Windows 7 reboot in one minute sirefef help

Inactive
By Rob Thie
Aug 14, 2012
  1. Thank you for any help. When booting win7 at desktop I get an error message system errror and will reboot after 1 minute. MS Security Ess. sees the virus as 3 different "sirefef" viruses. when prompted to remove, removal starts but virus times out and reboots. Here are the frst.txt and services.txt files.

    Thank you for your time....


    Rob

    Attached Files:

  2. Rob Thie

    Rob Thie Newcomer, in training Topic Starter

    Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 14-08-2012
    Ran by SYSTEM at 14-08-2012 20:33:15
    Running from G:\
    Windows 7 Ultimate N (X86) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [NUSB3MON] "C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-11-17] (Renesas Electronics Corporation)
    HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [11438696 2011-10-25] (Realtek Semiconductor)
    HKLM\...\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN [1159168 2009-05-26] (Brother Industries, Ltd.)
    HKLM\...\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun [114688 2008-12-24] (Brother Industries, Ltd.)
    HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
    HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
    HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
    HKLM\...\Run: [Monitor] "C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe" [268640 2011-11-12] (LeapFrog Enterprises, Inc.)
    HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
    HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2012-03-06] (Apple Inc.)
    HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
    HKLM\...\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2221352 2008-06-08] (Nero AG)
    HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
    HKU\Bethanie\...\Run: [CrashDumps] rundll32.exe "C:\Users\Bethanie\AppData\Local\Macromedia\CrashDumps\bgtoh.dll",CreateInstance [1675776 2012-08-10] (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
    AppInit_DLLs:

    ================================ Services (Whitelisted) ==================

    2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
    2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [11552 2012-03-26] (Microsoft Corporation)
    3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [214952 2012-03-26] (Microsoft Corporation)
    2 RRAANXGN; C:\Windows\srvany.exe [13312 1997-05-15] ()
    2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe /launchService [x]
    2 PSI_SVC_2; "c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe" [x]

    ========================== Drivers (Whitelisted) =============

    2 cpuz135; \??\C:\Windows\system32\drivers\cpuz135_x32.sys [24328 2012-03-09] (CPUID)
    3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [61704 2011-09-22] (FTDI Ltd.)
    0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
    3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [63872 2011-02-10] (Renesas Electronics Corporation)
    3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [141952 2011-02-10] (Renesas Electronics Corporation)
    3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [162720 2009-04-14] (Realtek Semiconductor Corp.)
    3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [73696 2005-08-17] (MCCI)
    3 USBNET; C:\Windows\System32\DRIVERS\vnetusbl.sys [107648 2004-03-26] (Cisco-Linksys LLC.)
    2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [x]
    3 fdrawcmd; \??\C:\Windows\system32\drivers\fdrawcmd.sys [x]

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-08-14 19:37 - 2012-08-14 19:37 - 00000000 ____D C:\FRST
    2012-08-14 19:17 - 2012-08-14 19:17 - 00000000 ____D C:\Windows\pss
    2012-08-14 18:45 - 2012-08-14 21:39 - 04009167 ____A C:\Users\Robert\Desktop\ServicesRepair.exe
    2012-08-14 18:45 - 2012-08-14 21:38 - 02030547 ____A C:\Users\Robert\Desktop\EZ_Sirefix.exe
    2012-08-14 18:45 - 2012-08-14 21:38 - 00138120 ____A (ESET) C:\Users\Robert\Desktop\ESETSirefefRemover.exe
    2012-08-14 18:44 - 2012-08-14 18:44 - 00000000 ____D C:\Users\Public\Desktop\CC Support
    2012-08-14 10:19 - 2012-08-14 10:19 - 00043480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\zesrqcun.sys
    2012-08-14 06:06 - 2012-08-14 06:06 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-08-14 06:03 - 2012-08-14 06:04 - 10288512 ____A (Microsoft Corporation) C:\Users\Bethanie\Downloads\mseinstall(3).exe
    2012-08-14 06:03 - 2012-08-14 06:03 - 10288512 ____A (Microsoft Corporation) C:\Users\Bethanie\Downloads\mseinstall(2).exe
    2012-08-14 06:02 - 2012-08-14 06:02 - 10288512 ____A (Microsoft Corporation) C:\Users\Bethanie\Downloads\mseinstall(1).exe
    2012-08-14 05:57 - 2012-08-14 05:57 - 00143856 ____A C:\Windows\Minidump\081412-19406-01.dmp
    2012-08-14 05:54 - 2012-08-14 05:54 - 00143856 ____A C:\Windows\Minidump\081412-22947-01.dmp
    2012-08-14 05:52 - 2012-08-14 05:52 - 00148016 ____A C:\Windows\Minidump\081412-25802-01.dmp
    2012-08-14 04:50 - 2012-08-14 04:50 - 00000000 __SHD C:\Windows\System32\%APPDATA%
    2012-08-11 04:27 - 2012-08-11 04:27 - 00217118 ____A C:\Users\Robert\Documents\metro0812.xps
    2012-08-07 17:22 - 2012-08-07 17:22 - 00546736 ____A C:\Windows\Minidump\080712-16442-01.dmp
    2012-08-04 19:43 - 2012-08-04 20:23 - 00000000 ____D C:\Users\Bethanie\Desktop\iPad Photos
    2012-08-03 18:32 - 2012-08-03 18:32 - 00000000 ____D C:\TDSSKiller_Quarantine
    2012-08-01 16:13 - 2012-08-01 16:13 - 00139688 ____A C:\Windows\Minidump\080112-32729-01.dmp
    2012-07-31 19:34 - 2012-07-31 19:34 - 00139688 ____A C:\Windows\Minidump\073112-28485-01.dmp
    2012-07-31 19:30 - 2012-07-31 19:30 - 00139632 ____A C:\Windows\Minidump\073112-22386-01.dmp
    2012-07-31 19:18 - 2012-07-31 19:18 - 00143808 ____A C:\Windows\Minidump\073112-38001-01.dmp
    2012-07-31 19:13 - 2012-07-31 19:13 - 00143808 ____A C:\Windows\Minidump\073112-43555-01.dmp
    2012-07-31 18:51 - 2012-07-31 18:51 - 00139688 ____A C:\Windows\Minidump\073112-39811-01.dmp
    2012-07-31 18:49 - 2012-07-31 18:49 - 00139688 ____A C:\Windows\Minidump\073112-31949-01.dmp
    2012-07-31 18:43 - 2012-07-31 18:43 - 00889416 ____A (Microsoft Corporation) C:\Users\Robert\Downloads\dotNetFx40_Full_setup.exe
    2012-07-31 18:39 - 2012-07-31 18:39 - 00509264 ____A (Microsoft Corporation) C:\Users\Robert\Downloads\winsdk_web.exe
    2012-07-31 18:23 - 2012-07-31 18:23 - 00971464 ____A (Microsoft Corporation) C:\Users\Robert\Downloads\sdksetup.exe
    2012-07-31 18:20 - 2012-07-31 18:41 - 00000000 ____D C:\Users\All Users\Package Cache
    2012-07-31 18:18 - 2012-07-31 18:19 - 00962368 ____A (Microsoft Corporation) C:\Users\Robert\Downloads\wdksetup.exe
    2012-07-31 18:06 - 2012-07-31 18:06 - 01348940 ____A C:\Users\Robert\Downloads\7642v1D.zip
    2012-07-31 18:03 - 2012-07-31 18:25 - 380235842 ____A C:\Users\Robert\Downloads\ati_system_drive_mb.zip
    2012-07-31 17:58 - 2012-07-31 17:58 - 00143808 ____A C:\Windows\Minidump\073112-30544-01.dmp
    2012-07-31 17:44 - 2012-07-31 17:44 - 00143808 ____A C:\Windows\Minidump\073112-25630-01.dmp
    2012-07-31 17:39 - 2012-07-31 17:39 - 00143808 ____A C:\Windows\Minidump\073112-18954-01.dmp
    2012-07-31 17:34 - 2012-07-31 17:34 - 00143808 ____A C:\Windows\Minidump\073112-39702-01.dmp
    2012-07-31 17:15 - 2012-07-31 17:15 - 00143808 ____A C:\Windows\Minidump\073112-43508-01.dmp
    2012-07-31 17:10 - 2012-07-31 17:10 - 00143808 ____A C:\Windows\Minidump\073112-33509-01.dmp
    2012-07-31 17:05 - 2012-07-31 17:05 - 00143808 ____A C:\Windows\Minidump\073112-47767-01.dmp
    2012-07-31 16:02 - 2012-07-31 16:02 - 00000000 ____D C:\Windows\Sun
    2012-07-31 14:46 - 2012-07-31 14:46 - 00143808 ____A C:\Windows\Minidump\073112-18735-01.dmp
    2012-07-31 14:18 - 2012-07-31 14:18 - 00143856 ____A C:\Windows\Minidump\073112-20420-01.dmp
    2012-07-31 14:13 - 2012-07-31 14:13 - 00143856 ____A C:\Windows\Minidump\073112-22167-01.dmp
    2012-07-31 14:08 - 2012-07-31 14:08 - 00143856 ____A C:\Windows\Minidump\073112-17035-01.dmp
    2012-07-31 14:04 - 2012-07-31 14:04 - 00143856 ____A C:\Windows\Minidump\073112-17659-01.dmp
    2012-07-31 13:59 - 2012-07-31 13:59 - 00143856 ____A C:\Windows\Minidump\073112-17799-01.dmp
    2012-07-31 04:48 - 2012-07-31 04:48 - 00143856 ____A C:\Windows\Minidump\073112-18376-01.dmp
    2012-07-31 04:44 - 2012-07-31 04:44 - 00143808 ____A C:\Windows\Minidump\073112-16957-01.dmp
    2012-07-30 17:25 - 2012-07-30 17:25 - 00143856 ____A C:\Windows\Minidump\073012-18938-01.dmp
    2012-07-30 17:21 - 2012-07-30 17:21 - 00143856 ____A C:\Windows\Minidump\073012-16348-01.dmp
    2012-07-30 17:17 - 2012-07-30 17:17 - 00143856 ____A C:\Windows\Minidump\073012-16645-01.dmp
    2012-07-30 17:12 - 2012-07-30 17:12 - 00143856 ____A C:\Windows\Minidump\073012-16536-01.dmp
    2012-07-30 17:08 - 2012-07-30 17:08 - 00143856 ____A C:\Windows\Minidump\073012-16676-01.dmp
    2012-07-30 17:03 - 2012-07-30 17:03 - 00143856 ____A C:\Windows\Minidump\073012-16411-01.dmp
    2012-07-30 16:59 - 2012-07-30 16:59 - 00143856 ____A C:\Windows\Minidump\073012-17472-01.dmp
    2012-07-30 16:54 - 2012-07-30 16:54 - 00143856 ____A C:\Windows\Minidump\073012-19141-01.dmp
    2012-07-30 16:50 - 2012-07-30 16:50 - 00143856 ____A C:\Windows\Minidump\073012-17690-01.dmp
    2012-07-30 16:45 - 2012-07-30 16:45 - 00143856 ____A C:\Windows\Minidump\073012-16208-01.dmp
    2012-07-30 16:41 - 2012-07-30 16:41 - 00143856 ____A C:\Windows\Minidump\073012-16629-01.dmp
    2012-07-30 16:36 - 2012-07-30 16:36 - 00143856 ____A C:\Windows\Minidump\073012-16255-01.dmp
    2012-07-30 16:32 - 2012-07-30 16:32 - 00143856 ____A C:\Windows\Minidump\073012-18049-01.dmp
    2012-07-30 16:28 - 2012-07-30 16:28 - 00143856 ____A C:\Windows\Minidump\073012-16692-01.dmp
    2012-07-30 16:23 - 2012-07-30 16:23 - 00143856 ____A C:\Windows\Minidump\073012-18657-01.dmp
    2012-07-30 16:19 - 2012-07-30 16:19 - 00143856 ____A C:\Windows\Minidump\073012-18470-01.dmp
    2012-07-30 16:14 - 2012-07-30 16:14 - 00143856 ____A C:\Windows\Minidump\073012-18548-01.dmp
    2012-07-30 16:09 - 2012-07-30 16:10 - 00143856 ____A C:\Windows\Minidump\073012-20389-02.dmp
    2012-07-30 16:05 - 2012-07-30 16:05 - 00143856 ____A C:\Windows\Minidump\073012-20872-01.dmp
    2012-07-30 16:00 - 2012-07-30 16:00 - 00143856 ____A C:\Windows\Minidump\073012-20623-01.dmp
    2012-07-30 15:55 - 2012-07-30 15:55 - 00143856 ____A C:\Windows\Minidump\073012-20482-02.dmp
    2012-07-30 15:50 - 2012-07-30 15:50 - 00143856 ____A C:\Windows\Minidump\073012-20436-02.dmp
    2012-07-30 15:45 - 2012-07-30 15:45 - 00143856 ____A C:\Windows\Minidump\073012-20685-03.dmp
    2012-07-30 15:40 - 2012-07-30 15:40 - 00143856 ____A C:\Windows\Minidump\073012-19890-01.dmp
    2012-07-28 05:19 - 2012-07-28 05:19 - 00000000 ____D C:\Program Files\AMD APP
    2012-07-25 17:11 - 2012-07-25 17:11 - 00001394 ____A C:\Users\Bethanie\Desktop\Adobe DNG Converter - Shortcut (2).lnk
    2012-07-25 17:00 - 2012-07-25 17:07 - 92942912 ____A C:\Users\Bethanie\Downloads\DNGConverter_7_1.exe
    2012-07-15 17:14 - 2009-04-20 11:23 - 00123904 ____A (Hewlett-Packard Company) C:\Windows\System32\hpf3l70w.dll
    2012-07-15 17:13 - 2012-07-15 17:13 - 00000000 ____D C:\Users\All Users\HP
    2012-07-15 17:13 - 2009-08-17 10:26 - 00452408 ____A (Hewlett-Packard) C:\Windows\System32\hpzids01.dll
    2012-07-15 17:09 - 2012-07-15 17:12 - 76725184 ____A C:\Users\Bethanie\Downloads\OJ4500vG510g-m_basic_13_en.exe

    ============ 3 Months Modified Files ========================

    2012-08-14 21:38 - 2012-08-14 18:45 - 02030547 ____A C:\Users\Robert\Desktop\EZ_Sirefix.exe
    2012-08-14 21:38 - 2012-08-14 18:45 - 00138120 ____A (ESET) C:\Users\Robert\Desktop\ESETSirefefRemover.exe
    2012-08-14 18:57 - 2009-07-13 20:07 - 00050353 ____A C:\Windows\setupact.log
    2012-08-14 18:55 - 2012-06-11 20:40 - 00000105 ____A C:\Windows\nextgen.ini
    2012-08-14 18:55 - 2009-07-13 20:17 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-08-14 18:00 - 2011-12-20 03:21 - 00562448 ____A C:\Windows\PFRO.log
    2012-08-14 10:19 - 2012-08-14 10:19 - 00043480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\zesrqcun.sys
    2012-08-14 06:09 - 2012-04-29 20:56 - 00001945 ____A C:\Windows\epplauncher.mif
    2012-08-14 06:07 - 2011-12-17 08:56 - 01838794 ____A C:\Windows\WindowsUpdate.log
    2012-08-14 06:06 - 2011-12-17 09:03 - 00742892 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-08-14 06:04 - 2012-08-14 06:03 - 10288512 ____A (Microsoft Corporation) C:\Users\Bethanie\Downloads\mseinstall(3).exe
    2012-08-14 06:04 - 2009-07-13 20:02 - 00014832 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-08-14 06:04 - 2009-07-13 20:02 - 00014832 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-08-14 06:03 - 2012-08-14 06:03 - 10288512 ____A (Microsoft Corporation) C:\Users\Bethanie\Downloads\mseinstall(2).exe
    2012-08-14 06:02 - 2012-08-14 06:02 - 10288512 ____A (Microsoft Corporation) C:\Users\Bethanie\Downloads\mseinstall(1).exe
    2012-08-14 05:57 - 2012-08-14 05:57 - 00143856 ____A C:\Windows\Minidump\081412-19406-01.dmp
    2012-08-14 05:56 - 2012-07-10 17:28 - 265629713 ____A C:\Windows\MEMORY.DMP
    2012-08-14 05:55 - 2012-05-07 07:38 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-08-14 05:54 - 2012-08-14 05:54 - 00143856 ____A C:\Windows\Minidump\081412-22947-01.dmp
    2012-08-14 05:52 - 2012-08-14 05:52 - 00148016 ____A C:\Windows\Minidump\081412-25802-01.dmp
    2012-08-14 05:52 - 2009-07-13 20:17 - 00032618 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-08-11 04:27 - 2012-08-11 04:27 - 00217118 ____A C:\Users\Robert\Documents\metro0812.xps
    2012-08-07 17:22 - 2012-08-07 17:22 - 00546736 ____A C:\Windows\Minidump\080712-16442-01.dmp
    2012-08-04 16:55 - 2012-05-07 07:38 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
    2012-08-04 16:55 - 2011-12-17 09:58 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
    2012-08-01 16:13 - 2012-08-01 16:13 - 00139688 ____A C:\Windows\Minidump\080112-32729-01.dmp
    2012-07-31 19:34 - 2012-07-31 19:34 - 00139688 ____A C:\Windows\Minidump\073112-28485-01.dmp
    2012-07-31 19:30 - 2012-07-31 19:30 - 00139632 ____A C:\Windows\Minidump\073112-22386-01.dmp
    2012-07-31 19:18 - 2012-07-31 19:18 - 00143808 ____A C:\Windows\Minidump\073112-38001-01.dmp
    2012-07-31 19:13 - 2012-07-31 19:13 - 00143808 ____A C:\Windows\Minidump\073112-43555-01.dmp
    2012-07-31 18:51 - 2012-07-31 18:51 - 00139688 ____A C:\Windows\Minidump\073112-39811-01.dmp
    2012-07-31 18:49 - 2012-07-31 18:49 - 00139688 ____A C:\Windows\Minidump\073112-31949-01.dmp
    2012-07-31 18:43 - 2012-07-31 18:43 - 00889416 ____A (Microsoft Corporation) C:\Users\Robert\Downloads\dotNetFx40_Full_setup.exe
    2012-07-31 18:39 - 2012-07-31 18:39 - 00509264 ____A (Microsoft Corporation) C:\Users\Robert\Downloads\winsdk_web.exe
    2012-07-31 18:25 - 2012-07-31 18:03 - 380235842 ____A C:\Users\Robert\Downloads\ati_system_drive_mb.zip
    2012-07-31 18:23 - 2012-07-31 18:23 - 00971464 ____A (Microsoft Corporation) C:\Users\Robert\Downloads\sdksetup.exe
    2012-07-31 18:19 - 2012-07-31 18:18 - 00962368 ____A (Microsoft Corporation) C:\Users\Robert\Downloads\wdksetup.exe
    2012-07-31 18:06 - 2012-07-31 18:06 - 01348940 ____A C:\Users\Robert\Downloads\7642v1D.zip
    2012-07-31 17:58 - 2012-07-31 17:58 - 00143808 ____A C:\Windows\Minidump\073112-30544-01.dmp
    2012-07-31 17:44 - 2012-07-31 17:44 - 00143808 ____A C:\Windows\Minidump\073112-25630-01.dmp
    2012-07-31 17:39 - 2012-07-31 17:39 - 00143808 ____A C:\Windows\Minidump\073112-18954-01.dmp
    2012-07-31 17:34 - 2012-07-31 17:34 - 00143808 ____A C:\Windows\Minidump\073112-39702-01.dmp
    2012-07-31 17:15 - 2012-07-31 17:15 - 00143808 ____A C:\Windows\Minidump\073112-43508-01.dmp
    2012-07-31 17:10 - 2012-07-31 17:10 - 00143808 ____A C:\Windows\Minidump\073112-33509-01.dmp
    2012-07-31 17:05 - 2012-07-31 17:05 - 00143808 ____A C:\Windows\Minidump\073112-47767-01.dmp
    2012-07-31 14:46 - 2012-07-31 14:46 - 00143808 ____A C:\Windows\Minidump\073112-18735-01.dmp
    2012-07-31 14:18 - 2012-07-31 14:18 - 00143856 ____A C:\Windows\Minidump\073112-20420-01.dmp
    2012-07-31 14:13 - 2012-07-31 14:13 - 00143856 ____A C:\Windows\Minidump\073112-22167-01.dmp
    2012-07-31 14:08 - 2012-07-31 14:08 - 00143856 ____A C:\Windows\Minidump\073112-17035-01.dmp
    2012-07-31 14:04 - 2012-07-31 14:04 - 00143856 ____A C:\Windows\Minidump\073112-17659-01.dmp
    2012-07-31 13:59 - 2012-07-31 13:59 - 00143856 ____A C:\Windows\Minidump\073112-17799-01.dmp
    2012-07-31 04:48 - 2012-07-31 04:48 - 00143856 ____A C:\Windows\Minidump\073112-18376-01.dmp
    2012-07-31 04:44 - 2012-07-31 04:44 - 00143808 ____A C:\Windows\Minidump\073112-16957-01.dmp
    2012-07-30 17:25 - 2012-07-30 17:25 - 00143856 ____A C:\Windows\Minidump\073012-18938-01.dmp
    2012-07-30 17:21 - 2012-07-30 17:21 - 00143856 ____A C:\Windows\Minidump\073012-16348-01.dmp
    2012-07-30 17:17 - 2012-07-30 17:17 - 00143856 ____A C:\Windows\Minidump\073012-16645-01.dmp
    2012-07-30 17:12 - 2012-07-30 17:12 - 00143856 ____A C:\Windows\Minidump\073012-16536-01.dmp
    2012-07-30 17:08 - 2012-07-30 17:08 - 00143856 ____A C:\Windows\Minidump\073012-16676-01.dmp
    2012-07-30 17:03 - 2012-07-30 17:03 - 00143856 ____A C:\Windows\Minidump\073012-16411-01.dmp
    2012-07-30 16:59 - 2012-07-30 16:59 - 00143856 ____A C:\Windows\Minidump\073012-17472-01.dmp
    2012-07-30 16:54 - 2012-07-30 16:54 - 00143856 ____A C:\Windows\Minidump\073012-19141-01.dmp
    2012-07-30 16:50 - 2012-07-30 16:50 - 00143856 ____A C:\Windows\Minidump\073012-17690-01.dmp
    2012-07-30 16:45 - 2012-07-30 16:45 - 00143856 ____A C:\Windows\Minidump\073012-16208-01.dmp
    2012-07-30 16:41 - 2012-07-30 16:41 - 00143856 ____A C:\Windows\Minidump\073012-16629-01.dmp
    2012-07-30 16:36 - 2012-07-30 16:36 - 00143856 ____A C:\Windows\Minidump\073012-16255-01.dmp
    2012-07-30 16:32 - 2012-07-30 16:32 - 00143856 ____A C:\Windows\Minidump\073012-18049-01.dmp
    2012-07-30 16:28 - 2012-07-30 16:28 - 00143856 ____A C:\Windows\Minidump\073012-16692-01.dmp
    2012-07-30 16:23 - 2012-07-30 16:23 - 00143856 ____A C:\Windows\Minidump\073012-18657-01.dmp
    2012-07-30 16:19 - 2012-07-30 16:19 - 00143856 ____A C:\Windows\Minidump\073012-18470-01.dmp
    2012-07-30 16:14 - 2012-07-30 16:14 - 00143856 ____A C:\Windows\Minidump\073012-18548-01.dmp
    2012-07-30 16:10 - 2012-07-30 16:09 - 00143856 ____A C:\Windows\Minidump\073012-20389-02.dmp
    2012-07-30 16:05 - 2012-07-30 16:05 - 00143856 ____A C:\Windows\Minidump\073012-20872-01.dmp
    2012-07-30 16:00 - 2012-07-30 16:00 - 00143856 ____A C:\Windows\Minidump\073012-20623-01.dmp
    2012-07-30 15:55 - 2012-07-30 15:55 - 00143856 ____A C:\Windows\Minidump\073012-20482-02.dmp
    2012-07-30 15:50 - 2012-07-30 15:50 - 00143856 ____A C:\Windows\Minidump\073012-20436-02.dmp
    2012-07-30 15:45 - 2012-07-30 15:45 - 00143856 ____A C:\Windows\Minidump\073012-20685-03.dmp
    2012-07-30 15:40 - 2012-07-30 15:40 - 00143856 ____A C:\Windows\Minidump\073012-19890-01.dmp
    2012-07-28 06:28 - 2011-12-17 09:44 - 00000426 ____A C:\Windows\BRWMARK.INI
    2012-07-27 12:57 - 2012-05-31 11:20 - 00000063 ____A C:\Users\Bethanie\AppData\Roaming\default.pls
    2012-07-25 17:11 - 2012-07-25 17:11 - 00001394 ____A C:\Users\Bethanie\Desktop\Adobe DNG Converter - Shortcut (2).lnk
    2012-07-25 17:07 - 2012-07-25 17:00 - 92942912 ____A C:\Users\Bethanie\Downloads\DNGConverter_7_1.exe
    2012-07-15 17:12 - 2012-07-15 17:09 - 76725184 ____A C:\Users\Bethanie\Downloads\OJ4500vG510g-m_basic_13_en.exe
    2012-07-12 17:36 - 2012-07-12 22:08 - 11050569 ____A C:\Users\Bethanie\Downloads\MATRIX-TM User Guide Version 4.7.rar
    2012-07-12 17:36 - 2012-07-12 17:35 - 11050569 ____A C:\Users\Robert\Downloads\MATRIX-TM User Guide Version 4.7.rar
    2012-07-12 17:15 - 2009-07-13 20:02 - 01957976 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-07-11 20:31 - 2011-12-17 10:19 - 57442464 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-07-11 14:21 - 2012-07-11 14:21 - 25807325 ____A C:\Users\Bethanie\Desktop\068.MOV
    2012-07-04 14:46 - 2012-07-04 14:46 - 23424007 ____A C:\Users\Bethanie\Desktop\053.MOV
    2012-07-04 14:38 - 2012-07-04 14:38 - 45696737 ____A C:\Users\Bethanie\Desktop\051.MOV
    2012-06-24 10:27 - 2012-06-24 10:27 - 11747728 ____A (Applian Technologies) C:\Users\Bethanie\Downloads\RCATSetup.exe
    2012-06-24 10:23 - 2012-06-24 10:23 - 00463080 ____A (CNET Download.com) C:\Users\Bethanie\Downloads\cnet2_RCATSetup_exe(1).exe
    2012-06-24 10:16 - 2012-06-24 10:16 - 00463080 ____A (CNET Download.com) C:\Users\Bethanie\Downloads\cnet2_RCATSetup_exe.exe
    2012-06-24 06:36 - 2012-06-24 06:36 - 00001091 ____A C:\Users\Bethanie\Desktop\Pictures - Shortcut.lnk
    2012-06-20 18:21 - 2012-06-20 18:21 - 16478098 ____A C:\Users\Robert\Downloads\redsn0w_win_0.9.14b1.zip
    2012-06-20 17:55 - 2012-06-20 17:55 - 711381012 ____A C:\Users\Robert\Desktop\sn0wbreeze_iPhone_3GS-5.1.1-9B206.ipsw
    2012-06-20 17:38 - 2012-06-20 17:37 - 27039376 ____A C:\Users\Robert\Downloads\sn0wbreeze-v2.9.6.zip
    2012-06-20 16:52 - 2012-06-20 16:46 - 720391327 ____A C:\Users\Robert\Downloads\iPhone2,1_5.1.1_9B206_Restore.ipsw
    2012-06-17 21:28 - 2012-06-17 21:28 - 19570930 ____A C:\Users\Bethanie\Downloads\redsn0w_win_0.9.13dev1.zip
    2012-06-17 21:25 - 2012-06-17 21:19 - 718181968 ____A C:\Users\Bethanie\Downloads\iPhone2,1_5.0.1_9A405_Restore.ipsw
    2012-06-17 19:46 - 2012-06-17 19:43 - 396281280 ____A C:\Users\Bethanie\Downloads\iPhone2,1_4.0_8A293_Restore.ipsw
    2012-06-17 18:14 - 2012-06-17 18:13 - 14820003 ____A C:\Users\Robert\Downloads\redsn0w_win_0.9.10b4.zip
    2012-06-17 18:08 - 2012-06-17 18:08 - 00661600 ____A (OptimumInstaller) C:\Users\Robert\Downloads\Setup.exe
    2012-06-17 17:53 - 2012-06-17 17:53 - 16388409 ____A C:\Users\Robert\Downloads\redsn0w_win_0.9.12b1.zip
    2012-06-13 14:27 - 2011-12-17 13:57 - 00002013 ____A C:\Users\Bethanie\Desktop\ProDPI ROES.lnk
    2012-06-11 22:09 - 2011-12-17 09:53 - 00165968 ____A C:\Users\Robert\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-06-11 21:55 - 2012-06-11 21:55 - 00000912 ____A C:\Users\Robert\Desktop\Acura Catalog.lnk
    2012-06-11 21:42 - 2012-06-11 21:42 - 00000912 ____A C:\Users\Robert\Desktop\Honda Catalog.lnk
    2012-06-11 20:46 - 2011-12-17 09:36 - 00165968 ____A C:\Users\Bethanie\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-06-11 20:40 - 2012-06-11 20:40 - 00001460 ____A C:\Users\Public\Desktop\Interactive Network.lnk
    2012-06-11 18:44 - 2012-07-11 20:30 - 02344448 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-11 12:50 - 2012-06-11 12:50 - 00159232 ____A C:\Windows\System32\clinfo.exe
    2012-06-11 12:50 - 2012-06-11 12:50 - 00065024 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OpenVideo.dll
    2012-06-11 12:50 - 2012-06-11 12:50 - 00056320 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OVDecode.dll
    2012-06-11 12:49 - 2012-06-11 12:49 - 13008896 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\amdocl.dll
    2012-06-08 20:46 - 2012-07-11 08:34 - 12868608 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-06-05 21:09 - 2012-07-11 08:34 - 01389568 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-06-05 21:09 - 2012-07-11 08:34 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-06-02 14:19 - 2012-06-18 15:59 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 14:19 - 2012-06-18 15:59 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 14:19 - 2012-06-18 15:59 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 14:19 - 2012-06-18 15:59 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 14:19 - 2012-06-18 15:59 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 14:19 - 2012-06-18 15:59 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 14:12 - 2012-06-18 15:59 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 14:12 - 2012-06-18 15:59 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 14:12 - 2012-06-18 15:59 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-01 20:51 - 2012-07-11 08:34 - 00134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2012-06-01 20:51 - 2012-07-11 08:34 - 00067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2012-06-01 20:50 - 2012-07-11 08:34 - 00369336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2012-06-01 20:48 - 2012-07-11 08:34 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-06-01 20:47 - 2012-07-11 08:34 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll


    ZeroAccess:
    C:\Windows\Installer\{9e45835f-334a-e86e-6943-1ce6470e69d5}
    C:\Windows\Installer\{9e45835f-334a-e86e-6943-1ce6470e69d5}\@
    C:\Windows\Installer\{9e45835f-334a-e86e-6943-1ce6470e69d5}\L
    C:\Windows\Installer\{9e45835f-334a-e86e-6943-1ce6470e69d5}\n
    C:\Windows\Installer\{9e45835f-334a-e86e-6943-1ce6470e69d5}\U
    C:\Windows\Installer\{9e45835f-334a-e86e-6943-1ce6470e69d5}\L\00000004.@
    C:\Windows\Installer\{9e45835f-334a-e86e-6943-1ce6470e69d5}\L\201d3dde

    ZeroAccess:
    C:\Windows\assembly\GAC\Desktop.ini

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe A302BBFF2A7278C0E239EE5D471D86A9 ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 14%
    Total physical RAM: 3583.18 MB
    Available physical RAM: 3067.77 MB
    Total Pagefile: 3581.46 MB
    Available Pagefile: 3064.49 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1971.2 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:390.53 GB) (Free:284.94 GB) NTFS
    2 Drive e: () (Fixed) (Total:1472.39 GB) (Free:513.77 GB) NTFS
    4 Drive g: (LEGO 2GB) (Removable) (Total:1.87 GB) (Free:1.86 GB) FAT32
    6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    7 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 1863 GB 0 B
    Disk 1 Online 1914 MB 0 B
    Disk 2 No Media 0 B 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 100 MB 1024 KB
    Partition 2 Primary 390 GB 101 MB
    Partition 3 Primary 1472 GB 390 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y System Rese NTFS Partition 100 MB Healthy

    ==================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 390 GB Healthy

    ==================================================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 E NTFS Partition 1472 GB Healthy

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    * Partition 1 Primary 1914 MB 0 B

    ==================================================================================

    Disk: 1
    There is no partition selected.

    There is no partition selected.
    Please select a partition and try again.

    ==================================================================================

    Last Boot: 2012-08-07 06:40

    ======================= End Of Log ==========================
  3. Rob Thie

    Rob Thie Newcomer, in training Topic Starter

    Farbar Recovery Scan Tool Version: 14-08-2012
    Ran by SYSTEM at 2012-08-14 20:38:23
    Running from G:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
    [2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

    C:\Windows\System32\services.exe
    [2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) A302BBFF2A7278C0E239EE5D471D86A9

    === End Of Search ===
  4. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

    FRST Fixlist

    Please run the following:

    Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

    Now, please enter System Recovery Options then select Command Prompt.

    Run FRST and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Now restart, let it boot normally and tell me how it went.
  5. Rob Thie

    Rob Thie Newcomer, in training Topic Starter

    Hello DragonMasterJay,

    Here is the fixlog, there is no reboot problem anymore. Thank you sooo much for your help. Do you rec. any other procedures? Can I run a system scan with security essentials? Thank you again for your time and for repairing my computer.

    Rob


    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 14-08-2012
    Ran by SYSTEM at 2012-08-15 16:44:12 Run:1
    Running from G:\

    ==============================================

    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe copied successfully to C:\Windows\System32\services.exe
    C:\Windows\Installer\{9e45835f-334a-e86e-6943-1ce6470e69d5} moved successfully.
    C:\Windows\assembly\GAC\Desktop.ini moved successfully.

    ==== End of Fixlog ====
  6. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    You're welcome, but not done just yet. With infections like these, other infections are probably present still...

    ComboFix

    Please download ComboFix[​IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop, but rename it first to svchost.exe

    Important information about ComboFix

    Before the download:
    • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
    • It is important to rename ComboFix before the download.
    • Please do not rename ComboFix to other names, but only the one indicated.
    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on svchost.exe & follow the prompts.
    • It will attempt to install the Recovery Console:
    • When ComboFix finishes, it will produce a report for you.
    • Please post the "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.
  7. Rob Thie

    Rob Thie Newcomer, in training Topic Starter

    hello again, here is the latest....

    ComboFix 12-08-16.01 - Robert 08/16/2012 19:05:22.1.6 - x86 MINIMAL
    Microsoft Windows 7 Ultimate N 6.1.7600.0.1252.1.1033.18.3327.2305 [GMT -7:00]
    Running from: c:\users\Robert\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\EC481FA554.sys
    c:\windows\regsvr.exe
    c:\windows\regsvr32.exe
    c:\windows\system\system.ini
    c:\windows\system32\~GLH0a71.TMP
    c:\windows\system32\~GLH0a72.TMP
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-17 to 2012-08-17 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-17 02:09 . 2012-08-17 02:09 -------- d-----w- c:\users\Robert\AppData\Local\temp
    2012-08-17 02:09 . 2012-08-17 02:09 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-08-17 02:09 . 2012-08-17 02:09 -------- d-----w- c:\users\Bethanie\AppData\Local\temp
    2012-08-15 03:37 . 2012-08-15 03:37 -------- d-----w- C:\FRST
    2012-08-14 18:19 . 2012-08-14 18:19 43480 ----a-w- c:\windows\system32\drivers\zesrqcun.sys
    2012-08-14 14:10 . 2012-02-09 21:17 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3ACD9528-538C-446C-8E4B-46DD6306CC71}\gapaengine.dll
    2012-08-14 14:09 . 2012-07-16 09:41 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8F626BB0-D35A-4231-A3FA-012AB081C7A4}\mpengine.dll
    2012-08-14 14:06 . 2012-08-14 14:06 -------- d-----w- c:\program files\Microsoft Security Client
    2012-08-14 12:50 . 2012-08-14 12:50 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2012-08-14 12:38 . 2012-08-14 12:38 124416 ----a-w- c:\programdata\Microsoft\Windows\DRM\5CC0.tmp
    2012-08-04 02:32 . 2012-08-04 02:32 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-08-01 02:20 . 2012-08-01 02:41 -------- d-----w- c:\programdata\Package Cache
    2012-08-01 00:02 . 2012-08-01 00:02 -------- d-----w- c:\windows\Sun
    2012-07-30 13:41 . 2012-07-30 13:41 111104 ----a-w- c:\programdata\Microsoft\Windows\DRM\E8F7.tmp
    2012-07-28 13:19 . 2012-07-28 13:19 -------- d-----w- c:\program files\AMD APP
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-05 00:55 . 2012-05-07 15:38 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-08-05 00:55 . 2011-12-17 17:58 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-06-12 02:44 . 2012-07-12 04:30 2344448 ----a-w- c:\windows\system32\win32k.sys
    2012-06-11 20:50 . 2012-06-11 20:50 159232 ----a-w- c:\windows\system32\clinfo.exe
    2012-06-11 20:50 . 2012-06-11 20:50 65024 ----a-w- c:\windows\system32\OpenVideo.dll
    2012-06-11 20:50 . 2012-06-11 20:50 56320 ----a-w- c:\windows\system32\OVDecode.dll
    2012-06-11 20:49 . 2012-06-11 20:49 13008896 ----a-w- c:\windows\system32\amdocl.dll
    2012-06-06 05:09 . 2012-07-11 16:34 1389568 ----a-w- c:\windows\system32\msxml6.dll
    2012-06-06 05:09 . 2012-07-11 16:34 1236992 ----a-w- c:\windows\system32\msxml3.dll
    2012-06-02 22:19 . 2012-06-18 23:59 171904 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 22:19 . 2012-06-18 23:59 53784 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-18 23:59 45080 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-18 23:59 35864 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-18 23:59 577048 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:19 . 2012-06-18 23:59 1933848 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:12 . 2012-06-18 23:59 2422272 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:12 . 2012-06-18 23:59 33792 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-02 22:12 . 2012-06-18 23:59 88576 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 04:51 . 2012-07-11 16:34 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-06-02 04:51 . 2012-07-11 16:34 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2012-06-02 04:50 . 2012-07-11 16:34 369336 ----a-w- c:\windows\system32\drivers\cng.sys
    2012-06-02 04:48 . 2012-07-11 16:34 225280 ----a-w- c:\windows\system32\schannel.dll
    2012-06-02 04:47 . 2012-07-11 16:34 219136 ----a-w- c:\windows\system32\ncrypt.dll
    2012-07-21 23:15 . 2011-12-17 17:04 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NUSB3MON"="c:\program files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-10-25 11438696]
    "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-27 1159168]
    "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-07 421736]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
    "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 931200]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AML Device Install.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AML Device Install.lnk
    backup=c:\windows\pss\AML Device Install.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
    2012-05-26 13:32 4327744 ----a-w- c:\users\Robert\AppData\Local\Akamai\netsession_win.exe
    .
    R1 MpKsl5ca33218;MpKsl5ca33218;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8F626BB0-D35A-4231-A3FA-012AB081C7A4}\MpKsl5ca33218.sys [x]
    R1 MpKsl5f2e2afa;MpKsl5f2e2afa;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8F626BB0-D35A-4231-A3FA-012AB081C7A4}\MpKsl5f2e2afa.sys [x]
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
    R2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [x]
    R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [x]
    R2 RRAANXGN;RRAANXGN;c:\windows\srvany.exe [x]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
    R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
    R3 fdrawcmd;Low-level Floppy Driver;c:\windows\system32\drivers\fdrawcmd.sys [x]
    R3 LeapFrog-USBLAN;LeapFrog-USBLAN;c:\windows\system32\DRIVERS\btblan.sys [x]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
    R3 USBNET;Instant Wireless USB Network Adapter ver.2.6 Driver;c:\windows\system32\DRIVERS\vnetusbl.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]
    S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [x]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-16 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-07 00:55]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://yahoo.com/
    uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
    Trusted Zone: 164.109.25.72
    Trusted Zone: 207.130.86.35
    Trusted Zone: acura.com
    Trusted Zone: acuraclientpurchaseexperience.com
    Trusted Zone: acurainfo.programhq.com
    Trusted Zone: acuraspinplay.programhq.com
    Trusted Zone: ahm-ownerlink.com
    Trusted Zone: ahm.com
    Trusted Zone: ahmdealer.com
    Trusted Zone: honda.com
    Trusted Zone: honda.vo.llnwd.net
    Trusted Zone: hondaadcmd.com
    Trusted Zone: hondacars.com
    Trusted Zone: hondainfo.programhq.com
    Trusted Zone: hondamap.com
    Trusted Zone: hondaprofessional.com
    Trusted Zone: hondaspinplay.programhq.com
    Trusted Zone: hondasso.com
    Trusted Zone: jdpa.com
    Trusted Zone: jdpower.com
    Trusted Zone: mylcchonda.com
    Trusted Zone: pcsc.acurasrs.com
    Trusted Zone: prospectingacurasrs.com
    Trusted Zone: travelhq.com
    Trusted Zone: xmradio.com
    TCP: DhcpNameServer = 192.168.2.1
    FF - ProfilePath - c:\users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\3t97onhd.default\
    FF - prefs.js: browser.startup.homepage - www.yahoo.com
    FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=164&systemid=406&sr=0&q=
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-10 - (no file)
    AddRemove-Settlers3Deinstall - c:\bluebyte\Settlers3\DeIsL1.isu
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-08-16 19:11:39
    ComboFix-quarantined-files.txt 2012-08-17 02:11
    .
    Pre-Run: 304,858,181,632 bytes free
    Post-Run: 313,992,347,648 bytes free
    .
    - - End Of File - - 6CEC4A69EC0B21E23EA1397F0A5155F4
  8. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    ComboFix Script

    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Open notepad and copy/paste the text in the codebox below into it:
    • Save this as CFScript.txt, in the same location as ComboFix.exe

      [​IMG]
    • Referring to the picture above, drag CFScript into ComboFix.exe
    • When finished, it shall produce a log for you at C:\ComboFix.txt
    • Please post the contents of the log in your next reply.
  9. Rob Thie

    Rob Thie Newcomer, in training Topic Starter

    hello,
    I have been running ComboFix in safe mode. The system will BSOD with an atasys malfunction. I resently removed some virus prior to this malfunction but after you resolved the 1 minute restart issue I noticed that it crashes randomly. here is the next txt doc. thank you againfor your time.

    rob

    ComboFix 12-08-16.01 - Robert 08/17/2012 15:27:52.2.6 - x86 MINIMAL
    Microsoft Windows 7 Ultimate N 6.1.7600.0.1252.1.1033.18.3327.2408 [GMT -7:00]
    Running from: c:\users\Robert\Desktop\ComboFix.exe
    Command switches used :: c:\users\Robert\Desktop\CFScript.txt
    AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    FILE ::
    "c:\windows\system32\drivers\zesrqcun.sys"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\system32\drivers\zesrqcun.sys
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-17 to 2012-08-17 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-17 22:32 . 2012-08-17 22:32 -------- d-----w- c:\users\Robert\AppData\Local\temp
    2012-08-17 22:32 . 2012-08-17 22:32 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-08-17 22:32 . 2012-08-17 22:32 -------- d-----w- c:\users\Bethanie\AppData\Local\temp
    2012-08-17 22:22 . 2012-08-17 22:25 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EED814F7-1FF8-4DDE-8200-342344E822CC}\offreg.dll
    2012-08-17 22:22 . 2012-08-17 22:25 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8F626BB0-D35A-4231-A3FA-012AB081C7A4}\offreg.dll
    2012-08-17 01:51 . 2012-08-17 01:51 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8F626BB0-D35A-4231-A3FA-012AB081C7A4}\MpKsl5ca33218.sys
    2012-08-15 03:37 . 2012-08-15 03:37 -------- d-----w- C:\FRST
    2012-08-14 14:10 . 2012-02-09 21:17 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3ACD9528-538C-446C-8E4B-46DD6306CC71}\gapaengine.dll
    2012-08-14 14:09 . 2012-07-16 09:41 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8F626BB0-D35A-4231-A3FA-012AB081C7A4}\mpengine.dll
    2012-08-14 14:06 . 2012-08-14 14:06 -------- d-----w- c:\program files\Microsoft Security Client
    2012-08-14 12:50 . 2012-08-14 12:50 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2012-08-14 12:38 . 2012-08-14 12:38 124416 ----a-w- c:\programdata\Microsoft\Windows\DRM\5CC0.tmp
    2012-08-04 02:32 . 2012-08-04 02:32 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-08-01 02:20 . 2012-08-01 02:41 -------- d-----w- c:\programdata\Package Cache
    2012-08-01 00:02 . 2012-08-01 00:02 -------- d-----w- c:\windows\Sun
    2012-07-30 13:41 . 2012-07-30 13:41 111104 ----a-w- c:\programdata\Microsoft\Windows\DRM\E8F7.tmp
    2012-07-28 13:19 . 2012-07-28 13:19 -------- d-----w- c:\program files\AMD APP
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-05 00:55 . 2012-05-07 15:38 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-08-05 00:55 . 2011-12-17 17:58 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-06-12 02:44 . 2012-07-12 04:30 2344448 ----a-w- c:\windows\system32\win32k.sys
    2012-06-11 20:50 . 2012-06-11 20:50 159232 ----a-w- c:\windows\system32\clinfo.exe
    2012-06-11 20:50 . 2012-06-11 20:50 65024 ----a-w- c:\windows\system32\OpenVideo.dll
    2012-06-11 20:50 . 2012-06-11 20:50 56320 ----a-w- c:\windows\system32\OVDecode.dll
    2012-06-11 20:49 . 2012-06-11 20:49 13008896 ----a-w- c:\windows\system32\amdocl.dll
    2012-06-06 05:09 . 2012-07-11 16:34 1389568 ----a-w- c:\windows\system32\msxml6.dll
    2012-06-06 05:09 . 2012-07-11 16:34 1236992 ----a-w- c:\windows\system32\msxml3.dll
    2012-06-02 22:19 . 2012-06-18 23:59 171904 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 22:19 . 2012-06-18 23:59 53784 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-18 23:59 45080 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-18 23:59 35864 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-18 23:59 577048 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:19 . 2012-06-18 23:59 1933848 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:12 . 2012-06-18 23:59 2422272 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:12 . 2012-06-18 23:59 33792 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-02 22:12 . 2012-06-18 23:59 88576 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 04:51 . 2012-07-11 16:34 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-06-02 04:51 . 2012-07-11 16:34 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2012-06-02 04:50 . 2012-07-11 16:34 369336 ----a-w- c:\windows\system32\drivers\cng.sys
    2012-06-02 04:48 . 2012-07-11 16:34 225280 ----a-w- c:\windows\system32\schannel.dll
    2012-06-02 04:47 . 2012-07-11 16:34 219136 ----a-w- c:\windows\system32\ncrypt.dll
    2012-07-21 23:15 . 2011-12-17 17:04 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-08-17_02.10.01 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-02-20 21:27 . 2012-08-17 22:25 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2012-02-20 21:27 . 2012-08-17 02:00 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2012-08-17 01:44 . 2012-08-17 22:22 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
    - 2012-08-17 01:44 . 2012-08-17 01:56 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
    - 2012-08-17 01:44 . 2012-08-17 01:56 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
    + 2012-08-17 01:44 . 2012-08-17 22:22 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
    + 2012-08-17 01:44 . 2012-08-17 22:22 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
    - 2012-08-17 01:44 . 2012-08-17 01:56 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
    + 2012-02-20 21:27 . 2012-08-17 22:25 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2012-02-20 21:27 . 2012-08-17 02:00 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2012-02-20 21:27 . 2012-08-17 02:00 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2012-02-20 21:27 . 2012-08-17 22:25 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2012-08-17 22:22 . 2012-08-17 22:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-08-17 01:09 . 2012-08-17 02:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-08-17 22:22 . 2012-08-17 22:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2012-08-17 01:09 . 2012-08-17 02:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2011-12-17 17:02 . 2012-08-17 22:25 212992 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-12-17 17:02 . 2012-08-17 02:00 212992 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:08 . 2012-08-17 22:25 557056 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:08 . 2012-08-17 02:00 557056 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2011-12-17 17:02 . 2012-08-17 02:00 3424256 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2011-12-17 17:02 . 2012-08-17 22:25 3424256 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NUSB3MON"="c:\program files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-10-25 11438696]
    "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-27 1159168]
    "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-07 421736]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
    "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 931200]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AML Device Install.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AML Device Install.lnk
    backup=c:\windows\pss\AML Device Install.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
    2012-05-26 13:32 4327744 ----a-w- c:\users\Robert\AppData\Local\Akamai\netsession_win.exe
    .
    R1 MpKsl5ca33218;MpKsl5ca33218;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8F626BB0-D35A-4231-A3FA-012AB081C7A4}\MpKsl5ca33218.sys [x]
    R1 MpKsl5f2e2afa;MpKsl5f2e2afa;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8F626BB0-D35A-4231-A3FA-012AB081C7A4}\MpKsl5f2e2afa.sys [x]
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
    R2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [x]
    R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [x]
    R2 RRAANXGN;RRAANXGN;c:\windows\srvany.exe [x]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
    R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
    R3 fdrawcmd;Low-level Floppy Driver;c:\windows\system32\drivers\fdrawcmd.sys [x]
    R3 LeapFrog-USBLAN;LeapFrog-USBLAN;c:\windows\system32\DRIVERS\btblan.sys [x]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
    R3 USBNET;Instant Wireless USB Network Adapter ver.2.6 Driver;c:\windows\system32\DRIVERS\vnetusbl.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]
    S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [x]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-16 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-07 00:55]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://yahoo.com/
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
    Trusted Zone: 164.109.25.72
    Trusted Zone: 207.130.86.35
    Trusted Zone: acura.com
    Trusted Zone: acuraclientpurchaseexperience.com
    Trusted Zone: acurainfo.programhq.com
    Trusted Zone: acuraspinplay.programhq.com
    Trusted Zone: ahm-ownerlink.com
    Trusted Zone: ahm.com
    Trusted Zone: ahmdealer.com
    Trusted Zone: honda.com
    Trusted Zone: honda.vo.llnwd.net
    Trusted Zone: hondaadcmd.com
    Trusted Zone: hondacars.com
    Trusted Zone: hondainfo.programhq.com
    Trusted Zone: hondamap.com
    Trusted Zone: hondaprofessional.com
    Trusted Zone: hondaspinplay.programhq.com
    Trusted Zone: hondasso.com
    Trusted Zone: jdpa.com
    Trusted Zone: jdpower.com
    Trusted Zone: mylcchonda.com
    Trusted Zone: pcsc.acurasrs.com
    Trusted Zone: prospectingacurasrs.com
    Trusted Zone: travelhq.com
    Trusted Zone: xmradio.com
    TCP: DhcpNameServer = 192.168.2.1
    FF - ProfilePath - c:\users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\3t97onhd.default\
    FF - prefs.js: browser.startup.homepage - www.yahoo.com
    FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=164&systemid=406&sr=0&q=
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-08-17 15:34:26
    ComboFix-quarantined-files.txt 2012-08-17 22:34
    ComboFix2.txt 2012-08-17 02:11
    .
    Pre-Run: 314,188,513,280 bytes free
    Post-Run: 314,027,495,424 bytes free
    .
    - - End Of File - - 1CFA7D0FC2C8DB715AEF43497271EE88
  10. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    It's TDL4 or other MBR infection... please do the following:

    1st. TDSSKiller (removes most of the infection)

    Please download and run TDSSKiller to your desktop as outlined below:

    Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    For Windows XP, double-click to start.
    For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.


    [​IMG]

    -------------------------

    Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    [​IMG]

    ------------------------

    Click the Start Scan button.

    [​IMG]

    -----------------------

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue


    [​IMG]

    ----------------------

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


    [​IMG]


    --------------------

    A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
    Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

    -------------------

    Here's a summary of what to do if you would like to print it out:

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

    2nd. aswMBR (checks MBR for other strains)


    Please download aswMBR from here

    • Save aswMBR.exe to your Desktop
    • Double click aswMBR.exe to run it
    • Click the Scan button to start the scan as illustrated below

    [​IMG]

    Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

    • Once the scan finishes click Save log to save the log to your Desktop
      [​IMG]
    • Copy and paste the contents of aswMBR.txt back here for review

    3rd. MBRCheck (verifies MBR and would confirm infection of aswMBR scan)

    Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.
    • Double-click on MBRCheck.exe to run it.
    • It will open a black window...please do not fix anything (if it gives you an option).
    • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
    • A log named MBRCheck_date_time.txt (I.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
    • Please copy and paste the contents of that log in your next reply.


    Please make sure all three; TDSSKiller, aswMBR, and MBRCheck; logs are posted to your next reply.
  11. Rob Thie

    Rob Thie Newcomer, in training Topic Starter

    hello, here are the logs.
    One other issue I was having is the "FLEXnet Licensing Service" Whenever I try and use photoshop I will get a BSOD related to this service. I would appriciate any feedback. Thank you for your time.

    Rob

    Start:

    06:09:30.0041 2012 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
    06:09:30.0041 2012 ============================================================
    06:09:30.0041 2012 Current date / time: 2012/08/18 06:09:30.0041
    06:09:30.0041 2012 SystemInfo:
    06:09:30.0041 2012
    06:09:30.0041 2012 OS Version: 6.1.7600 ServicePack: 0.0
    06:09:30.0041 2012 Product type: Workstation
    06:09:30.0041 2012 ComputerName: PHOTOEDITING
    06:09:30.0041 2012 UserName: Robert
    06:09:30.0041 2012 Windows directory: C:\Windows
    06:09:30.0041 2012 System windows directory: C:\Windows
    06:09:30.0041 2012 Processor architecture: Intel x86
    06:09:30.0041 2012 Number of processors: 6
    06:09:30.0041 2012 Page size: 0x1000
    06:09:30.0041 2012 Boot type: Safe boot
    06:09:30.0041 2012 ============================================================
    06:09:30.0977 2012 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    06:09:30.0977 2012 ============================================================
    06:09:30.0977 2012 \Device\Harddisk0\DR0:
    06:09:30.0977 2012 MBR partitions:
    06:09:30.0977 2012 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    06:09:30.0977 2012 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x30D0D800
    06:09:30.0977 2012 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x30D40000, BlocksNum 0xB80C8000
    06:09:30.0977 2012 ============================================================
    06:09:31.0024 2012 C: <-> \Device\Harddisk0\DR0\Partition1
    06:09:31.0070 2012 D: <-> \Device\Harddisk0\DR0\Partition2
    06:09:31.0070 2012 ============================================================
    06:09:31.0070 2012 Initialize success
    06:09:31.0070 2012 ============================================================
    06:09:36.0874 2044 ============================================================
    06:09:36.0874 2044 Scan started
    06:09:36.0874 2044 Mode: Manual; SigCheck; TDLFS;
    06:09:36.0874 2044 ============================================================
    06:09:39.0026 2044 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
    06:09:39.0073 2044 1394ohci - ok
    06:09:39.0089 2044 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
    06:09:39.0104 2044 ACPI - ok
    06:09:39.0151 2044 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
    06:09:39.0167 2044 AcpiPmi - ok
    06:09:39.0229 2044 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    06:09:39.0245 2044 AdobeARMservice - ok
    06:09:39.0307 2044 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    06:09:39.0307 2044 AdobeFlashPlayerUpdateSvc - ok
    06:09:39.0338 2044 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
    06:09:39.0354 2044 adp94xx - ok
    06:09:39.0385 2044 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
    06:09:39.0385 2044 adpahci - ok
    06:09:39.0432 2044 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
    06:09:39.0448 2044 adpu320 - ok
    06:09:39.0463 2044 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
    06:09:39.0479 2044 AeLookupSvc - ok
    06:09:39.0557 2044 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
    06:09:39.0588 2044 AFD - ok
    06:09:39.0604 2044 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
    06:09:39.0604 2044 agp440 - ok
    06:09:39.0619 2044 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
    06:09:39.0635 2044 aic78xx - ok
    06:09:39.0697 2044 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
    06:09:39.0728 2044 ALG - ok
    06:09:39.0744 2044 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
    06:09:39.0744 2044 aliide - ok
    06:09:39.0806 2044 AMD External Events Utility (ec98ca8298f67926fa50876348534b1d) C:\Windows\system32\atiesrxx.exe
    06:09:39.0822 2044 AMD External Events Utility - ok
    06:09:39.0916 2044 AMD FUEL Service - ok
    06:09:39.0931 2044 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
    06:09:39.0947 2044 amdagp - ok
    06:09:39.0947 2044 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
    06:09:39.0962 2044 amdide - ok
    06:09:39.0978 2044 amdiox86 (ff258424f0b2ef25eb98f04ee386e6e3) C:\Windows\system32\DRIVERS\amdiox86.sys
    06:09:39.0994 2044 amdiox86 - ok
    06:09:40.0009 2044 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
    06:09:40.0025 2044 AmdK8 - ok
    06:09:40.0274 2044 amdkmdag (65b44179cf184b08e86097bffbf03f24) C:\Windows\system32\DRIVERS\atikmdag.sys
    06:09:40.0430 2044 amdkmdag - ok
    06:09:42.0209 2044 amdkmdap (5e1c65524ff1713711ce27879d813384) C:\Windows\system32\DRIVERS\atikmpag.sys
    06:09:42.0224 2044 amdkmdap - ok
    06:09:42.0396 2044 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
    06:09:42.0396 2044 AmdPPM - ok
    06:09:42.0412 2044 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
    06:09:42.0427 2044 amdsata - ok
    06:09:42.0443 2044 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
    06:09:42.0443 2044 amdsbs - ok
    06:09:42.0474 2044 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
    06:09:42.0474 2044 amdxata - ok
    06:09:42.0536 2044 AODDriver4.01 - ok
    06:09:42.0552 2044 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
    06:09:42.0568 2044 AppID - ok
    06:09:42.0630 2044 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
    06:09:42.0646 2044 AppIDSvc - ok
    06:09:42.0661 2044 Appinfo (7dead9e3f65dcb2794f2711003bbf650) C:\Windows\System32\appinfo.dll
    06:09:42.0692 2044 Appinfo - ok
    06:09:42.0786 2044 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    06:09:42.0786 2044 Apple Mobile Device - ok
    06:09:42.0848 2044 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
    06:09:42.0848 2044 AppMgmt - ok
    06:09:42.0864 2044 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
    06:09:42.0880 2044 arc - ok
    06:09:42.0911 2044 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
    06:09:42.0926 2044 arcsas - ok
    06:09:42.0958 2044 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
    06:09:42.0973 2044 AsyncMac - ok
    06:09:43.0004 2044 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
    06:09:43.0004 2044 atapi - ok
    06:09:43.0082 2044 AtiHDAudioService (4d201d8b576be4473405b2a86a2d28b3) C:\Windows\system32\drivers\AtihdW73.sys
    06:09:43.0082 2044 AtiHDAudioService - ok
    06:09:43.0129 2044 AtiPcie (4ffe74e33bd9170950116f0ca46eac89) C:\Windows\system32\DRIVERS\AtiPcie.sys
    06:09:43.0129 2044 AtiPcie - ok
    06:09:43.0160 2044 AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
    06:09:43.0176 2044 AudioEndpointBuilder - ok
    06:09:43.0192 2044 Audiosrv (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
    06:09:43.0207 2044 Audiosrv - ok
    06:09:43.0254 2044 AxInstSV (dd6a431b43e34b91a767d1ce33728175) C:\Windows\System32\AxInstSV.dll
    06:09:43.0285 2044 AxInstSV - ok
    06:09:43.0301 2044 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
    06:09:43.0316 2044 b06bdrv - ok
    06:09:43.0348 2044 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
    06:09:43.0363 2044 b57nd60x - ok
    06:09:43.0379 2044 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
    06:09:43.0410 2044 BDESVC - ok
    06:09:43.0426 2044 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
    06:09:43.0472 2044 Beep - ok
    06:09:43.0597 2044 BFE (85ac71c045ceb054ed48a7841aae0c11) C:\Windows\System32\bfe.dll
    06:09:43.0613 2044 BFE - ok
    06:09:43.0675 2044 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
    06:09:43.0691 2044 blbdrive - ok
    06:09:43.0800 2044 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
    06:09:43.0816 2044 Bonjour Service - ok
    06:09:43.0862 2044 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
    06:09:43.0878 2044 bowser - ok
    06:09:43.0894 2044 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    06:09:43.0909 2044 BrFiltLo - ok
    06:09:43.0925 2044 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    06:09:43.0940 2044 BrFiltUp - ok
    06:09:44.0003 2044 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
    06:09:44.0018 2044 BridgeMP - ok
    06:09:44.0065 2044 Browser (598e1280e7ff3744f4b8329366cc5635) C:\Windows\System32\browser.dll
    06:09:44.0096 2044 Browser - ok
    06:09:44.0112 2044 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
    06:09:44.0112 2044 Brserid - ok
    06:09:44.0143 2044 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
    06:09:44.0159 2044 BrSerWdm - ok
    06:09:44.0159 2044 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
    06:09:44.0174 2044 BrUsbMdm - ok
    06:09:44.0174 2044 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
    06:09:44.0190 2044 BrUsbSer - ok
    06:09:44.0221 2044 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
    06:09:44.0237 2044 BTHMODEM - ok
    06:09:44.0252 2044 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
    06:09:44.0268 2044 bthserv - ok
    06:09:44.0393 2044 catchme - ok
    06:09:44.0408 2044 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
    06:09:44.0440 2044 cdfs - ok
    06:09:44.0471 2044 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
    06:09:44.0486 2044 cdrom - ok
    06:09:44.0549 2044 CertPropSvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
    06:09:44.0564 2044 CertPropSvc - ok
    06:09:44.0611 2044 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
    06:09:44.0611 2044 circlass - ok
    06:09:44.0642 2044 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
    06:09:44.0658 2044 CLFS - ok
    06:09:44.0767 2044 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    06:09:44.0783 2044 clr_optimization_v2.0.50727_32 - ok
    06:09:44.0876 2044 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    06:09:44.0892 2044 clr_optimization_v4.0.30319_32 - ok
    06:09:44.0892 2044 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
    06:09:44.0908 2044 CmBatt - ok
    06:09:44.0908 2044 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
    06:09:44.0923 2044 cmdide - ok
    06:09:45.0001 2044 CNG (db5e008b3744dd60c8498cbbf2a1cfa6) C:\Windows\system32\Drivers\cng.sys
    06:09:45.0032 2044 CNG - ok
    06:09:45.0048 2044 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
    06:09:45.0048 2044 Compbatt - ok
    06:09:45.0079 2044 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
    06:09:45.0095 2044 CompositeBus - ok
    06:09:45.0110 2044 COMSysApp - ok
    06:09:45.0188 2044 cpuz135 (26ce59f9fc8639fd7fed53ce3b785015) C:\Windows\system32\drivers\cpuz135_x32.sys
    06:09:45.0188 2044 cpuz135 - ok
    06:09:45.0204 2044 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
    06:09:45.0204 2044 crcdisk - ok
    06:09:45.0282 2044 CryptSvc (520a108a2657f4bca7fced9ca7d885de) C:\Windows\system32\cryptsvc.dll
    06:09:45.0298 2044 CryptSvc - ok
    06:09:45.0344 2044 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
    06:09:45.0376 2044 CSC - ok
    06:09:45.0438 2044 CscService (56fb5f222ea30d3d3fc459879772cb73) C:\Windows\System32\cscsvc.dll
    06:09:45.0454 2044 CscService - ok
    06:09:45.0500 2044 DcomLaunch (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
    06:09:45.0516 2044 DcomLaunch - ok
    06:09:45.0563 2044 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
    06:09:45.0594 2044 defragsvc - ok
    06:09:45.0688 2044 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
    06:09:45.0688 2044 DfsC - ok
    06:09:45.0734 2044 Dhcp (c56495fbd770712367cad35e5de72da6) C:\Windows\system32\dhcpcore.dll
    06:09:45.0750 2044 Dhcp - ok
    06:09:45.0844 2044 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
    06:09:45.0875 2044 discache - ok
    06:09:45.0922 2044 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
    06:09:45.0922 2044 Disk - ok
    06:09:45.0937 2044 Dnscache (b15be77a2bacf9c3177d27518afe26a9) C:\Windows\System32\dnsrslvr.dll
    06:09:45.0953 2044 Dnscache - ok
    06:09:45.0968 2044 dot3svc (4408c85c21eea48eb0ce486baeef0502) C:\Windows\System32\dot3svc.dll
    06:09:45.0984 2044 dot3svc - ok
    06:09:46.0000 2044 DPS (7fa81c6e11caa594adb52084da73a1e5) C:\Windows\system32\dps.dll
    06:09:46.0015 2044 DPS - ok
    06:09:46.0078 2044 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
    06:09:46.0093 2044 drmkaud - ok
    06:09:46.0124 2044 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
    06:09:46.0140 2044 DXGKrnl - ok
    06:09:46.0156 2044 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
    06:09:46.0187 2044 EapHost - ok
    06:09:46.0280 2044 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
    06:09:46.0343 2044 ebdrv - ok
    06:09:48.0293 2044 EFS (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\System32\lsass.exe
    06:09:48.0308 2044 EFS - ok
    06:09:48.0371 2044 ehRecvr (1697c39978cd69f6fbc15302edcece1f) C:\Windows\ehome\ehRecvr.exe
    06:09:48.0386 2044 ehRecvr - ok
    06:09:48.0433 2044 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
    06:09:48.0449 2044 ehSched - ok
    06:09:48.0527 2044 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
    06:09:48.0542 2044 elxstor - ok
    06:09:48.0589 2044 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
    06:09:48.0589 2044 ErrDev - ok
    06:09:48.0636 2044 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
    06:09:48.0667 2044 EventSystem - ok
    06:09:48.0667 2044 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
    06:09:48.0683 2044 exfat - ok
    06:09:48.0730 2044 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
    06:09:48.0761 2044 fastfat - ok
    06:09:48.0776 2044 Fax (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\Windows\system32\fxssvc.exe
    06:09:48.0792 2044 Fax - ok
    06:09:48.0808 2044 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
    06:09:48.0823 2044 fdc - ok
    06:09:48.0901 2044 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
    06:09:48.0932 2044 fdPHost - ok
    06:09:48.0964 2044 fdrawcmd - ok
    06:09:49.0010 2044 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
    06:09:49.0026 2044 FDResPub - ok
    06:09:49.0042 2044 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
    06:09:49.0042 2044 FileInfo - ok
    06:09:49.0042 2044 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
    06:09:49.0057 2044 Filetrace - ok
    06:09:49.0135 2044 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    06:09:49.0166 2044 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
    06:09:49.0166 2044 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
    06:09:49.0182 2044 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
    06:09:49.0198 2044 flpydisk - ok
    06:09:49.0229 2044 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
    06:09:49.0229 2044 FltMgr - ok
    06:09:49.0276 2044 FontCache (7fe4995528a7529a761875151ee3d512) C:\Windows\system32\FntCache.dll
    06:09:49.0307 2044 FontCache - ok
    06:09:49.0385 2044 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    06:09:49.0385 2044 FontCache3.0.0.0 - ok
    06:09:49.0400 2044 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
    06:09:49.0400 2044 FsDepends - ok
    06:09:49.0447 2044 Fs_Rec (500a9814fd9446a8126858a5a7f7d273) C:\Windows\system32\drivers\Fs_Rec.sys
    06:09:49.0447 2044 Fs_Rec - ok
    06:09:49.0510 2044 FTDIBUS (aae37f0f2f613218dce17b42a18c38db) C:\Windows\system32\drivers\ftdibus.sys
    06:09:49.0510 2044 FTDIBUS - ok
    06:09:49.0541 2044 FTSER2K (48bfd1ba45c9c9e7ab339e25abfba1d2) C:\Windows\system32\drivers\ftser2k.sys
    06:09:49.0556 2044 FTSER2K - ok
    06:09:49.0603 2044 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
    06:09:49.0619 2044 fvevol - ok
    06:09:49.0634 2044 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
    06:09:49.0634 2044 gagp30kx - ok
    06:09:49.0697 2044 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    06:09:49.0697 2044 GEARAspiWDM - ok
    06:09:49.0759 2044 gpsvc (8ba3c04702bf8f927ab36ae8313ca4ee) C:\Windows\System32\gpsvc.dll
    06:09:49.0775 2044 gpsvc - ok
    06:09:49.0822 2044 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
    06:09:49.0837 2044 hcw85cir - ok
    06:09:49.0884 2044 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
    06:09:49.0900 2044 HdAudAddService - ok
    06:09:49.0915 2044 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
    06:09:49.0931 2044 HDAudBus - ok
    06:09:49.0978 2044 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
    06:09:49.0978 2044 HidBatt - ok
    06:09:50.0009 2044 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
    06:09:50.0009 2044 HidBth - ok
    06:09:50.0040 2044 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
    06:09:50.0056 2044 HidIr - ok
    06:09:50.0071 2044 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
    06:09:50.0087 2044 hidserv - ok
    06:09:50.0118 2044 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
    06:09:50.0134 2044 HidUsb - ok
    06:09:50.0165 2044 hkmsvc (741c2a45ca8407e374aaba3e330b7872) C:\Windows\system32\kmsvc.dll
    06:09:50.0180 2044 hkmsvc - ok
    06:09:50.0196 2044 HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\Windows\system32\ListSvc.dll
    06:09:50.0212 2044 HomeGroupListener - ok
    06:09:50.0258 2044 HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\Windows\system32\provsvc.dll
    06:09:50.0290 2044 HomeGroupProvider - ok
    06:09:50.0305 2044 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
    06:09:50.0321 2044 HpSAMD - ok
    06:09:50.0352 2044 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
    06:09:50.0368 2044 HTTP - ok
    06:09:50.0383 2044 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
    06:09:50.0399 2044 hwpolicy - ok
    06:09:50.0399 2044 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
    06:09:50.0414 2044 i8042prt - ok
    06:09:50.0461 2044 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
    06:09:50.0477 2044 iaStorV - ok
    06:09:50.0602 2044 idsvc (5af815eb5bc9802e5a064e2ba62bfc0c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    06:09:50.0617 2044 idsvc - ok
    06:09:50.0664 2044 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
    06:09:50.0664 2044 iirsp - ok
    06:09:51.0444 2044 IKEEXT (fac0ee6562b121b1399d6e855583f7a5) C:\Windows\System32\ikeext.dll
    06:09:51.0491 2044 IKEEXT - ok
    06:09:51.0678 2044 IntcAzAudAddService (460ab663158db7cc24e04ddc02fba687) C:\Windows\system32\drivers\RTKVHDA.sys
    06:09:51.0756 2044 IntcAzAudAddService - ok
    06:09:53.0597 2044 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
    06:09:53.0597 2044 intelide - ok
    06:09:53.0628 2044 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
    06:09:53.0628 2044 intelppm - ok
    06:09:53.0644 2044 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
    06:09:53.0675 2044 IPBusEnum - ok
    06:09:53.0690 2044 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    06:09:53.0706 2044 IpFilterDriver - ok
    06:09:53.0800 2044 iphlpsvc (477397b432a256a50ee7e4339eb9ea14) C:\Windows\System32\iphlpsvc.dll
    06:09:53.0831 2044 iphlpsvc - ok
    06:09:53.0846 2044 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
    06:09:53.0862 2044 IPMIDRV - ok
    06:09:53.0878 2044 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
    06:09:53.0909 2044 IPNAT - ok
    06:09:53.0987 2044 iPod Service (ce004777b92dea56fe14ec900d20baa4) C:\Program Files\iPod\bin\iPodService.exe
    06:09:54.0002 2044 iPod Service - ok
    06:09:54.0018 2044 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
    06:09:54.0018 2044 IRENUM - ok
    06:09:54.0080 2044 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
    06:09:54.0080 2044 isapnp - ok
    06:09:54.0096 2044 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
    06:09:54.0112 2044 iScsiPrt - ok
    06:09:54.0127 2044 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
    06:09:54.0143 2044 kbdclass - ok
    06:09:54.0143 2044 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
    06:09:54.0174 2044 kbdhid - ok
    06:09:54.0236 2044 KeyIso (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
    06:09:54.0236 2044 KeyIso - ok
    06:09:54.0283 2044 KSecDD (52fc17c8589f11747d01d3cf592673d0) C:\Windows\system32\Drivers\ksecdd.sys
    06:09:54.0299 2044 KSecDD - ok
    06:09:54.0314 2044 KSecPkg (3e5474b03568cfab834da3c38e8c9efa) C:\Windows\system32\Drivers\ksecpkg.sys
    06:09:54.0330 2044 KSecPkg - ok
    06:09:54.0377 2044 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
    06:09:54.0392 2044 KtmRm - ok
    06:09:54.0455 2044 LanmanServer (8f6bf790d3168224c16f2af68a84438c) C:\Windows\System32\srvsvc.dll
    06:09:54.0470 2044 LanmanServer - ok
    06:09:54.0720 2044 LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\Windows\System32\wkssvc.dll
    06:09:54.0736 2044 LanmanWorkstation - ok
    06:09:54.0985 2044 LeapFrog Connect Device Service (3c879d04bb6466e2853c3155b635cc45) C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
    06:09:55.0094 2044 LeapFrog Connect Device Service - ok
    06:09:56.0888 2044 LeapFrog-USBLAN (5cffda921fe0c9e9ebde3150d3c81594) C:\Windows\system32\DRIVERS\btblan.sys
    06:09:56.0904 2044 LeapFrog-USBLAN - ok
    06:09:56.0966 2044 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
    06:09:56.0982 2044 lltdio - ok
    06:09:57.0013 2044 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
    06:09:57.0029 2044 lltdsvc - ok
    06:09:57.0044 2044 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
    06:09:57.0060 2044 lmhosts - ok
    06:09:57.0107 2044 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
    06:09:57.0122 2044 LSI_FC - ok
    06:09:57.0138 2044 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
    06:09:57.0154 2044 LSI_SAS - ok
    06:09:57.0232 2044 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    06:09:57.0247 2044 LSI_SAS2 - ok
    06:09:57.0263 2044 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    06:09:57.0278 2044 LSI_SCSI - ok
    06:09:57.0497 2044 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
    06:09:57.0528 2044 luafv - ok
    06:09:57.0575 2044 Mcx2Svc (e2b0887816ed336685954e3d8fdaa51d) C:\Windows\system32\Mcx2Svc.dll
    06:09:57.0575 2044 Mcx2Svc - ok
    06:09:57.0590 2044 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
    06:09:57.0590 2044 megasas - ok
    06:09:57.0622 2044 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
    06:09:57.0637 2044 MegaSR - ok
    06:09:57.0700 2044 Microsoft SharePoint Workspace Audit Service - ok
    06:09:57.0715 2044 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
    06:09:57.0762 2044 MMCSS - ok
    06:09:57.0762 2044 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
    06:09:57.0809 2044 Modem - ok
    06:09:57.0856 2044 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
    06:09:57.0871 2044 monitor - ok
    06:09:57.0918 2044 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
    06:09:57.0918 2044 mouclass - ok
    06:09:57.0934 2044 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
    06:09:57.0949 2044 mouhid - ok
    06:09:57.0965 2044 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
    06:09:57.0980 2044 mountmgr - ok
    06:09:58.0043 2044 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    06:09:58.0043 2044 MozillaMaintenance - ok
    06:09:58.0136 2044 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
    06:09:58.0152 2044 MpFilter - ok
    06:09:58.0168 2044 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
    06:09:58.0183 2044 mpio - ok
    06:09:58.0308 2044 MpKsl5ca33218 (a69630d039c38018689190234f866d77) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8F626BB0-D35A-4231-A3FA-012AB081C7A4}\MpKsl5ca33218.sys
    06:09:58.0324 2044 MpKsl5ca33218 - ok
    06:09:58.0386 2044 MpKsl5f2e2afa (a69630d039c38018689190234f866d77) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8F626BB0-D35A-4231-A3FA-012AB081C7A4}\MpKsl5f2e2afa.sys
    06:09:58.0386 2044 Suspicious file (Forged): C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8F626BB0-D35A-4231-A3FA-012AB081C7A4}\MpKsl5f2e2afa.sys. Real md5: a69630d039c38018689190234f866d77, Fake md5: 4137ee420481d10734da3018d0325582
    06:09:58.0386 2044 MpKsl5f2e2afa ( ForgedFile.Multi.Generic ) - warning
    06:09:58.0386 2044 MpKsl5f2e2afa - detected ForgedFile.Multi.Generic (1)
    06:09:58.0417 2044 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
    06:09:58.0448 2044 mpsdrv - ok
    06:09:58.0464 2044 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
    06:09:58.0495 2044 MRxDAV - ok
    06:09:58.0526 2044 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
    06:09:58.0542 2044 mrxsmb - ok
    06:09:58.0573 2044 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    06:09:58.0589 2044 mrxsmb10 - ok
    06:09:58.0604 2044 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    06:09:58.0604 2044 mrxsmb20 - ok
    06:09:58.0651 2044 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
    06:09:58.0651 2044 msahci - ok
    06:09:58.0667 2044 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
    06:09:58.0682 2044 msdsm - ok
    06:09:58.0698 2044 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
    06:09:58.0714 2044 MSDTC - ok
    06:09:58.0792 2044 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
    06:09:58.0823 2044 Msfs - ok
    06:09:58.0838 2044 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
    06:09:58.0854 2044 mshidkmdf - ok
    06:09:58.0870 2044 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
    06:09:58.0885 2044 msisadrv - ok
    06:09:58.0901 2044 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
    06:09:58.0932 2044 MSiSCSI - ok
    06:09:58.0932 2044 msiserver - ok
    06:09:58.0948 2044 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
    06:09:58.0963 2044 MSKSSRV - ok
    06:09:59.0041 2044 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    06:09:59.0057 2044 MsMpSvc - ok
    06:09:59.0088 2044 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
    06:09:59.0119 2044 MSPCLOCK - ok
    06:09:59.0150 2044 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
    06:09:59.0166 2044 MSPQM - ok
    06:09:59.0182 2044 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
    06:09:59.0182 2044 MsRPC - ok
    06:09:59.0228 2044 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
    06:09:59.0228 2044 mssmbios - ok
    06:09:59.0244 2044 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
    06:09:59.0260 2044 MSTEE - ok
    06:09:59.0275 2044 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
    06:09:59.0275 2044 MTConfig - ok
    06:09:59.0306 2044 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
    06:09:59.0306 2044 Mup - ok
    06:09:59.0369 2044 napagent (80284f1985c70c86f0b5f86da2dfe1df) C:\Windows\system32\qagentRT.dll
    06:09:59.0400 2044 napagent - ok
    06:09:59.0447 2044 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
    06:09:59.0462 2044 NativeWifiP - ok
    06:09:59.0525 2044 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
    06:09:59.0540 2044 NDIS - ok
    06:09:59.0587 2044 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
    06:09:59.0603 2044 NdisCap - ok
    06:09:59.0618 2044 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
    06:09:59.0634 2044 NdisTapi - ok
    06:09:59.0665 2044 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
    06:09:59.0681 2044 Ndisuio - ok
    06:09:59.0712 2044 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
    06:09:59.0728 2044 NdisWan - ok
    06:09:59.0743 2044 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
    06:09:59.0759 2044 NDProxy - ok
    06:09:59.0899 2044 Nero BackItUp Scheduler 3 (2aae889742376edc5c3203dfb74f28fd) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    06:09:59.0915 2044 Nero BackItUp Scheduler 3 - ok
    06:09:59.0946 2044 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
    06:09:59.0977 2044 NetBIOS - ok
    06:10:00.0008 2044 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
    06:10:00.0040 2044 NetBT - ok
    06:10:00.0055 2044 Netlogon (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
    06:10:00.0071 2044 Netlogon - ok
    06:10:00.0149 2044 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
    06:10:00.0180 2044 Netman - ok
    06:10:00.0196 2044 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
    06:10:00.0227 2044 netprofm - ok
    06:10:00.0320 2044 NetTcpPortSharing (fe2aa5a684b0dd9b1fae57b7817c198b) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    06:10:00.0320 2044 NetTcpPortSharing - ok
    06:10:00.0367 2044 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
    06:10:00.0383 2044 nfrd960 - ok
    06:10:00.0398 2044 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    06:10:00.0398 2044 NisDrv - ok
    06:10:00.0461 2044 NisSrv (290c0d4c4889398797f8df3be00b9698) C:\Program Files\Microsoft Security Client\NisSrv.exe
    06:10:00.0461 2044 NisSrv - ok
    06:10:00.0523 2044 NlaSvc (2226496e34bd40734946a054b1cd657f) C:\Windows\System32\nlasvc.dll
    06:10:00.0570 2044 NlaSvc - ok
    06:10:00.0664 2044 NMIndexingService (cb992ae1506985d9167e85883b4c3240) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    06:10:00.0679 2044 NMIndexingService - ok
    06:10:00.0695 2044 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
    06:10:00.0710 2044 Npfs - ok
    06:10:00.0726 2044 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
    06:10:00.0742 2044 nsi - ok
    06:10:00.0757 2044 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
    06:10:00.0788 2044 nsiproxy - ok
    06:10:00.0851 2044 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
    06:10:00.0882 2044 Ntfs - ok
    06:10:00.0913 2044 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
    06:10:00.0944 2044 Null - ok
    06:10:00.0976 2044 nusb3hub (bad636ee7ff5bf539854bba33868efc2) C:\Windows\system32\DRIVERS\nusb3hub.sys
    06:10:01.0007 2044 nusb3hub - ok
    06:10:01.0054 2044 nusb3xhc (dfafdc3051e04ffafddc4872394c1fc8) C:\Windows\system32\DRIVERS\nusb3xhc.sys
    06:10:01.0069 2044 nusb3xhc - ok
    06:10:01.0116 2044 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
    06:10:01.0132 2044 nvraid - ok
    06:10:01.0132 2044 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
    06:10:01.0147 2044 nvstor - ok
    06:10:01.0178 2044 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
    06:10:01.0194 2044 nv_agp - ok
    06:10:01.0210 2044 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
    06:10:01.0210 2044 ohci1394 - ok
    06:10:01.0303 2044 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    06:10:01.0303 2044 ose - ok
    06:10:01.0475 2044 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    06:10:01.0568 2044 osppsvc - ok
    06:10:03.0285 2044 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
    06:10:03.0300 2044 p2pimsvc - ok
    06:10:03.0316 2044 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
    06:10:03.0331 2044 p2psvc - ok
    06:10:03.0378 2044 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
    06:10:03.0394 2044 Parport - ok
    06:10:03.0441 2044 partmgr (66d3415c159741ade7038a277efff99f) C:\Windows\system32\drivers\partmgr.sys
    06:10:03.0441 2044 partmgr - ok
    06:10:03.0456 2044 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
    06:10:03.0472 2044 Parvdm - ok
    06:10:03.0487 2044 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
    06:10:03.0519 2044 PcaSvc - ok
    06:10:03.0909 2044 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
    06:10:03.0909 2044 pci - ok
    06:10:03.0924 2044 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
    06:10:03.0924 2044 pciide - ok
    06:10:03.0940 2044 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
    06:10:03.0955 2044 pcmcia - ok
    06:10:03.0971 2044 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
    06:10:03.0971 2044 pcw - ok
    06:10:04.0002 2044 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
    06:10:04.0033 2044 PEAUTH - ok
    06:10:04.0080 2044 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
    06:10:04.0111 2044 PeerDistSvc - ok
    06:10:04.0174 2044 pla (9c1bff7910c89a1d12e57343475840cb) C:\Windows\system32\pla.dll
    06:10:04.0221 2044 pla - ok
    06:10:05.0921 2044 PLFlash DeviceIoControl Service (875e4e0661f3a5994df9e5e3a0a4f96b) C:\Windows\system32\IoctlSvc.exe
    06:10:05.0921 2044 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
    06:10:05.0921 2044 PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
    06:10:05.0983 2044 PlugPlay (71def5ec79774c798342d0ea16e41780) C:\Windows\system32\umpnpmgr.dll
    06:10:05.0999 2044 PlugPlay - ok
    06:10:06.0015 2044 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
    06:10:06.0030 2044 PNRPAutoReg - ok
    06:10:06.0061 2044 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
    06:10:06.0077 2044 PNRPsvc - ok
    06:10:06.0093 2044 PolicyAgent (48e1b75c6dc0232fd92baae4bd344721) C:\Windows\System32\ipsecsvc.dll
    06:10:06.0124 2044 PolicyAgent - ok
    06:10:06.0155 2044 Power (dbff83f709a91049621c1d35dd45c92c) C:\Windows\system32\umpo.dll
    06:10:06.0171 2044 Power - ok
    06:10:06.0233 2044 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
    06:10:06.0249 2044 PptpMiniport - ok
    06:10:06.0295 2044 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
    06:10:06.0311 2044 Processor - ok
    06:10:06.0342 2044 ProfSvc (aea3bdbdba667aa6f678cb38907e4f5e) C:\Windows\system32\profsvc.dll
    06:10:06.0358 2044 ProfSvc - ok
    06:10:06.0389 2044 ProtectedStorage (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
    06:10:06.0389 2044 ProtectedStorage - ok
    06:10:06.0451 2044 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
    06:10:06.0467 2044 Psched - ok
    06:10:06.0545 2044 PSI_SVC_2 (543a4ef0923bf70d126625b034ef25af) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    06:10:06.0561 2044 PSI_SVC_2 - ok
    06:10:06.0607 2044 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
    06:10:06.0639 2044 ql2300 - ok
    06:10:08.0339 2044 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
    06:10:08.0355 2044 ql40xx - ok
    06:10:08.0401 2044 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
    06:10:08.0433 2044 QWAVE - ok
    06:10:08.0479 2044 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
    06:10:08.0479 2044 QWAVEdrv - ok
    06:10:08.0495 2044 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
    06:10:08.0526 2044 RasAcd - ok
    06:10:08.0557 2044 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
    06:10:08.0573 2044 RasAgileVpn - ok
    06:10:08.0604 2044 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
    06:10:08.0620 2044 RasAuto - ok
    06:10:08.0682 2044 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
    06:10:08.0713 2044 Rasl2tp - ok
    06:10:08.0745 2044 RasMan (0ce66ec736b7fc526d78f7624c7d2a94) C:\Windows\System32\rasmans.dll
    06:10:08.0760 2044 RasMan - ok
    06:10:08.0807 2044 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
    06:10:08.0823 2044 RasPppoe - ok
    06:10:08.0854 2044 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
    06:10:08.0869 2044 RasSstp - ok
    06:10:08.0885 2044 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
    06:10:08.0916 2044 rdbss - ok
    06:10:08.0963 2044 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
    06:10:08.0979 2044 rdpbus - ok
    06:10:08.0979 2044 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
    06:10:09.0010 2044 RDPCDD - ok
    06:10:09.0041 2044 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
    06:10:09.0057 2044 RDPDR - ok
    06:10:09.0103 2044 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
    06:10:09.0119 2044 RDPENCDD - ok
    06:10:09.0119 2044 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
    06:10:09.0135 2044 RDPREFMP - ok
    06:10:09.0181 2044 RDPWD (c5b8d47a4688de9d335204ea757c2240) C:\Windows\system32\drivers\RDPWD.sys
    06:10:09.0197 2044 RDPWD - ok
    06:10:09.0228 2044 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
    06:10:09.0244 2044 rdyboost - ok
    06:10:09.0244 2044 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
    06:10:09.0275 2044 RemoteAccess - ok
    06:10:09.0291 2044 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
    06:10:09.0306 2044 RemoteRegistry - ok
    06:10:09.0353 2044 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
    06:10:09.0369 2044 RpcEptMapper - ok
    06:10:09.0431 2044 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
    06:10:09.0431 2044 RpcLocator - ok
    06:10:09.0478 2044 RpcSs (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
    06:10:09.0493 2044 RpcSs - ok
    06:10:09.0540 2044 RRAANXGN (c9b18abe9063a33e77f6be81cc8df0c5) C:\Windows\srvany.exe
    06:10:09.0540 2044 RRAANXGN ( UnsignedFile.Multi.Generic ) - warning
    06:10:09.0540 2044 RRAANXGN - detected UnsignedFile.Multi.Generic (1)
    06:10:09.0556 2044 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
    06:10:09.0571 2044 rspndr - ok
    06:10:09.0618 2044 RTHDMIAzAudService (4e406227a7b15385047f96ea3dc63eee) C:\Windows\system32\drivers\RtHDMIV.sys
    06:10:09.0634 2044 RTHDMIAzAudService - ok
    06:10:09.0712 2044 RTL8167 (3849d5d73bdd9b7bc4e3305ddc345b2c) C:\Windows\system32\DRIVERS\Rt86win7.sys
    06:10:09.0727 2044 RTL8167 - ok
     
  12. Rob Thie

    Rob Thie Newcomer, in training Topic Starter

    06:10:09.0743 2044 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
    06:10:09.0759 2044 s3cap - ok
    06:10:09.0774 2044 SamSs (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
    06:10:09.0790 2044 SamSs - ok
    06:10:09.0837 2044 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
    06:10:09.0837 2044 sbp2port - ok
    06:10:09.0852 2044 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
    06:10:09.0868 2044 SCardSvr - ok
    06:10:09.0899 2044 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
    06:10:09.0915 2044 scfilter - ok
    06:10:09.0946 2044 Schedule (df1e5c82e4d09cf8105cc644980c4803) C:\Windows\system32\schedsvc.dll
    06:10:09.0993 2044 Schedule - ok
    06:10:10.0008 2044 SCPolicySvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
    06:10:10.0024 2044 SCPolicySvc - ok
    06:10:10.0055 2044 SDRSVC (5fd90abdbfaee85986802622cbb03446) C:\Windows\System32\SDRSVC.dll
    06:10:10.0071 2044 SDRSVC - ok
    06:10:10.0086 2044 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    06:10:10.0117 2044 secdrv - ok
    06:10:10.0133 2044 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
    06:10:10.0164 2044 seclogon - ok
    06:10:10.0180 2044 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
    06:10:10.0195 2044 SENS - ok
    06:10:10.0227 2044 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
    06:10:10.0227 2044 SensrSvc - ok
    06:10:10.0258 2044 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
    06:10:10.0258 2044 Serenum - ok
    06:10:10.0289 2044 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
    06:10:10.0305 2044 Serial - ok
    06:10:10.0320 2044 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
    06:10:10.0336 2044 sermouse - ok
    06:10:10.0367 2044 SessionEnv (8f55ce568c543d5adf45c409d16718fc) C:\Windows\system32\sessenv.dll
    06:10:10.0383 2044 SessionEnv - ok
    06:10:10.0429 2044 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
    06:10:10.0445 2044 sffdisk - ok
    06:10:10.0461 2044 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
    06:10:10.0476 2044 sffp_mmc - ok
    06:10:10.0492 2044 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
    06:10:10.0507 2044 sffp_sd - ok
    06:10:10.0539 2044 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
    06:10:10.0554 2044 sfloppy - ok
    06:10:10.0632 2044 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
    06:10:10.0648 2044 SharedAccess - ok
    06:10:10.0679 2044 ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\Windows\System32\shsvcs.dll
    06:10:10.0695 2044 ShellHWDetection - ok
    06:10:10.0710 2044 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
    06:10:10.0710 2044 sisagp - ok
    06:10:10.0726 2044 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    06:10:10.0726 2044 SiSRaid2 - ok
    06:10:10.0741 2044 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
    06:10:10.0741 2044 SiSRaid4 - ok
    06:10:10.0741 2044 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
    06:10:10.0757 2044 Smb - ok
    06:10:10.0804 2044 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
    06:10:10.0804 2044 SNMPTRAP - ok
    06:10:10.0851 2044 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
    06:10:10.0866 2044 spldr - ok
    06:10:10.0882 2044 Spooler (d1bb750eb51694de183e08b9c33be5b2) C:\Windows\System32\spoolsv.exe
    06:10:10.0897 2044 Spooler - ok
    06:10:10.0991 2044 sppsvc (4c287f9069fedbd791178876ee9de536) C:\Windows\system32\sppsvc.exe
    06:10:11.0053 2044 sppsvc - ok
    06:10:12.0707 2044 sppuinotify (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\Windows\system32\sppuinotify.dll
    06:10:12.0723 2044 sppuinotify - ok
    06:10:12.0816 2044 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
    06:10:12.0832 2044 srv - ok
    06:10:12.0863 2044 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
    06:10:12.0863 2044 srv2 - ok
    06:10:12.0910 2044 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
    06:10:12.0925 2044 srvnet - ok
    06:10:12.0957 2044 sscdbus (d5dffeaa1e15d4effabb9d9a3068ac5b) C:\Windows\system32\DRIVERS\sscdbus.sys
    06:10:12.0972 2044 sscdbus - ok
    06:10:13.0003 2044 sscdmdfl (8a1be0c347814f482f493aea619d57f6) C:\Windows\system32\DRIVERS\sscdmdfl.sys
    06:10:13.0003 2044 sscdmdfl - ok
    06:10:13.0019 2044 sscdmdm (5ab0b1987f682a59b15b78f84c6ad7d0) C:\Windows\system32\DRIVERS\sscdmdm.sys
    06:10:13.0035 2044 sscdmdm - ok
    06:10:13.0066 2044 sscdserd (751e66eb32efa80633b80f5d7ff0a1d8) C:\Windows\system32\DRIVERS\sscdserd.sys
    06:10:13.0066 2044 sscdserd - ok
    06:10:13.0097 2044 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
    06:10:13.0113 2044 SSDPSRV - ok
    06:10:13.0128 2044 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
    06:10:13.0144 2044 SstpSvc - ok
    06:10:13.0159 2044 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
    06:10:13.0175 2044 stexstor - ok
    06:10:13.0206 2044 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
    06:10:13.0222 2044 StillCam - ok
    06:10:13.0253 2044 StiSvc (a22825e7bb7018e8af3e229a5af17221) C:\Windows\System32\wiaservc.dll
    06:10:13.0284 2044 StiSvc - ok
    06:10:13.0300 2044 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
    06:10:13.0315 2044 storflt - ok
    06:10:13.0331 2044 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
    06:10:13.0347 2044 storvsc - ok
    06:10:13.0378 2044 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
    06:10:13.0393 2044 swenum - ok
    06:10:13.0425 2044 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
    06:10:13.0440 2044 swprv - ok
    06:10:13.0503 2044 SysMain (04105c8da62353589c29bdaeb8d88bd8) C:\Windows\system32\sysmain.dll
    06:10:13.0549 2044 SysMain - ok
    06:10:13.0565 2044 TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\Windows\System32\TabSvc.dll
    06:10:13.0596 2044 TabletInputService - ok
    06:10:13.0643 2044 TapiSrv (2f46b0c70a4adc8c90cf825da3b4feaf) C:\Windows\System32\tapisrv.dll
    06:10:13.0659 2044 TapiSrv - ok
    06:10:13.0799 2044 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
    06:10:13.0830 2044 TBS - ok
    06:10:13.0908 2044 Tcpip (55e9965552741f3850cb22cbba9671ed) C:\Windows\system32\drivers\tcpip.sys
    06:10:13.0955 2044 Tcpip - ok
    06:10:13.0971 2044 TCPIP6 (55e9965552741f3850cb22cbba9671ed) C:\Windows\system32\DRIVERS\tcpip.sys
    06:10:13.0986 2044 TCPIP6 - ok
    06:10:14.0017 2044 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
    06:10:14.0033 2044 tcpipreg - ok
    06:10:14.0049 2044 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
    06:10:14.0049 2044 TDPIPE - ok
    06:10:14.0095 2044 TDTCP (7156308896d34ea75a582f9a09e50c17) C:\Windows\system32\drivers\tdtcp.sys
    06:10:14.0111 2044 TDTCP - ok
    06:10:14.0127 2044 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
    06:10:14.0142 2044 tdx - ok
    06:10:14.0173 2044 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
    06:10:14.0189 2044 TermDD - ok
    06:10:14.0220 2044 TermService (a01e50a04d7b1960b33e92b9080e6a94) C:\Windows\System32\termsrv.dll
    06:10:14.0236 2044 TermService - ok
    06:10:14.0267 2044 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
    06:10:14.0283 2044 Themes - ok
    06:10:14.0298 2044 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
    06:10:14.0314 2044 THREADORDER - ok
    06:10:14.0376 2044 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
    06:10:14.0392 2044 TrkWks - ok
    06:10:14.0439 2044 TrustedInstaller (41a4c781d2286208d397d72099304133) C:\Windows\servicing\TrustedInstaller.exe
    06:10:14.0439 2044 TrustedInstaller - ok
    06:10:14.0470 2044 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
    06:10:14.0485 2044 tssecsrv - ok
    06:10:14.0517 2044 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
    06:10:14.0548 2044 tunnel - ok
    06:10:14.0563 2044 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
    06:10:14.0579 2044 uagp35 - ok
    06:10:14.0610 2044 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
    06:10:14.0626 2044 udfs - ok
    06:10:14.0735 2044 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
    06:10:14.0751 2044 UI0Detect - ok
    06:10:14.0766 2044 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
    06:10:14.0766 2044 uliagpkx - ok
    06:10:14.0813 2044 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
    06:10:14.0813 2044 umbus - ok
    06:10:14.0829 2044 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
    06:10:14.0844 2044 UmPass - ok
    06:10:14.0860 2044 UmRdpService (8ecaca5454844f66386f7be4ae0d7cd1) C:\Windows\System32\umrdp.dll
    06:10:14.0875 2044 UmRdpService - ok
    06:10:14.0907 2044 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
    06:10:14.0938 2044 upnphost - ok
    06:10:14.0969 2044 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
    06:10:14.0985 2044 USBAAPL - ok
    06:10:15.0016 2044 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys
    06:10:15.0016 2044 usbccgp - ok
    06:10:15.0031 2044 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
    06:10:15.0047 2044 usbcir - ok
    06:10:15.0172 2044 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys
    06:10:15.0187 2044 usbehci - ok
    06:10:15.0234 2044 usbfilter (56e89c8e05a987a49ffa595428fb9767) C:\Windows\system32\DRIVERS\usbfilter.sys
    06:10:15.0234 2044 usbfilter - ok
    06:10:15.0265 2044 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
    06:10:15.0281 2044 usbhub - ok
    06:10:15.0328 2044 USBNET (64d91cb46928af2924eb0a98e0767c70) C:\Windows\system32\DRIVERS\vnetusbl.sys
    06:10:15.0343 2044 USBNET - ok
    06:10:15.0390 2044 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\DRIVERS\usbohci.sys
    06:10:15.0406 2044 usbohci - ok
    06:10:15.0421 2044 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
    06:10:15.0421 2044 usbprint - ok
    06:10:15.0453 2044 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    06:10:15.0468 2044 USBSTOR - ok
    06:10:15.0484 2044 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\drivers\usbuhci.sys
    06:10:15.0515 2044 usbuhci - ok
    06:10:15.0531 2044 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
    06:10:15.0546 2044 UxSms - ok
    06:10:15.0593 2044 VaultSvc (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
    06:10:15.0593 2044 VaultSvc - ok
    06:10:15.0609 2044 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
    06:10:15.0624 2044 vdrvroot - ok
    06:10:15.0655 2044 vds (8c4e7c49d3641bc9e299e466a7f8867d) C:\Windows\System32\vds.exe
    06:10:15.0671 2044 vds - ok
    06:10:15.0718 2044 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
    06:10:15.0733 2044 vga - ok
    06:10:15.0749 2044 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
    06:10:15.0780 2044 VgaSave - ok
    06:10:15.0811 2044 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
    06:10:15.0827 2044 vhdmp - ok
    06:10:15.0827 2044 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
    06:10:15.0843 2044 viaagp - ok
    06:10:15.0843 2044 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
    06:10:15.0858 2044 ViaC7 - ok
    06:10:15.0889 2044 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
    06:10:15.0889 2044 viaide - ok
    06:10:15.0921 2044 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
    06:10:15.0936 2044 vmbus - ok
    06:10:15.0983 2044 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
    06:10:15.0999 2044 VMBusHID - ok
    06:10:16.0045 2044 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
    06:10:16.0061 2044 volmgr - ok
    06:10:16.0108 2044 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
    06:10:16.0108 2044 volmgrx - ok
    06:10:16.0123 2044 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
    06:10:16.0139 2044 volsnap - ok
    06:10:16.0186 2044 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
    06:10:16.0186 2044 vsmraid - ok
    06:10:16.0217 2044 VSS (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\Windows\system32\vssvc.exe
    06:10:16.0248 2044 VSS - ok
    06:10:16.0264 2044 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
    06:10:16.0264 2044 vwifibus - ok
    06:10:16.0326 2044 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
    06:10:16.0357 2044 W32Time - ok
    06:10:16.0389 2044 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
    06:10:16.0404 2044 WacomPen - ok
    06:10:16.0420 2044 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
    06:10:16.0451 2044 WANARP - ok
    06:10:16.0467 2044 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
    06:10:16.0482 2044 Wanarpv6 - ok
    06:10:16.0576 2044 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
    06:10:16.0607 2044 WatAdminSvc - ok
    06:10:16.0654 2044 wbengine (7790b77fe1e5ee47dcc66247095bb4c9) C:\Windows\system32\wbengine.exe
    06:10:16.0685 2044 wbengine - ok
    06:10:16.0701 2044 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
    06:10:16.0732 2044 WbioSrvc - ok
    06:10:16.0779 2044 wcncsvc (6d9b75275c3e3a5f51aef81affadb2b6) C:\Windows\System32\wcncsvc.dll
    06:10:16.0779 2044 wcncsvc - ok
    06:10:16.0794 2044 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
    06:10:16.0810 2044 WcsPlugInService - ok
    06:10:16.0872 2044 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
    06:10:16.0872 2044 Wd - ok
    06:10:16.0919 2044 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
    06:10:16.0919 2044 WDC_SAM - ok
    06:10:16.0935 2044 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
    06:10:16.0950 2044 Wdf01000 - ok
    06:10:16.0966 2044 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
    06:10:16.0981 2044 WdiServiceHost - ok
    06:10:16.0981 2044 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
    06:10:16.0997 2044 WdiSystemHost - ok
    06:10:17.0013 2044 WebClient (bb5ec38f8d4600119b4720bc5d4211f1) C:\Windows\System32\webclnt.dll
    06:10:17.0044 2044 WebClient - ok
    06:10:17.0091 2044 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
    06:10:17.0106 2044 Wecsvc - ok
    06:10:17.0137 2044 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
    06:10:17.0169 2044 wercplsupport - ok
    06:10:17.0231 2044 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
    06:10:17.0247 2044 WerSvc - ok
    06:10:17.0278 2044 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
    06:10:17.0309 2044 WfpLwf - ok
    06:10:17.0309 2044 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
    06:10:17.0325 2044 WIMMount - ok
    06:10:17.0449 2044 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
    06:10:17.0465 2044 WinDefend - ok
    06:10:17.0465 2044 WinHttpAutoProxySvc - ok
    06:10:17.0527 2044 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
    06:10:17.0543 2044 Winmgmt - ok
    06:10:17.0605 2044 WinRM (c4f5d3901d1b41d602ddc196e0b95b51) C:\Windows\system32\WsmSvc.dll
    06:10:17.0652 2044 WinRM - ok
    06:10:17.0761 2044 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
    06:10:17.0761 2044 WinUsb - ok
    06:10:17.0824 2044 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
    06:10:17.0839 2044 Wlansvc - ok
    06:10:17.0886 2044 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
    06:10:17.0886 2044 WmiAcpi - ok
    06:10:17.0917 2044 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
    06:10:17.0917 2044 wmiApSrv - ok
    06:10:18.0042 2044 WMPNetworkSvc (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe
    06:10:18.0073 2044 WMPNetworkSvc - ok
    06:10:18.0105 2044 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
    06:10:18.0120 2044 WPCSvc - ok
    06:10:18.0136 2044 WPDBusEnum (b7f658a2ebc07129538ad9ab35212637) C:\Windows\system32\wpdbusenum.dll
    06:10:18.0136 2044 WPDBusEnum - ok
    06:10:18.0183 2044 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
    06:10:18.0214 2044 ws2ifsl - ok
    06:10:18.0292 2044 wscsvc (a661a76333057b383a06e65f0073222f) C:\Windows\system32\wscsvc.dll
    06:10:18.0292 2044 wscsvc - ok
    06:10:18.0292 2044 WSearch - ok
    06:10:18.0432 2044 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
    06:10:18.0479 2044 wuauserv - ok
    06:10:20.0164 2044 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
    06:10:20.0195 2044 WudfPf - ok
    06:10:20.0226 2044 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
    06:10:20.0242 2044 WUDFRd - ok
    06:10:20.0429 2044 wudfsvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\Windows\System32\WUDFSvc.dll
    06:10:20.0445 2044 wudfsvc - ok
    06:10:20.0460 2044 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
    06:10:20.0476 2044 WwanSvc - ok
    06:10:20.0523 2044 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    06:10:20.0585 2044 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
    06:10:20.0585 2044 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
    06:10:20.0647 2044 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
    06:10:20.0647 2044 \Device\Harddisk0\DR0 - detected TDSS File System (1)
    06:10:20.0647 2044 Boot (0x1200) (d019cbabfe2ccc3bf26798656220d025) \Device\Harddisk0\DR0\Partition0
    06:10:20.0647 2044 \Device\Harddisk0\DR0\Partition0 - ok
    06:10:20.0679 2044 Boot (0x1200) (ae13f1bcb499575599839fa4845a5d19) \Device\Harddisk0\DR0\Partition1
    06:10:20.0694 2044 \Device\Harddisk0\DR0\Partition1 - ok
    06:10:20.0725 2044 Boot (0x1200) (96d531c2ae5ceadb21e32da82a7c0bda) \Device\Harddisk0\DR0\Partition2
    06:10:20.0725 2044 \Device\Harddisk0\DR0\Partition2 - ok
    06:10:20.0725 2044 ============================================================
    06:10:20.0725 2044 Scan finished
    06:10:20.0725 2044 ============================================================
    06:10:20.0725 2036 Detected object count: 6
    06:10:20.0741 2036 Actual detected object count: 6
    06:12:48.0395 2036 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
    06:12:48.0395 2036 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
    06:12:48.0395 2036 MpKsl5f2e2afa ( ForgedFile.Multi.Generic ) - skipped by user
    06:12:48.0395 2036 MpKsl5f2e2afa ( ForgedFile.Multi.Generic ) - User select action: Skip
    06:12:48.0426 2036 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
    06:12:48.0426 2036 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
    06:12:48.0442 2036 RRAANXGN ( UnsignedFile.Multi.Generic ) - skipped by user
    06:12:48.0442 2036 RRAANXGN ( UnsignedFile.Multi.Generic ) - User select action: Skip
    06:12:48.0863 2036 \Device\Harddisk0\DR0\# - copied to quarantine
    06:12:48.0863 2036 \Device\Harddisk0\DR0 - copied to quarantine
    06:12:48.0972 2036 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
    06:12:49.0004 2036 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
    06:12:49.0019 2036 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
    06:12:49.0019 2036 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
    06:12:49.0035 2036 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
    06:12:49.0066 2036 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
    06:12:49.0082 2036 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
    06:12:49.0097 2036 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
    06:12:49.0097 2036 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
    06:12:49.0097 2036 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
    06:12:49.0097 2036 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
    06:12:49.0097 2036 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
    06:12:49.0097 2036 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
    06:12:49.0097 2036 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
    06:12:49.0113 2036 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
    06:12:49.0113 2036 \Device\Harddisk0\DR0 - ok
    06:12:49.0113 2036 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
    06:12:49.0113 2036 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
    06:12:49.0113 2036 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
    06:12:58.0005 2008 Deinitialize success
  13. Rob Thie

    Rob Thie Newcomer, in training Topic Starter

    log2:

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-08-18 06:18:19
    -----------------------------
    06:18:19.964 OS Version: Windows 6.1.7600
    06:18:19.964 Number of processors: 6 586 0xA00
    06:18:19.964 ComputerName: PHOTOEDITING UserName: Robert
    06:18:24.800 Initialize success
    06:18:59.214 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
    06:18:59.214 Disk 0 Vendor: ST2000DL003-9VT166 CC32 Size: 1907729MB BusType: 3
    06:18:59.229 Disk 0 MBR read successfully
    06:18:59.229 Disk 0 MBR scan
    06:18:59.229 Disk 0 Windows 7 default MBR code
    06:18:59.245 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    06:18:59.261 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 399899 MB offset 206848
    06:18:59.276 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 1507728 MB offset 819200000
    06:18:59.307 Disk 0 scanning sectors +3907026944
    06:18:59.370 Disk 0 scanning C:\Windows\system32\drivers
    06:19:05.750 Service scanning
    06:19:17.513 Modules scanning
    06:19:21.459 Disk 0 trace - called modules:
    06:19:21.491 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
    06:19:21.491 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x856d4030]
    06:19:21.491 3 CLASSPNP.SYS[8b7bc59e] -> nt!IofCallDriver -> [0x84dbf330]
    06:19:21.506 5 ACPI.sys[8b21e3b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x85bc4030]
    06:19:21.506 Scan finished successfully
    06:20:46.043 Disk 0 MBR has been saved successfully to "C:\Users\Robert\Desktop\MBR.dat"
    06:20:46.074 The log file has been saved successfully to "C:\Users\Robert\Desktop\aswMBR.txt"

    log3:

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7
    Windows Information: (build 7600), 32-bit
    Base Board Manufacturer: MSI
    BIOS Manufacturer: American Megatrends Inc.
    System Manufacturer: MSI
    System Product Name: MS-7642
    Logical Drives Mask: 0x0000005c

    Kernel Drivers (total 134):
    0x8263E000 \SystemRoot\system32\ntkrnlpa.exe
    0x82607000 \SystemRoot\system32\halmacpi.dll
    0x80B9A000 \SystemRoot\system32\kdcom.dll
    0x8B03A000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
    0x8B045000 \SystemRoot\system32\PSHED.dll
    0x8B056000 \SystemRoot\system32\BOOTVID.dll
    0x8B05E000 \SystemRoot\system32\CLFS.SYS
    0x8B0A0000 \SystemRoot\system32\CI.dll
    0x8B14B000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x8B1BC000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x8B215000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x8B25D000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
    0x8B266000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x8B26E000 \SystemRoot\system32\DRIVERS\pci.sys
    0x8B298000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x8B2A3000 \SystemRoot\System32\drivers\partmgr.sys
    0x8B2B4000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x8B2C4000 \SystemRoot\System32\drivers\volmgrx.sys
    0x8B30F000 \SystemRoot\system32\DRIVERS\pciide.sys
    0x8B316000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    0x8B324000 \SystemRoot\System32\drivers\mountmgr.sys
    0x8B33A000 \SystemRoot\system32\DRIVERS\atapi.sys
    0x8B343000 \SystemRoot\system32\DRIVERS\ataport.SYS
    0x8B366000 \SystemRoot\system32\drivers\amdxata.sys
    0x8B36F000 \SystemRoot\system32\drivers\fltmgr.sys
    0x8B3A3000 \SystemRoot\system32\drivers\fileinfo.sys
    0x8B408000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x8B537000 \SystemRoot\System32\Drivers\msrpc.sys
    0x8B562000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x8B575000 \SystemRoot\System32\Drivers\cng.sys
    0x8B5D2000 \SystemRoot\System32\drivers\pcw.sys
    0x8B5E0000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x8B63F000 \SystemRoot\system32\drivers\ndis.sys
    0x8B6F6000 \SystemRoot\system32\drivers\NETIO.SYS
    0x8B734000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x8B814000 \SystemRoot\System32\drivers\tcpip.sys
    0x8B95E000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x8B98F000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
    0x8B998000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x8B759000 \SystemRoot\System32\drivers\rdyboost.sys
    0x8B9DF000 \SystemRoot\System32\Drivers\mup.sys
    0x8B9EF000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x8B786000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x8B800000 \SystemRoot\system32\DRIVERS\disk.sys
    0x8B7B8000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x8B9F7000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
    0x8B9D7000 \SystemRoot\System32\Drivers\Null.SYS
    0x8B611000 \SystemRoot\System32\Drivers\Beep.SYS
    0x8B618000 \SystemRoot\System32\drivers\vga.sys
    0x8B3DC000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x8B624000 \SystemRoot\System32\drivers\watchdog.sys
    0x8B631000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x8B5E9000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x8B3B4000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x8B1CA000 \SystemRoot\system32\DRIVERS\nusb3xhc.sys
    0x8B811000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x8B200000 \SystemRoot\system32\DRIVERS\usbfilter.sys
    0x8B000000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x8B5F7000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x8B01F000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0x95209000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x95254000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x95263000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x95271000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x9527E000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x95288000 \SystemRoot\system32\DRIVERS\rdpbus.sys
    0x95292000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x952A2000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x952AF000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x952BC000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x952BE000 \SystemRoot\system32\DRIVERS\ks.sys
    0x952F2000 \SystemRoot\system32\DRIVERS\amdiox86.sys
    0x95302000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x95310000 \SystemRoot\system32\DRIVERS\nusb3hub.sys
    0x95320000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x96090000 \SystemRoot\System32\win32k.sys
    0x95364000 \SystemRoot\System32\drivers\Dxapi.sys
    0x9536E000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x9537B000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x95386000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0x9538F000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x962E0000 \SystemRoot\System32\drivers\dxg.sys
    0x96310000 \SystemRoot\System32\TSDDD.dll
    0x96390000 \SystemRoot\System32\framebuf.dll
    0x963A0000 \SystemRoot\System32\ATMFD.DLL
    0x953A0000 \SystemRoot\system32\drivers\WudfPf.sys
    0x953BA000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0x953D1000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x953E8000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x8B7DD000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x953F3000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x8B7F0000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x8B600000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0xA2212000 \SystemRoot\System32\Drivers\fastfat.SYS
    0xA223C000 \??\C:\Users\Robert\AppData\Local\Temp\aswMBR.sys
    0x76E60000 \Windows\System32\ntdll.dll
    0x47C40000 \Windows\System32\smss.exe
    0x770A0000 \Windows\System32\apisetschema.dll
    0x002C0000 \Windows\System32\autochk.exe
    0x76FC0000 \Windows\System32\user32.dll
    0x76E30000 \Windows\System32\imagehlp.dll
    0x76DD0000 \Windows\System32\shlwapi.dll
    0x76FB0000 \Windows\System32\lpk.dll
    0x76D30000 \Windows\System32\usp10.dll
    0x76C80000 \Windows\System32\rpcrt4.dll
    0x76C20000 \Windows\System32\difxapi.dll
    0x76BD0000 \Windows\System32\gdi32.dll
    0x76A70000 \Windows\System32\ole32.dll
    0x76A20000 \Windows\System32\Wldap32.dll
    0x76880000 \Windows\System32\setupapi.dll
    0x76800000 \Windows\System32\comdlg32.dll
    0x767C0000 \Windows\System32\ws2_32.dll
    0x75B70000 \Windows\System32\shell32.dll
    0x75A70000 \Windows\System32\wininet.dll
    0x75990000 \Windows\System32\kernel32.dll
    0x75900000 \Windows\System32\clbcatq.dll
    0x75860000 \Windows\System32\advapi32.dll
    0x76FA0000 \Windows\System32\nsi.dll
    0x75850000 \Windows\System32\normaliz.dll
    0x75650000 \Windows\System32\iertutil.dll
    0x75630000 \Windows\System32\imm32.dll
    0x75560000 \Windows\System32\msctf.dll
    0x754B0000 \Windows\System32\msvcrt.dll
    0x754A0000 \Windows\System32\psapi.dll
    0x75410000 \Windows\System32\oleaut32.dll
    0x753F0000 \Windows\System32\sechost.dll
    0x752B0000 \Windows\System32\urlmon.dll
    0x75260000 \Windows\System32\KernelBase.dll
    0x751D0000 \Windows\System32\comctl32.dll
    0x751B0000 \Windows\System32\devobj.dll
    0x75090000 \Windows\System32\crypt32.dll
    0x75060000 \Windows\System32\cfgmgr32.dll
    0x75030000 \Windows\System32\wintrust.dll
    0x75020000 \Windows\System32\msasn1.dll

    Processes (total 23):
    0 System Idle Process
    4 System
    292 C:\Windows\System32\smss.exe
    388 csrss.exe
    424 C:\Windows\System32\wininit.exe
    432 csrss.exe
    472 C:\Windows\System32\services.exe
    492 C:\Windows\System32\lsass.exe
    500 C:\Windows\System32\lsm.exe
    600 C:\Windows\System32\svchost.exe
    676 C:\Windows\System32\svchost.exe
    740 C:\Program Files\Microsoft Security Client\MsMpEng.exe
    784 C:\Windows\System32\svchost.exe
    836 C:\Windows\System32\winlogon.exe
    856 C:\Windows\System32\svchost.exe
    916 C:\Windows\System32\svchost.exe
    972 C:\Windows\System32\svchost.exe
    996 C:\Windows\System32\svchost.exe
    1376 C:\Windows\explorer.exe
    1424 C:\Windows\System32\ctfmon.exe
    1676 C:\Users\Robert\Desktop\MBRCheck.exe
    1560 C:\Windows\System32\conhost.exe
    748 <unknown>

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000061`a8000000 (NTFS)

    PhysicalDrive0 Model Number: ST2000DL003-9VT166, Rev: CC32

    Size Device Name MBR Status
    --------------------------------------------
    1863 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
    SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


    Done!
  14. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Excellent work! Let me know if that error persists in the next couple rounds of scans, please.

    Scan for malware

    [​IMG] Please download Malwarebytes Anti-Malware from HERE.


    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
    • Please save the log to a location you will remember.
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
    • Copy and paste the entire report in your next reply.
  15. Rob Thie

    Rob Thie Newcomer, in training Topic Starter

    Okay, operation seems to be normal as of yet. Thank you for all your help.

    Log:

    Malwarebytes Anti-Malware (Trial) 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.08.19.06

    Windows 7 x86 NTFS
    Internet Explorer 8.0.7600.16385
    Robert :: PHOTOEDITING [administrator]

    Protection: Enabled

    8/19/2012 1:11:09 PM
    mbam-log-2012-08-19 (13-11-09).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 219575
    Time elapsed: 12 minute(s), 11 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Users\Robert\Downloads\Setup.exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.

    (end)
  16. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
    • Click Start or wait for the scanner to load.
    • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, there are a couple of things to keep in mind:
    • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
    • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
    • Open the logfile from wherever you saved it
    • Copy and paste the contents in your next reply.
  17. Rob Thie

    Rob Thie Newcomer, in training Topic Starter

    eset scan log

    C:\ProgramData\Microsoft\Windows\DRM\5CC0.tmp Win32/Olmarik.AYD trojan cleaned by deleting - quarantined
    C:\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\03.08.2012_19.31.33\mbr0000\tdlfs0000\tsk0001.dta Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\03.08.2012_19.31.33\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\03.08.2012_19.31.33\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AYH trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\03.08.2012_19.31.33\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AL trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\18.08.2012_06.09.30\mbr0000\tdlfs0000\tsk0001.dta Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\18.08.2012_06.09.30\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\18.08.2012_06.09.30\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AYH trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\18.08.2012_06.09.30\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AL trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\18.08.2012_06.09.30\mbr0000\tdlfs0000\tsk0005.dta a variant of Win32/Rootkit.Kryptik.NP trojan cleaned by deleting - quarantined
    C:\Users\Bethanie\AppData\Local\Macromedia\CrashDumps\bgtoh.dll a variant of Win32/Kryptik.AKQH trojan cleaned by deleting - quarantined
    C:\Users\Bethanie\AppData\Roaming\Mozilla\Firefox\Profiles\q6nvbut9.default\extensions\rfxnwgshau@rfxnwgshau.org.xpi JS/Redirector.NCA trojan deleted - quarantined
    C:\Users\Bethanie\AppData\Roaming\Mozilla\Firefox\Profiles\q6nvbut9.default\extensions\plugin@yontoo.com\content\overlay.js Win32/Adware.Yontoo application cleaned by deleting - quarantined
    C:\Users\Bethanie\Downloads\cnet2_RCATSetup_exe(1).exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
    C:\Users\Bethanie\Downloads\cnet2_RCATSetup_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
  18. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Please download AdwCleaner by Xplode onto your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Search.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
     
  19. Rob Thie

    Rob Thie Newcomer, in training Topic Starter

    # AdwCleaner v1.801 - Logfile created 08/23/2012 at 15:46:30
    # Updated 14/08/2012 by Xplode
    # Operating system : Windows 7 Ultimate N (32 bits)
    # User : Robert - PHOTOEDITING
    # Boot Mode : Normal
    # Running from : C:\Users\Robert\Downloads\adwcleaner.exe
    # Option [Search]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Folder Found : C:\Users\Robert\AppData\Local\Ilivid Player
    Folder Found : C:\Users\Bethanie\AppData\Roaming\Mozilla\Firefox\Profiles\q6nvbut9.default\extensions\plugin@yontoo.com
    Folder Found : C:\ProgramData\boost_interprocess
    Folder Found : C:\ProgramData\Tarma Installer
    Folder Found : C:\Program Files\Ilivid
    File Found : C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\3t97onhd.default\searchplugins\Search_Results.xml
    File Found : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml

    ***** [Registry] *****

    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS

    ***** [Registre - GUID] *****

    Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.7600.16385

    [OK] Registry is clean.

    -\\ Mozilla Firefox v14.0.1 (en-US)

    Profile name : default
    File : C:\Users\Bethanie\AppData\Roaming\Mozilla\Firefox\Profiles\q6nvbut9.default\prefs.js

    [OK] File is clean.

    Profile name : default
    File : C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\3t97onhd.default\prefs.js

    Found : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=164&systemid=406&sr=0&q=");

    *************************

    AdwCleaner[R1].txt - [2256 octets] - [23/08/2012 15:46:30]

    ########## EOF - C:\AdwCleaner[R1].txt - [2384 octets] ##########
  20. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Remove the Adware.
    • Please close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with OK.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
    Please post the log.
  21. Rob Thie

    Rob Thie Newcomer, in training Topic Starter

    Folder Deleted : C:\ProgramData\Tarma Installer
    Folder Deleted : C:\Program Files\Ilivid
    File Deleted : C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\3t97onhd.default\searchplugins\Search_Results.xml
    File Deleted : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml

    ***** [Registry] *****

    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS

    ***** [Registre - GUID] *****

    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.7600.16385

    [OK] Registry is clean.

    -\\ Mozilla Firefox v14.0.1 (en-US)

    Profile name : default
    File : C:\Users\Bethanie\AppData\Roaming\Mozilla\Firefox\Profiles\q6nvbut9.default\prefs.js

    C:\Users\Bethanie\AppData\Roaming\Mozilla\Firefox\Profiles\q6nvbut9.default\user.js ... Deleted !

    [OK] File is clean.

    Profile name : default
    File : C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\3t97onhd.default\prefs.js

    Deleted : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=164&systemid=406&sr=0&q=");

    *************************

    AdwCleaner[R1].txt - [2385 octets] - [23/08/2012 15:46:30]
    AdwCleaner[S1].txt - [2454 octets] - [24/08/2012 04:01:04]

    ########## EOF - C:\AdwCleaner[S1].txt - [2582 octets] ##########
  22. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
    • Click Start or wait for the scanner to load.
    • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, there are a couple of things to keep in mind:
    • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
    • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
    • Open the logfile from wherever you saved it
    • Copy and paste the contents in your next reply.
  23. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello. Are you still with us?

    Your thread has been marked as "Inactive" because of your lack of reply. Please let us know how your computer is running, or if you want to continue in this topic.

    Thanks.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.