:08.0466 3096 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

11:13:08.0489 3096 MTConfig - ok

11:13:08.0518 3096 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys

11:13:08.0528 3096 MTsensor - ok

11:13:08.0548 3096 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

11:13:08.0560 3096 Mup - ok

11:13:08.0612 3096 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll

11:13:08.0651 3096 napagent - ok

11:13:08.0696 3096 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

11:13:08.0728 3096 NativeWifiP - ok

11:13:08.0793 3096 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys

11:13:08.0819 3096 NDIS - ok

11:13:08.0842 3096 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

11:13:08.0874 3096 NdisCap - ok

11:13:08.0899 3096 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

11:13:08.0966 3096 NdisTapi - ok

11:13:09.0007 3096 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys

11:13:09.0044 3096 Ndisuio - ok

11:13:09.0068 3096 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys

11:13:09.0101 3096 NdisWan - ok

11:13:09.0111 3096 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys

11:13:09.0142 3096 NDProxy - ok

11:13:09.0160 3096 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

11:13:09.0201 3096 NetBIOS - ok

11:13:09.0234 3096 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys

11:13:09.0273 3096 NetBT - ok

11:13:09.0318 3096 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

11:13:09.0331 3096 Netlogon - ok

11:13:09.0391 3096 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

11:13:09.0439 3096 Netman - ok

11:13:09.0560 3096 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

11:13:09.0571 3096 NetMsmqActivator - ok

11:13:09.0575 3096 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

11:13:09.0586 3096 NetPipeActivator - ok

11:13:09.0639 3096 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

11:13:09.0682 3096 netprofm - ok

11:13:09.0686 3096 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

11:13:09.0697 3096 NetTcpActivator - ok

11:13:09.0701 3096 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

11:13:09.0712 3096 NetTcpPortSharing - ok

11:13:09.0776 3096 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

11:13:09.0788 3096 nfrd960 - ok

11:13:09.0833 3096 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll

11:13:09.0880 3096 NlaSvc - ok

11:13:09.0890 3096 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

11:13:09.0928 3096 Npfs - ok

11:13:09.0952 3096 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

11:13:09.0992 3096 nsi - ok

11:13:10.0010 3096 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

11:13:10.0049 3096 nsiproxy - ok

11:13:10.0148 3096 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys

11:13:10.0186 3096 Ntfs - ok

11:13:10.0288 3096 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

11:13:10.0332 3096 Null - ok

11:13:10.0375 3096 NVHDA (8d4aac74b571fc356560e5b308955e93) C:\Windows\system32\drivers\nvhda64v.sys

11:13:10.0388 3096 NVHDA - ok

11:13:11.0107 3096 nvlddmkm (0eb204639119370f5f8f2871fbf4e14b) C:\Windows\system32\DRIVERS\nvlddmkm.sys

11:13:11.0388 3096 nvlddmkm - ok

11:13:11.0502 3096 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys

11:13:11.0515 3096 nvraid - ok

11:13:11.0534 3096 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys

11:13:11.0548 3096 nvstor - ok

11:13:11.0646 3096 nvsvc (32ff8ee6dcee5c0cb91ff892fb1ca364) C:\Windows\system32\nvvsvc.exe

11:13:11.0673 3096 nvsvc - ok

11:13:11.0697 3096 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys

11:13:11.0709 3096 nv_agp - ok

11:13:11.0737 3096 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys

11:13:11.0750 3096 ohci1394 - ok

11:13:11.0782 3096 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

11:13:11.0818 3096 p2pimsvc - ok

11:13:11.0851 3096 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

11:13:11.0870 3096 p2psvc - ok

11:13:11.0908 3096 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

11:13:11.0921 3096 Parport - ok

11:13:11.0979 3096 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys

11:13:11.0991 3096 partmgr - ok

11:13:12.0019 3096 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

11:13:12.0043 3096 PcaSvc - ok

11:13:12.0074 3096 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys

11:13:12.0087 3096 pci - ok

11:13:12.0098 3096 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys

11:13:12.0109 3096 pciide - ok

11:13:12.0134 3096 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

11:13:12.0148 3096 pcmcia - ok

11:13:12.0168 3096 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

11:13:12.0179 3096 pcw - ok

11:13:12.0220 3096 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

11:13:12.0262 3096 PEAUTH - ok

11:13:12.0315 3096 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

11:13:12.0340 3096 PerfHost - ok

11:13:12.0438 3096 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll

11:13:12.0495 3096 pla - ok

11:13:12.0571 3096 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll

11:13:12.0631 3096 PlugPlay - ok

11:13:12.0670 3096 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

11:13:12.0696 3096 PNRPAutoReg - ok

11:13:12.0723 3096 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

11:13:12.0739 3096 PNRPsvc - ok

11:13:12.0781 3096 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll

11:13:12.0831 3096 PolicyAgent - ok

11:13:12.0858 3096 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

11:13:12.0904 3096 Power - ok

11:13:12.0970 3096 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys

11:13:13.0002 3096 PptpMiniport - ok

11:13:13.0016 3096 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

11:13:13.0041 3096 Processor - ok

11:13:13.0072 3096 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll

11:13:13.0106 3096 ProfSvc - ok

11:13:13.0151 3096 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

11:13:13.0164 3096 ProtectedStorage - ok

11:13:13.0215 3096 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys

11:13:13.0246 3096 Psched - ok

11:13:13.0338 3096 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

11:13:13.0373 3096 ql2300 - ok

11:13:13.0489 3096 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

11:13:13.0502 3096 ql40xx - ok

11:13:13.0541 3096 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

11:13:13.0562 3096 QWAVE - ok

11:13:13.0575 3096 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

11:13:13.0601 3096 QWAVEdrv - ok

11:13:13.0616 3096 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

11:13:13.0646 3096 RasAcd - ok

11:13:13.0676 3096 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

11:13:13.0706 3096 RasAgileVpn - ok

11:13:13.0731 3096 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

11:13:13.0764 3096 RasAuto - ok

11:13:13.0794 3096 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys

11:13:13.0826 3096 Rasl2tp - ok

11:13:13.0857 3096 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll

11:13:13.0904 3096 RasMan - ok

11:13:13.0925 3096 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

11:13:13.0957 3096 RasPppoe - ok

11:13:13.0988 3096 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

11:13:14.0024 3096 RasSstp - ok

11:13:14.0050 3096 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys

11:13:14.0100 3096 rdbss - ok

11:13:14.0126 3096 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

11:13:14.0140 3096 rdpbus - ok

11:13:14.0158 3096 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

11:13:14.0188 3096 RDPCDD - ok

11:13:14.0208 3096 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

11:13:14.0239 3096 RDPENCDD - ok

11:13:14.0245 3096 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

11:13:14.0275 3096 RDPREFMP - ok

11:13:14.0331 3096 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys

11:13:14.0360 3096 RDPWD - ok

11:13:14.0391 3096 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys

11:13:14.0405 3096 rdyboost - ok

11:13:14.0441 3096 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

11:13:14.0481 3096 RemoteAccess - ok

11:13:14.0511 3096 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

11:13:14.0545 3096 RemoteRegistry - ok

11:13:14.0560 3096 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

11:13:14.0601 3096 RpcEptMapper - ok

11:13:14.0622 3096 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

11:13:14.0649 3096 RpcLocator - ok

11:13:14.0703 3096 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll

11:13:14.0739 3096 RpcSs - ok

11:13:14.0766 3096 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

11:13:14.0803 3096 rspndr - ok

11:13:14.0852 3096 RTL8167 (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys

11:13:14.0867 3096 RTL8167 - ok

11:13:14.0910 3096 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

11:13:14.0923 3096 SamSs - ok

11:13:14.0959 3096 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys

11:13:14.0970 3096 sbp2port - ok

11:13:15.0005 3096 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

11:13:15.0047 3096 SCardSvr - ok

11:13:15.0074 3096 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys

11:13:15.0114 3096 scfilter - ok

11:13:15.0214 3096 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll

11:13:15.0296 3096 Schedule - ok

11:13:15.0344 3096 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll

11:13:15.0373 3096 SCPolicySvc - ok

11:13:15.0406 3096 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll

11:13:15.0428 3096 SDRSVC - ok

11:13:15.0490 3096 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

11:13:15.0520 3096 secdrv - ok

11:13:15.0541 3096 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll

11:13:15.0585 3096 seclogon - ok

11:13:15.0604 3096 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

11:13:15.0651 3096 SENS - ok

11:13:15.0667 3096 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

11:13:15.0694 3096 SensrSvc - ok

11:13:15.0717 3096 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

11:13:15.0730 3096 Serenum - ok

11:13:15.0755 3096 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

11:13:15.0775 3096 Serial - ok

11:13:15.0788 3096 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

11:13:15.0816 3096 sermouse - ok

11:13:15.0845 3096 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll

11:13:15.0878 3096 SessionEnv - ok

11:13:15.0917 3096 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys

11:13:15.0942 3096 sffdisk - ok

11:13:15.0984 3096 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys

11:13:16.0004 3096 sffp_mmc - ok

11:13:16.0022 3096 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys

11:13:16.0044 3096 sffp_sd - ok

11:13:16.0071 3096 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

11:13:16.0083 3096 sfloppy - ok

11:13:16.0131 3096 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll

11:13:16.0158 3096 ShellHWDetection - ok

11:13:16.0181 3096 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

11:13:16.0192 3096 SiSRaid2 - ok

11:13:16.0209 3096 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

11:13:16.0221 3096 SiSRaid4 - ok

11:13:16.0249 3096 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

11:13:16.0287 3096 Smb - ok

11:13:16.0348 3096 SNL320XP (83db3f47ba0c49cdf4c8d1f182d8cd21) C:\Windows\system32\DRIVERS\9kdUSB64.sys

11:13:16.0370 3096 SNL320XP - ok

11:13:16.0406 3096 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

11:13:16.0434 3096 SNMPTRAP - ok

11:13:16.0456 3096 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

11:13:16.0467 3096 spldr - ok

11:13:16.0535 3096 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe

11:13:16.0568 3096 Spooler - ok

11:13:16.0753 3096 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe

11:13:16.0831 3096 sppsvc - ok

11:13:16.0925 3096 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

11:13:16.0969 3096 sppuinotify - ok

11:13:17.0081 3096 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys

11:13:17.0082 3096 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb

11:13:17.0083 3096 sptd ( LockedFile.Multi.Generic ) - warning

11:13:17.0084 3096 sptd - detected LockedFile.Multi.Generic (1)

11:13:17.0155 3096 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys

11:13:17.0237 3096 srv - ok

11:13:17.0280 3096 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys

11:13:17.0333 3096 srv2 - ok

11:13:17.0382 3096 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys

11:13:17.0396 3096 srvnet - ok

11:13:17.0441 3096 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

11:13:17.0485 3096 SSDPSRV - ok

11:13:17.0499 3096 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

11:13:17.0531 3096 SstpSvc - ok

11:13:17.0576 3096 Steam Client Service - ok

11:13:17.0653 3096 Stereo Service (fc0a58529a02b1eed55ddc58696b7908) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

11:13:17.0668 3096 Stereo Service - ok

11:13:17.0690 3096 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

11:13:17.0701 3096 stexstor - ok

11:13:17.0756 3096 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll

11:13:17.0793 3096 stisvc - ok

11:13:17.0806 3096 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

11:13:17.0817 3096 swenum - ok

11:13:17.0858 3096 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

11:13:17.0905 3096 swprv - ok

11:13:18.0005 3096 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll

11:13:18.0044 3096 SysMain - ok

11:13:18.0131 3096 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll

11:13:18.0159 3096 TabletInputService - ok

11:13:18.0189 3096 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll

11:13:18.0225 3096 TapiSrv - ok

11:13:18.0243 3096 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

11:13:18.0275 3096 TBS - ok

11:13:18.0456 3096 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys

11:13:18.0497 3096 Tcpip - ok

11:13:18.0749 3096 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys

11:13:18.0782 3096 TCPIP6 - ok

11:13:18.0851 3096 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys

11:13:18.0881 3096 tcpipreg - ok

11:13:18.0900 3096 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

11:13:18.0928 3096 TDPIPE - ok

11:13:18.0967 3096 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys

11:13:19.0001 3096 TDTCP - ok

11:13:19.0023 3096 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys

11:13:19.0062 3096 tdx - ok

11:13:19.0081 3096 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys

11:13:19.0092 3096 TermDD - ok

11:13:19.0148 3096 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll

11:13:19.0188 3096 TermService - ok

11:13:19.0204 3096 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

11:13:19.0221 3096 Themes - ok

11:13:19.0249 3096 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

11:13:19.0280 3096 THREADORDER - ok

11:13:19.0312 3096 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

11:13:19.0356 3096 TrkWks - ok

11:13:19.0403 3096 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe

11:13:19.0418 3096 TrustedInstaller - ok

11:13:19.0436 3096 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys

11:13:19.0466 3096 tssecsrv - ok

11:13:19.0500 3096 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys

11:13:19.0541 3096 tunnel - ok

11:13:19.0569 3096 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

11:13:19.0581 3096 uagp35 - ok

11:13:19.0607 3096 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys

11:13:19.0652 3096 udfs - ok

11:13:19.0677 3096 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

11:13:19.0692 3096 UI0Detect - ok

11:13:19.0717 3096 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys

11:13:19.0729 3096 uliagpkx - ok

11:13:19.0746 3096 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys

11:13:19.0759 3096 umbus - ok

11:13:19.0775 3096 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

11:13:19.0798 3096 UmPass - ok

11:13:19.0838 3096 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

11:13:19.0873 3096 upnphost - ok

11:13:19.0904 3096 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys

11:13:19.0929 3096 usbaudio - ok

11:13:19.0953 3096 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys

11:13:19.0973 3096 usbccgp - ok

11:13:19.0994 3096 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys

11:13:20.0010 3096 usbcir - ok

11:13:20.0024 3096 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys

11:13:20.0036 3096 usbehci - ok

11:13:20.0089 3096 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys

11:13:20.0111 3096 usbhub - ok

11:13:20.0124 3096 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys

11:13:20.0137 3096 usbohci - ok

11:13:20.0156 3096 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

11:13:20.0183 3096 usbprint - ok

11:13:20.0210 3096 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS

11:13:20.0223 3096 USBSTOR - ok

11:13:20.0243 3096 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys

11:13:20.0255 3096 usbuhci - ok

11:13:20.0284 3096 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

11:13:20.0316 3096 UxSms - ok

11:13:20.0360 3096 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

11:13:20.0372 3096 VaultSvc - ok

11:13:20.0412 3096 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys

11:13:20.0423 3096 vdrvroot - ok

11:13:20.0471 3096 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe

11:13:20.0492 3096 vds - ok

11:13:20.0515 3096 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

11:13:20.0529 3096 vga - ok

11:13:20.0542 3096 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

11:13:20.0585 3096 VgaSave - ok

11:13:20.0614 3096 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys

11:13:20.0627 3096 vhdmp - ok

11:13:20.0639 3096 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys

11:13:20.0650 3096 viaide - ok

11:13:20.0692 3096 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys

11:13:20.0703 3096 volmgr - ok

11:13:20.0732 3096 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys

11:13:20.0748 3096 volmgrx - ok

11:13:20.0778 3096 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys

11:13:20.0792 3096 volsnap - ok

11:13:20.0825 3096 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

11:13:20.0839 3096 vsmraid - ok

11:13:20.0941 3096 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe

11:13:20.0988 3096 VSS - ok

11:13:21.0097 3096 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

11:13:21.0111 3096 vwifibus - ok

11:13:21.0149 3096 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

11:13:21.0184 3096 W32Time - ok

11:13:21.0204 3096 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

11:13:21.0217 3096 WacomPen - ok

11:13:21.0251 3096 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

11:13:21.0281 3096 WANARP - ok

11:13:21.0285 3096 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

11:13:21.0315 3096 Wanarpv6 - ok

11:13:21.0464 3096 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

11:13:21.0496 3096 WatAdminSvc - ok

11:13:21.0604 3096 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe

11:13:21.0650 3096 wbengine - ok

11:13:21.0745 3096 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

11:13:21.0765 3096 WbioSrvc - ok

11:13:21.0794 3096 wcncsvc (8321c2ca3b62b61b293cda3451984468) C:\Windows\System32\wcncsvc.dll

11:13:21.0816 3096 wcncsvc - ok

11:13:21.0831 3096 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

11:13:21.0883 3096 WcsPlugInService - ok

11:13:21.0952 3096 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

11:13:21.0963 3096 Wd - ok

11:13:22.0012 3096 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

11:13:22.0034 3096 Wdf01000 - ok

11:13:22.0056 3096 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

11:13:22.0083 3096 WdiServiceHost - ok

11:13:22.0086 3096 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

11:13:22.0105 3096 WdiSystemHost - ok

11:13:22.0135 3096 WebClient (8a438cbb8c032a0c798b0c642ffbe572) C:\Windows\System32\webclnt.dll

11:13:22.0166 3096 WebClient - ok

11:13:22.0194 3096 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

11:13:22.0230 3096 Wecsvc - ok

11:13:22.0247 3096 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

11:13:22.0288 3096 wercplsupport - ok

11:13:22.0317 3096 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

11:13:22.0350 3096 WerSvc - ok

11:13:22.0406 3096 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

11:13:22.0436 3096 WfpLwf - ok

11:13:22.0450 3096 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

11:13:22.0461 3096 WIMMount - ok

11:13:22.0498 3096 WinDefend - ok

11:13:22.0508 3096 WinHttpAutoProxySvc - ok

11:13:22.0559 3096 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

11:13:22.0590 3096 Winmgmt - ok

11:13:22.0705 3096 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll

11:13:22.0771 3096 WinRM - ok

11:13:22.0922 3096 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys

11:13:22.0937 3096 WinUsb - ok

11:13:22.0999 3096 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

11:13:23.0029 3096 Wlansvc - ok

11:13:23.0047 3096 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

11:13:23.0059 3096 WmiAcpi - ok

11:13:23.0110 3096 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

11:13:23.0135 3096 wmiApSrv - ok

11:13:23.0159 3096 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

11:13:23.0184 3096 WPCSvc - ok

11:13:23.0200 3096 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll

11:13:23.0236 3096 WPDBusEnum - ok

11:13:23.0254 3096 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

11:13:23.0288 3096 ws2ifsl - ok

11:13:23.0325 3096 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll

11:13:23.0354 3096 wscsvc - ok

11:13:23.0357 3096 WSearch - ok

11:13:23.0497 3096 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll

11:13:23.0560 3096 wuauserv - ok

11:13:23.0667 3096 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys

11:13:23.0702 3096 WudfPf - ok

11:13:23.0736 3096 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys

11:13:23.0780 3096 WUDFRd - ok

11:13:23.0800 3096 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll

11:13:23.0834 3096 wudfsvc - ok

11:13:23.0860 3096 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

11:13:23.0881 3096 WwanSvc - ok

11:13:23.0904 3096 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

11:13:24.0253 3096 \Device\Harddisk0\DR0 - ok

11:13:24.0260 3096 Boot (0x1200) (a72cf677df07236a04ce2bf0da0ca764) \Device\Harddisk0\DR0\Partition0

11:13:24.0261 3096 \Device\Harddisk0\DR0\Partition0 - ok

11:13:24.0269 3096 Boot (0x1200) (4769c155d5cc6f606a954f8883c0bf5d) \Device\Harddisk0\DR0\Partition1

11:13:24.0270 3096 \Device\Harddisk0\DR0\Partition1 - ok

11:13:24.0270 3096 ============================================================

11:13:24.0270 3096 Scan finished

11:13:24.0270 3096 ============================================================

11:13:24.0281 2768 Detected object count: 2

11:13:24.0281 2768 Actual detected object count: 2

11:14:41.0190 2768 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

11:14:41.0190 2768 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:14:41.0190 2768 sptd ( LockedFile.Multi.Generic ) - skipped by user

11:14:41.0190 2768 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

11:14:54.0430 1428 Deinitialize success

[MrCharlie]

That was clean....please do this........

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

[Poorsoul]

Ok, I disabled avast and downloaded and ran combofix from my desktop, but combofix, after launching initially, doesn't ever make it to the blue command line type screen pictured in the instructions (looks like it installs but never launches?)

[MrCharlie]

See if this works.....

Delete your copy of ComboFix. Grab a fresh copy and save it to your Desktop, but do not run it yet. Before you download it, rename it to sega.com

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Click Start --> Run, and enter this command exactly as shown:

"%userprofile%\desktop\sega.com" /killall /nombr

See if it will run successfully now. Stop it after half an hour of no activity.

Let me know....MrC

[Poorsoul]

With the link you provided I am not offered the option to "save as", so I cannot change the name of the file before I download it.Do you know of another place from which to d/l the file or perhaps another workaround for changing the name of the file before I download it?

[MrCharlie]

OK, just download it as ComboFix.exe and.....

press Windows key + R, type "%userprofile%\desktop\combofix.exe" /nombr and press enter.

Let me know if combofix runs that way.

MrC

[Poorsoul]

sorry, I fixed that problem by editing my firefox preferences. I am now following your instructions

[Poorsoul]

ok, I ran the file as instructed and it still never actually launches the blue command line box, it acts like it's installing then just poofs.

[MrCharlie]

Please download Listparts64

Run the tool, click Scan and post the log (Result.txt) it makes

MrC

[Poorsoul]

Ok. This is all still in safe mode with networking, is that ok?

ListParts by Farbar Version: 12-03-2012 03

Ran by XXXX (administrator) on 17-05-2012 at 12:17:58

Windows 7 (X64)

Running From: C:\Users\XXXX\Desktop

Language: 0409

************************************************************

========================= Memory info ======================

Percentage of memory in use: 16%

Total physical RAM: 4094.05 MB

Available physical RAM: 3413.08 MB

Total Pagefile: 10233.19 MB

Available Pagefile: 9590.84 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:465.66 GB) (Free:23.61 GB) NTFS

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 465 GB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 100 MB 1024 KB

Partition 2 Primary 465 GB 101 MB

======================================================================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

[MrCharlie]

See if you can run this one.....

Download aswMBR to your desktop.

http://public.avast....erek/aswMBR.exe

Double click the aswMBR.exe to run it.

If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".

Click the "Scan" button to start scan.

On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

MrC

[Poorsoul]

Ok, it is running. It appears as though this one might take awhile but I am still here and monitoring this thread. Thank you very much for your help, I really do appreciate your time and effort.

[MrCharlie]

Yes it will take some time but at least it's running, MrC

[Poorsoul]

Here it is.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-05-17 12:44:05

-----------------------------

12:44:05.669 OS Version: Windows x64 6.1.7600

12:44:05.669 Number of processors: 4 586 0x503

12:44:05.670 ComputerName: XXXX-PC UserName: XXXX

12:44:09.006 Initialize success

12:44:10.356 AVAST engine defs: 12051700

12:45:10.350 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

12:45:10.352 Disk 0 Vendor: Hitachi_HDS721050CLA362 JP2OA3MA Size: 476940MB BusType: 3

12:45:10.360 Disk 0 MBR read successfully

12:45:10.362 Disk 0 MBR scan

12:45:10.676 Disk 0 Windows 7 default MBR code

12:45:10.699 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048

12:45:11.008 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848

12:45:11.385 Disk 0 scanning C:\Windows\system32\drivers

12:45:23.437 Service scanning

12:45:41.241 Modules scanning

12:45:41.248 Disk 0 trace - called modules:

12:45:41.258 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys

12:45:41.277 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80049d9060]

12:45:41.282 3 CLASSPNP.SYS[fffff880015a643f] -> nt!IofCallDriver -> [0xfffffa8004760520]

12:45:41.287 5 ACPI.sys[fffff8800100b781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800475d060]

12:45:43.551 AVAST engine scan C:\Windows

12:45:46.355 AVAST engine scan C:\Windows\system32

12:46:56.965 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]

12:46:58.771 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]

12:48:10.924 AVAST engine scan C:\Windows\system32\drivers

12:48:32.783 AVAST engine scan C:\Users\XXXX

12:54:56.637 Disk 0 MBR has been saved successfully to "C:\Users\XXXX\Documents\MBR.dat"

12:54:56.642 The log file has been saved successfully to "C:\Users\XXXX\Documents\aswMBR.txt"

12:55:50.193 Disk 0 MBR has been saved successfully to "C:\Users\XXXX\Desktop\MBR.dat"

12:55:50.226 The log file has been saved successfully to "C:\Users\XXXX\Desktop\aswMBR.txt"

[Poorsoul]

Oh wait, it's still running. Sorry about that.

[Poorsoul]

Here it is again.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-05-17 13:09:58

-----------------------------

13:09:58.163 OS Version: Windows x64 6.1.7600

13:09:58.163 Number of processors: 4 586 0x503

13:09:58.164 ComputerName: XXXX-PC UserName: XXXX

13:10:01.735 Initialize success

13:10:01.947 AVAST engine defs: 12051700

13:10:10.002 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

13:10:10.005 Disk 0 Vendor: Hitachi_HDS721050CLA362 JP2OA3MA Size: 476940MB BusType: 3

13:10:10.028 Disk 0 MBR read successfully

13:10:10.030 Disk 0 MBR scan

13:10:10.033 Disk 0 Windows 7 default MBR code

13:10:10.041 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048

13:10:10.059 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848

13:10:10.138 Disk 0 scanning C:\Windows\system32\drivers

13:10:36.150 Service scanning

13:11:59.713 Modules scanning

13:11:59.713 Disk 0 trace - called modules:

13:11:59.721 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys

13:11:59.722 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80049d9060]

13:11:59.722 3 CLASSPNP.SYS[fffff880015a643f] -> nt!IofCallDriver -> [0xfffffa8004760520]

13:11:59.722 5 ACPI.sys[fffff8800100b781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800475d060]

13:12:02.759 AVAST engine scan C:\Windows

13:12:36.540 AVAST engine scan C:\Windows\system32

13:14:54.554 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]

13:14:57.326 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]

13:16:23.389 AVAST engine scan C:\Windows\system32\drivers

13:16:34.768 AVAST engine scan C:\Users\XXXX

13:58:53.287 AVAST engine scan C:\ProgramData

14:01:58.532 Scan finished successfully

14:08:26.333 Disk 0 MBR has been saved successfully to "C:\Users\XXXX\Desktop\MBR.dat"

14:08:26.338 The log file has been saved successfully to "C:\Users\XXXX\Desktop\aswMBR.txt"

[MrCharlie]

I have another person with the same infection and bad file.

Lets confirm that it's gone........

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Please do this:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following

  
  :files
  C:\Windows\assembly\GAC_32\Desktop.ini
  :Commands
  [EMPTYJAVA]
  [emptytemp]
  

  
  

• Then click the Run Fix button at the top
  
• Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  
• Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
  

MrC

[Poorsoul]

Here is the log file.

All processes killed

========== FILES ==========

C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.

========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: XXXX

->Java cache emptied: 63508046 bytes

User: Public

Total Java Files Cleaned = 61.00 mb

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 56502 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: XXXX

->Temp folder emptied: 1002409701 bytes

->Temporary Internet Files folder emptied: 81202502 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 135859734 bytes

->Flash cache emptied: 7711 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 802816 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 84912038 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,245.00 mb

OTL by OldTimer - Version 3.2.43.0 log created on 05172012_143347

[MrCharlie]

See if you can run ComboFix now...any way that will work.

Let me know, MrC

[Poorsoul]

combofix still will not run. I am clueless, but should we have changed

C:\Windows\assembly\GAC_64\Desktop.ini as well?

[MrCharlie]

Yes....I sorry I missed that......

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following

  
  :files
  C:\Windows\assembly\GAC_32\Desktop.ini
  C:\Windows\assembly\GAC_64\Desktop.ini
  [EMPTYJAVA]
  [emptytemp]
  

  
  

• Then click the Run Fix button at the top
  
• Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  
• Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
  

MrC