Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

An infection that began with 1d85943d.exe


  • This topic is locked This topic is locked
59 replies to this topic

#1 ES Peek

ES Peek

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 09 August 2012 - 08:14 PM

I was Google-ing around with Firefox when I came to a site that showed signs of running malicious scripts. I backed-out of it. Not long later, ThreatFire warned me of suspicious activity in a file named 1d85943d.exe in the AppData\Local\Temp folder in my user directory, and a few seconds later, Comodo put up an alert of that same file attempting to access the internet. I blocked 1d85943d.exe in Comodo and quarantined it in ThreatFire, which then told me it was necessary to reboot the computer to complete removal.

Since that reboot, I haven't been able to run Windows normally. Sometime, after logging-in, I'd get a screen that was black except for a moveable mouse cursor. Other times, the desktop would come up and everything would seem normal, but all attempts to open files or applications would fail, including pressing ctrl-alt-delete for the task manager.

I have been able to access files and apps on the PC by booting to safe mode, which seems normal, aside from the typical safe mode limitations. In safe mode, I've tried...

1. Deleting the Temp folder. No effect.

2. Reinstalling Malwarebytes and running a scan. It found several threats... I should be able to post a log, if anyone wants me to. After rebooting and logging-in, everything worked normally for that initial time when the system was coming to life, until the machine BSOD'd with this message:

A problem has been detected and Windows has been shut down to prevent damage to your computer.

IRQL_NOT_LESS_OR_EQUAL

If this is the first time you've seen this Stop error screen, restart your computer. If this screen appears again, follow these steps:

Check to make sure any new hardware or software is properly installed. If this is a new installation, ask your hardware or software manufacturer for any Windows updates you might need.

If problems continue, disable or remove any newly installed hardware or software. Disable BIOS memory options such as caching or shadowing. If you need to use Safe Mode to remove or disable components, restart your computer, press F8 to select Advanced Startup Options, and then select Safe Mode.

Technical information:

*** STOP: 0x0000000A (0x00000000, 0x00000002, 0x00000001, 0x8245A0EC)




Collecting data for crash dump...
Initializing disk for crash dump...
Beginning dump of physical memory.
Dumping physical memory to disk: 100
Physical memory dump complete.
Contact your system admin or technical support group for further assistance.


After rebooting, the black screen / untouchable everything problem returned.

3. Installing and running Kaspersky. It identified one more threat, Virus.Win32.ZAccess.k in C:\Windows\System32\drivers\afd.sys. I deleted that and rebooted. The system started normally, but again, BSOD'd a couple of minutes after log-on. It's done that ever since.

I appreciate any and all help.

.
DDS (Ver_2011-08-26.01) - NTFSx86 MINIMAL
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_31
Run by Lan at 17:41:32 on 2012-07-20
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1790.1464 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: COMODO Defense+ *Disabled/Updated* {1C31E4C3-A132-6AC6-4A85-4415E7D88418}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall *Enabled* {9F6B8402-CD67-6410-5B6A-D652628C89DE}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cnnb
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
uRun: [Taskbar Shuffle] c:\program files\taskbar shuffle\taskbarshuffle.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
uRun: [F.lux] "c:\users\lan\local settings\apps\f.lux\flux.exe" /noshow
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [ThreatFire] c:\program files\threatfire\TFTray.exe
mRun: [amd_dc_opt] c:\program files\dual-core optimizer\amd_dc_opt.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [WatchDog] c:\program files\intervideo\dvd check\DVDCheck.exe
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [avast5] c:\progra~1\avast5\avastUI.exe /nogui
mRun: [CMPDPSRV] c:\windows\system32\spool\drivers\w32x86\3\CMPDPSRV.EXE
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [ABrSmUWHNf.exe] c:\programdata\ABrSmUWHNf.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
StartupFolder: c:\users\lan\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dvdche~1.lnk - c:\program files\intervideo\dvd check\DVDCheck.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm
IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
TCP: Interfaces\{AD39B994-2840-43F3-982E-2A26E7988A52} : DhcpNameServer = 192.168.1.1 192.168.1.1
AppInit_DLLs: c:\windows\system32\guard32.dll
Hosts: 216.144.214.105 www.mameworld.net #MAWS
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\lan\appdata\roaming\mozilla\firefox\profiles\yt8cfrt8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\npjpi160_31.dll
FF - plugin: c:\program files\java\jre6\bin\npoji610.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\users\lan\appdata\roaming\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Cookie Monster: {45d8ff86-d909-11db-9705-005056c00008} - %profile%\extensions\{45d8ff86-d909-11db-9705-005056c00008}
FF - Ext: ResetSearchbar: resetsearchbar@robertkatic - %profile%\extensions\resetsearchbar@robertkatic
FF - Ext: Resurrect Pages: {0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3} - %profile%\extensions\{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}
FF - Ext: Text-to-Image: {f701c26a-479a-4724-b4f1-870db12f063c} - %profile%\extensions\{f701c26a-479a-4724-b4f1-870db12f063c}
FF - Ext: Linkification: {35106bca-6c78-48c7-ac28-56df30b51d2a} - %profile%\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
FF - Ext: Web Search Wipe: wipesearch@extension.net - %profile%\extensions\wipesearch@extension.net
FF - Ext: FormFox: formfox@daniel.steinbrook - %profile%\extensions\formfox@daniel.steinbrook
FF - Ext: Ghostery: firefox@ghostery.com - %profile%\extensions\firefox@ghostery.com
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
.
============= SERVICES / DRIVERS ===============
.
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-1-14 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-1-14 59664]
R3 Tetri5;Tetri5 driver;c:\windows\system32\drivers\Tetri5.sys [2009-4-23 53088]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2008-12-2 165456]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2008-12-2 128376]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2008-12-2 29520]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-2 17744]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2008-12-2 50256]
S2 avast! Antivirus;avast! Antivirus;c:\program files\avast5\AvastSvc.exe [2010-3-31 40384]
S2 EMSLink;EMS Inter-Link driver V3.0;c:\windows\system32\drivers\EM3Link.sys [2011-10-2 6176]
S2 gupdate1c9b6404c9a69c0;Google Update Service (gupdate1c9b6404c9a69c0);c:\program files\google\update\GoogleUpdate.exe [2009-4-5 133104]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-11-21 655944]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\sminst\BLService.exe [2008-6-25 361808]
S2 ThreatFire;ThreatFire;c:\program files\threatfire\tfservice.exe service --> c:\program files\threatfire\TFService.exe service [?]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-12-2 24652]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\avast5\AvastSvc.exe [2010-3-31 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\avast5\AvastSvc.exe [2010-3-31 40384]
S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-6-25 193840]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-4-5 133104]
S3 JL2005;JL2005A Toy Camera;c:\windows\system32\drivers\toywdm.sys [2004-6-4 70888]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-11-21 22344]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-5-3 42528]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-1-14 33552]
.
=============== File Associations ===============
.
vbefile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
vbsfile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
jsefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-07-16 03:55:49 -------- d-----w- c:\programdata\Kaspersky Lab
2012-07-15 23:59:17 -------- d-----w- c:\users\lan\appdata\local\Temp
2012-07-13 06:00:44 6762896 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{1d0d04fb-2e66-4661-8361-69a4a1ab062d}\mpengine.dll
2012-07-10 17:10:06 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-09 14:12:43 -------- d-----w- c:\users\lan\appdata\local\Macromedia
2012-07-05 20:55:27 -------- d-----w- c:\program files\Future Cop L.A.P.D
.
==================== Find3M ====================
.
2012-07-03 17:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-31 16:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 17:43:10.48 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,621 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:24 AM

Posted 14 August 2012 - 08:15 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/464579 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,574 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:24 PM

Posted 19 August 2012 - 10:15 PM

Greetings ES Peek and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary. :thumbup2:


===================================================


Ground Rules:

  • First, I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
  • When you post your reply, do not use the Posted Image button but use the Posted Image button instead.
  • In the upper right hand corner of the topic you will see the Posted Image button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:

===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me some time to review the information you have provided. I will post back as soon as possible.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,574 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:24 PM

Posted 19 August 2012 - 11:01 PM

Greetings ES Peek,

There are a couple things I would like you to do in this post but I must first advise you of the following:


===================================================


BACKDOOR WARNING!

--------------------

One or more of the identified infections is a Backdoor Trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation. Please let me know if you have already noticed evedences of financial institution irregularities.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.


===================================================


Running TDSSKiller with Changed Parameters

--------------------

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters


    Posted Image

  • Check Verify Driver Digital Signature and Detect TDLFS file system
    Click OK


    Posted Image

  • Click Start Scan and allow the scan process to run


    Posted Image

  • If threats are detected select Skip for all of them unless I instruct you otherwise
    Click Continue


    Posted Image

  • Click Reboot computer
  • Please copy and paste the TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)


===================================================


aswMBR

--------------------

  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.


    Posted Image
  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.


    Posted Image
  • Please post the contents of the log in your next reply.
NOTE: aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • TDSSKiller log
  • aswMBR log

Edited by Oh My, 20 August 2012 - 07:14 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 ES Peek

ES Peek
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 20 August 2012 - 07:11 PM

Thanks for the attention, Gary! I'm going to go through with the cleanup procedures you direct me to. This computer didn't come with a Windows DVD... the factory restore option apparently uses data from the hard disk's D partition, so I don't think I can format the whole thing without having to reacquire Windows.

Here is the TDSSKiller log:

18:14:34.0934 1260 TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03
18:14:34.0997 1260 ============================================================
18:14:34.0997 1260 Current date / time: 2012/08/20 18:14:34.0997
18:14:34.0997 1260 SystemInfo:
18:14:34.0997 1260
18:14:34.0997 1260 OS Version: 6.0.6001 ServicePack: 1.0
18:14:34.0997 1260 Product type: Workstation
18:14:34.0997 1260 ComputerName: LAN-PC
18:14:34.0997 1260 UserName: Lan
18:14:34.0997 1260 Windows directory: C:\Windows
18:14:34.0997 1260 System windows directory: C:\Windows
18:14:34.0997 1260 Processor architecture: Intel x86
18:14:34.0997 1260 Number of processors: 2
18:14:34.0997 1260 Page size: 0x1000
18:14:34.0997 1260 Boot type: Safe boot
18:14:34.0997 1260 ============================================================
18:14:36.0026 1260 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:14:36.0026 1260 Drive \Device\Harddisk1\DR1 - Size: 0x3C7800000 (15.12 Gb), SectorSize: 0x200, Cylinders: 0x7B5, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:14:36.0026 1260 ============================================================
18:14:36.0026 1260 \Device\Harddisk0\DR0:
18:14:36.0026 1260 MBR partitions:
18:14:36.0026 1260 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x116577C1
18:14:36.0026 1260 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x11657800, BlocksNum 0x13C0800
18:14:36.0026 1260 \Device\Harddisk1\DR1:
18:14:36.0026 1260 MBR partitions:
18:14:36.0026 1260 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x20, BlocksNum 0x1E3BFE0
18:14:36.0026 1260 ============================================================
18:14:36.0042 1260 C: <-> \Device\Harddisk0\DR0\Partition1
18:14:36.0089 1260 D: <-> \Device\Harddisk0\DR0\Partition2
18:14:36.0089 1260 ============================================================
18:14:36.0089 1260 Initialize success
18:14:36.0089 1260 ============================================================
18:15:46.0133 1416 ============================================================
18:15:46.0133 1416 Scan started
18:15:46.0133 1416 Mode: Manual; SigCheck; TDLFS;
18:15:46.0133 1416 ============================================================
18:15:46.0694 1416 ================ Scan system memory ========================
18:15:46.0694 1416 System memory - ok
18:15:46.0757 1416 ================ Scan services =============================
18:15:46.0866 1416 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
18:15:49.0300 1416 ACDaemon - ok
18:15:49.0471 1416 [ FCB8C7210F0135E24C6580F7F649C73C ] ACPI C:\Windows\system32\drivers\acpi.sys
18:15:49.0487 1416 ACPI - ok
18:15:49.0736 1416 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
18:15:49.0768 1416 adp94xx - ok
18:15:50.0064 1416 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
18:15:50.0080 1416 adpahci - ok
18:15:50.0657 1416 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
18:15:50.0672 1416 adpu160m - ok
18:15:50.0938 1416 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
18:15:50.0953 1416 adpu320 - ok
18:15:51.0016 1416 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:15:51.0203 1416 AeLookupSvc - ok
18:15:51.0265 1416 AFD - ok
18:15:51.0312 1416 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:15:51.0328 1416 agp440 - ok
18:15:51.0608 1416 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
18:15:51.0624 1416 aic78xx - ok
18:15:51.0655 1416 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
18:15:51.0718 1416 ALG - ok
18:15:51.0952 1416 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
18:15:51.0952 1416 aliide - ok
18:15:52.0310 1416 ALSysIO - ok
18:15:52.0607 1416 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
18:15:52.0622 1416 amdagp - ok
18:15:52.0919 1416 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
18:15:52.0934 1416 amdide - ok
18:15:53.0231 1416 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
18:15:53.0278 1416 AmdK7 - ok
18:15:53.0543 1416 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
18:15:53.0605 1416 AmdK8 - ok
18:15:53.0886 1416 [ AD8FA28D8ED0D0A689A0559085CE0F18 ] AmdLLD C:\Windows\system32\DRIVERS\AmdLLD.sys
18:15:53.0964 1416 AmdLLD - ok
18:15:54.0229 1416 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
18:15:54.0260 1416 Appinfo - ok
18:15:54.0494 1416 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
18:15:54.0510 1416 arc - ok
18:15:54.0775 1416 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
18:15:54.0791 1416 arcsas - ok
18:15:54.0838 1416 [ 0C0B08847F2F24BAA7BD43D8F2C6C8B0 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
18:15:54.0853 1416 aswFsBlk - ok
18:15:55.0150 1416 [ EFFC39A1EDF04E83A42279D9DAA696A7 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
18:15:55.0165 1416 aswMonFlt - ok
18:15:55.0477 1416 [ F385FFD39165453FDA96736AA3EDFD9D ] aswRdr C:\Windows\system32\drivers\aswRdr.sys
18:15:55.0493 1416 aswRdr - ok
18:15:55.0774 1416 [ 45ADEA26BF613A54FED64ECDD12E58A7 ] aswSP C:\Windows\system32\drivers\aswSP.sys
18:15:55.0789 1416 aswSP - ok
18:15:56.0101 1416 [ C4EE975C87176F1900662D2874233C7F ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
18:15:56.0117 1416 aswTdi - ok
18:15:56.0398 1416 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:15:56.0460 1416 AsyncMac - ok
18:15:56.0756 1416 [ 2D9C903DC76A66813D350A562DE40ED9 ] atapi C:\Windows\system32\drivers\atapi.sys
18:15:56.0756 1416 atapi - ok
18:15:57.0084 1416 [ 600EFE56F37ADBD65A0FB076B50D1B8D ] athr C:\Windows\system32\DRIVERS\athr.sys
18:15:57.0146 1416 athr - ok
18:15:57.0412 1416 [ F0D933B42CD0594048E4D5200AE9E417 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
18:15:57.0568 1416 atksgt ( UnsignedFile.Multi.Generic ) - warning
18:15:57.0568 1416 atksgt - detected UnsignedFile.Multi.Generic (1)
18:15:57.0692 1416 [ 42076E29AAFA0830A2C5D4E310F58DD1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:15:57.0755 1416 AudioEndpointBuilder - ok
18:15:57.0989 1416 [ 42076E29AAFA0830A2C5D4E310F58DD1 ] Audiosrv C:\Windows\System32\Audiosrv.dll
18:15:58.0020 1416 Audiosrv - ok
18:15:58.0379 1416 [ B2386A8E66891F7CFEC9F5A03F0F1210 ] avast! Antivirus C:\Program Files\Avast5\AvastSvc.exe
18:15:58.0394 1416 avast! Antivirus - ok
18:15:58.0613 1416 [ B2386A8E66891F7CFEC9F5A03F0F1210 ] avast! Mail Scanner C:\Program Files\Avast5\AvastSvc.exe
18:15:58.0628 1416 avast! Mail Scanner - ok
18:15:58.0628 1416 [ B2386A8E66891F7CFEC9F5A03F0F1210 ] avast! Web Scanner C:\Program Files\Avast5\AvastSvc.exe
18:15:58.0644 1416 avast! Web Scanner - ok
18:15:58.0738 1416 [ CF6A67C90951E3E763D2135DEDE44B85 ] BCM43XV C:\Windows\system32\DRIVERS\bcmwl6.sys
18:15:58.0940 1416 BCM43XV - ok
18:15:58.0972 1416 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
18:15:59.0018 1416 Beep - ok
18:15:59.0315 1416 [ 8582E233C346AEFE759833E8A30DD697 ] BFE C:\Windows\System32\bfe.dll
18:15:59.0377 1416 BFE - ok
18:15:59.0627 1416 [ 02ED7B4DBC2A3232A389106DA7515C3D ] BITS C:\Windows\System32\qmgr.dll
18:15:59.0861 1416 BITS - ok
18:15:59.0923 1416 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
18:15:59.0970 1416 blbdrive - ok
18:16:00.0266 1416 [ 74B442B2BE1260B7588C136177CEAC66 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:16:00.0298 1416 bowser - ok
18:16:00.0610 1416 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
18:16:00.0656 1416 BrFiltLo - ok
18:16:00.0890 1416 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
18:16:00.0937 1416 BrFiltUp - ok
18:16:01.0218 1416 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
18:16:01.0296 1416 Browser - ok
18:16:01.0561 1416 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
18:16:01.0639 1416 Brserid - ok
18:16:01.0842 1416 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
18:16:01.0904 1416 BrSerWdm - ok
18:16:02.0185 1416 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
18:16:02.0248 1416 BrUsbMdm - ok
18:16:02.0497 1416 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
18:16:02.0544 1416 BrUsbSer - ok
18:16:02.0825 1416 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
18:16:02.0887 1416 BTHMODEM - ok
18:16:03.0152 1416 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:16:03.0199 1416 cdfs - ok
18:16:03.0449 1416 [ 1EC25CEA0DE6AC4718BF89F9E1778B57 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:16:03.0480 1416 cdrom - ok
18:16:03.0776 1416 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] CertPropSvc C:\Windows\System32\certprop.dll
18:16:03.0839 1416 CertPropSvc - ok
18:16:04.0120 1416 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
18:16:04.0166 1416 circlass - ok
18:16:04.0728 1416 [ 465745561C832B29F7C48B488AAB3842 ] CLFS C:\Windows\system32\CLFS.sys
18:16:04.0744 1416 CLFS - ok
18:16:05.0102 1416 [ A4AF4201BD519971F8F34724F3CA9DBB ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:16:05.0118 1416 clr_optimization_v2.0.50727_32 - ok
18:16:05.0383 1416 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:16:05.0430 1416 CmBatt - ok
18:16:05.0773 1416 [ 43F95B863DF18D1DC7A52946159D4B5B ] cmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
18:16:05.0820 1416 cmdAgent - ok
18:16:05.0992 1416 [ AA54E7614E0F2F9CC22ADF262D9F94F8 ] cmdGuard C:\Windows\system32\DRIVERS\cmdguard.sys
18:16:06.0007 1416 cmdGuard - ok
18:16:06.0023 1416 [ 9B85C587CBA4E2319B3FA372C9DB2AC3 ] cmdHlp C:\Windows\system32\DRIVERS\cmdhlp.sys
18:16:06.0038 1416 cmdHlp - ok
18:16:06.0335 1416 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:16:06.0335 1416 cmdide - ok
18:16:06.0366 1416 [ E2E93D9DEB5D97030122A17FFAAD6F73 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT32.sys
18:16:06.0413 1416 CnxtHdAudService - ok
18:16:06.0694 1416 [ 7795F8CEBC284A426B53F541E538695F ] Com4QLBEx C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
18:16:06.0694 1416 Com4QLBEx - ok
18:16:06.0990 1416 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:16:07.0006 1416 Compbatt - ok
18:16:07.0240 1416 COMSysApp - ok
18:16:07.0255 1416 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
18:16:07.0255 1416 crcdisk - ok
18:16:07.0302 1416 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
18:16:07.0349 1416 Crusoe - ok
18:16:07.0614 1416 [ 6DE363F9F99334514C46AEC02D3E3678 ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:16:07.0661 1416 CryptSvc - ok
18:16:07.0973 1416 [ 301AE00E12408650BADDC04DBC832830 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:16:08.0035 1416 DcomLaunch - ok
18:16:08.0550 1416 [ 9E635AE5E8AD93E2B5989E2E23679F97 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:16:08.0597 1416 DfsC - ok
18:16:08.0956 1416 [ FA3463F25F9CC9C3BCF1E7912FEFF099 ] DFSR C:\Windows\system32\DFSR.exe
18:16:09.0080 1416 DFSR - ok
18:16:09.0205 1416 [ 43A988A9C10333476CB5FB667CBD629D ] Dhcp C:\Windows\System32\dhcpcsvc.dll
18:16:09.0252 1416 Dhcp - ok
18:16:09.0533 1416 [ 64109E623ABD6955C8FB110B592E68B7 ] disk C:\Windows\system32\drivers\disk.sys
18:16:09.0548 1416 disk - ok
18:16:09.0845 1416 [ F5A0F1DA1ED8B429597E71D27D976E31 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:16:09.0907 1416 Dnscache - ok
18:16:10.0110 1416 [ 5AF620A08C614E24206B79E8153CF1A8 ] dot3svc C:\Windows\System32\dot3svc.dll
18:16:10.0172 1416 dot3svc - ok
18:16:10.0484 1416 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
18:16:10.0516 1416 DPS - ok
18:16:10.0812 1416 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:16:10.0843 1416 drmkaud - ok
18:16:11.0140 1416 [ 85F33880B8CFB554BD3D9CCDB486845A ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:16:11.0218 1416 DXGKrnl - ok
18:16:11.0467 1416 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
18:16:11.0514 1416 E1G60 - ok
18:16:11.0779 1416 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
18:16:11.0810 1416 EapHost - ok
18:16:12.0107 1416 [ DD2CD259D83D8B72C02C5F2331FF9D68 ] Ecache C:\Windows\system32\drivers\ecache.sys
18:16:12.0122 1416 Ecache - ok
18:16:12.0403 1416 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:16:12.0434 1416 ehRecvr - ok
18:16:12.0715 1416 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
18:16:12.0762 1416 ehSched - ok
18:16:13.0027 1416 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
18:16:13.0074 1416 ehstart - ok
18:16:13.0386 1416 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
18:16:13.0402 1416 elxstor - ok
18:16:13.0682 1416 [ 70B1A86DF0C8EAD17D2BC332EDAE2C7C ] EMDMgmt C:\Windows\system32\emdmgmt.dll
18:16:13.0760 1416 EMDMgmt - ok
18:16:14.0010 1416 [ 7B31A4670617D61E8CB69538E1DF89DC ] EMSLink C:\Windows\system32\Drivers\EM3Link.sys
18:16:14.0041 1416 EMSLink ( UnsignedFile.Multi.Generic ) - warning
18:16:14.0041 1416 EMSLink - detected UnsignedFile.Multi.Generic (1)
18:16:14.0306 1416 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:16:14.0369 1416 ErrDev - ok
18:16:14.0962 1416 [ 3CB3343D720168B575133A0A20DC2465 ] EventSystem C:\Windows\system32\es.dll
18:16:15.0024 1416 EventSystem - ok
18:16:15.0258 1416 [ 0D858EB20589A34EFB25695ACAA6AA2D ] exfat C:\Windows\system32\drivers\exfat.sys
18:16:15.0289 1416 exfat - ok
18:16:15.0570 1416 [ 3C489390C2E2064563727752AF8EAB9E ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:16:15.0601 1416 fastfat - ok
18:16:15.0913 1416 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:16:15.0960 1416 fdc - ok
18:16:16.0225 1416 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
18:16:16.0256 1416 fdPHost - ok
18:16:16.0553 1416 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
18:16:16.0615 1416 FDResPub - ok
18:16:16.0880 1416 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:16:16.0880 1416 FileInfo - ok
18:16:16.0912 1416 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:16:16.0958 1416 Filetrace - ok
18:16:17.0192 1416 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:16:17.0239 1416 flpydisk - ok
18:16:17.0504 1416 [ 05EA53AFE985443011E36DAB07343B46 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:16:17.0520 1416 FltMgr - ok
18:16:17.0879 1416 [ 993883524AA9CF1C90E1545411A9AC9C ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:16:17.0894 1416 FontCache3.0.0.0 - ok
18:16:18.0144 1416 [ 65EA8B77B5851854F0C55C43FA51A198 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:16:18.0206 1416 Fs_Rec - ok
18:16:18.0487 1416 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
18:16:18.0503 1416 gagp30kx - ok
18:16:18.0799 1416 [ 6139AE70E943B2A57AD04B70A316C0A0 ] GameConsoleService C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
18:16:18.0815 1416 GameConsoleService - ok
18:16:19.0127 1416 [ D9F1113D9401185245573350712F92FC ] gpsvc C:\Windows\System32\gpsvc.dll
18:16:19.0205 1416 gpsvc - ok
18:16:19.0501 1416 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c9b6404c9a69c0 C:\Program Files\Google\Update\GoogleUpdate.exe
18:16:19.0517 1416 gupdate1c9b6404c9a69c0 - ok
18:16:19.0720 1416 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
18:16:19.0735 1416 gupdatem - ok
18:16:19.0798 1416 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:16:19.0876 1416 HdAudAddService - ok
18:16:20.0032 1416 [ C87B1EE051C0464491C1A7B03FA0BC99 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
18:16:20.0063 1416 HDAudBus - ok
18:16:20.0094 1416 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
18:16:20.0156 1416 HidBth - ok
18:16:20.0375 1416 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
18:16:20.0422 1416 HidIr - ok
18:16:20.0718 1416 [ 8FA640195279ACE21BEA91396A0054FC ] hidserv C:\Windows\system32\hidserv.dll
18:16:20.0796 1416 hidserv - ok
18:16:21.0046 1416 [ E2B5BD48AFCC0F0974FB44641B223250 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:16:21.0124 1416 HidUsb - ok
18:16:21.0326 1416 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:16:21.0389 1416 hkmsvc - ok
18:16:21.0670 1416 [ D13E6BFD7E9189D26A42E94CB2447044 ] HP Health Check Service c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
18:16:21.0701 1416 HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
18:16:21.0701 1416 HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
18:16:21.0982 1416 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
18:16:21.0997 1416 HpCISSs - ok
18:16:22.0309 1416 [ 35956140E686D53BF676CF0C778880FC ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
18:16:22.0356 1416 HpqKbFiltr - ok
18:16:22.0590 1416 [ 115C0933B3ED51DFBEC4449348C8065B ] HpqRemHid C:\Windows\system32\DRIVERS\HpqRemHid.sys
18:16:22.0668 1416 HpqRemHid - ok
18:16:22.0933 1416 [ D50FDAD1E57AA60F1973CFC77D905F0E ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
18:16:22.0949 1416 hpqwmiex - ok
18:16:23.0276 1416 [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS
18:16:23.0323 1416 HSFHWAZL - ok
18:16:23.0620 1416 [ CC267848CB3508E72762BE65734E764D ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
18:16:23.0682 1416 HSF_DPV - ok
18:16:23.0885 1416 [ A2882945CC4B6E3E4E9E825590438888 ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
18:16:23.0932 1416 HSXHWAZL - ok
18:16:24.0212 1416 [ 406C027C18E98A396FAA1963DAD5FF70 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:16:24.0244 1416 HTTP - ok
18:16:24.0556 1416 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
18:16:24.0556 1416 i2omp - ok
18:16:24.0868 1416 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
18:16:24.0914 1416 i8042prt - ok
18:16:25.0148 1416 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
18:16:25.0164 1416 iaStorV - ok
18:16:25.0523 1416 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
18:16:25.0554 1416 IDriverT ( UnsignedFile.Multi.Generic ) - warning
18:16:25.0554 1416 IDriverT - detected UnsignedFile.Multi.Generic (1)
18:16:25.0850 1416 [ E7CC3AEAED9893A88876744CD439F76C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:16:25.0928 1416 idsvc - ok
18:16:26.0131 1416 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
18:16:26.0147 1416 iirsp - ok
18:16:26.0443 1416 [ A3BC480A2BF8AA8E4DABD2D5DCE0AFAC ] IKEEXT C:\Windows\System32\ikeext.dll
18:16:26.0521 1416 IKEEXT - ok
18:16:26.0740 1416 [ 97388CCEF7680C6BFF095B99387926E9 ] Inspect C:\Windows\system32\DRIVERS\inspect.sys
18:16:26.0755 1416 Inspect - ok
18:16:27.0067 1416 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
18:16:27.0083 1416 intelide - ok
18:16:27.0114 1416 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:16:27.0130 1416 intelppm - ok
18:16:27.0395 1416 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:16:27.0457 1416 IPBusEnum - ok
18:16:27.0722 1416 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:16:27.0754 1416 IpFilterDriver - ok
18:16:27.0988 1416 IpInIp - ok
18:16:28.0034 1416 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
18:16:28.0081 1416 IPMIDRV - ok
18:16:28.0331 1416 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
18:16:28.0362 1416 IPNAT - ok
18:16:28.0674 1416 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:16:28.0721 1416 IRENUM - ok
18:16:28.0986 1416 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:16:28.0986 1416 isapnp - ok
18:16:29.0017 1416 [ F247EEC28317F6C739C16DE420097301 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
18:16:29.0033 1416 iScsiPrt - ok
18:16:29.0267 1416 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
18:16:29.0282 1416 iteatapi - ok
18:16:29.0282 1416 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
18:16:29.0298 1416 iteraid - ok
18:16:29.0345 1416 [ B7A5FADF67136FDA7E8F25303565B674 ] ithsgt C:\Windows\system32\DRIVERS\ithsgt.sys
18:16:29.0360 1416 ithsgt ( UnsignedFile.Multi.Generic ) - warning
18:16:29.0360 1416 ithsgt - detected UnsignedFile.Multi.Generic (1)
18:16:29.0657 1416 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
18:16:29.0657 1416 IviRegMgr - ok
18:16:29.0969 1416 [ 1B3453957B15AE77F3B7BBDFCD4E5438 ] JL2005 C:\Windows\system32\Drivers\toywdm.sys
18:16:30.0000 1416 JL2005 ( UnsignedFile.Multi.Generic ) - warning
18:16:30.0000 1416 JL2005 - detected UnsignedFile.Multi.Generic (1)
18:16:30.0218 1416 jnv4_mib - ok
18:16:30.0281 1416 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:16:30.0281 1416 kbdclass - ok
18:16:30.0593 1416 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:16:30.0640 1416 kbdhid - ok
18:16:30.0936 1416 [ DCF733788C7D088D814E5F80EB4B3E0F ] KeyIso C:\Windows\system32\lsass.exe
18:16:30.0983 1416 KeyIso - ok
18:16:31.0248 1416 [ 5367DC846CAE9639B899BFD13B97A8C9 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:16:31.0279 1416 KSecDD - ok
18:16:31.0560 1416 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
18:16:31.0638 1416 KtmRm - ok
18:16:31.0856 1416 [ 05CE901A4472B3FBF9407C94AD1DB693 ] LanmanServer C:\Windows\system32\srvsvc.dll
18:16:31.0919 1416 LanmanServer - ok
18:16:32.0215 1416 [ DEC1A338B86C5D582C25C40836DD76C3 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:16:32.0278 1416 LanmanWorkstation - ok
18:16:32.0543 1416 [ 16767EA492B5D140E1DE3679A65EAE74 ] lilsgt C:\Windows\system32\DRIVERS\lilsgt.sys
18:16:32.0574 1416 lilsgt ( UnsignedFile.Multi.Generic ) - warning
18:16:32.0574 1416 lilsgt - detected UnsignedFile.Multi.Generic (1)
18:16:32.0839 1416 [ F8A7212D0864EF5E9185FB95E6623F4D ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
18:16:32.0917 1416 lirsgt ( UnsignedFile.Multi.Generic ) - warning
18:16:32.0917 1416 lirsgt - detected UnsignedFile.Multi.Generic (1)
18:16:33.0167 1416 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:16:33.0198 1416 lltdio - ok
18:16:33.0494 1416 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:16:33.0541 1416 lltdsvc - ok
18:16:33.0806 1416 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:16:33.0884 1416 lmhosts - ok
18:16:34.0103 1416 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
18:16:34.0103 1416 LSI_FC - ok
18:16:34.0430 1416 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
18:16:34.0446 1416 LSI_SAS - ok
18:16:34.0711 1416 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
18:16:34.0727 1416 LSI_SCSI - ok
18:16:34.0774 1416 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
18:16:34.0805 1416 luafv - ok
18:16:35.0086 1416 [ 6DFE7F2E8E8A337263AA5C92A215F161 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
18:16:35.0117 1416 MBAMProtector - ok
18:16:35.0444 1416 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
18:16:35.0476 1416 MBAMService - ok
18:16:35.0710 1416 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:16:35.0741 1416 Mcx2Svc - ok
18:16:36.0037 1416 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
18:16:36.0068 1416 mdmxsdk - ok
18:16:36.0380 1416 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
18:16:36.0380 1416 megasas - ok
18:16:36.0661 1416 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
18:16:36.0677 1416 MegaSR - ok
18:16:37.0004 1416 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
18:16:37.0036 1416 MMCSS - ok
18:16:37.0316 1416 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
18:16:37.0363 1416 Modem - ok
18:16:37.0628 1416 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:16:37.0660 1416 monitor - ok
18:16:37.0909 1416 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:16:37.0909 1416 mouclass - ok
18:16:37.0925 1416 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:16:37.0972 1416 mouhid - ok
18:16:38.0252 1416 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
18:16:38.0268 1416 MountMgr - ok
18:16:38.0284 1416 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
18:16:38.0299 1416 mpio - ok
18:16:38.0596 1416 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:16:38.0627 1416 mpsdrv - ok
18:16:38.0876 1416 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
18:16:38.0876 1416 Mraid35x - ok
18:16:38.0939 1416 [ AE3DE84536B6799D2267443CEC8EDBB9 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:16:38.0986 1416 MRxDAV - ok
18:16:39.0188 1416 [ C4AD205530888404E2B5FC8D9319B119 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:16:39.0251 1416 mrxsmb - ok
18:16:39.0563 1416 [ 0A986B34F1678A2697574D7B1664E2DD ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:16:39.0641 1416 mrxsmb10 - ok
18:16:39.0890 1416 [ 3268B8C3FA92BFC086355C39B45E9CC9 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:16:39.0937 1416 mrxsmb20 - ok
18:16:40.0202 1416 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
18:16:40.0218 1416 msahci - ok
18:16:40.0452 1416 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:16:40.0468 1416 msdsm - ok
18:16:40.0514 1416 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
18:16:40.0561 1416 MSDTC - ok
18:16:40.0826 1416 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:16:40.0842 1416 Msfs - ok
18:16:41.0154 1416 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:16:41.0154 1416 msisadrv - ok
18:16:41.0497 1416 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:16:41.0528 1416 MSiSCSI - ok
18:16:41.0731 1416 msiserver - ok
18:16:41.0778 1416 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:16:41.0809 1416 MSKSSRV - ok
18:16:42.0106 1416 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:16:42.0137 1416 MSPCLOCK - ok
18:16:42.0449 1416 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:16:42.0496 1416 MSPQM - ok
18:16:42.0761 1416 [ B5614AECB05A9340AA0FB55BF561CC63 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:16:42.0761 1416 MsRPC - ok
18:16:43.0057 1416 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
18:16:43.0057 1416 mssmbios - ok
18:16:43.0369 1416 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:16:43.0416 1416 MSTEE - ok
18:16:43.0666 1416 [ 6DFD1D322DE55B0B7DB7D21B90BEC49C ] Mup C:\Windows\system32\Drivers\mup.sys
18:16:43.0681 1416 Mup - ok
18:16:43.0744 1416 [ C43B25863FBD65B6D2A142AF3AE320CA ] napagent C:\Windows\system32\qagentRT.dll
18:16:43.0822 1416 napagent - ok
18:16:44.0056 1416 [ 3C21CE48FF529BB73DADB98770B54025 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:16:44.0102 1416 NativeWifiP - ok
18:16:44.0352 1416 [ 9BDC71790FA08F0A0B5F10462B1BD0B1 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:16:44.0368 1416 NDIS - ok
18:16:44.0664 1416 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:16:44.0695 1416 NdisTapi - ok
18:16:44.0976 1416 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:16:45.0023 1416 Ndisuio - ok
18:16:45.0319 1416 [ 3D14C3B3496F88890D431E8AA022A411 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:16:45.0366 1416 NdisWan - ok
18:16:45.0616 1416 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:16:45.0647 1416 NDProxy - ok
18:16:45.0896 1416 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:16:45.0959 1416 NetBIOS - ok
18:16:46.0271 1416 [ 7C5FEE5B1C5728507CD96FB4A13E7A02 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
18:16:46.0333 1416 netbt - ok
18:16:46.0583 1416 [ DCF733788C7D088D814E5F80EB4B3E0F ] Netlogon C:\Windows\system32\lsass.exe
18:16:46.0598 1416 Netlogon - ok
18:16:46.0910 1416 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
18:16:46.0973 1416 Netman - ok
18:16:47.0222 1416 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
18:16:47.0254 1416 netprofm - ok
18:16:47.0566 1416 [ F9102685F97F9BA85F4A70AFCF722CFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:16:47.0581 1416 NetTcpPortSharing - ok
18:16:47.0909 1416 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
18:16:47.0909 1416 nfrd960 - ok
18:16:48.0174 1416 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:16:48.0221 1416 NlaSvc - ok
18:16:48.0502 1416 [ ECB5003F484F9ED6C608D6D6C7886CBB ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:16:48.0533 1416 Npfs - ok
18:16:48.0829 1416 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
18:16:48.0876 1416 nsi - ok
18:16:49.0110 1416 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:16:49.0141 1416 nsiproxy - ok
18:16:49.0484 1416 [ B4EFFE29EB4F15538FD8A9681108492D ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:16:49.0531 1416 Ntfs - ok
18:16:49.0796 1416 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
18:16:49.0874 1416 ntrigdigi - ok
18:16:50.0077 1416 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
18:16:50.0093 1416 Null - ok
18:16:50.0140 1416 [ AE78A7285DF03A277415FC62F8CE8F24 ] NVENETFD C:\Windows\system32\DRIVERS\nvmfdx32.sys
18:16:50.0186 1416 NVENETFD - ok
18:16:50.0436 1416 [ 57945C4C155A79CF3E0F463E3CC9923E ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
18:16:50.0452 1416 NVHDA - ok
18:16:50.0904 1416 [ 5DD2A50C859BE6351932376CE43FA737 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:16:51.0325 1416 nvlddmkm - ok
18:16:51.0356 1416 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:16:51.0372 1416 nvraid - ok
18:16:51.0388 1416 [ 0FB6BF3AB170FC5BD403D25E134EAFDE ] nvsmu C:\Windows\system32\DRIVERS\nvsmu.sys
18:16:51.0419 1416 nvsmu - ok
18:16:51.0715 1416 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:16:51.0731 1416 nvstor - ok
18:16:52.0012 1416 [ 40BB646B313E635641F69A032ECDF8E2 ] nvsvc C:\Windows\system32\nvvsvc.exe
18:16:52.0058 1416 nvsvc - ok
18:16:52.0339 1416 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:16:52.0355 1416 nv_agp - ok
18:16:52.0620 1416 NwlnkFlt - ok
18:16:52.0620 1416 NwlnkFwd - ok
18:16:52.0745 1416 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:16:52.0760 1416 odserv - ok
18:16:52.0979 1416 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:16:53.0041 1416 ohci1394 - ok
18:16:53.0306 1416 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:16:53.0322 1416 ose - ok
18:16:53.0634 1416 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2pimsvc C:\Windows\system32\p2psvc.dll
18:16:53.0728 1416 p2pimsvc - ok
18:16:53.0930 1416 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2psvc C:\Windows\system32\p2psvc.dll
18:16:53.0946 1416 p2psvc - ok
18:16:54.0258 1416 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
18:16:54.0336 1416 Parport - ok
18:16:54.0570 1416 [ 3B38467E7C3DAED009DFE359E17F139F ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:16:54.0570 1416 partmgr - ok
18:16:54.0882 1416 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
18:16:54.0929 1416 Parvdm - ok
18:16:55.0225 1416 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
18:16:55.0256 1416 PcaSvc - ok
18:16:55.0506 1416 [ 01B94418DEB235DFF777CC80076354B4 ] pci C:\Windows\system32\drivers\pci.sys
18:16:55.0522 1416 pci - ok
18:16:55.0568 1416 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
18:16:55.0584 1416 pciide - ok
18:16:55.0849 1416 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
18:16:55.0849 1416 pcmcia - ok
18:16:56.0208 1416 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:16:56.0317 1416 PEAUTH - ok
18:16:56.0567 1416 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
18:16:56.0676 1416 pla - ok
18:16:56.0832 1416 [ 78F975CB6D18265BE6F492EDB2D7BC7B ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:16:56.0894 1416 PlugPlay - ok
18:16:57.0144 1416 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
18:16:57.0160 1416 PNRPAutoReg - ok
18:16:57.0472 1416 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPsvc C:\Windows\system32\p2psvc.dll
18:16:57.0487 1416 PNRPsvc - ok
18:16:57.0799 1416 [ 47B8F37AA18B74D8C2E1BC1A7A2C8F8A ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:16:57.0862 1416 PolicyAgent - ok
18:16:58.0127 1416 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:16:58.0142 1416 PptpMiniport - ok
18:16:58.0392 1416 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\DRIVERS\processr.sys
18:16:58.0454 1416 Processor - ok
18:16:58.0751 1416 [ B627E4FC8585E8843C5905D4D3587A90 ] ProfSvc C:\Windows\system32\profsvc.dll
18:16:58.0782 1416 ProfSvc - ok
18:16:59.0063 1416 [ DCF733788C7D088D814E5F80EB4B3E0F ] ProtectedStorage C:\Windows\system32\lsass.exe
18:16:59.0063 1416 ProtectedStorage - ok
18:16:59.0406 1416 [ BFEF604508A0ED1EAE2A73E872555FFB ] PSched C:\Windows\system32\DRIVERS\pacer.sys
18:16:59.0422 1416 PSched - ok
18:16:59.0734 1416 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
18:16:59.0765 1416 ql2300 - ok
18:16:59.0983 1416 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
18:16:59.0999 1416 ql40xx - ok
18:17:00.0030 1416 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
18:17:00.0061 1416 QWAVE - ok
18:17:00.0342 1416 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:17:00.0358 1416 QWAVEdrv - ok
18:17:00.0670 1416 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:17:00.0701 1416 RasAcd - ok
18:17:00.0950 1416 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
18:17:01.0013 1416 RasAuto - ok
18:17:01.0278 1416 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:17:01.0325 1416 Rasl2tp - ok
18:17:01.0606 1416 [ 6E7C284FC5C4EC07AD164D93810385A6 ] RasMan C:\Windows\System32\rasmans.dll
18:17:01.0684 1416 RasMan - ok
18:17:01.0918 1416 [ 3E9D9B048107B40D87B97DF2E48E0744 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:17:01.0980 1416 RasPppoe - ok
18:17:02.0230 1416 [ A7D141684E9500AC928A772ED8E6B671 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:17:02.0276 1416 RasSstp - ok
18:17:02.0557 1416 [ 6E1C5D0457622F9EE35F683110E93D14 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:17:02.0604 1416 rdbss - ok
18:17:02.0869 1416 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:17:02.0900 1416 RDPCDD - ok
18:17:03.0212 1416 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
18:17:03.0244 1416 rdpdr - ok
18:17:03.0462 1416 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:17:03.0509 1416 RDPENCDD - ok
18:17:03.0821 1416 [ E1C18F4097A5ABCEC941DC4B2F99DB7E ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:17:03.0852 1416 RDPWD - ok
18:17:04.0180 1416 [ 431723F23D0E065BEF502389E8FFDC10 ] Recovery Service for Windows C:\Windows\SMINST\BLService.exe
18:17:04.0195 1416 Recovery Service for Windows - ok
18:17:04.0804 1416 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:17:04.0835 1416 RemoteAccess - ok
18:17:05.0116 1416 [ CC4E32400F3C7253400CF8F3F3A0B676 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:17:05.0178 1416 RemoteRegistry - ok
18:17:05.0490 1416 [ 17E0BEF5CA5C9CE52CC8082AC6EBC449 ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe
18:17:05.0506 1416 RichVideo - ok
18:17:05.0786 1416 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
18:17:05.0833 1416 RpcLocator - ok
18:17:06.0083 1416 [ 301AE00E12408650BADDC04DBC832830 ] RpcSs C:\Windows\system32\rpcss.dll
18:17:06.0098 1416 RpcSs - ok
18:17:06.0395 1416 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:17:06.0426 1416 rspndr - ok
18:17:06.0722 1416 [ DCF733788C7D088D814E5F80EB4B3E0F ] SamSs C:\Windows\system32\lsass.exe
18:17:06.0722 1416 SamSs - ok
18:17:07.0050 1416 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:17:07.0050 1416 sbp2port - ok
18:17:07.0331 1416 [ 11387E32642269C7E62E8B52C060B3C6 ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:17:07.0393 1416 SCardSvr - ok
18:17:07.0658 1416 [ 1D5E99DB3C10F4FA034010DC49043CA4 ] Schedule C:\Windows\system32\schedsvc.dll
18:17:07.0705 1416 Schedule - ok
18:17:07.0986 1416 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] SCPolicySvc C:\Windows\System32\certprop.dll
18:17:08.0017 1416 SCPolicySvc - ok
18:17:08.0314 1416 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:17:08.0376 1416 SDRSVC - ok
18:17:08.0626 1416 [ 07F7F501AD50DE2BA2D5842D9B6D6155 ] SecDrv C:\Windows\system32\drivers\SECDRV.SYS
18:17:08.0641 1416 SecDrv ( UnsignedFile.Multi.Generic ) - warning
18:17:08.0641 1416 SecDrv - detected UnsignedFile.Multi.Generic (1)
18:17:08.0953 1416 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
18:17:08.0984 1416 seclogon - ok
18:17:09.0281 1416 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
18:17:09.0328 1416 SENS - ok
18:17:09.0624 1416 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
18:17:09.0686 1416 Serenum - ok
18:17:09.0889 1416 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
18:17:09.0967 1416 Serial - ok
18:17:10.0232 1416 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
18:17:10.0248 1416 sermouse - ok
18:17:10.0560 1416 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
18:17:10.0591 1416 SessionEnv - ok
18:17:10.0872 1416 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:17:10.0903 1416 sffdisk - ok
18:17:11.0184 1416 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:17:11.0231 1416 sffp_mmc - ok
18:17:11.0527 1416 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:17:11.0574 1416 sffp_sd - ok
18:17:11.0839 1416 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
18:17:11.0886 1416 sfloppy - ok
18:17:12.0463 1416 [ 27F10F348E508243F6254846F8370D0D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:17:12.0494 1416 ShellHWDetection - ok
18:17:12.0791 1416 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
18:17:12.0791 1416 sisagp - ok
18:17:12.0822 1416 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
18:17:12.0838 1416 SiSRaid2 - ok
18:17:13.0118 1416 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
18:17:13.0134 1416 SiSRaid4 - ok
18:17:13.0493 1416 [ 0BA91E1358AD25236863039BB2609A2E ] slsvc C:\Windows\system32\SLsvc.exe
18:17:13.0586 1416 slsvc - ok
18:17:13.0742 1416 [ 7C6DC44CA0BFA6291629AB764200D1D4 ] SLUINotify C:\Windows\system32\SLUINotify.dll
18:17:13.0789 1416 SLUINotify - ok
18:17:14.0070 1416 [ 031E6BCD53C9B2B9ACE111EAFEC347B6 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:17:14.0101 1416 Smb - ok
18:17:14.0398 1416 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:17:14.0413 1416 SNMPTRAP - ok
18:17:14.0725 1416 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
18:17:14.0741 1416 spldr - ok
18:17:15.0022 1416 [ 846CDF9A3CF4DA9B306ADFB7D55EE4C2 ] Spooler C:\Windows\System32\spoolsv.exe
18:17:15.0068 1416 Spooler - ok
18:17:15.0349 1416 [ 71E276F6D189413266EA22171806597B ] sptd C:\Windows\System32\Drivers\sptd.sys
18:17:15.0396 1416 sptd - ok
18:17:15.0677 1416 [ 73DDDBEEC61E78568082916A27AADAEE ] srv C:\Windows\system32\DRIVERS\srv.sys
18:17:15.0724 1416 srv - ok
18:17:15.0989 1416 [ 805FAC010405AD3F82EF8DF0BB035D81 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:17:16.0020 1416 srv2 - ok
18:17:16.0301 1416 [ F63A0A58AAFE34D7A1A0A74ABCCDD9C0 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:17:16.0348 1416 srvnet - ok
18:17:16.0644 1416 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:17:16.0691 1416 SSDPSRV - ok
18:17:16.0956 1416 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:17:17.0003 1416 SstpSvc - ok
18:17:17.0299 1416 [ 7DD08A597BC56051F320DA0BAF69E389 ] stisvc C:\Windows\System32\wiaservc.dll
18:17:17.0346 1416 stisvc - ok
18:17:17.0549 1416 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
18:17:17.0564 1416 swenum - ok
18:17:17.0580 1416 [ B36C7CDB86F7F7A8E884479219766950 ] swprv C:\Windows\System32\swprv.dll
18:17:17.0642 1416 swprv - ok
18:17:17.0892 1416 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
18:17:17.0892 1416 Symc8xx - ok
18:17:17.0908 1416 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
18:17:17.0923 1416 Sym_hi - ok
18:17:18.0173 1416 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
18:17:18.0188 1416 Sym_u3 - ok
18:17:18.0251 1416 [ 00B19F27858F56181EDB58B71A7C67A0 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
18:17:18.0266 1416 SynTP - ok
18:17:18.0563 1416 [ 8710A92D0024B03B5FB9540DF1F71F1D ] SysMain C:\Windows\system32\sysmain.dll
18:17:18.0594 1416 SysMain - ok
18:17:18.0859 1416 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:17:18.0906 1416 TabletInputService - ok
18:17:19.0171 1416 [ 680916BB09EE0F3A6ACA7C274B0D633F ] TapiSrv C:\Windows\System32\tapisrv.dll
18:17:19.0218 1416 TapiSrv - ok
18:17:19.0514 1416 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
18:17:19.0561 1416 TBS - ok
18:17:19.0858 1416 [ 82E266BEE5F0167E41C6ECFDD2A79C02 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:17:19.0889 1416 Tcpip - ok
18:17:20.0653 1416 [ 82E266BEE5F0167E41C6ECFDD2A79C02 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
18:17:20.0684 1416 Tcpip6 - ok
18:17:20.0918 1416 [ D4A2E4A4B011F3A883AF77315A5AE76B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:17:20.0965 1416 tcpipreg - ok
18:17:21.0480 1416 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:17:21.0527 1416 TDPIPE - ok
18:17:21.0776 1416 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:17:21.0808 1416 TDTCP - ok
18:17:22.0057 1416 [ D09276B1FAB033CE1D40DCBDF303D10F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:17:22.0088 1416 tdx - ok
18:17:22.0369 1416 [ A048056F5E1A96A9BF3071B91741A5AA ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
18:17:22.0369 1416 TermDD - ok
18:17:22.0712 1416 [ D605031E225AACCBCEB5B76A4F1603A6 ] TermService C:\Windows\System32\termsrv.dll
18:17:22.0759 1416 TermService - ok
18:17:23.0009 1416 [ A00627C658C1A3EC698851FA97D21E7F ] Tetri5 C:\Windows\system32\Drivers\Tetri5.sys
18:17:23.0040 1416 Tetri5 ( UnsignedFile.Multi.Generic ) - warning
18:17:23.0040 1416 Tetri5 - detected UnsignedFile.Multi.Generic (1)
18:17:23.0321 1416 [ 95746E5B1473432F3D9458940DBA6E3A ] TfFsMon C:\Windows\system32\drivers\TfFsMon.sys
18:17:23.0321 1416 TfFsMon - ok
18:17:23.0586 1416 TfKbMon - ok
18:17:23.0648 1416 [ 02FFDD873E31C5C2D57CA87D11EC36AF ] TfNetMon C:\Windows\system32\drivers\TfNetMon.sys
18:17:23.0648 1416 TfNetMon - ok
18:17:23.0945 1416 [ F8BD92251AB439383C051CE907D78CCE ] TfSysMon C:\Windows\system32\drivers\TfSysMon.sys
18:17:23.0960 1416 TfSysMon - ok
18:17:23.0976 1416 [ 27F10F348E508243F6254846F8370D0D ] Themes C:\Windows\system32\shsvcs.dll
18:17:24.0007 1416 Themes - ok
18:17:24.0288 1416 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
18:17:24.0304 1416 THREADORDER - ok
18:17:24.0600 1416 ThreatFire - ok
18:17:24.0616 1416 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
18:17:24.0678 1416 TrkWks - ok
18:17:24.0943 1416 [ 16613A1BAD034D4ECF957AF18B7C2FF5 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:17:24.0974 1416 TrustedInstaller - ok
18:17:25.0240 1416 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:17:25.0286 1416 tssecsrv - ok
18:17:25.0552 1416 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
18:17:25.0614 1416 tunmp - ok
18:17:25.0895 1416 [ 119B8184E106BAEDC83FCE5DDF3950DA ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:17:25.0957 1416 tunnel - ok
18:17:26.0207 1416 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
18:17:26.0222 1416 uagp35 - ok
18:17:26.0519 1416 [ 8B5088058FA1D1CD897A2113CCFF6C58 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:17:26.0550 1416 udfs - ok
18:17:26.0862 1416 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:17:26.0909 1416 UI0Detect - ok
18:17:27.0205 1416 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:17:27.0205 1416 uliagpkx - ok
18:17:27.0502 1416 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
18:17:27.0517 1416 uliahci - ok
18:17:27.0798 1416 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
18:17:27.0814 1416 UlSata - ok
18:17:28.0079 1416 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
18:17:28.0094 1416 ulsata2 - ok
18:17:28.0141 1416 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:17:28.0172 1416 umbus - ok
18:17:28.0438 1416 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
18:17:28.0469 1416 upnphost - ok
18:17:28.0796 1416 [ 8BD3AE150D97BA4E633C6C5C51B41AE1 ] usbccgp C:\Windows\system32\drivers\usbccgp.sys
18:17:28.0859 1416 usbccgp - ok
18:17:29.0046 1416 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:17:29.0124 1416 usbcir - ok
18:17:29.0374 1416 [ CEBE90821810E76320155BEBA722FCF9 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:17:29.0405 1416 usbehci - ok
18:17:29.0717 1416 [ CC6B28E4CE39951357963119CE47B143 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:17:29.0748 1416 usbhub - ok
18:17:30.0044 1416 [ 7BDB7B0E7D45AC0402D78B90789EF47C ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
18:17:30.0076 1416 usbohci - ok
18:17:30.0372 1416 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:17:30.0419 1416 usbprint - ok
18:17:30.0668 1416 [ 87BA6B83C5D19B69160968D07D6E2982 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:17:30.0700 1416 USBSTOR - ok
18:17:31.0012 1416 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
18:17:31.0058 1416 usbuhci - ok
18:17:31.0324 1416 [ 032A0ACC3909AE7215D524E29D536797 ] UxSms C:\Windows\System32\uxsms.dll
18:17:31.0355 1416 UxSms - ok
18:17:31.0620 1416 [ B13BC395B9D6116628F5AF47E0802AC4 ] vds C:\Windows\System32\vds.exe
18:17:31.0682 1416 vds - ok
18:17:31.0948 1416 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:17:31.0979 1416 vga - ok
18:17:32.0275 1416 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
18:17:32.0306 1416 VgaSave - ok
18:17:32.0603 1416 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
18:17:32.0603 1416 viaagp - ok
18:17:32.0884 1416 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
18:17:32.0915 1416 ViaC7 - ok
18:17:33.0211 1416 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
18:17:33.0227 1416 viaide - ok
18:17:33.0289 1416 [ 5F974FDE801C73952770736BECDE11E7 ] Viewpoint Manager Service C:\Program Files\Viewpoint\Common\ViewpointService.exe
18:17:33.0289 1416 Viewpoint Manager Service ( UnsignedFile.Multi.Generic ) - warning
18:17:33.0289 1416 Viewpoint Manager Service - detected UnsignedFile.Multi.Generic (1)
18:17:33.0539 1416 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:17:33.0554 1416 volmgr - ok
18:17:33.0882 1416 [ 98F5FFE6316BD74E9E2C97206C190196 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:17:33.0898 1416 volmgrx - ok
18:17:34.0194 1416 [ D8B4A53DD2769F226B3EB374374987C9 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:17:34.0210 1416 volsnap - ok
18:17:34.0506 1416 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
18:17:34.0522 1416 vsmraid - ok
18:17:34.0865 1416 [ D5FB73D19C46ADE183F968E13F186B23 ] VSS C:\Windows\system32\vssvc.exe
18:17:34.0912 1416 VSS - ok
18:17:35.0177 1416 [ 1CF9206966A8458CDA9A8B20DF8AB7D3 ] W32Time C:\Windows\system32\w32time.dll
18:17:35.0224 1416 W32Time - ok
18:17:35.0473 1416 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
18:17:35.0536 1416 WacomPen - ok
18:17:35.0754 1416 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
18:17:35.0785 1416 Wanarp - ok
18:17:35.0785 1416 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:17:35.0816 1416 Wanarpv6 - ok
18:17:36.0113 1416 [ F3A5C2E1A6533192B070D06ECF6BE796 ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:17:36.0144 1416 wcncsvc - ok
18:17:36.0440 1416 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:17:36.0472 1416 WcsPlugInService - ok
18:17:36.0737 1416 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
18:17:36.0752 1416 Wd - ok
18:17:37.0064 1416 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:17:37.0096 1416 Wdf01000 - ok
18:17:37.0408 1416 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:17:37.0454 1416 WdiServiceHost - ok
18:17:37.0673 1416 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:17:37.0704 1416 WdiSystemHost - ok
18:17:38.0032 1416 [ CF9A5F41789B642DB967021DE06A2713 ] WebClient C:\Windows\System32\webclnt.dll
18:17:38.0047 1416 WebClient - ok
18:17:38.0344 1416 [ 905214925A88311FCE52F66153DE7610 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:17:38.0390 1416 Wecsvc - ok
18:17:38.0671 1416 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:17:38.0718 1416 wercplsupport - ok
18:17:38.0983 1416 [ FD1965AAA112C6818A30AB02742D0461 ] WerSvc C:\Windows\System32\WerSvc.dll
18:17:39.0030 1416 WerSvc - ok
18:17:39.0311 1416 [ 0ACD399F5DB3DF1B58903CF4949AB5A8 ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
18:17:39.0342 1416 winachsf - ok
18:17:39.0576 1416 WinHttpAutoProxySvc - ok
18:17:39.0670 1416 [ 00B79A7C984678F24CF052E5BEB3A2F5 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:17:39.0716 1416 Winmgmt - ok
18:17:39.0950 1416 [ 20FC93FDC916843CFDFCAA7A1B0DB16F ] WinRM C:\Windows\system32\WsmSvc.dll
18:17:39.0997 1416 WinRM - ok
18:17:40.0309 1416 [ 4B40FF01DB5357299DCBDB5A5746AD21 ] Wlansvc C:\Windows\System32\wlansvc.dll
18:17:40.0340 1416 Wlansvc - ok
18:17:40.0590 1416 [ 38932C4649F8BAAD6CE1000AC6503D5B ] WmBEnum C:\Windows\system32\drivers\WmBEnum.sys
18:17:40.0606 1416 WmBEnum - ok
18:17:40.0918 1416 [ 999A4539AD634A741AFD357E290BD461 ] WmFilter C:\Windows\system32\drivers\WmFilter.sys
18:17:40.0933 1416 WmFilter - ok
18:17:41.0510 1416 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
18:17:41.0542 1416 WmiAcpi - ok
18:17:41.0822 1416 [ ABA4CF9F856D9A3A25F4DDD7690A6E9D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:17:41.0854 1416 wmiApSrv - ok
18:17:42.0166 1416 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
18:17:42.0244 1416 WMPNetworkSvc - ok
18:17:42.0446 1416 [ E45F01F4014D7AB13B8A0C41EBF48A3D ] WmVirHid C:\Windows\system32\drivers\WmVirHid.sys
18:17:42.0462 1416 WmVirHid - ok
18:17:42.0992 1416 [ 0398265DD65AAE2ECE180FA9D1E7B5BB ] WmXlCore C:\Windows\system32\drivers\WmXlCore.sys
18:17:43.0008 1416 WmXlCore - ok
18:17:43.0336 1416 [ 5D94CD167751294962BA238D82DD1BB8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:17:43.0351 1416 WPCSvc - ok
18:17:43.0648 1416 [ 396D406292B0CD26E3504FFE82784702 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:17:43.0679 1416 WPDBusEnum - ok
18:17:43.0928 1416 [ 0CEC23084B51B8288099EB710224E955 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
18:17:43.0960 1416 WpdUsb - ok
18:17:44.0240 1416 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:17:44.0256 1416 ws2ifsl - ok
18:17:44.0459 1416 WSearch - ok
18:17:44.0568 1416 [ 84A03BFE004B06E93408618976DC9C14 ] wuauserv C:\Windows\system32\wuaueng.dll
18:17:44.0677 1416 wuauserv - ok
18:17:44.0818 1416 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:17:44.0864 1416 WUDFRd - ok
18:17:45.0161 1416 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:17:45.0223 1416 wudfsvc - ok
18:17:45.0488 1416 [ DAB33CFA9DD24251AAA389FF36B64D4B ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
18:17:45.0504 1416 XAudio - ok
18:17:45.0785 1416 [ CD5F291A1161F15896D1A4D63DAFF5DF ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
18:17:45.0832 1416 XAudioService - ok
18:17:46.0128 1416 [ 9EEA6D029FEF5F3016D089B1A603837D ] xnacc C:\Windows\system32\DRIVERS\xnacc.sys
18:17:46.0190 1416 xnacc - ok
18:17:46.0393 1416 ================ Scan global ===============================
18:17:46.0752 1416 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
18:17:47.0064 1416 [ 8B05FAF8603E6FDE90C5B103761CC3F6 ] C:\Windows\system32\winsrv.dll
18:17:47.0345 1416 [ 8B05FAF8603E6FDE90C5B103761CC3F6 ] C:\Windows\system32\winsrv.dll
18:17:47.0407 1416 [ 2B336AB6286D6C81FA02CBAB914E3C6C ] C:\Windows\system32\services.exe
18:17:47.0407 1416 [Global] - ok
18:17:47.0672 1416 ================ Scan MBR ==================================
18:17:47.0704 1416 [ 85D751F0E41B8E520AEE8C07A8DA777B ] \Device\Harddisk0\DR0
18:17:48.0203 1416 \Device\Harddisk0\DR0 - ok
18:17:48.0312 1416 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
18:17:51.0806 1416 \Device\Harddisk1\DR1 - ok
18:17:51.0806 1416 ================ Scan VBR ==================================
18:17:52.0118 1416 [ BFA90AE0C2826BB56D2025C3970A658F ] \Device\Harddisk0\DR0\Partition1
18:17:52.0118 1416 \Device\Harddisk0\DR0\Partition1 - ok
18:17:52.0165 1416 [ 99650D87F0727E7FD8C6DFEA2069858E ] \Device\Harddisk0\DR0\Partition2
18:17:52.0165 1416 \Device\Harddisk0\DR0\Partition2 - ok
18:17:52.0415 1416 [ C6B66E7EE6905E131E29B238906DFD25 ] \Device\Harddisk1\DR1\Partition1
18:17:52.0415 1416 \Device\Harddisk1\DR1\Partition1 - ok
18:17:52.0415 1416 ============================================================
18:17:52.0415 1416 Scan finished
18:17:52.0415 1416 ============================================================
18:17:52.0430 1300 Detected object count: 11
18:17:52.0430 1300 Actual detected object count: 11
18:18:57.0264 1300 atksgt ( UnsignedFile.Multi.Generic ) - skipped by user
18:18:57.0264 1300 atksgt ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:18:57.0264 1300 EMSLink ( UnsignedFile.Multi.Generic ) - skipped by user
18:18:57.0264 1300 EMSLink ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:18:57.0545 1300 HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:18:57.0545 1300 HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:18:57.0545 1300 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
18:18:57.0545 1300 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:18:57.0810 1300 ithsgt ( UnsignedFile.Multi.Generic ) - skipped by user
18:18:57.0810 1300 ithsgt ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:18:57.0810 1300 JL2005 ( UnsignedFile.Multi.Generic ) - skipped by user
18:18:57.0810 1300 JL2005 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:18:57.0810 1300 lilsgt ( UnsignedFile.Multi.Generic ) - skipped by user
18:18:57.0810 1300 lilsgt ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:18:57.0810 1300 lirsgt ( UnsignedFile.Multi.Generic ) - skipped by user
18:18:57.0810 1300 lirsgt ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:18:57.0826 1300 SecDrv ( UnsignedFile.Multi.Generic ) - skipped by user
18:18:57.0826 1300 SecDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:18:57.0826 1300 Tetri5 ( UnsignedFile.Multi.Generic ) - skipped by user
18:18:57.0826 1300 Tetri5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:18:57.0826 1300 Viewpoint Manager Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:18:57.0826 1300 Viewpoint Manager Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:19:50.0257 0972 Deinitialize success


... and here's the aswMBR log...

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-20 18:35:46
-----------------------------
18:35:46.641 OS Version: Windows 6.0.6001 Service Pack 1
18:35:46.641 Number of processors: 2 586 0x301
18:35:46.641 ComputerName: LAN-PC UserName: Lan
18:36:00.759 Initialize success
18:36:02.147 AVAST engine defs: 11033100
18:36:49.587 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-6
18:36:49.602 Disk 0 Vendor: TOSHIBA_MK1652GSX LV011C Size: 152627MB BusType: 3
18:36:49.618 Disk 0 MBR read successfully
18:36:49.930 Disk 0 MBR scan
18:36:50.320 Disk 0 unknown MBR code
18:36:50.320 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 142510 MB offset 63
18:36:50.725 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10113 MB offset 291862528
18:36:51.193 Disk 0 scanning sectors +312573952
18:36:51.568 Disk 0 scanning C:\Windows\system32\drivers
18:37:19.601 Service scanning
18:38:05.293 Modules scanning
18:38:20.503 Disk 0 trace - called modules:
18:38:20.535 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
18:38:23.733 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85bff7b0]
18:38:23.748 3 CLASSPNP.SYS[807a7745] -> nt!IofCallDriver -> [0x850d2878]
18:38:23.764 5 acpi.sys[806156a0] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-6[0x850c4870]
18:38:24.481 AVAST engine scan C:\Windows
18:38:29.941 AVAST engine scan C:\Windows\system32
18:43:57.011 AVAST engine scan C:\Windows\system32\drivers
18:44:40.176 AVAST engine scan C:\Users\Lan
19:16:17.277 AVAST engine scan C:\ProgramData
19:19:53.259 Scan finished successfully
19:27:25.752 Disk 0 MBR has been saved successfully to "C:\Users\Lan\Desktop\MBR.dat"
19:27:25.768 The log file has been saved successfully to "C:\Users\Lan\Desktop\aswMBR.txt"


Since my computer will BSOD unless it's started in Safe Mode (which means it can't access the internet) or with a Live CD (which means it can't write to the hard disk), I wasn't able to update the defs for aswMBR.exe after copying it to my desktop. The program didn't ask me to, though.

I also have new versions of the logs the HelpBot mentioned, though I don't think anything would have changed since I last ran DDS and GMER.

.
DDS (Ver_2011-08-26.01) - NTFSx86 MINIMAL
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_31
Run by Lan at 10:46:04 on 2012-08-20
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1790.1435 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: COMODO Defense+ *Disabled/Updated* {1C31E4C3-A132-6AC6-4A85-4415E7D88418}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall *Enabled* {9F6B8402-CD67-6410-5B6A-D652628C89DE}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cnnb
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
uRun: [Taskbar Shuffle] c:\program files\taskbar shuffle\taskbarshuffle.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
uRun: [F.lux] "c:\users\lan\local settings\apps\f.lux\flux.exe" /noshow
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [ThreatFire] c:\program files\threatfire\TFTray.exe
mRun: [amd_dc_opt] c:\program files\dual-core optimizer\amd_dc_opt.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [WatchDog] c:\program files\intervideo\dvd check\DVDCheck.exe
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [avast5] c:\progra~1\avast5\avastUI.exe /nogui
mRun: [CMPDPSRV] c:\windows\system32\spool\drivers\w32x86\3\CMPDPSRV.EXE
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [ABrSmUWHNf.exe] c:\programdata\ABrSmUWHNf.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
StartupFolder: c:\users\lan\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dvdche~1.lnk - c:\program files\intervideo\dvd check\DVDCheck.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm
IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
TCP: Interfaces\{AD39B994-2840-43F3-982E-2A26E7988A52} : DhcpNameServer = 192.168.1.1 192.168.1.1
AppInit_DLLs: c:\windows\system32\guard32.dll
Hosts: 216.144.214.105 www.mameworld.net #MAWS
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\lan\appdata\roaming\mozilla\firefox\profiles\yt8cfrt8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\npjpi160_31.dll
FF - plugin: c:\program files\java\jre6\bin\npoji610.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\users\lan\appdata\roaming\move networks\plugins\npqmp071505000011.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Cookie Monster: {45d8ff86-d909-11db-9705-005056c00008} - %profile%\extensions\{45d8ff86-d909-11db-9705-005056c00008}
FF - Ext: ResetSearchbar: resetsearchbar@robertkatic - %profile%\extensions\resetsearchbar@robertkatic
FF - Ext: Resurrect Pages: {0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3} - %profile%\extensions\{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}
FF - Ext: Text-to-Image: {f701c26a-479a-4724-b4f1-870db12f063c} - %profile%\extensions\{f701c26a-479a-4724-b4f1-870db12f063c}
FF - Ext: Linkification: {35106bca-6c78-48c7-ac28-56df30b51d2a} - %profile%\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
FF - Ext: Web Search Wipe: wipesearch@extension.net - %profile%\extensions\wipesearch@extension.net
FF - Ext: FormFox: formfox@daniel.steinbrook - %profile%\extensions\formfox@daniel.steinbrook
FF - Ext: Ghostery: firefox@ghostery.com - %profile%\extensions\firefox@ghostery.com
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
.
============= SERVICES / DRIVERS ===============
.
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-1-14 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-1-14 59664]
R3 Tetri5;Tetri5 driver;c:\windows\system32\drivers\Tetri5.sys [2009-4-23 53088]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2008-12-2 165456]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2008-12-2 128376]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2008-12-2 29520]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-2 17744]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2008-12-2 50256]
S2 avast! Antivirus;avast! Antivirus;c:\program files\avast5\AvastSvc.exe [2010-3-31 40384]
S2 EMSLink;EMS Inter-Link driver V3.0;c:\windows\system32\drivers\EM3Link.sys [2011-10-2 6176]
S2 gupdate1c9b6404c9a69c0;Google Update Service (gupdate1c9b6404c9a69c0);c:\program files\google\update\GoogleUpdate.exe [2009-4-5 133104]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-11-21 655944]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\sminst\BLService.exe [2008-6-25 361808]
S2 ThreatFire;ThreatFire;c:\program files\threatfire\tfservice.exe service --> c:\program files\threatfire\TFService.exe service [?]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-12-2 24652]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\avast5\AvastSvc.exe [2010-3-31 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\avast5\AvastSvc.exe [2010-3-31 40384]
S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-6-25 193840]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-4-5 133104]
S3 JL2005;JL2005A Toy Camera;c:\windows\system32\drivers\toywdm.sys [2004-6-4 70888]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-11-21 22344]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-5-3 42528]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-1-14 33552]
.
=============== File Associations ===============
.
vbefile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
vbsfile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
jsefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-07-10 17:10:16 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 17:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-31 16:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 10:47:35.14 ===============

Attached Files



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,574 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:24 PM

Posted 20 August 2012 - 07:21 PM

Greetings ES Peek,


Thank you for the information. There are a few things I would like to address in this post.

Please consider and perform the following.


===================================================


Multiple Antivirus Programs

-------------------

I do not recommend that you have more than one anti virus product installed on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and uninstall 2 of the 3 programs you have installed: Avast or Comodo, ThreatFire.


===================================================


Run Combofix in Vista/7

--------------------

Combofix is a very powerful tool and special attention must be taken to allow it to work properly. Please pay careful attention to the following instructions.

  • Please download ComboFix from one of these locations:

    BleepingComputer

    ForoSpyware

  • Save Combofix.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts. It is important you do not mouseclick while the program is running or it may stall.

    Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.

    • Check your computer clock. If it is still running then so is ComboFix
    • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
    • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
    Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply.
  • Please attempt to boot into Normal Mode


===================================================


BlueScreenView

----------

  • Download BlueScreenView and save it to your desktop
  • Double click the BlueScreenView.exe file then click OK
  • Select Run, Next, then Next again
  • Click Install
  • When the scanning is complete, select Edit and Select All
  • Then click File and Save Selected Items
  • Save the report as BSOD.txt
  • Open BSOD.txt in Notepad, copy the entire content and paste it into your next reply
More information about the program can be found here


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Were you able to successfully delete 2 of the 3 antivirus programs?
  • Combofix.txt
  • Are you able to boot into Normal Mode?
  • BSOD.txt

Edited by Oh My, 21 August 2012 - 12:07 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 ES Peek

ES Peek
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 23 August 2012 - 06:10 PM

I'm sorry I didn't reply sooner. I'd uninstalled Avast and ThreatFire on Tuesday and started ComboFix with what I though would be enough time for the program to complete. After an hour and a half had gone by, however, it was still running, and circumstances made it necessary for me to shut down the computer. I started ComboFix again Wednesday morning and let it run to today without it concluding. ComboFix doesn't seem to have froze; I had the Task Manager open and the CPU and mem usage for .3xe files fluctuated throughout. The clock was working too. After shutting down for the second time, I tried booting in normal mode, and the machine produced a BSOD with the same message as before. I haven't run BlueScreenView yet, figuring it would be better to let you know what had happened before continuing your instructions.

ComboFix doesn't seem to have produced a Combofix.txt file in the C directory, though there is a ComboFix file there without an extension. Double clicking on that shows links to the C, D and E drives and desktop.ini. Also, after each time I terminated ComboFix, I received the message "The recycle bin on C:\ is corrupted. Do you want to empty the Recycle Bin for this drive?" I clicked "yes" and the bin seemed to work normally after.

#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,574 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:24 PM

Posted 23 August 2012 - 06:28 PM

Greetings ES Peek,

Sounds like you are awfully patient! Thanks for being persistent. Let's approach it with a different program.

Please perform the following for me.


===================================================


Farbar's Recovery Scan Tool

--------------------

I would like you to run Farbar's Recovery Scan Tool to check your Master Boot Record (MBR). For this you will need a USB flash drive and start on a clean computer.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC and we will enter the System Recovery Options one of the two following ways:

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
Once you are in the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in Notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select Computer and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    • Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • FRST.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 ES Peek

ES Peek
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 23 August 2012 - 08:00 PM

OK, here's FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 23-08-2012 02
Ran by SYSTEM at 23-08-2012 20:41:44
Running from F:\
Windows Vista ™ Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet003

========================== Registry (Whitelisted) =============

HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [13535776 2008-05-03] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [92704 2008-05-03] (NVIDIA Corporation)
HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-04-17] (Synaptics, Inc.)
HKLM\...\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" [468264 2008-04-01] (CyberLink Corp.)
HKLM\...\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [202032 2008-03-14] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [80896 2007-08-22] (Hewlett-Packard)
HKLM\...\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [70912 2008-04-15] (Hewlett-Packard)
HKLM\...\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM\...\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2008-04-15] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [amd_dc_opt] C:\Program Files\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM\...\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" [x]
HKLM\...\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [197904 2008-05-23] (InterVideo Inc.)
HKLM\...\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h [1800464 2009-11-21] (COMODO)
HKLM\...\Run: [CMPDPSRV] C:\Windows\system32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE [45056 2001-10-31] (DeviceGuys, Inc.)
HKLM\...\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [ABrSmUWHNf.exe] C:\ProgramData\ABrSmUWHNf.exe [x]
HKLM\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1008184 2008-01-20] (Microsoft Corporation)
HKU\Lan\...\Run: [Taskbar Shuffle] C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe [818176 2008-04-16] (Jay Elaraj)
HKU\Lan\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\Lan\...\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [3561720 2009-05-19] (Veoh Networks)
HKU\Lan\...\Run: [F.lux] "C:\Users\Lan\Local Settings\Apps\F.lux\flux.exe" /noshow [966656 2009-08-28] ()
AppInit_DLLs: C:\Windows\System32\guard32.dll

================================ Services (Whitelisted) ==================

2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
2 cmdAgent; "C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe" [723632 2009-11-21] (COMODO)
2 Eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [21504 2008-01-20] (Microsoft Corporation)
2 gupdate1c9b6404c9a69c0; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [133104 2009-04-05] (Google Inc.)
2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
2 Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [361808 2008-04-25] ()
2 RichVideo; "C:\Program Files\CyberLink\Shared Files\RichVideo.exe" [272024 2007-01-09] ()
2 Viewpoint Manager Service; "C:\Program Files\Viewpoint\Common\ViewpointService.exe" [24652 2007-01-04] (Viewpoint Corporation)
2 HP Health Check Service; "c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe" [x]

========================== Drivers (Whitelisted) =============

3 AmdLLD; C:\Windows\System32\DRIVERS\AmdLLD.sys [34304 2007-06-29] (AMD, Inc.)
2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2011-06-12] ()
1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [128376 2009-12-21] (COMODO)
1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [29520 2009-11-21] (COMODO)
2 EMSLink; C:\Windows\System32\Drivers\EM3Link.sys [6176 2003-03-26] (EMS3 DRIVER)
3 HpqRemHid; C:\Windows\System32\DRIVERS\HpqRemHid.sys [7168 2007-07-11] (Hewlett-Packard Development Company, L.P.)
1 Inspect; C:\Windows\System32\DRIVERS\inspect.sys [74328 2009-11-21] (COMODO)
2 ithsgt; C:\Windows\System32\DRIVERS\ithsgt.sys [162432 2009-04-25] ()
3 JL2005; C:\Windows\System32\Drivers\toywdm.sys [70888 2004-06-04] (Windows ® 2000 DDK provider)
2 lilsgt; C:\Windows\System32\DRIVERS\lilsgt.sys [12032 2009-04-25] ()
2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2011-06-12] ()
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22344 2012-07-03] (Malwarebytes Corporation)
2 SecDrv; \??\C:\Windows\system32\drivers\SECDRV.SYS [163644 2009-10-15] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
4 sptd; C:\Windows\System32\Drivers\sptd.sys [717296 2008-12-03] (Duplex Secure Ltd.)
3 Tetri5; C:\Windows\System32\Drivers\Tetri5.sys [53088 2009-04-22] ()
3 WmBEnum; C:\Windows\System32\drivers\WmBEnum.sys [19336 2008-01-24] (Logitech Inc.)
3 WmFilter; C:\Windows\System32\drivers\WmFilter.sys [29192 2009-01-13] (Logitech Inc.)
3 WmVirHid; C:\Windows\System32\drivers\WmVirHid.sys [14728 2008-01-24] (Logitech Inc.)
3 WmXlCore; C:\Windows\System32\drivers\WmXlCore.sys [48904 2008-01-24] (Logitech Inc.)
3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [521216 2008-01-20] (Microsoft Corporation)
1 AFD; C:\Windows\system32\drivers\afd.sys [x]
3 ALSysIO; \??\C:\Users\Lan\AppData\Local\Temp\ALSysIO.sys [x]
3 catchme; \??\C:\Users\Lan\AppData\Local\Temp\catchme.sys [x]
1 eabfiltr; [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 jnv4_mib; \??\C:\Users\Lan\AppData\Local\Temp\jnv4_mib.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-08-23 20:41 - 2012-08-23 20:41 - 00000000 ____D C:\FRST
2012-08-23 15:14 - 2012-08-23 15:14 - 00000000 ____D C:\Program Files\NirSoft
2012-08-23 15:13 - 2012-08-23 15:12 - 00130247 ____A C:\Users\Lan\Desktop\bluescreenview_setup.exe
2012-08-23 05:03 - 2012-08-23 05:03 - 00000089 ____A C:\Users\Lan\Documents\rb.txt
2012-08-22 06:08 - 2012-08-22 06:10 - 00000000 ___SD C:\ComboFix
2012-08-22 05:49 - 2012-08-22 05:49 - 00339359 ____A C:\Users\Lan\Documents\ks.7z
2012-08-22 05:32 - 2012-08-21 17:10 - 04735501 ___RA (Swearware) C:\Users\Lan\Desktop\ComboFix.exe
2012-08-21 17:37 - 2012-08-21 17:37 - 00000000 ____D C:\Qoobox
2012-08-21 17:37 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-08-21 17:37 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-08-21 17:37 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-08-21 17:37 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-08-21 17:37 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-08-21 17:37 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-08-21 17:37 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-08-21 17:37 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-08-21 17:36 - 2012-08-21 17:36 - 00000000 ____D C:\Windows\erdnt
2012-08-21 17:22 - 2012-08-21 17:22 - 00000182 ____A C:\Users\Lan\Documents\uninstall URLs.txt
2012-08-20 15:27 - 2012-08-20 15:27 - 00001936 ____A C:\Users\Lan\Desktop\aswMBR.txt
2012-08-20 15:27 - 2012-08-20 15:27 - 00000512 ____A C:\Users\Lan\Desktop\MBR.dat
2012-08-20 14:28 - 2012-08-20 14:13 - 04731392 ____A (AVAST Software) C:\Users\Lan\Desktop\aswMBR.exe
2012-08-20 14:14 - 2012-08-20 14:11 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\Lan\Desktop\tdsskiller.exe
2012-08-20 08:27 - 2012-08-20 08:27 - 00006355 ____A C:\Users\Lan\Desktop\ark.txt
2012-08-20 06:48 - 2012-08-20 06:48 - 00012157 ____A C:\Users\Lan\Desktop\DDS.txt
2012-08-20 06:48 - 2012-08-20 06:48 - 00010440 ____A C:\Users\Lan\Desktop\Attach.txt
2012-08-10 21:10 - 2012-08-10 21:10 - 00000286 ____A C:\Users\Lan\Documents\k7.txt
2012-07-30 06:31 - 2012-07-30 06:31 - 00000092 ____A C:\Users\Lan\Documents\ngbc notes.txt

============ 3 Months Modified Files ========================

2012-08-23 16:16 - 2008-09-21 10:40 - 00042369 ____A C:\Users\All Users\nvModes.dat
2012-08-23 16:16 - 2008-09-21 10:40 - 00042369 ____A C:\Users\All Users\nvModes.001
2012-08-23 16:15 - 2009-06-30 17:13 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-23 16:15 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-23 16:15 - 2006-11-02 04:47 - 00003344 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-23 16:15 - 2006-11-02 04:47 - 00003344 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-23 16:10 - 2008-12-03 06:44 - 00001356 ____A C:\Users\Lan\AppData\Local\d3d9caps.dat
2012-08-23 16:10 - 2006-11-02 02:33 - 00709154 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-23 15:50 - 2006-11-02 05:01 - 00032564 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-23 15:12 - 2012-08-23 15:13 - 00130247 ____A C:\Users\Lan\Desktop\bluescreenview_setup.exe
2012-08-23 14:47 - 2008-09-21 10:46 - 00000246 ____A C:\Users\Public\Documents\hpqp.ini
2012-08-23 14:44 - 2008-01-20 18:47 - 00172544 ____A C:\Windows\PFRO.log
2012-08-23 13:54 - 2008-12-04 17:12 - 00030098 ____A C:\Users\Lan\AppData\Roaming\wklnhst.dat
2012-08-23 05:03 - 2012-08-23 05:03 - 00000089 ____A C:\Users\Lan\Documents\rb.txt
2012-08-22 05:49 - 2012-08-22 05:49 - 00339359 ____A C:\Users\Lan\Documents\ks.7z
2012-08-21 17:22 - 2012-08-21 17:22 - 00000182 ____A C:\Users\Lan\Documents\uninstall URLs.txt
2012-08-21 17:10 - 2012-08-22 05:32 - 04735501 ___RA (Swearware) C:\Users\Lan\Desktop\ComboFix.exe
2012-08-20 15:27 - 2012-08-20 15:27 - 00001936 ____A C:\Users\Lan\Desktop\aswMBR.txt
2012-08-20 15:27 - 2012-08-20 15:27 - 00000512 ____A C:\Users\Lan\Desktop\MBR.dat
2012-08-20 14:13 - 2012-08-20 14:28 - 04731392 ____A (AVAST Software) C:\Users\Lan\Desktop\aswMBR.exe
2012-08-20 14:11 - 2012-08-20 14:14 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\Lan\Desktop\tdsskiller.exe
2012-08-20 08:27 - 2012-08-20 08:27 - 00006355 ____A C:\Users\Lan\Desktop\ark.txt
2012-08-20 06:48 - 2012-08-20 06:48 - 00012157 ____A C:\Users\Lan\Desktop\DDS.txt
2012-08-20 06:48 - 2012-08-20 06:48 - 00010440 ____A C:\Users\Lan\Desktop\Attach.txt
2012-08-19 14:48 - 2011-02-28 09:17 - 00014336 ____A C:\Users\Lan\Documents\PS2 memory cards.xlr
2012-08-17 04:40 - 2008-12-01 21:02 - 00123904 ____A C:\Users\Lan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-10 21:10 - 2012-08-10 21:10 - 00000286 ____A C:\Users\Lan\Documents\k7.txt
2012-08-05 16:58 - 2006-11-02 04:47 - 00429392 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-30 06:31 - 2012-07-30 06:31 - 00000092 ____A C:\Users\Lan\Documents\ngbc notes.txt
2012-07-20 12:36 - 2012-07-20 12:36 - 00000698 ____A C:\Users\Lan\Desktop\defogger_disable.log
2012-07-20 12:36 - 2012-07-20 12:36 - 00000176 ____A C:\Users\Lan\defogger_reenable
2012-07-20 12:31 - 2012-07-20 12:34 - 00607260 ___RA (Swearware) C:\Users\Lan\Desktop\dds.scr
2012-07-20 12:30 - 2012-07-20 12:34 - 00050477 ____A C:\Users\Lan\Desktop\Defogger.exe
2012-07-15 16:55 - 2012-07-15 16:55 - 00000370 ____A C:\rkill.log
2012-07-15 14:02 - 2012-07-15 14:02 - 00000866 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-15 04:04 - 2008-09-21 10:07 - 01956496 ____A C:\Windows\WindowsUpdate.log
2012-07-15 03:37 - 2009-06-30 17:13 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-13 16:32 - 2012-01-12 19:02 - 00010916 ____A C:\Users\Lan\Documents\reply drafts.txt
2012-07-13 16:31 - 2010-01-09 16:17 - 00033620 ____A C:\Users\Lan\Documents\notes.txt
2012-07-11 17:15 - 2012-06-13 16:02 - 00000611 ____A C:\Users\Lan\Documents\wiiline.txt
2012-07-10 19:21 - 2009-01-21 19:05 - 00036608 ____A C:\Users\Lan\Documents\---.txt
2012-07-10 18:33 - 2010-01-26 02:35 - 00000510 ____A C:\Windows\WORDPAD.INI
2012-07-10 16:26 - 2008-12-09 17:25 - 00000052 ____A C:\Windows\System32\DOErrors.log
2012-07-10 09:10 - 2012-07-10 09:10 - 00404640 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-07-06 14:44 - 2009-04-27 06:18 - 00000233 ____A C:\Windows\ACTIVEJP.INI
2012-07-06 08:14 - 2012-07-06 08:14 - 00006752 ____A C:\Windows\EAConfigInfo.txt
2012-07-06 08:14 - 2009-02-04 14:01 - 00003409 ____A C:\Users\Lan\AppData\Roaming\glide_wrapper.zbag.ini
2012-07-03 09:46 - 2011-11-21 04:47 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-22 13:53 - 2012-06-22 14:08 - 00029126 ____A C:\Users\Lan\Documents\A15-05-12_23.14.amr
2012-06-22 13:52 - 2012-06-22 14:08 - 00550534 ____A C:\Users\Lan\Documents\A21-06-12_19.23.amr
2012-06-20 08:12 - 2012-03-02 17:44 - 00000933 ____A C:\Users\Lan\Documents\lyric composition.txt
2012-06-14 05:53 - 2010-08-12 11:54 - 00014336 ____A C:\Users\Lan\Documents\film.xlr
2012-06-13 03:05 - 2012-05-24 06:39 - 00000347 ____A C:\Users\Lan\Documents\2000-369WM.txt
2012-06-10 11:32 - 2012-06-10 11:32 - 00010752 ____A C:\Users\Lan\Documents\AMS hours.xlr
2012-06-10 03:46 - 2012-05-24 17:01 - 00000284 ____A C:\Users\Lan\Documents\consm.txt
2012-05-31 08:25 - 2009-10-02 21:44 - 00237072 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 24%
Total physical RAM: 1789.81 MB
Available physical RAM: 1357.43 MB
Total Pagefile: 1568.39 MB
Available Pagefile: 1415.79 MB
Total Virtual: 2047.88 MB
Available Virtual: 1983.55 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:139.17 GB) (Free:1.86 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (PRESARIO_RP) (Fixed) (Total:9.88 GB) (Free:1.74 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: (USB20FD) (Removable) (Total:15.1 GB) (Free:8.6 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 149 GB 2904 KB
Disk 1 Online 15 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 139 GB 32 KB
Partition 2 Primary 10 GB 139 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 139 GB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D PRESARIO_RP NTFS Partition 10 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 15 GB 16 KB

==================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 F USB20FD FAT32 Removable 15 GB Healthy

==================================================================================

Last Boot: 2012-08-23 03:50

======================= End Of Log ==========================


One other thing to mention is that right after making my previous post, I couldn't resist trying BlueScreenView, but it wasn't able to generate a report. Oh, and I wasn't quite right in saying I had the same BSOD. The last value after technical information was a little different, 0x8243C0EC.

#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,574 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:24 PM

Posted 23 August 2012 - 08:42 PM

Greetings ES Peek,

Thank you for providing that information. Let's see if we can make some headway without dealing the the Blue Screen information quite yet. Because of your current difficulties we will have to approach it a different way if we need that information.

Please perform the following for me.


===================================================


Farbar's Recovery Scan Tool Search

--------------------

  • Boot to the System Recovery Options again and run FRST
  • Type the following in the edit box

    Search: afd.sys
  • Click Search button
  • A Search.txt document will be saved to your USB device
  • Copy and paste the contents of that document your reply

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Search.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 ES Peek

ES Peek
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 24 August 2012 - 08:55 PM

Here is the Search.txt:

Farbar Recovery Scan Tool Version: 23-08-2012 02
Ran by SYSTEM at 2012-08-24 18:20:03
Running from F:\

================== Search: "afd.sys" ===================

C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18000_none_d7e842925e6d1f50\afd.sys
[2008-01-20 18:24] - [2008-01-20 18:24] - 0273920 ____A () F22D573D2F68071515447451DDDD8A1B

=== End Of Search ===



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,574 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:24 PM

Posted 24 August 2012 - 09:37 PM

Greetings ES Peek,

Great. Now please run this.


===================================================


Farbar's Recovery Scan Tool - Run Fix

--------------------

  • From a clean computer press the windows key Posted Image + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it on the flashdrive as fixlist.txt

    Replace: C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18000_none_d7e842925e6d1f50\afd.sys  C:\Windows\System32\drivers\afd.sys
  • NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Insert the USB device into your infected computer
  • Enter the System Recovery Options (press F8 during boot up) and select Command Prompt.
  • Run FRST as you did the first time and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the flashdrive (Fixlog.txt) please post it to your reply.
  • Please attempt to boot your computer into Normal Mode

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Fixlog.txt
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 ES Peek

ES Peek
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 25 August 2012 - 05:35 PM

I ran FRST from the recovery options and gave normal mode a couple of tries, but unfortuantely, the computer produced a BSOD shortly after logging in. Here is Fixlog.txt:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 23-08-2012 02
Ran by SYSTEM at 2012-08-25 11:58:25 Run:1
Running from F:\

==============================================

Could not find C:\Windows\System32\drivers\afd.sys.
C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18000_none_d7e842925e6d1f50\afd.sys  copied successfully to C:\Windows\System32\drivers\afd.sys

==== End of Fixlog ====


#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,574 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:24 PM

Posted 25 August 2012 - 05:49 PM

Greetings ES Peek,

Nice job. The program did what we needed it to do. :thumbup2:

Now we need to return to Post #6 and run BlueScreenView. That will hopefully give us some background information on exactly what is tripping up the boot up process.

Please post the results.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 ES Peek

ES Peek
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 26 August 2012 - 09:12 PM

Oh, I see. I started in Safe Mode and ran BlueScreenView, but it still didn't report anything. I looked in the program's help file, which pointed to this blog entry, and saw that "write debugging information" on my machine was set to "kernel memory dump" when it needed to be "small memory dump." I changed that setting, switched to Normal Mode to BSOD, then back to Safe Mode to run BlueScreenView again. Here is BSOD.txt:




==================================================
Dump File         : Mini082512-01.dmp
Crash Time        : 8/25/2012 9:45:07 PM
Bug Check String  : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code    : 0x1000000a
Parameter 1       : 0x00000000
Parameter 2       : 0x00000002
Parameter 3       : 0x00000001
Parameter 4       : 0x824450ec
Caused By Driver  : raspptp.sys
Caused By Address : raspptp.sys+cc84
File Description  : Peer-to-Peer Tunneling Protocol
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.0.6001.18000 (longhorn_rtm.080118-1840)
Processor         : 32-bit
Crash Address     : ntoskrnl.exe+270ec
Stack Address 1   : ntoskrnl.exe+19e5a
Stack Address 2   : raspptp.sys+cc84
Stack Address 3   : raspptp.sys+cf4e
Computer Name     : 
Full Path         : C:\Windows\Minidump\Mini082512-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 6001
Dump File Size    : 157,759
==================================================

I know I shouldn't take action on my own, but I might have messed up that setting myself. Back before I made my first post, I was in the same menu to turn off the automatic post-BSOD restarts so I could copy down what was on the blue screen, and it's possible I toggled the other option without realizing it. I also messed up a little in initially saving BSOD.txt as Unicode, which apparently didn't like those little -reserved- symbols, so it took me a bit to find out why it was gibberish when I reopened it.

In restarting after that BSOD, a box that hasn't appeared before showed up:

Problem signature:
  Problem Event Name:	BlueScreen
  OS Version:	6.0.6001.2.1.0.768.3
  Locale ID:	1033

Additional information about the problem:
  BCCode:	1000000a
  BCP1:	00000000
  BCP2:	00000002
  BCP3:	00000001
  BCP4:	824450EC
  OS Version:	6_0_6001
  Service Pack:	1_0
  Product:	768_1

Files that help describe the problem:
  C:\Windows\Minidump\Mini082512-01.dmp
  C:\Users\Lan\AppData\Local\Temp\WER-54101-0.sysdata.xml
  C:\Users\Lan\AppData\Local\Temp\WER36A9.tmp.version.txt

Read our privacy statement:
  http://go.microsoft.com/fwlink/?linkid=50163&clcid=0x0409





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users