sistemanet registry entry (malware trace) causes bsod

[pongboy]

My computer slowed to a crawl and was not able to boot.

I hooked it up to another computer and ran Malwarebytes and was able to remove most of the items detected. After doing this, I was able to successfully boot the computer. I again ran Malwarebytes and it removed more items however it left a few straglers. so I ran vipre antivirus 2013. I then ran Microsoft Security Scanner I then removed Vipre because it was now coming up clean and ran Malwarebytes once again.

So I am stuck with two items. My computer is acting normal but these remnants have me worried.

Microsoft Security Scanner is now showing win32/pidief.bb but it is only able to do a partial removal and it shows up again on subsequent scans. This does not show in Mlwarebytes.

Malwarebytes shows a trace under HKCU/Software/sistemanet./ This shows up in the registry. If I let malwarebytes try to fix it I get a blue screen of death (0x00000008e (0xc0000005,......) I get the same BSOD if I try to manually delete the registry key.

It is only showing up if I boot normally into my user account. It does not show up in Safe Mode under Administrator nor under the user account.

Thanks in advance for any and all assistance you are able to provide.

dds.txt

attach.txt

[kevinf80]

Hello and welcome, do the following:

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from the following link :-

Combofix

• Ensure that Combofix is saved directly to the Desktop <--- Very important
  
• Disable all security programs as they will have a negative effect on Combofix, instructions available Here if required. Be aware the list may not have all programs listed, if you need more help please ask.
  
• Close any open browsers and any other programs you might have running
  
• Double click the icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
  
• Instructions for running Combofix available Here if required.
  
• If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
  
• When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review
  

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read Here why disabling autoruns is recommended.

*EXTRA NOTES*

• If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  
• If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  
• If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)
  

Post the log in next reply please...

Kevin

[pongboy]

OK, I`d like to have another try at running Combofix, as follows please :-

Starting with this line, was this not intended for me? I just want to make sure before proceeding.

[pongboy]

About 2 minutes after it completes Stage 50, I get the blue screen of death mentioned previously. So no log was displayed. I do not see c:\combofix.txt

[kevinf80]

Apologies for the error with Combofix instruction, you were correct with the assumption, the extra lines were not required. Can you check and see if Qoobox was created it will be showing here c:\Qoobox if created there may also be a Quarantine file list. So navigate here C:\QooBox\ComboFix-quarantined-files.txt if present and post that log.

Next,

1. Download Malwarebytes Anti-Rootkit from this link http://www.malwarebytes.org/products/mbar/

2. Unzip the File to a convenient location. (Recommend the Desktop)

3. Open the folder where the contents were unzipped to run mbar.exe

4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:

5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)

6. The following image opens, select Next.

7. The following image opens, select Update

8. When the Update completes, select Next

9. In the following window ensure "Targets" are ticked. Then select "Scan"

10. If an infection/s is found the "Cleanup Button" to remove threats will be available. A list of infected files will be listed like the following example:

11. Do not select the "Clean up Button" select the "Exit" button, there will be a warning as follows:

12. Select "Yes" to close down the program. If NO infections were found you will see the following image:

13. Select "Exit" to close down.

14. Copy and paste the two following logs from the mbar folder:

System - log

Mbar - log Date and time of scan will also be shown

Also post those two logs in your reply.

Kevin

[pongboy]

c:\qoobox exists but does not have that file or anything similiar. Folders BackEnv, LastRun, Quarantine, Test, TestC

Under Quarnatine, there are folders C (empty), Registry_backups (one file called tcpip), and text file catchme

attached are the requested files from MBAR.

Running MBAR found the same one trace of malware (sistemanet) and received the same blue screen of death upon removal attempt.

mbar-log-2012-12-02 (07-40-14).txt

system-log.txt

[kevinf80]

Did you try to remove that with MBAR, I did ask that you select EXIT at malware list option, not Cleanup... The entry from the log is sign of infection that will have arrived possibly by Trojan dropper, there will be several other entries we need to find. One possibility already shows in DDS.txt :-

dRun: [YorcqlB] c:\arquivos de programas\hqrryfk\gorjbat\YorcqlB.exe -Start

Run the following and post the produced logs:

Please read carefully and follow these steps.

• Download TDSSKiller and save it to your Desktop.
  
• Doubleclick on to run the application.
  
• The "Ready to scan" window will open, Click on "Change parameters"
  
  
• Place a checkmark next to Verify Driver Digital Signature and Detect TDLFS file system, (Leave "Service & Drivers" and "Boot Sectors" ticked. Click OK.
  
  
• Select "Start Scan"
  
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
  
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  

Next,

Download OTL from any of the following links and save to your desktop.

Link 1

Link 2

Link 3

Double click the icon to start the tool. (Note: If you are running on Vista or Windows 7 accept UAC alert)

• When the window appears, underneath Output at the top, make sure Standard output is selected.
  
• Select Scan all users
  
• Under the Extra Registry section, check Use SafeList
  
• In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
  
• Click Run Scan and let the program run uninterrupted.
  
• When the scan is complete, two text files will be created on your Desktop.
  
• OTL.Txt <- this one will be opened
  
• Extras.txt <- this one will be minimized
  

Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTL.Txt and the Extras.txt in your next reply.

Kevin....

[pongboy]

Herer is the TDDSKiller log file.

08:43:20.0678 0520 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

08:43:21.0116 0520 ============================================================

08:43:21.0116 0520 Current date / time: 2012/12/02 08:43:21.0116

08:43:21.0116 0520 SystemInfo:

08:43:21.0116 0520

08:43:21.0116 0520 OS Version: 5.1.2600 ServicePack: 3.0

08:43:21.0116 0520 Product type: Workstation

08:43:21.0116 0520 ComputerName: LYNDA

08:43:21.0116 0520 UserName: HP_Administrator

08:43:21.0116 0520 Windows directory: C:\WINDOWS

08:43:21.0116 0520 System windows directory: C:\WINDOWS

08:43:21.0116 0520 Processor architecture: Intel x86

08:43:21.0116 0520 Number of processors: 1

08:43:21.0116 0520 Page size: 0x1000

08:43:21.0116 0520 Boot type: Normal boot

08:43:21.0116 0520 ============================================================

08:43:22.0319 0520 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

08:43:22.0413 0520 ============================================================

08:43:22.0413 0520 \Device\Harddisk0\DR0:

08:43:22.0413 0520 MBR partitions:

08:43:22.0413 0520 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x1006857

08:43:22.0413 0520 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1006896, BlocksNum 0x11A1222B

08:43:22.0413 0520 ============================================================

08:43:22.0444 0520 C: <-> \Device\Harddisk0\DR0\Partition2

08:43:22.0444 0520 D: <-> \Device\Harddisk0\DR0\Partition1

08:43:22.0444 0520 ============================================================

08:43:22.0444 0520 Initialize success

08:43:22.0444 0520 ============================================================

08:43:47.0960 3164 ============================================================

08:43:47.0960 3164 Scan started

08:43:47.0960 3164 Mode: Manual; SigCheck; TDLFS;

08:43:47.0960 3164 ============================================================

08:43:48.0272 3164 ================ Scan system memory ========================

08:43:48.0272 3164 System memory - ok

08:43:48.0397 3164 ================ Scan services =============================

08:43:48.0585 3164 Abiosdsk - ok

08:43:48.0585 3164 abp480n5 - ok

08:43:48.0632 3164 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys

08:43:51.0397 3164 ACPI - ok

08:43:51.0444 3164 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys

08:43:51.0632 3164 ACPIEC - ok

08:43:51.0772 3164 [ 14C23516C990DCD6052152CF034DDE40 ] Adobe Version Cue CS3 C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe

08:43:51.0803 3164 Adobe Version Cue CS3 - ok

08:43:51.0882 3164 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

08:43:51.0913 3164 AdobeFlashPlayerUpdateSvc - ok

08:43:51.0913 3164 adpu160m - ok

08:43:51.0944 3164 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys

08:43:52.0100 3164 aec - ok

08:43:52.0132 3164 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys

08:43:52.0178 3164 AFD - ok

08:43:52.0178 3164 Aha154x - ok

08:43:52.0194 3164 aic78u2 - ok

08:43:52.0194 3164 aic78xx - ok

08:43:52.0303 3164 [ 781C5EC517C53F5214B61253B20C13C4 ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS

08:43:52.0491 3164 ALCXWDM - ok

08:43:52.0522 3164 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll

08:43:52.0694 3164 Alerter - ok

08:43:52.0710 3164 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe

08:43:52.0788 3164 ALG - ok

08:43:52.0788 3164 AliIde - ok

08:43:52.0819 3164 [ 59301936898AE62245A6F09C0ABA9475 ] AmdK8 C:\WINDOWS\system32\DRIVERS\AmdK8.sys

08:43:52.0975 3164 AmdK8 - ok

08:43:52.0975 3164 amsint - ok

08:43:53.0022 3164 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll

08:43:53.0085 3164 AppMgmt - ok

08:43:53.0116 3164 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys

08:43:53.0257 3164 Arp1394 - ok

08:43:53.0272 3164 asc - ok

08:43:53.0272 3164 asc3350p - ok

08:43:53.0288 3164 asc3550 - ok

08:43:53.0382 3164 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

08:43:53.0428 3164 aspnet_state - ok

08:43:53.0444 3164 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys

08:43:53.0585 3164 AsyncMac - ok

08:43:53.0632 3164 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys

08:43:53.0772 3164 atapi - ok

08:43:53.0772 3164 Atdisk - ok

08:43:53.0819 3164 [ 5784A06FDC2AC7954225A1A79E1A8F00 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe

08:43:53.0960 3164 Ati HotKey Poller - ok

08:43:54.0038 3164 [ 3DB26BB04C5F787F50258D703645E18F ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe

08:43:54.0100 3164 ATI Smart ( UnsignedFile.Multi.Generic ) - warning

08:43:54.0100 3164 ATI Smart - detected UnsignedFile.Multi.Generic (1)

08:43:54.0210 3164 [ DD222CE49E79F15D2312A5E1F42E716E ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

08:43:54.0288 3164 ati2mtag - ok

08:43:54.0335 3164 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys

08:43:54.0491 3164 Atmarpc - ok

08:43:54.0538 3164 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll

08:43:54.0694 3164 AudioSrv - ok

08:43:54.0725 3164 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys

08:43:54.0882 3164 audstub - ok

08:43:54.0897 3164 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys

08:43:55.0053 3164 Beep - ok

08:43:55.0100 3164 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll

08:43:55.0491 3164 BITS - ok

08:43:55.0569 3164 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

08:43:55.0616 3164 Bonjour Service - ok

08:43:55.0647 3164 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll

08:43:55.0710 3164 Browser - ok

08:43:55.0757 3164 [ 92A964547B96D697E5E9ED43B4297F5A ] BrScnUsb C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys

08:43:55.0803 3164 BrScnUsb - ok

08:43:55.0882 3164 [ D48C13F4A409AEE8DAFADDAC81E34557 ] BrSerIf C:\WINDOWS\system32\Drivers\BrSerIf.sys

08:43:55.0944 3164 BrSerIf - ok

08:43:55.0960 3164 [ 8FA0AC830A8312912A3AA0C0431CBA0D ] BrUsbSer C:\WINDOWS\system32\Drivers\BrUsbSer.sys

08:43:55.0975 3164 BrUsbSer - ok

08:43:56.0100 3164 catchme - ok

08:43:56.0132 3164 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys

08:43:56.0413 3164 cbidf2k - ok

08:43:56.0460 3164 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

08:43:56.0585 3164 CCDECODE - ok

08:43:56.0600 3164 cd20xrnt - ok

08:43:56.0616 3164 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys

08:43:56.0772 3164 Cdaudio - ok

08:43:56.0803 3164 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys

08:43:57.0022 3164 Cdfs - ok

08:43:57.0053 3164 [ 351735695E9EAD93DE6AF85D8BEB1CA8 ] cdrbsdrv C:\WINDOWS\system32\drivers\cdrbsdrv.sys

08:43:57.0069 3164 cdrbsdrv ( UnsignedFile.Multi.Generic ) - warning

08:43:57.0069 3164 cdrbsdrv - detected UnsignedFile.Multi.Generic (1)

08:43:57.0116 3164 [ 7FC46240546C16C0448C29C9D233B915 ] cdrbsvsd C:\WINDOWS\system32\drivers\cdrbsvsd.sys

08:43:57.0132 3164 cdrbsvsd ( UnsignedFile.Multi.Generic ) - warning

08:43:57.0132 3164 cdrbsvsd - detected UnsignedFile.Multi.Generic (1)

08:43:57.0132 3164 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys

08:43:57.0272 3164 Cdrom - ok

08:43:57.0288 3164 Changer - ok

08:43:57.0319 3164 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] cisvc C:\WINDOWS\system32\cisvc.exe

08:43:57.0491 3164 cisvc - ok

08:43:57.0522 3164 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe

08:43:57.0694 3164 ClipSrv - ok

08:43:57.0725 3164 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

08:43:57.0819 3164 clr_optimization_v2.0.50727_32 - ok

08:43:57.0882 3164 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

08:43:57.0897 3164 clr_optimization_v4.0.30319_32 - ok

08:43:57.0913 3164 CmdIde - ok

08:43:57.0913 3164 COMSysApp - ok

08:43:57.0928 3164 Cpqarray - ok

08:43:57.0928 3164 cpuz134 - ok

08:43:57.0960 3164 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll

08:43:58.0116 3164 CryptSvc - ok

08:43:58.0132 3164 dac2w2k - ok

08:43:58.0132 3164 dac960nt - ok

08:43:58.0194 3164 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll

08:43:58.0366 3164 DcomLaunch - ok

08:43:58.0397 3164 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll

08:43:58.0553 3164 Dhcp - ok

08:43:58.0600 3164 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys

08:43:58.0757 3164 Disk - ok

08:43:58.0757 3164 dmadmin - ok

08:43:58.0819 3164 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys

08:43:59.0022 3164 dmboot - ok

08:43:59.0053 3164 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys

08:43:59.0194 3164 dmio - ok

08:43:59.0241 3164 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys

08:43:59.0366 3164 dmload - ok

08:43:59.0397 3164 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll

08:43:59.0538 3164 dmserver - ok

08:43:59.0585 3164 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys

08:43:59.0788 3164 DMusic - ok

08:43:59.0835 3164 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll

08:43:59.0928 3164 Dnscache - ok

08:43:59.0960 3164 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll

08:44:00.0147 3164 Dot3svc - ok

08:44:00.0163 3164 dpti2o - ok

08:44:00.0210 3164 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys

08:44:00.0350 3164 drmkaud - ok

08:44:00.0397 3164 [ 96BC8F872F0270C10EDC3931F1C03776 ] drvmcdb C:\WINDOWS\system32\drivers\drvmcdb.sys

08:44:00.0413 3164 drvmcdb ( UnsignedFile.Multi.Generic ) - warning

08:44:00.0413 3164 drvmcdb - detected UnsignedFile.Multi.Generic (1)

08:44:00.0428 3164 [ 5AFBEC7A6AC61B211633DFDB1D9E0C89 ] drvnddm C:\WINDOWS\system32\drivers\drvnddm.sys

08:44:00.0444 3164 drvnddm ( UnsignedFile.Multi.Generic ) - warning

08:44:00.0444 3164 drvnddm - detected UnsignedFile.Multi.Generic (1)

08:44:00.0475 3164 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll

08:44:00.0632 3164 EapHost - ok

08:44:00.0710 3164 [ 5D1347AA5AE6E2F77D7F4F8372D95AC9 ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe

08:44:00.0803 3164 ehRecvr - ok

08:44:00.0835 3164 [ 16910F8B482919BB6035ED053B691692 ] ehSched C:\WINDOWS\eHome\ehSched.exe

08:44:00.0944 3164 ehSched - ok

08:44:00.0975 3164 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll

08:44:01.0132 3164 ERSvc - ok

08:44:01.0178 3164 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe

08:44:01.0241 3164 Eventlog - ok

08:44:01.0303 3164 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll

08:44:01.0397 3164 EventSystem - ok

08:44:01.0444 3164 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys

08:44:01.0678 3164 Fastfat - ok

08:44:01.0710 3164 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll

08:44:01.0819 3164 FastUserSwitchingCompatibility - ok

08:44:01.0850 3164 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys

08:44:02.0007 3164 Fdc - ok

08:44:02.0053 3164 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys

08:44:02.0178 3164 Fips - ok

08:44:02.0241 3164 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

08:44:02.0319 3164 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning

08:44:02.0319 3164 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)

08:44:02.0350 3164 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys

08:44:02.0522 3164 Flpydisk - ok

08:44:02.0569 3164 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys

08:44:02.0710 3164 FltMgr - ok

08:44:02.0788 3164 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

08:44:02.0803 3164 FontCache3.0.0.0 - ok

08:44:02.0835 3164 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys

08:44:02.0975 3164 Fs_Rec - ok

08:44:02.0991 3164 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys

08:44:03.0147 3164 Ftdisk - ok

08:44:03.0147 3164 ftsata2 - ok

08:44:03.0194 3164 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

08:44:03.0194 3164 GEARAspiWDM - ok

08:44:03.0241 3164 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys

08:44:03.0366 3164 Gpc - ok

08:44:03.0428 3164 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe

08:44:03.0444 3164 gupdate - ok

08:44:03.0460 3164 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe

08:44:03.0460 3164 gupdatem - ok

08:44:03.0538 3164 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

08:44:03.0678 3164 helpsvc - ok

08:44:03.0710 3164 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll

08:44:03.0897 3164 HidServ - ok

08:44:03.0928 3164 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys

08:44:04.0085 3164 HidUsb - ok

08:44:04.0132 3164 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll

08:44:04.0272 3164 hkmsvc - ok

08:44:04.0288 3164 hpn - ok

08:44:04.0335 3164 [ 5DF616ADDB75C1AD36C1F9E4DE0F7654 ] HSFHWBS2 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys

08:44:04.0475 3164 HSFHWBS2 - ok

08:44:04.0522 3164 [ DFA8F86C0DBCA7DB948043AA3BE6793B ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys

08:44:04.0616 3164 HSF_DP - ok

08:44:04.0678 3164 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys

08:44:04.0772 3164 HTTP - ok

08:44:04.0819 3164 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll

08:44:05.0007 3164 HTTPFilter - ok

08:44:05.0022 3164 i2omgmt - ok

08:44:05.0022 3164 i2omp - ok

08:44:05.0053 3164 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys

08:44:05.0210 3164 i8042prt - ok

08:44:05.0272 3164 [ 79AE2A97C120F282845D854D0F070EA9 ] iaStor C:\WINDOWS\system32\DRIVERS\iaStor.sys

08:44:05.0382 3164 iaStor - ok

08:44:05.0444 3164 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

08:44:05.0460 3164 IDriverT ( UnsignedFile.Multi.Generic ) - warning

08:44:05.0460 3164 IDriverT - detected UnsignedFile.Multi.Generic (1)

08:44:05.0553 3164 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

08:44:05.0616 3164 idsvc - ok

08:44:05.0647 3164 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys

08:44:05.0819 3164 Imapi - ok

08:44:05.0866 3164 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe

08:44:06.0007 3164 ImapiService - ok

08:44:06.0022 3164 ini910u - ok

08:44:06.0038 3164 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys

08:44:06.0194 3164 IntelIde - ok

08:44:06.0241 3164 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys

08:44:06.0366 3164 intelppm - ok

08:44:06.0366 3164 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys

08:44:06.0522 3164 Ip6Fw - ok

08:44:06.0553 3164 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

08:44:06.0710 3164 IpFilterDriver - ok

08:44:06.0725 3164 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys

08:44:06.0882 3164 IpInIp - ok

08:44:06.0897 3164 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys

08:44:07.0022 3164 IpNat - ok

08:44:07.0053 3164 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys

08:44:07.0194 3164 IPSec - ok

08:44:07.0210 3164 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys

08:44:07.0272 3164 IRENUM - ok

08:44:07.0303 3164 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys

08:44:07.0475 3164 isapnp - ok

08:44:07.0569 3164 [ 0E410EDC8D0527801B899CF29E60597C ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe

08:44:07.0585 3164 JavaQuickStarterService - ok

08:44:07.0632 3164 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys

08:44:07.0772 3164 Kbdclass - ok

08:44:07.0803 3164 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys

08:44:07.0975 3164 kbdhid - ok

08:44:08.0038 3164 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys

08:44:08.0178 3164 kmixer - ok

08:44:08.0210 3164 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys

08:44:08.0335 3164 KSecDD - ok

08:44:08.0366 3164 [ D1968DEA7BAFF4A917858C384339CEC8 ] L8042Kbd C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys

08:44:08.0413 3164 L8042Kbd - ok

08:44:08.0444 3164 [ D6FC755FF505D99E6CC73E83492310DF ] L8042mou C:\WINDOWS\system32\DRIVERS\L8042mou.Sys

08:44:08.0460 3164 L8042mou - ok

08:44:08.0507 3164 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll

08:44:08.0585 3164 lanmanserver - ok

08:44:08.0632 3164 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll

08:44:08.0772 3164 lanmanworkstation - ok

08:44:08.0803 3164 [ BE2DC24D403643A2D1D98F33C7087B38 ] LBeepKE C:\WINDOWS\system32\Drivers\LBeepKE.sys

08:44:08.0835 3164 LBeepKE - ok

08:44:08.0850 3164 lbrtfdc - ok

08:44:08.0944 3164 [ 910344E2A984010435AE84783B25E5EB ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe

08:44:09.0038 3164 LBTServ - ok

08:44:09.0132 3164 [ 01CC7FB6E790EF044B411377F3A1FF41 ] LHidFilt C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys

08:44:09.0163 3164 LHidFilt - ok

08:44:09.0241 3164 [ 53710476495886D9961BE46983A6A33F ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe

08:44:09.0257 3164 LightScribeService - ok

08:44:09.0303 3164 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll

08:44:09.0491 3164 LmHosts - ok

08:44:09.0522 3164 [ A2E7EAE8898D7B4B8C302B8F4E836BB5 ] LMouFilt C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys

08:44:09.0538 3164 LMouFilt - ok

08:44:09.0569 3164 [ C149BDAD13194DF16EA33F9F601ED7BF ] LMouKE C:\WINDOWS\system32\DRIVERS\LMouKE.Sys

08:44:09.0585 3164 LMouKE - ok

08:44:09.0647 3164 [ 9EE18A5A45552673A67532EA37370377 ] ltmodem5 C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys

08:44:09.0835 3164 ltmodem5 - ok

08:44:09.0866 3164 [ DDFA88E36D5F8DB5FBDBDDDC4969DB0A ] LUsbFilt C:\WINDOWS\system32\Drivers\LUsbFilt.Sys

08:44:09.0882 3164 LUsbFilt - ok

08:44:09.0913 3164 [ DF0A511F38F16016BF658FCA0090CB87 ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe

08:44:09.0928 3164 McrdSvc - ok

08:44:10.0007 3164 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

08:44:10.0038 3164 MDM ( UnsignedFile.Multi.Generic ) - warning

08:44:10.0038 3164 MDM - detected UnsignedFile.Multi.Generic (1)

08:44:10.0053 3164 [ 3C318B9CD391371BED62126581EE9961 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

08:44:10.0085 3164 mdmxsdk - ok

08:44:10.0116 3164 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll

08:44:10.0288 3164 Messenger - ok

08:44:10.0335 3164 [ B7521F69C0A9B29D356157229376FB21 ] MHN C:\WINDOWS\System32\mhn.dll

08:44:10.0350 3164 MHN ( UnsignedFile.Multi.Generic ) - warning

08:44:10.0350 3164 MHN - detected UnsignedFile.Multi.Generic (1)

08:44:10.0382 3164 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys

08:44:10.0397 3164 MHNDRV ( UnsignedFile.Multi.Generic ) - warning

08:44:10.0397 3164 MHNDRV - detected UnsignedFile.Multi.Generic (1)

08:44:10.0428 3164 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys

08:44:10.0569 3164 mnmdd - ok

08:44:10.0616 3164 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe

08:44:10.0788 3164 mnmsrvc - ok

08:44:10.0835 3164 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys

08:44:10.0975 3164 Modem - ok

08:44:11.0007 3164 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys

08:44:11.0163 3164 Mouclass - ok

08:44:11.0194 3164 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys

08:44:11.0350 3164 mouhid - ok

08:44:11.0382 3164 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys

08:44:11.0538 3164 MountMgr - ok

08:44:11.0569 3164 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

08:44:11.0632 3164 MozillaMaintenance - ok

08:44:11.0678 3164 [ FEE0BADED54222E9F1DAE9541212AAB1 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys

08:44:11.0694 3164 MpFilter - ok

08:44:11.0788 3164 [ A69630D039C38018689190234F866D77 ] MpKsl748ddf25 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A8A1AC12-6788-4ECF-968E-1A71C0AC5C55}\MpKsl748ddf25.sys

08:44:11.0803 3164 MpKsl748ddf25 - ok

08:44:11.0803 3164 mraid35x - ok

08:44:11.0835 3164 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys

08:44:11.0991 3164 MRxDAV - ok

08:44:12.0132 3164 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

08:44:12.0303 3164 MRxSmb - ok

08:44:12.0382 3164 [ D98350792A7CE82E7459A7C36481BEDA ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS32.exe

08:44:12.0397 3164 MSCamSvc - ok

08:44:12.0428 3164 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe

08:44:12.0647 3164 MSDTC - ok

08:44:12.0678 3164 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys

08:44:12.0835 3164 Msfs - ok

08:44:12.0835 3164 MSIServer - ok

08:44:12.0866 3164 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys

08:44:13.0038 3164 MSKSSRV - ok

08:44:13.0100 3164 [ CFCE43B70CA0CC4DCC8ADB62B792B173 ] MsMpSvc c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

08:44:13.0116 3164 MsMpSvc - ok

08:44:13.0147 3164 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys

08:44:13.0303 3164 MSPCLOCK - ok

08:44:13.0319 3164 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys

08:44:13.0475 3164 MSPQM - ok

08:44:13.0522 3164 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys

08:44:13.0647 3164 mssmbios - ok

08:44:13.0694 3164 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys

08:44:13.0866 3164 MSTEE - ok

08:44:13.0913 3164 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys

08:44:14.0007 3164 Mup - ok

08:44:14.0069 3164 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

08:44:14.0225 3164 NABTSFEC - ok

08:44:14.0272 3164 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll

08:44:14.0444 3164 napagent - ok

08:44:14.0491 3164 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys

08:44:14.0632 3164 NDIS - ok

08:44:14.0678 3164 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys

08:44:14.0850 3164 NdisIP - ok

08:44:14.0882 3164 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys

08:44:14.0928 3164 NdisTapi - ok

08:44:14.0975 3164 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys

08:44:15.0163 3164 Ndisuio - ok

08:44:15.0210 3164 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys

08:44:15.0350 3164 NdisWan - ok

08:44:15.0397 3164 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys

08:44:15.0460 3164 NDProxy - ok

08:44:15.0491 3164 Nero BackItUp Scheduler 4.0 - ok

08:44:15.0522 3164 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys

08:44:15.0647 3164 NetBIOS - ok

08:44:15.0694 3164 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys

08:44:15.0835 3164 NetBT - ok

08:44:15.0882 3164 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe

08:44:16.0022 3164 NetDDE - ok

08:44:16.0022 3164 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe

08:44:16.0163 3164 NetDDEdsdm - ok

08:44:16.0210 3164 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe

08:44:16.0350 3164 Netlogon - ok

08:44:16.0382 3164 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll

08:44:16.0522 3164 Netman - ok

08:44:16.0569 3164 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

08:44:16.0585 3164 NetTcpPortSharing - ok

08:44:16.0928 3164 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys

08:44:17.0069 3164 NIC1394 - ok

08:44:17.0116 3164 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll

08:44:17.0147 3164 Nla - ok

08:44:17.0194 3164 NMIndexingService - ok

08:44:17.0225 3164 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys

08:44:17.0350 3164 Npfs - ok

08:44:17.0397 3164 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys

08:44:17.0569 3164 Ntfs - ok

08:44:17.0600 3164 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe

08:44:17.0710 3164 NtLmSsp - ok

08:44:17.0788 3164 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll

08:44:17.0960 3164 NtmsSvc - ok

08:44:18.0007 3164 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys

08:44:18.0132 3164 Null - ok

08:44:18.0147 3164 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

08:44:18.0272 3164 NwlnkFlt - ok

08:44:18.0335 3164 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

08:44:18.0460 3164 NwlnkFwd - ok

08:44:18.0522 3164 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

08:44:18.0553 3164 odserv - ok

08:44:18.0600 3164 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys

08:44:18.0757 3164 ohci1394 - ok

08:44:18.0803 3164 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

08:44:18.0819 3164 ose - ok

08:44:18.0850 3164 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys

08:44:19.0007 3164 Parport - ok

08:44:19.0022 3164 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys

08:44:19.0194 3164 PartMgr - ok

08:44:19.0225 3164 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys

08:44:19.0350 3164 ParVdm - ok

08:44:19.0366 3164 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys

08:44:19.0507 3164 PCI - ok

08:44:19.0507 3164 PCIDump - ok

08:44:19.0553 3164 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys

08:44:19.0678 3164 PCIIde - ok

08:44:19.0725 3164 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys

08:44:19.0850 3164 Pcmcia - ok

08:44:19.0866 3164 PDCOMP - ok

08:44:19.0882 3164 PDFRAME - ok

08:44:19.0882 3164 PDRELI - ok

08:44:19.0897 3164 PDRFRAME - ok

08:44:19.0897 3164 perc2 - ok

08:44:19.0913 3164 perc2hib - ok

08:44:19.0960 3164 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe

08:44:19.0991 3164 PlugPlay - ok

08:44:20.0007 3164 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe

08:44:20.0132 3164 PolicyAgent - ok

08:44:20.0178 3164 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys

08:44:20.0335 3164 PptpMiniport - ok

08:44:20.0366 3164 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys

08:44:20.0522 3164 Processor - ok

08:44:20.0522 3164 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe

08:44:20.0647 3164 ProtectedStorage - ok

08:44:20.0694 3164 [ 390C204CED3785609AB24E9C52054A84 ] Ps2 C:\WINDOWS\system32\DRIVERS\PS2.sys

08:44:20.0741 3164 Ps2 - ok

08:44:20.0772 3164 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys

08:44:20.0913 3164 PSched - ok

08:44:20.0944 3164 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys

08:44:21.0100 3164 Ptilink - ok

08:44:21.0132 3164 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys

08:44:21.0147 3164 PxHelp20 - ok

08:44:21.0163 3164 ql1080 - ok

08:44:21.0163 3164 Ql10wnt - ok

08:44:21.0178 3164 ql12160 - ok

08:44:21.0178 3164 ql1240 - ok

08:44:21.0194 3164 ql1280 - ok

08:44:21.0225 3164 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys

08:44:21.0335 3164 RasAcd - ok

08:44:21.0366 3164 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll

08:44:21.0522 3164 RasAuto - ok

08:44:21.0538 3164 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

08:44:21.0694 3164 Rasl2tp - ok

08:44:21.0725 3164 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll

08:44:21.0850 3164 RasMan - ok

08:44:21.0866 3164 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys

08:44:22.0007 3164 RasPppoe - ok

08:44:22.0038 3164 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys

08:44:22.0163 3164 Raspti - ok

08:44:22.0194 3164 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys

08:44:22.0335 3164 Rdbss - ok

08:44:22.0366 3164 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

08:44:22.0475 3164 RDPCDD - ok

08:44:22.0491 3164 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys

08:44:22.0616 3164 rdpdr - ok

08:44:22.0647 3164 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys

08:44:22.0710 3164 RDPWD - ok

08:44:22.0741 3164 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe

08:44:22.0866 3164 RDSessMgr - ok

08:44:22.0897 3164 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys

08:44:23.0038 3164 redbook - ok

08:44:23.0085 3164 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll

08:44:23.0210 3164 RemoteAccess - ok

08:44:23.0257 3164 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll

08:44:23.0428 3164 RemoteRegistry - ok

08:44:23.0475 3164 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe

08:44:23.0663 3164 RpcLocator - ok

08:44:23.0710 3164 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll

08:44:23.0757 3164 RpcSs - ok

08:44:23.0803 3164 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe

08:44:23.0944 3164 RSVP - ok

08:44:23.0991 3164 [ 432F94857DC866A6D3D06931EED85434 ] RTL8023xp C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys

08:44:24.0085 3164 RTL8023xp - ok

08:44:24.0116 3164 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS

08:44:24.0257 3164 rtl8139 - ok

08:44:24.0272 3164 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe

08:44:24.0397 3164 SamSs - ok

08:44:24.0428 3164 [ 1FD538C4FEB36B793D2121F20BBDC16F ] SBRE C:\WINDOWS\system32\drivers\SBREdrv.sys

08:44:24.0444 3164 SBRE - ok

08:44:24.0475 3164 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe

08:44:24.0569 3164 SCardSvr - ok

08:44:24.0616 3164 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll

08:44:24.0741 3164 Schedule - ok

08:44:24.0772 3164 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys

08:44:24.0835 3164 Secdrv - ok

08:44:24.0866 3164 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll

08:44:24.0975 3164 seclogon - ok

08:44:24.0991 3164 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll

08:44:25.0147 3164 SENS - ok

08:44:25.0178 3164 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] Serenum C:\WINDOWS\system32\DRIVERS\serenum.sys

08:44:25.0319 3164 Serenum - ok

08:44:25.0350 3164 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys

08:44:25.0491 3164 Serial - ok

08:44:25.0522 3164 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys

08:44:25.0663 3164 Sfloppy - ok

08:44:25.0725 3164 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll

08:44:25.0897 3164 SharedAccess - ok

08:44:25.0944 3164 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll

08:44:25.0960 3164 ShellHWDetection - ok

08:44:25.0975 3164 Simbad - ok

08:44:26.0022 3164 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys

08:44:26.0132 3164 SLIP - ok

08:44:26.0178 3164 [ 60C377BE6B3CC83F6A8584934B181D2E ] SNMP C:\WINDOWS\System32\snmp.exe

08:44:26.0303 3164 SNMP - ok

08:44:26.0335 3164 [ 80A050795A107A76C2B1CD4CFBE010E6 ] SNMPTRAP C:\WINDOWS\System32\snmptrap.exe

08:44:26.0460 3164 SNMPTRAP - ok

08:44:26.0507 3164 [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1 C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS

08:44:26.0632 3164 SONYPVU1 - ok

08:44:26.0647 3164 Sparrow - ok

08:44:26.0678 3164 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys

08:44:26.0835 3164 splitter - ok

08:44:26.0882 3164 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe

08:44:26.0944 3164 Spooler - ok

08:44:26.0975 3164 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys

08:44:27.0038 3164 sr - ok

08:44:27.0100 3164 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll

08:44:27.0163 3164 srservice - ok

08:44:27.0257 3164 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys

08:44:27.0366 3164 Srv - ok

08:44:27.0397 3164 [ 98625722AD52B40305E74AAA83C93086 ] sscdbhk5 C:\WINDOWS\system32\drivers\sscdbhk5.sys

08:44:27.0397 3164 sscdbhk5 ( UnsignedFile.Multi.Generic ) - warning

08:44:27.0397 3164 sscdbhk5 - detected UnsignedFile.Multi.Generic (1)

08:44:27.0428 3164 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll

08:44:27.0507 3164 SSDPSRV - ok

08:44:27.0538 3164 [ D79412E3942C8A257253487536D5A994 ] ssrtln C:\WINDOWS\system32\drivers\ssrtln.sys

08:44:27.0553 3164 ssrtln ( UnsignedFile.Multi.Generic ) - warning

08:44:27.0553 3164 ssrtln - detected UnsignedFile.Multi.Generic (1)

08:44:27.0600 3164 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll

08:44:27.0741 3164 stisvc - ok

08:44:27.0803 3164 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys

08:44:27.0960 3164 streamip - ok

08:44:28.0007 3164 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys

08:44:28.0147 3164 swenum - ok

08:44:28.0178 3164 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys

08:44:28.0335 3164 swmidi - ok

08:44:28.0335 3164 SwPrv - ok

08:44:28.0350 3164 symc810 - ok

08:44:28.0350 3164 symc8xx - ok

08:44:28.0366 3164 sym_hi - ok

08:44:28.0366 3164 sym_u3 - ok

08:44:28.0397 3164 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys

08:44:28.0522 3164 sysaudio - ok

08:44:28.0553 3164 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe

08:44:28.0741 3164 SysmonLog - ok

08:44:28.0772 3164 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll

08:44:28.0913 3164 TapiSrv - ok

08:44:28.0975 3164 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys

08:44:29.0022 3164 Tcpip - ok

08:44:29.0069 3164 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys

08:44:29.0210 3164 TDPIPE - ok

08:44:29.0241 3164 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys

08:44:29.0366 3164 TDTCP - ok

08:44:29.0397 3164 [ 9101FFFCFCCD1A30E870A5B8A9091B10 ] teamviewervpn C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys

08:44:29.0491 3164 teamviewervpn - ok

08:44:29.0522 3164 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys

08:44:29.0694 3164 TermDD - ok

08:44:29.0741 3164 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll

08:44:29.0897 3164 TermService - ok

08:44:29.0960 3164 [ D0177776E11B0B3F272EEBD262A69661 ] tfsnboio C:\WINDOWS\system32\dla\tfsnboio.sys

08:44:29.0975 3164 tfsnboio ( UnsignedFile.Multi.Generic ) - warning

08:44:29.0991 3164 tfsnboio - detected UnsignedFile.Multi.Generic (1)

08:44:30.0007 3164 [ 599804BC938B8305A5422319774DA871 ] tfsncofs C:\WINDOWS\system32\dla\tfsncofs.sys

08:44:30.0007 3164 tfsncofs ( UnsignedFile.Multi.Generic ) - warning

08:44:30.0007 3164 tfsncofs - detected UnsignedFile.Multi.Generic (1)

08:44:30.0022 3164 [ A1902C00ADC11C4D83F8E3ED947A6A32 ] tfsndrct C:\WINDOWS\system32\dla\tfsndrct.sys

08:44:30.0038 3164 tfsndrct ( UnsignedFile.Multi.Generic ) - warning

08:44:30.0038 3164 tfsndrct - detected UnsignedFile.Multi.Generic (1)

08:44:30.0053 3164 [ D8DDB3F2B1BEF15CFF6728D89C042C61 ] tfsndres C:\WINDOWS\system32\dla\tfsndres.sys

08:44:30.0069 3164 tfsndres ( UnsignedFile.Multi.Generic ) - warning

08:44:30.0069 3164 tfsndres - detected UnsignedFile.Multi.Generic (1)

08:44:30.0069 3164 [ C4F2DEA75300971CDAEE311007DE138D ] tfsnifs C:\WINDOWS\system32\dla\tfsnifs.sys

08:44:30.0100 3164 tfsnifs ( UnsignedFile.Multi.Generic ) - warning

08:44:30.0100 3164 tfsnifs - detected UnsignedFile.Multi.Generic (1)

08:44:30.0116 3164 [ 272925BE0EA919F08286D2EE6F102B0F ] tfsnopio C:\WINDOWS\system32\dla\tfsnopio.sys

08:44:30.0132 3164 tfsnopio ( UnsignedFile.Multi.Generic ) - warning

08:44:30.0132 3164 tfsnopio - detected UnsignedFile.Multi.Generic (1)

08:44:30.0147 3164 [ 7B7D955E5CEBC2FB88B03EF875D52A2F ] tfsnpool C:\WINDOWS\system32\dla\tfsnpool.sys

08:44:30.0163 3164 tfsnpool ( UnsignedFile.Multi.Generic ) - warning

08:44:30.0163 3164 tfsnpool - detected UnsignedFile.Multi.Generic (1)

08:44:30.0194 3164 [ E3D01263109D800C1967C12C10A0B018 ] tfsnudf C:\WINDOWS\system32\dla\tfsnudf.sys

08:44:30.0194 3164 tfsnudf ( UnsignedFile.Multi.Generic ) - warning

08:44:30.0194 3164 tfsnudf - detected UnsignedFile.Multi.Generic (1)

08:44:30.0225 3164 [ B9E9C377906E3A65BC74598FFF7F7458 ] tfsnudfa C:\WINDOWS\system32\dla\tfsnudfa.sys

08:44:30.0241 3164 tfsnudfa ( UnsignedFile.Multi.Generic ) - warning

08:44:30.0241 3164 tfsnudfa - detected UnsignedFile.Multi.Generic (1)

08:44:30.0257 3164 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll

08:44:30.0272 3164 Themes - ok

08:44:30.0303 3164 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe

08:44:30.0382 3164 TlntSvr - ok

08:44:30.0382 3164 TosIde - ok

08:44:30.0428 3164 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll

08:44:30.0553 3164 TrkWks - ok

08:44:30.0585 3164 [ 9DD333FA5746C222BBB58AB704C78BA5 ] ubohci C:\WINDOWS\system32\DRIVERS\ubohci.sys

08:44:30.0616 3164 ubohci ( UnsignedFile.Multi.Generic ) - warning

08:44:30.0616 3164 ubohci - detected UnsignedFile.Multi.Generic (1)

08:44:30.0647 3164 [ 1BD61B9AC6756C58FD88FC74DCF1BD85 ] ubsbm C:\WINDOWS\system32\DRIVERS\ubsbm.sys

08:44:30.0647 3164 ubsbm ( UnsignedFile.Multi.Generic ) - warning

08:44:30.0647 3164 ubsbm - detected UnsignedFile.Multi.Generic (1)

08:44:30.0663 3164 [ 64461004A7E6A59F222B45D74A164556 ] ubumapi C:\WINDOWS\system32\DRIVERS\ubumapi.sys

08:44:30.0678 3164 ubumapi ( UnsignedFile.Multi.Generic ) - warning

08:44:30.0678 3164 ubumapi - detected UnsignedFile.Multi.Generic (1)

08:44:30.0725 3164 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys

08:44:30.0866 3164 Udfs - ok

08:44:30.0882 3164 ultra - ok

08:44:30.0928 3164 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys

08:44:31.0085 3164 Update - ok

08:44:31.0116 3164 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll

08:44:31.0194 3164 upnphost - ok

08:44:31.0225 3164 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe

08:44:31.0366 3164 UPS - ok

08:44:31.0413 3164 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys

08:44:31.0553 3164 usbaudio - ok

08:44:31.0600 3164 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys

08:44:31.0741 3164 usbccgp - ok

08:44:31.0772 3164 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys

08:44:31.0913 3164 usbehci - ok

08:44:31.0944 3164 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys

08:44:32.0069 3164 usbhub - ok

08:44:32.0100 3164 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys

08:44:32.0225 3164 usbohci - ok

08:44:32.0257 3164 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys

08:44:32.0382 3164 usbprint - ok

08:44:32.0428 3164 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

08:44:32.0553 3164 USBSTOR - ok

08:44:32.0569 3164 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys

08:44:32.0710 3164 usbuhci - ok

08:44:32.0741 3164 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys

08:44:32.0850 3164 VgaSave - ok

08:44:32.0897 3164 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys

08:44:33.0022 3164 ViaIde - ok

08:44:33.0053 3164 [ AE01E1ED5A81E0D268B91B4A6DE5A872 ] VNUSB C:\WINDOWS\system32\DRIVERS\VNUSB.sys

08:44:33.0069 3164 VNUSB ( UnsignedFile.Multi.Generic ) - warning

08:44:33.0069 3164 VNUSB - detected UnsignedFile.Multi.Generic (1)

08:44:33.0116 3164 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys

08:44:33.0241 3164 VolSnap - ok

08:44:33.0288 3164 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe

08:44:33.0366 3164 VSS - ok

08:44:33.0460 3164 [ CBA3F6EF1E70167DB376B4013F71A62B ] vToolbarUpdater12.2.6 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe

08:44:33.0507 3164 vToolbarUpdater12.2.6 - ok

08:44:33.0600 3164 [ D22C6B9C2F840D403FD387AD207A4B16 ] VX1000 C:\WINDOWS\system32\DRIVERS\VX1000.sys

08:44:33.0741 3164 VX1000 - ok

08:44:33.0772 3164 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll

08:44:33.0913 3164 W32Time - ok

08:44:33.0960 3164 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys

08:44:34.0085 3164 Wanarp - ok

08:44:34.0147 3164 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

08:44:34.0178 3164 Wdf01000 - ok

08:44:34.0178 3164 WDICA - ok

08:44:34.0225 3164 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys

08:44:34.0350 3164 wdmaud - ok

08:44:34.0397 3164 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll

08:44:34.0522 3164 WebClient - ok

08:44:34.0585 3164 [ 473EE64C368CE2EED110376C11960259 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

08:44:34.0647 3164 winachsf - ok

08:44:34.0725 3164 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll

08:44:34.0835 3164 winmgmt - ok

08:44:34.0913 3164 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll

08:44:35.0069 3164 WinRM - ok

08:44:35.0116 3164 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll

08:44:35.0163 3164 WmdmPmSN - ok

08:44:35.0194 3164 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll

08:44:35.0272 3164 Wmi - ok

08:44:35.0319 3164 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe

08:44:35.0460 3164 WmiApSrv - ok

08:44:35.0538 3164 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe

08:44:35.0647 3164 WMPNetworkSvc - ok

08:44:35.0772 3164 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

08:44:35.0835 3164 WPFFontCache_v0400 - ok

08:44:35.0866 3164 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys

08:44:35.0991 3164 WS2IFSL - ok

08:44:36.0022 3164 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll

08:44:36.0147 3164 wscsvc - ok

08:44:36.0163 3164 WSearch - ok

08:44:36.0178 3164 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

08:44:36.0319 3164 WSTCODEC - ok

08:44:36.0350 3164 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll

08:44:36.0507 3164 wuauserv - ok

08:44:36.0538 3164 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys

08:44:36.0585 3164 WudfPf - ok

08:44:36.0600 3164 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys

08:44:36.0632 3164 WudfRd - ok

08:44:36.0663 3164 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll

08:44:36.0694 3164 WudfSvc - ok

08:44:36.0757 3164 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll

08:44:36.0944 3164 WZCSVC - ok

08:44:36.0975 3164 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll

08:44:37.0100 3164 xmlprov - ok

08:44:37.0116 3164 ================ Scan global ===============================

08:44:37.0147 3164 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll

08:44:37.0194 3164 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll

08:44:37.0241 3164 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll

08:44:37.0257 3164 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe

08:44:37.0257 3164 [Global] - ok

08:44:37.0257 3164 ================ Scan MBR ==================================

08:44:37.0272 3164 [ 0AC6D996BCE152AED9600E6D6B797E2E ] \Device\Harddisk0\DR0

08:44:37.0600 3164 \Device\Harddisk0\DR0 - ok

08:44:37.0600 3164 ================ Scan VBR ==================================

08:44:37.0600 3164 [ 7B6E1EBF2EC78E8500CD6AB9E749DBAA ] \Device\Harddisk0\DR0\Partition1

08:44:37.0600 3164 \Device\Harddisk0\DR0\Partition1 - ok

08:44:37.0600 3164 [ B487A18DE66C02031927EAEF3CEA79F5 ] \Device\Harddisk0\DR0\Partition2

08:44:37.0616 3164 \Device\Harddisk0\DR0\Partition2 - ok

08:44:37.0616 3164 ============================================================

08:44:37.0616 3164 Scan finished

08:44:37.0616 3164 ============================================================

08:44:37.0757 2584 Detected object count: 25

08:44:37.0757 2584 Actual detected object count: 25

08:45:51.0460 2584 ATI Smart ( UnsignedFile.Multi.Generic ) - skipped by user

08:45:51.0460 2584 ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:45:51.0460 2584 cdrbsdrv ( UnsignedFile.Multi.Generic ) - skipped by user

08:45:51.0460 2584 cdrbsdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:45:51.0460 2584 cdrbsvsd ( UnsignedFile.Multi.Generic ) - skipped by user

08:45:51.0460 2584 cdrbsvsd ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:45:51.0460 2584 drvmcdb ( UnsignedFile.Multi.Generic ) - skipped by user

08:45:51.0460 2584 drvmcdb ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:45:51.0475 2584 drvnddm ( UnsignedFile.Multi.Generic ) - skipped by user

08:45:51.0475 2584 drvnddm ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:45:51.0475 2584 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user

08:45:51.0475 2584 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:45:51.0475 2584 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

08:45:51.0475 2584 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:45:51.0475 2584 MDM ( UnsignedFile.Multi.Generic ) - skipped by user

08:45:51.0475 2584 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:45:51.0491 2584 MHN ( UnsignedFile.Multi.Generic ) - skipped by user

08:45:51.0491 2584 MHN ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:45:51.0491 2584 MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user

08:45:51.0491 2584 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:45:51.0491 2584 sscdbhk5 ( UnsignedFile.Multi.Generic ) - skipped by user

08:45:51.0491 2584 sscdbhk5 ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:45:51.0491 2584 ssrtln ( UnsignedFile.Multi.Generic ) - skipped by user

08:45:51.0491 2584 ssrtln ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:45:51.0491 2584 tfsnboio ( UnsignedFile.Multi.Generic ) - skipped by user

08:45:51.0491 2584 tfsnboio ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:45:51.0507 2584 tfsncofs ( UnsignedFile.Multi.Generic ) - skipped by user

08:45:51.0507 2584 tfsncofs ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:45:51.0507 2584 tfsndrct ( UnsignedFile.Multi.Generic ) - skipped by user

08:45:51.0507 2584 tfsndrct ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:45:51.0507 2584 tfsndres ( UnsignedFile.Multi.Generic ) - skipped by user

08:45:51.0507 2584 tfsndres ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:45:51.0507 2584 tfsnifs ( UnsignedFile.Multi.Generic ) - skipped by user

08:45:51.0507 2584 tfsnifs ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:45:51.0507 2584 tfsnopio ( UnsignedFile.Multi.Generic ) - skipped by user

08:45:51.0507 2584 tfsnopio ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:45:51.0522 2584 tfsnpool ( UnsignedFile.Multi.Generic ) - skipped by user

08:45:51.0522 2584 tfsnpool ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:45:51.0522 2584 tfsnudf ( UnsignedFile.Multi.Generic ) - skipped by user

08:45:51.0522 2584 tfsnudf ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:45:51.0522 2584 tfsnudfa ( UnsignedFile.Multi.Generic ) - skipped by user

08:45:51.0522 2584 tfsnudfa ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:45:51.0522 2584 ubohci ( UnsignedFile.Multi.Generic ) - skipped by user

08:45:51.0522 2584 ubohci ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:45:51.0522 2584 ubsbm ( UnsignedFile.Multi.Generic ) - skipped by user

08:45:51.0522 2584 ubsbm ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:45:51.0522 2584 ubumapi ( UnsignedFile.Multi.Generic ) - skipped by user

08:45:51.0522 2584 ubumapi ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:45:51.0522 2584 VNUSB ( UnsignedFile.Multi.Generic ) - skipped by user

08:45:51.0522 2584 VNUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:46:38.0007 3664 Deinitialize success

[pongboy]

I tried to copy and paste but it said the post was too long.

Attached are the OTL reports.

OTL.Txt

Extras.Txt

[kevinf80]

Re-Run by double left click, Vista and Widows 7 users accept UAC alert.

• Under the box at the bottom, paste in the following
  

  
  :OTL
  IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=390&systemid=406&sr=0&q={searchTerms}
  IE - HKU\S-1-5-21-4159497711-1204435011-1287326605-1008\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No CLSID value found
  FF - prefs.js..browser.startup.homepage: "http://www.searchnu.com/406"
  FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=390&systemid=406&sr=0&q="
  File not found (No name found) -- C:\PROGRAM FILES\SEARCHQU TOOLBAR\DATAMNGR\FIREFOXEXTENSIONEXTENSION6=C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OKR4TTFP.DEFAULT\EXTENSIONS\HELPERBAR@HELPERBAR.COM
  O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
  O2 - BHO: (no name) - {44AF617D-9DCC-4A58-8B10-A65CADA3A7D3}8B10-A65CADA3A7D3} - No CLSID value found.
  O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
  O3 - HKLM\..\Toolbar: (no name) - !{8dcb7100-df86-4384-8842-8fa844297b3f} - No CLSID value found.
  O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
  O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
  O3 - HKU\S-1-5-21-4159497711-1204435011-1287326605-1008\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
  O3 - HKU\S-1-5-21-4159497711-1204435011-1287326605-1008\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
  O4 - HKU\.DEFAULT..\Run: [YorcqlB] C:\Arquivos de programas\HqrryfK\GorjbaT\YorcqlB.exe -Start File not found
  O4 - HKU\S-1-5-18..\Run: [YorcqlB] C:\Arquivos de programas\HqrryfK\GorjbaT\YorcqlB.exe -Start File not found
  [2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
  [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
  :Commands
  [emptytemp]
  [CREATERESTOREPOINT]
  

  
  

• Then click button at the top
  
• Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  
• Please post that log in your next reply.
  

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start > All Programs > Accessories > Notepad), click File > Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Next,

Delete Combofix from your Desktop, d/l fresh copy from here Combofix

save again to Desktop and run exactly as before,

post both logs

[pongboy]

Here is the log.

Combofix did the same thing after completing Stage 50. BSOD. No log file found in c:\ or in c:\Qoobox

12022012_095554.log

[kevinf80]

OK, I`d like to have another try at running Combofix, as follows please :-

Delete any version of ComboFix you have on your Desktop. Download a fresh copy from either of the following links:

Link 1

Link 2

Before you save it to the Desktop Make sure to rename it to sega.com

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Click Start --> Run, and type this command exactly as shown or use copy/paste:

"%userprofile%\desktop\sega.com" /killall /nombr Tap enter or select OK.

See if it will run successfully now.

Post the log in next reply,

[pongboy]

Same result.

[kevinf80]

OK, do the following:

Please download this program Blue Screen Viewer and unzip "Bluescreen View.exe" to your desktop.

Next, Right click on "My Computer" and select "Properties" select "Advanced Tab." From the "Start up and Recovery" section select "settings" make sure the default folder is "%SystemRoot%\Minidump".

Under “System Failure” make sure “write an event to system log” IS ticked and “Automatically restart” is NOT ticked

Go back to your desktop and double click on Bluescreen Viewer to run it, if there is any info available the program will grab the most recent. Choose save from the Toolbar and copy paste to your next reply. If there is no information available try and re-create the BSOD and try again with the tool to collect the information.

Next,

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

• Double-click SystemLook.exe to run it.
  
• Copy the content of the following codebox into the main textfield:
  

  
  :Reg
  HKCU/Software/sistemanet /sub
  :FolderFind
  *sistemanet*
  

  
  

• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  

Note: The log can also be found on your Desktop entitled SystemLook.txt

[pongboy]

Here are the files requested.

Systemview crashed when running but still generated this report.

120212.txt

SystemLook.txt

SystemView-error.doc

[kevinf80]

Please download RogueKiller from here http://tigzy.geekstogo.com/Tools/RogueKiller.exe or here http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe and save Direct to your Desktop.

• Quit all running programs
  
• For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  
• 1. Wait until Prescan has finished...
  
• The following EULA will appear, please select accept
  
  
• 2. Ensure MBR scan, Check faked and AntiRootkit are checked
  
• 3. Select Scan
  
  
• When the scan completes select Report, copy and paste that to your reply.
  

[pongboy]

RogueKiller V8.3.1 [Dec 2 2012] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : HP_Administrator [Admin rights]

Mode : Scan -- Date : 12/02/2012 12:24:27

¤¤¤ Bad processes : 1 ¤¤¤

[sUSP PATH] ALCXMNTR.EXE -- C:\WINDOWS\ALCXMNTR.EXE -> KILLED [TermProc]

¤¤¤ Registry Entries : 2 ¤¤¤

[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 1000gratisproben.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1001namen.com

127.0.0.1 www.1001namen.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100888290cs.com

127.0.0.1 www.100sexlinks.com

127.0.0.1 100sexlinks.com

[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG SP1604N/R +++++

--- User ---

[MBR] 8d628688acddc84d5a0445b5dc91ff27

[bSP] 8a7884da59e414827f91c43dcf324e78 : Toshiba tatooed MBR Code

Partition table:

0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 8205 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 16803990 | Size: 144420 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_12022012_02d1224.txt >>

RKreport[1]_S_12022012_02d1224.txt

[pongboy]

not sure why the lines? is that ok? can you still read?

[kevinf80]

I`m not sure about the lines either, strange..... Re-run RogueKiller, when the scan completes hit the Delete Tab, it will produce another log... post that log.

Next,

Update Malwarebytes, run quick scan, Post that log...

[pongboy]

RogueKiller V8.3.1 [Dec 2 2012] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : HP_Administrator [Admin rights]

Mode : Scan -- Date : 12/02/2012 12:24:27

¤¤¤ Bad processes : 1 ¤¤¤

[sUSP PATH] ALCXMNTR.EXE -- C:\WINDOWS\ALCXMNTR.EXE -> KILLED [TermProc]

¤¤¤ Registry Entries : 2 ¤¤¤

[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 1000gratisproben.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1001namen.com

127.0.0.1 www.1001namen.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100888290cs.com

127.0.0.1 www.100sexlinks.com

127.0.0.1 100sexlinks.com

[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG SP1604N/R +++++

--- User ---

[MBR] 8d628688acddc84d5a0445b5dc91ff27

[bSP] 8a7884da59e414827f91c43dcf324e78 : Toshiba tatooed MBR Code

Partition table:

0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 8205 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 16803990 | Size: 144420 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_12022012_02d1224.txt >>

RKreport[1]_S_12022012_02d1224.txt

[kevinf80]

Have you hit the Delete tab after the scan complted?

[pongboy]

malwarebytes detects the malware trace and bsod when trying to remove. it does not generate a log because of the bsod.

[pongboy]

yes, i hit delete.

[pongboy]

Sorry, I must have sent the wrong log.

RogueKiller V8.3.1 [Dec 2 2012] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : HP_Administrator [Admin rights]

Mode : Remove -- Date : 12/02/2012 12:55:48

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤

[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> DELETED

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 1000gratisproben.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1001namen.com

127.0.0.1 www.1001namen.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100888290cs.com

127.0.0.1 www.100sexlinks.com

127.0.0.1 100sexlinks.com

[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG SP1604N/R +++++

--- User ---

[MBR] 8d628688acddc84d5a0445b5dc91ff27

[bSP] 8a7884da59e414827f91c43dcf324e78 : Toshiba tatooed MBR Code

Partition table:

0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 8205 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 16803990 | Size: 144420 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[3]_D_12022012_02d1255.txt >>

RKreport[1]_S_12022012_02d1224.txt ; RKreport[2]_S_12022012_02d1255.txt ; RKreport[3]_D_12022012_02d1255.txt

[kevinf80]

The log is from Scan, does not show any reference to the identified files being removed when Delete is used....