[A] Windows has encountered a critical problem and will restart automatically in one minute

Inactive
By LoganFL
Sep 26, 2012
Topic Status:
Not open for further replies.
  1. I am running Windows 7 and have not had any problems with it at all until now. The Kids were on the PC and now I get the following message.

    Windows has encountered a critical problem and will restart automatically in one minute. Please save your work now.

    I looked at the pinned directions, but I'm not able to start anything or scan anything because my laptop just automatically restarts before I can do anything.

    I've tried hitting F8 and chose "Disable automatic restart" but I still got the error. Then I hit F8 and chose safe mode but still got the message.

    Not sure what to do because I cannot run a scan or keep it from restarting.

    I read the post at:

    http://www.techspot.com/community/t...tomatically-in-one-minute-please-save.183711/

    ...and downloaded Far Bar Recovery Tool

    See FarBar Recovery Scans

    Help is much appreaciated.

    Attached Files:

  2. Broni

    Broni Malware Annihilator Posts: 46,433   +252

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =====================================

    Please observe forum rules.
    All logs have to be pasted not attached.
  3. LoganFL

    LoganFL Newcomer, in training Topic Starter

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-09-2012
    Ran by SYSTEM at 26-09-2012 18:40:19
    Running from M:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet003
    ==================== Registry (Whitelisted) ===================
    HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10060320 2010-02-09] (Realtek Semiconductor)
    HKLM\...\Run: [OOTag] C:\Program Files (x86)\Gateway\OOBEOffer\ootag.exe [13856 2010-02-22] (Microsoft)
    HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [OOTag] C:\Program Files (x86)\Gateway\OOBEOffer\OOTag.exe [13856 2010-02-22] (Microsoft)
    HKLM-x32\...\Run: [Hotkey Utility] C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe [563744 2010-03-25] ()
    HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-02-10] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe -A [124416 2009-07-20] (IOI)
    HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
    HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot [273544 2011-05-11] (RealNetworks, Inc.)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-10-09] (Apple Inc.)
    HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
    HKU\Default\...\RunOnce: [ScrSav] C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe /default [162336 2009-07-21] ()
    HKU\Default User\...\RunOnce: [ScrSav] C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe /default [162336 2009-07-21] ()
    HKU\Kramer\...\Winlogon: [Shell] explorer.exe
    Tcpip\Parameters: [DhcpNameServer] 172.16.2.9 172.16.2.14
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Wireless Connection Manager.lnk
    ShortcutTarget: Wireless Connection Manager.lnk -> C:\Program Files (x86)\D-Link\DWA-131 revA\wirelesscm.exe (D-Link Corp.)
    ==================== Services (Whitelisted) ===================
    2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-07] (Malwarebytes Corporation)
    2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-07] (Malwarebytes Corporation)
    2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
    3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
    2 WlanWpsSvc; C:\Program Files (x86)\D-Link\DWA-131 revA\WlanWpsSvc.exe [167936 2008-06-26] ()
    ==================== Drivers (Whitelisted) =====================
    3 MBAMProtector; \??\C:\windows\system32\drivers\mbam.sys [25928 2012-09-07] (Malwarebytes Corporation)
    1 abkwauex; \??\C:\windows\system32\drivers\abkwauex.sys [x]
    1 aceqwbxo; \??\C:\windows\system32\drivers\aceqwbxo.sys [x]
    1 advktutr; \??\C:\windows\system32\drivers\advktutr.sys [x]
    1 axupfqfh; \??\C:\windows\system32\drivers\axupfqfh.sys [x]
    1 ayliigwa; \??\C:\windows\system32\drivers\ayliigwa.sys [x]
    1 bnponjco; \??\C:\windows\system32\drivers\bnponjco.sys [x]
    1 bptpdmhg; \??\C:\windows\system32\drivers\bptpdmhg.sys [x]
    1 bujjhpdo; \??\C:\windows\system32\drivers\bujjhpdo.sys [x]
    1 bwkzulcu; \??\C:\windows\system32\drivers\bwkzulcu.sys [x]
    1 cwtiojrz; \??\C:\windows\system32\drivers\cwtiojrz.sys [x]
    1 dmyzfeij; \??\C:\windows\system32\drivers\dmyzfeij.sys [x]
    1 dqlbkdds; \??\C:\windows\system32\drivers\dqlbkdds.sys [x]
    1 eniimnkt; \??\C:\windows\system32\drivers\eniimnkt.sys [x]
    1 enzhlkhn; \??\C:\windows\system32\drivers\enzhlkhn.sys [x]
    1 eovjusja; \??\C:\windows\system32\drivers\eovjusja.sys [x]
    1 fxujspjl; \??\C:\windows\system32\drivers\fxujspjl.sys [x]
    1 gdabixdi; \??\C:\windows\system32\drivers\gdabixdi.sys [x]
    1 ghikqusz; \??\C:\windows\system32\drivers\ghikqusz.sys [x]
    1 gtgbsirt; \??\C:\windows\system32\drivers\gtgbsirt.sys [x]
    1 hhtphoej; \??\C:\windows\system32\drivers\hhtphoej.sys [x]
    1 hhzptcge; \??\C:\windows\system32\drivers\hhzptcge.sys [x]
    1 hlfemnbb; \??\C:\windows\system32\drivers\hlfemnbb.sys [x]
    1 hoxeizna; \??\C:\windows\system32\drivers\hoxeizna.sys [x]
    1 ifeqtbgm; \??\C:\windows\system32\drivers\ifeqtbgm.sys [x]
    1 ittsnoqk; \??\C:\windows\system32\drivers\ittsnoqk.sys [x]
    1 iuximbmd; \??\C:\windows\system32\drivers\iuximbmd.sys [x]
    1 javtltjs; \??\C:\windows\system32\drivers\javtltjs.sys [x]
    1 jhxzxvrz; \??\C:\windows\system32\drivers\jhxzxvrz.sys [x]
    1 jkbbvxuq; \??\C:\windows\system32\drivers\jkbbvxuq.sys [x]
    1 jlewehws; \??\C:\windows\system32\drivers\jlewehws.sys [x]
    1 judrddme; \??\C:\windows\system32\drivers\judrddme.sys [x]
    1 jxgmiwwg; \??\C:\windows\system32\drivers\jxgmiwwg.sys [x]
    1 kkeusoiq; \??\C:\windows\system32\drivers\kkeusoiq.sys [x]
    1 laqahmlw; \??\C:\windows\system32\drivers\laqahmlw.sys [x]
    1 lhewdhgq; \??\C:\windows\system32\drivers\lhewdhgq.sys [x]
    1 ltanygsl; \??\C:\windows\system32\drivers\ltanygsl.sys [x]
    1 lzpiuzyn; \??\C:\windows\system32\drivers\lzpiuzyn.sys [x]
    1 mnuvxmbo; \??\C:\windows\system32\drivers\mnuvxmbo.sys [x]
    1 MpKsl8a5e1c4d; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EB46E32C-BFF0-4944-9AB1-4F56D02CB41A}\MpKsl8a5e1c4d.sys [x]
    1 msirjabi; \??\C:\windows\system32\drivers\msirjabi.sys [x]
    1 nmpklwil; \??\C:\windows\system32\drivers\nmpklwil.sys [x]
    1 nopljnoe; \??\C:\windows\system32\drivers\nopljnoe.sys [x]
    1 nzwlqkqp; \??\C:\windows\system32\drivers\nzwlqkqp.sys [x]
    1 obzlorrs; \??\C:\windows\system32\drivers\obzlorrs.sys [x]
    1 oetgmrfm; \??\C:\windows\system32\drivers\oetgmrfm.sys [x]
    1 olgbjcji; \??\C:\windows\system32\drivers\olgbjcji.sys [x]
    1 ousjkfuk; \??\C:\windows\system32\drivers\ousjkfuk.sys [x]
    1 oyxhvvwb; \??\C:\windows\system32\drivers\oyxhvvwb.sys [x]
    1 peweenfk; \??\C:\windows\system32\drivers\peweenfk.sys [x]
    1 pjnflcii; \??\C:\windows\system32\drivers\pjnflcii.sys [x]
    1 pnoknfey; \??\C:\windows\system32\drivers\pnoknfey.sys [x]
    1 pqhxxuyb; \??\C:\windows\system32\drivers\pqhxxuyb.sys [x]
    1 qafrozlo; \??\C:\windows\system32\drivers\qafrozlo.sys [x]
    1 qjpzapdu; \??\C:\windows\system32\drivers\qjpzapdu.sys [x]
    1 qpeifyjb; \??\C:\windows\system32\drivers\qpeifyjb.sys [x]
    1 rgigtrkx; \??\C:\windows\system32\drivers\rgigtrkx.sys [x]
    1 rjhczumt; \??\C:\windows\system32\drivers\rjhczumt.sys [x]
    1 rlyudeos; \??\C:\windows\system32\drivers\rlyudeos.sys [x]
    1 rncuhlea; \??\C:\windows\system32\drivers\rncuhlea.sys [x]
    1 rqnrfczg; \??\C:\windows\system32\drivers\rqnrfczg.sys [x]
    1 rsyfbltc; \??\C:\windows\system32\drivers\rsyfbltc.sys [x]
    1 rwmstdus; \??\C:\windows\system32\drivers\rwmstdus.sys [x]
    1 seblolei; \??\C:\windows\system32\drivers\seblolei.sys [x]
    1 sflicxpi; \??\C:\windows\system32\drivers\sflicxpi.sys [x]
    1 sosptvwk; \??\C:\windows\system32\drivers\sosptvwk.sys [x]
    1 tgvlhgkv; \??\C:\windows\system32\drivers\tgvlhgkv.sys [x]
    1 tslnmgeu; \??\C:\windows\system32\drivers\tslnmgeu.sys [x]
    1 tuywnzgr; \??\C:\windows\system32\drivers\tuywnzgr.sys [x]
    1 ulqgnxyt; \??\C:\windows\system32\drivers\ulqgnxyt.sys [x]
    1 vaxyojla; \??\C:\windows\system32\drivers\vaxyojla.sys [x]
    1 vfdtbtrw; \??\C:\windows\system32\drivers\vfdtbtrw.sys [x]
    1 vjhtqvrk; \??\C:\windows\system32\drivers\vjhtqvrk.sys [x]
    1 vkkkdtka; \??\C:\windows\system32\drivers\vkkkdtka.sys [x]
    1 vodfchao; \??\C:\windows\system32\drivers\vodfchao.sys [x]
    1 vrmkigxf; \??\C:\windows\system32\drivers\vrmkigxf.sys [x]
    1 vwrnatzu; \??\C:\windows\system32\drivers\vwrnatzu.sys [x]
    1 vxubfnbb; \??\C:\windows\system32\drivers\vxubfnbb.sys [x]
    1 wnlxbedh; \??\C:\windows\system32\drivers\wnlxbedh.sys [x]
    1 xbgnicsz; \??\C:\windows\system32\drivers\xbgnicsz.sys [x]
    1 xddcxets; \??\C:\windows\system32\drivers\xddcxets.sys [x]
    1 xvkwxxuz; \??\C:\windows\system32\drivers\xvkwxxuz.sys [x]
    1 xvsgnwxf; \??\C:\windows\system32\drivers\xvsgnwxf.sys [x]
    1 ybjfoucg; \??\C:\windows\system32\drivers\ybjfoucg.sys [x]
    1 yrrotsvw; \??\C:\windows\system32\drivers\yrrotsvw.sys [x]
    1 ywrqxmbq; \??\C:\windows\system32\drivers\ywrqxmbq.sys [x]
    ==================== NetSvcs (Whitelisted) ====================

    ==================== One Month Created Files and Folders ========
    2012-09-26 18:40 - 2012-09-26 18:40 - 00000000 ____D C:\FRST
    2012-09-26 14:16 - 2012-09-26 14:16 - 00001277 ____A C:\Users\Kramer\Desktop\shutdown.lnk
    2012-09-24 09:39 - 2012-09-24 09:39 - 00275120 ____A C:\Windows\Minidump\092412-48407-01.dmp
    2012-09-24 09:31 - 2012-09-24 09:31 - 00275120 ____A C:\Windows\Minidump\092412-49639-01.dmp
    2012-09-20 16:32 - 2012-09-20 16:32 - 00049872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dfacpdzs.sys
    2012-09-20 09:56 - 2012-09-20 09:56 - 00275120 ____A C:\Windows\Minidump\092012-26925-01.dmp
    2012-09-18 13:14 - 2012-09-24 11:02 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-09-18 13:14 - 2012-09-24 11:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2012-09-18 12:58 - 2009-07-13 17:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
    2012-09-18 12:33 - 2012-09-18 12:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.97A159B8F515634C
    2012-09-18 12:29 - 2012-09-18 12:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AB8A428CBE19027D
    2012-09-18 12:24 - 2012-09-18 12:24 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AFE5D28568E95ECF
    2012-09-18 12:15 - 2012-09-18 12:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1F1E41CB40AD8806
    2012-09-18 12:11 - 2012-09-18 12:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BBFD8F9DE5FBE9A9
    2012-09-18 12:07 - 2012-09-18 12:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9A77785F21F9E872
    2012-09-18 12:03 - 2012-09-18 12:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A893898FF3A24B95
    2012-09-18 11:59 - 2012-09-18 11:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.12E177F94D508123
    2012-09-18 11:45 - 2012-09-18 11:45 - 12621696 ____A (Microsoft Corporation) C:\Users\Kramer\Downloads\mseinstall (9).exe
    2012-09-16 16:27 - 2012-09-16 16:29 - 00000000 ____D C:\Users\Kramer\Documents\Daulton writing
    2012-09-14 04:31 - 2012-09-14 04:31 - 00000000 ____D C:\Users\Default\AppData\Roaming\Apple Computer
    2012-09-14 04:31 - 2012-09-14 04:31 - 00000000 ____D C:\Users\Default\AppData\Local\Apple Computer
    2012-09-14 04:31 - 2012-09-14 04:31 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Apple Computer
    2012-09-14 04:31 - 2012-09-14 04:31 - 00000000 ____D C:\Users\Default User\AppData\Local\Apple Computer
    2012-09-06 08:55 - 2012-09-06 09:37 - 00000000 ____D C:\Users\Kramer\Desktop\invoices
    2012-09-04 10:23 - 2012-09-04 10:23 - 13243592 ____A C:\Users\Kramer\Downloads\mp3rocket (9).exe
    2012-09-03 15:03 - 2012-09-03 15:03 - 00245394 ____A C:\Users\Kramer\Downloads\Wiz Khalifa-Don't Lie.m4r
    2012-09-03 14:24 - 2012-09-03 14:24 - 13243592 ____A C:\Users\Kramer\Downloads\mp3rocket (8).exe
    2012-08-29 16:10 - 2012-09-26 14:32 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-08-29 16:10 - 2012-09-24 14:29 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-08-29 16:10 - 2012-09-04 10:21 - 00002311 ____A C:\Users\Public\Desktop\Google Chrome.lnk
    ==================== 3 Months Modified Files ==================
    2012-09-26 14:32 - 2012-08-29 16:10 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-09-26 14:30 - 2012-08-04 21:12 - 00042268 ____A C:\Windows\setupact.log
    2012-09-26 14:30 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-09-26 14:16 - 2012-09-26 14:16 - 00001277 ____A C:\Users\Kramer\Desktop\shutdown.lnk
    2012-09-24 15:30 - 2012-08-01 15:45 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-09-24 14:29 - 2012-08-29 16:10 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-09-24 13:51 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-09-24 13:51 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-09-24 13:49 - 2010-08-11 14:45 - 01996994 ____A C:\Windows\WindowsUpdate.log
    2012-09-24 09:39 - 2012-09-24 09:39 - 00275120 ____A C:\Windows\Minidump\092412-48407-01.dmp
    2012-09-24 09:38 - 2012-08-20 13:33 - 438373618 ____A C:\Windows\MEMORY.DMP
    2012-09-24 09:38 - 2012-08-15 23:20 - 00025174 ____A C:\Windows\PFRO.log
    2012-09-24 09:31 - 2012-09-24 09:31 - 00275120 ____A C:\Windows\Minidump\092412-49639-01.dmp
    2012-09-20 16:32 - 2012-09-20 16:32 - 00049872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dfacpdzs.sys
    2012-09-20 13:39 - 2009-07-13 21:08 - 00032622 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-09-20 09:56 - 2012-09-20 09:56 - 00275120 ____A C:\Windows\Minidump\092012-26925-01.dmp
    2012-09-18 13:40 - 2011-11-21 04:18 - 00002243 ____A C:\Windows\epplauncher.mif
    2012-09-18 13:14 - 2011-11-21 04:17 - 00743364 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-09-18 12:38 - 2012-08-26 13:42 - 00001080 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-09-18 12:33 - 2012-09-18 12:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.97A159B8F515634C
    2012-09-18 12:29 - 2012-09-18 12:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AB8A428CBE19027D
    2012-09-18 12:24 - 2012-09-18 12:24 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AFE5D28568E95ECF
    2012-09-18 12:15 - 2012-09-18 12:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1F1E41CB40AD8806
    2012-09-18 12:11 - 2012-09-18 12:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BBFD8F9DE5FBE9A9
    2012-09-18 12:07 - 2012-09-18 12:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9A77785F21F9E872
    2012-09-18 12:03 - 2012-09-18 12:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A893898FF3A24B95
    2012-09-18 11:59 - 2012-09-18 11:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.12E177F94D508123
    2012-09-18 11:45 - 2012-09-18 11:45 - 12621696 ____A (Microsoft Corporation) C:\Users\Kramer\Downloads\mseinstall (9).exe
    2012-09-07 13:04 - 2012-08-26 13:42 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-09-06 09:47 - 2009-07-13 21:13 - 00726270 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-09-04 10:23 - 2012-09-04 10:23 - 13243592 ____A C:\Users\Kramer\Downloads\mp3rocket (9).exe
    2012-09-04 10:21 - 2012-08-29 16:10 - 00002311 ____A C:\Users\Public\Desktop\Google Chrome.lnk
    2012-09-03 15:03 - 2012-09-03 15:03 - 00245394 ____A C:\Users\Kramer\Downloads\Wiz Khalifa-Don't Lie.m4r
    2012-09-03 14:24 - 2012-09-03 14:24 - 13243592 ____A C:\Users\Kramer\Downloads\mp3rocket (8).exe
    2012-08-29 16:09 - 2012-08-01 15:45 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-08-29 16:09 - 2011-08-17 06:08 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-08-26 14:34 - 2012-08-26 14:34 - 00275120 ____A C:\Windows\Minidump\082612-31824-01.dmp
    2012-08-26 14:10 - 2012-08-26 14:10 - 00000170 ____A C:\Windows\wininit.ini
    2012-08-26 14:08 - 2012-02-01 12:01 - 00000866 ____A C:\Windows\SysWOW64\InstallUtil.InstallLog
    2012-08-25 06:50 - 2012-08-25 06:49 - 00275120 ____A C:\Windows\Minidump\082512-29437-01.dmp
    2012-08-23 15:06 - 2012-08-23 15:06 - 02439968 ____A (iMesh Inc. ) C:\Users\Kramer\Downloads\iMeshV11.exe
    2012-08-22 10:59 - 2009-07-13 15:19 - 00329216 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
    2012-08-22 10:55 - 2012-08-22 10:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3504A6188679E8EB
    2012-08-22 10:53 - 2012-08-22 10:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.357E7070B02E7D84
    2012-08-22 10:51 - 2012-08-22 10:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6182092A370D0080
    2012-08-22 10:48 - 2012-08-22 10:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B31EBFC6DBD10F11
    2012-08-22 10:46 - 2012-08-22 10:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D5623C352D85D184
    2012-08-22 10:38 - 2012-08-22 10:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.438CFEE915C79A29
    2012-08-22 10:34 - 2012-08-22 10:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.09EC11E4F52ED389
    2012-08-22 10:31 - 2012-08-22 10:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F0DFBEA0141AF6A5
    2012-08-22 10:28 - 2012-08-22 10:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2900F90E4787AC29
    2012-08-22 10:25 - 2012-08-22 10:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.96EFFC286428E922
    2012-08-22 10:21 - 2012-08-22 10:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A827D935C7296678
    2012-08-22 10:18 - 2012-08-22 10:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F7F45EFDEFDED93F
    2012-08-22 10:15 - 2012-08-22 10:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6AC01C21931FF517
    2012-08-22 10:11 - 2012-08-22 10:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.434511BB4816BF31
    2012-08-22 10:08 - 2012-08-22 10:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.911351A1E57716E6
    2012-08-22 10:00 - 2012-08-22 10:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.92CE15AA066CD124
    2012-08-22 09:45 - 2012-08-22 09:45 - 12621696 ____A (Microsoft Corporation) C:\Users\Kramer\Downloads\mseinstall (8).exe
    2012-08-20 15:21 - 2012-08-20 15:21 - 12621696 ____A (Microsoft Corporation) C:\Users\Kramer\Downloads\mseinstall (7).exe
    2012-08-20 15:20 - 2012-08-20 15:20 - 12621696 ____A (Microsoft Corporation) C:\Users\Kramer\Downloads\mseinstall (6).exe
    2012-08-20 15:20 - 2012-08-20 15:20 - 12621696 ____A (Microsoft Corporation) C:\Users\Kramer\Downloads\mseinstall (5).exe
    2012-08-20 13:37 - 2012-08-20 13:37 - 00275120 ____A C:\Windows\Minidump\082012-22573-01.dmp
    2012-08-20 13:33 - 2012-08-20 13:33 - 00275120 ____A C:\Windows\Minidump\082012-27144-01.dmp
    2012-08-20 07:41 - 2012-08-20 07:41 - 10288512 ____A (Microsoft Corporation) C:\Users\Kramer\Downloads\mseinstall (4).exe
    2012-08-20 07:41 - 2012-08-20 07:41 - 10288512 ____A (Microsoft Corporation) C:\Users\Kramer\Downloads\mseinstall (3).exe
    2012-08-20 07:40 - 2012-08-20 07:40 - 12621696 ____A (Microsoft Corporation) C:\Users\Kramer\Downloads\mseinstall (2).exe
    2012-08-20 07:40 - 2012-08-20 07:40 - 12621696 ____A (Microsoft Corporation) C:\Users\Kramer\Downloads\mseinstall (1).exe
    2012-08-19 16:54 - 2012-08-19 16:54 - 13243592 ____A C:\Users\Kramer\Downloads\mp3rocket (7).exe
    2012-08-18 08:55 - 2012-08-18 08:55 - 00079152 ____A C:\Users\caitlyn\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-08-18 08:55 - 2012-08-18 08:55 - 00000020 ___SH C:\Users\caitlyn\ntuser.ini
    2012-08-15 23:20 - 2009-07-13 20:45 - 00343552 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-08-15 23:00 - 2011-03-17 14:41 - 62134624 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-08-14 11:18 - 2012-08-14 11:18 - 13243592 ____A C:\Users\Kramer\Downloads\mp3rocket (6).exe
    2012-08-04 21:12 - 2012-08-04 21:12 - 00000000 ____A C:\Windows\setuperr.log
    2012-08-01 08:13 - 2012-08-01 08:13 - 13243592 ____A C:\Users\Kramer\Downloads\mp3rocket (5).exe
    2012-07-28 19:00 - 2012-07-28 19:00 - 03846702 ____A C:\Users\Kramer\Downloads\Zelda_4.zip
    2012-07-28 15:19 - 2012-07-28 15:19 - 00278561 ____A C:\Users\Kramer\Downloads\Minecraft.exe
    2012-07-26 11:20 - 2012-07-26 11:19 - 13243592 ____A C:\Users\Kramer\Downloads\mp3rocket (4).exe
    2012-07-18 10:15 - 2012-08-15 01:00 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-07-11 06:49 - 2012-07-11 06:49 - 13249904 ____A C:\Users\Kramer\Downloads\mp3rocket (3).exe
    2012-07-04 14:16 - 2012-08-15 01:00 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
    2012-07-04 14:13 - 2012-08-15 01:00 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
    2012-07-04 14:13 - 2012-08-15 01:00 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
    2012-07-04 13:16 - 2012-08-15 01:00 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
    2012-07-04 13:14 - 2012-08-15 01:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
    2012-06-29 07:44 - 2012-06-29 07:44 - 13249904 ____A C:\Users\Kramer\Downloads\mp3rocket (2).exe

    ZeroAccess:
    C:\Windows\Installer\{4279323e-47e4-8d45-e525-949b714e56d5}
    C:\Windows\Installer\{4279323e-47e4-8d45-e525-949b714e56d5}\@
    C:\Windows\Installer\{4279323e-47e4-8d45-e525-949b714e56d5}\L
    C:\Windows\Installer\{4279323e-47e4-8d45-e525-949b714e56d5}\U
    C:\Windows\Installer\{4279323e-47e4-8d45-e525-949b714e56d5}\L\00000004.@
    C:\Windows\Installer\{4279323e-47e4-8d45-e525-949b714e56d5}\L\201d3dde
    C:\Windows\Installer\{4279323e-47e4-8d45-e525-949b714e56d5}\U\00000004.@
    ZeroAccess:
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{4279323e-47e4-8d45-e525-949b714e56d5}
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{4279323e-47e4-8d45-e525-949b714e56d5}\@
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{4279323e-47e4-8d45-e525-949b714e56d5}\L
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{4279323e-47e4-8d45-e525-949b714e56d5}\U
    ZeroAccess:
    C:\Windows\assembly\GAC_32\Desktop.ini
    ZeroAccess:
    C:\Windows\assembly\GAC_64\Desktop.ini
    ATTENTION: ========> Check for possible partition/boot infection:
    C:\Windows\svchost.exe
    ==================== Known DLLs (Whitelisted) =================

    ==================== Bamital & volsnap Check =================
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    ==================== EXE ASSOCIATION =====================
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
    ==================== Restore Points =========================
    Restore point made on: 2012-08-15 08:38:59
    Restore point made on: 2012-08-15 23:00:15
    Restore point made on: 2012-08-26 13:35:11
    Restore point made on: 2012-08-26 13:37:15
    Restore point made on: 2012-08-26 13:37:53
    Restore point made on: 2012-08-26 13:41:58
    Restore point made on: 2012-08-26 14:06:18
    Restore point made on: 2012-08-26 14:25:56
    Restore point made on: 2012-08-26 14:26:16
    Restore point made on: 2012-09-10 09:04:52
    Restore point made on: 2012-09-10 09:07:57
    Restore point made on: 2012-09-24 13:37:07
    ==================== Memory info ===========================
    Percentage of memory in use: 14%
    Total physical RAM: 5871.76 MB
    Available physical RAM: 5033.07 MB
    Total Pagefile: 5869.91 MB
    Available Pagefile: 5021.96 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB
    ==================== Partitions =============================
    1 Drive c: (Gateway) (Fixed) (Total:581.01 GB) (Free:473.38 GB) NTFS
    3 Drive f: (PQSERVICE) (Fixed) (Total:15 GB) (Free:4.3 GB) NTFS
    10 Drive m: (KINGSTON) (Removable) (Total:3.65 GB) (Free:1.79 GB) FAT32
    11 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    12 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 596 GB 0 B
    Disk 1 No Media 0 B 0 B
    Disk 2 No Media 0 B 0 B
    Disk 3 No Media 0 B 0 B
    Disk 4 No Media 0 B 0 B
    Disk 5 No Media 0 B 0 B
    Disk 6 Online 3745 MB 0 B
    Partitions of Disk 0:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Recovery 0 B 8 KB
    Partition 2 Recovery 15 GB 1024 KB
    Partition 3 Primary 100 MB 15 GB
    Partition 4 Primary 581 GB 15 GB
    ==================================================================================
    Disk: 0
    Partition 1
    Type : 27
    Hidden: Yes
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 E RAW Partition 0 B Healthy Hidden
    =========================================================
    Disk: 0
    Partition 2
    Type : 27
    Hidden: Yes
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 F PQSERVICE NTFS Partition 15 GB Healthy Hidden
    =========================================================
    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y SYSTEM RESE NTFS Partition 100 MB Healthy
    =========================================================
    Disk: 0
    Partition 4
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C Gateway NTFS Partition 581 GB Healthy
    =========================================================
    Partitions of Disk 6:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 3741 MB 4032 KB
    ==================================================================================
    Disk: 6
    Partition 1
    Type : 0C
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 10 M KINGSTON FAT32 Removable 3741 MB Healthy
    =========================================================
    Last Boot: 2011-11-30 21:47
    ==================== End Of Log =============================
  4. LoganFL

    LoganFL Newcomer, in training Topic Starter

    Farbar Recovery Scan Tool (x64) Version: 25-09-2012
    Ran by SYSTEM at 2012-09-26 18:43:33
    Running from M:\
    ================== Search: "services.exe" ===================
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2012-08-22 10:59] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC
    ====== End Of Search ======
  5. Broni

    Broni Malware Annihilator Posts: 46,433   +252

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next...

    Restart normally.

    ====================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

    ==================================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    =================================

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    Alternate download: http://www.filehippo.com/download_malwarebytes_anti_malware/
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer IF MBAM asks you to do so.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    ==================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    Attached Files:

  6. LoganFL

    LoganFL Newcomer, in training Topic Starter

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-09-2012
    Ran by SYSTEM at 2012-09-27 06:46:03 Run:1
    Running from M:\
    ==============================================
    HKEY_LOCAL_MACHINE\System\ControlSet003\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
    C:\Windows\System32\consrv.dll not found.
    abkwauex service deleted successfully.
    aceqwbxo service deleted successfully.
    advktutr service deleted successfully.
    axupfqfh service deleted successfully.
    ayliigwa service deleted successfully.
    bnponjco service deleted successfully.
    bptpdmhg service deleted successfully.
    bujjhpdo service deleted successfully.
    bwkzulcu service deleted successfully.
    cwtiojrz service deleted successfully.
    dmyzfeij service deleted successfully.
    dqlbkdds service deleted successfully.
    eniimnkt service deleted successfully.
    enzhlkhn service deleted successfully.
    eovjusja service deleted successfully.
    fxujspjl service deleted successfully.
    gdabixdi service deleted successfully.
    ghikqusz service deleted successfully.
    gtgbsirt service deleted successfully.
    hhtphoej service deleted successfully.
    hhzptcge service deleted successfully.
    hlfemnbb service deleted successfully.
    hoxeizna service deleted successfully.
    ifeqtbgm service deleted successfully.
    ittsnoqk service deleted successfully.
    iuximbmd service deleted successfully.
    javtltjs service deleted successfully.
    jhxzxvrz service deleted successfully.
    jkbbvxuq service deleted successfully.
    jlewehws service deleted successfully.
    judrddme service deleted successfully.
    jxgmiwwg service deleted successfully.
    kkeusoiq service deleted successfully.
    laqahmlw service deleted successfully.
    lhewdhgq service deleted successfully.
    ltanygsl service deleted successfully.
    lzpiuzyn service deleted successfully.
    mnuvxmbo service deleted successfully.
    msirjabi service deleted successfully.
    nmpklwil service deleted successfully.
    nopljnoe service deleted successfully.
    nzwlqkqp service deleted successfully.
    obzlorrs service deleted successfully.
    oetgmrfm service deleted successfully.
    olgbjcji service deleted successfully.
    ousjkfuk service deleted successfully.
    oyxhvvwb service deleted successfully.
    peweenfk service deleted successfully.
    pjnflcii service deleted successfully.
    pnoknfey service deleted successfully.
    pqhxxuyb service deleted successfully.
    qafrozlo service deleted successfully.
    qjpzapdu service deleted successfully.
    qpeifyjb service deleted successfully.
    rgigtrkx service deleted successfully.
    rjhczumt service deleted successfully.
    rlyudeos service deleted successfully.
    rncuhlea service deleted successfully.
    rqnrfczg service deleted successfully.
    rsyfbltc service deleted successfully.
    rwmstdus service deleted successfully.
    seblolei service deleted successfully.
    sflicxpi service deleted successfully.
    sosptvwk service deleted successfully.
    tgvlhgkv service deleted successfully.
    tslnmgeu service deleted successfully.
    tuywnzgr service deleted successfully.
    ulqgnxyt service deleted successfully.
    vaxyojla service deleted successfully.
    vfdtbtrw service deleted successfully.
    vjhtqvrk service deleted successfully.
    vkkkdtka service deleted successfully.
    vodfchao service deleted successfully.
    vrmkigxf service deleted successfully.
    vwrnatzu service deleted successfully.
    vxubfnbb service deleted successfully.
    wnlxbedh service deleted successfully.
    xbgnicsz service deleted successfully.
    xddcxets service deleted successfully.
    xvkwxxuz service deleted successfully.
    xvsgnwxf service deleted successfully.
    ybjfoucg service deleted successfully.
    yrrotsvw service deleted successfully.
    ywrqxmbq service deleted successfully.
    C:\Windows\System32\Drivers\dfacpdzs.sys moved successfully.
    C:\Windows\System32\services.exe.97A159B8F515634C moved successfully.
    C:\Windows\System32\services.exe.AB8A428CBE19027D moved successfully.
    C:\Windows\System32\services.exe.AFE5D28568E95ECF moved successfully.
    C:\Windows\System32\services.exe.1F1E41CB40AD8806 moved successfully.
    C:\Windows\System32\services.exe.BBFD8F9DE5FBE9A9 moved successfully.
    C:\Windows\System32\services.exe.9A77785F21F9E872 moved successfully.
    C:\Windows\System32\services.exe.A893898FF3A24B95 moved successfully.
    C:\Windows\System32\services.exe.12E177F94D508123 moved successfully.
    C:\Windows\System32\services.exe.3504A6188679E8EB moved successfully.
    C:\Windows\System32\services.exe.357E7070B02E7D84 moved successfully.
    C:\Windows\System32\services.exe.6182092A370D0080 moved successfully.
    C:\Windows\System32\services.exe.B31EBFC6DBD10F11 moved successfully.
    C:\Windows\System32\services.exe.D5623C352D85D184 moved successfully.
    C:\Windows\System32\services.exe.438CFEE915C79A29 moved successfully.
    C:\Windows\System32\services.exe.09EC11E4F52ED389 moved successfully.
    C:\Windows\System32\services.exe.F0DFBEA0141AF6A5 moved successfully.
    C:\Windows\System32\services.exe.2900F90E4787AC29 moved successfully.
    C:\Windows\System32\services.exe.96EFFC286428E922 moved successfully.
    C:\Windows\System32\services.exe.A827D935C7296678 moved successfully.
    C:\Windows\System32\services.exe.F7F45EFDEFDED93F moved successfully.
    C:\Windows\System32\services.exe.6AC01C21931FF517 moved successfully.
    C:\Windows\System32\services.exe.434511BB4816BF31 moved successfully.
    C:\Windows\System32\services.exe.911351A1E57716E6 moved successfully.
    C:\Windows\System32\services.exe.92CE15AA066CD124 moved successfully.
    C:\Windows\Installer\{4279323e-47e4-8d45-e525-949b714e56d5} moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{4279323e-47e4-8d45-e525-949b714e56d5} moved successfully.
    C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
    C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
    C:\Windows\svchost.exe moved successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe
    ==== End of Fixlog ====
  7. LoganFL

    LoganFL Newcomer, in training Topic Starter

    On first normal reboot I get a Windows Blue Screen after about 1 minute.

    Rebooted normally again and ran TDSSKiller, ran successfully, found one threat and cured it, asked to reboot and before I could hit reboot it blue screened again. I will try to get the Log.txt and post.
  8. LoganFL

    LoganFL Newcomer, in training Topic Starter

    07:18:41.0573 0120 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
    07:18:41.0998 0120 ============================================================
    07:18:41.0998 0120 Current date / time: 2012/09/27 07:18:41.0998
    07:18:41.0998 0120 SystemInfo:
    07:18:41.0998 0120
    07:18:41.0998 0120 OS Version: 6.1.7601 ServicePack: 1.0
    07:18:41.0998 0120 Product type: Workstation
    07:18:41.0998 0120 ComputerName: KRAMERMN
    07:18:41.0998 0120 UserName: Kramer
    07:18:41.0998 0120 Windows directory: C:\windows
    07:18:41.0998 0120 System windows directory: C:\windows
    07:18:41.0998 0120 Running under WOW64
    07:18:41.0998 0120 Processor architecture: Intel x64
    07:18:41.0998 0120 Number of processors: 4
    07:18:41.0999 0120 Page size: 0x1000
    07:18:41.0999 0120 Boot type: Normal boot
    07:18:41.0999 0120 ============================================================
    07:18:42.0339 0120 BG loaded
    07:18:42.0585 0120 Drive \Device\Harddisk0\DR0 - Size: 0x9507050000 (596.11 Gb), SectorSize: 0x200, Cylinders: 0x12FF9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    07:18:42.0649 0120 Drive \Device\Harddisk6\DR6 - Size: 0xEA108000 (3.66 Gb), SectorSize: 0x200, Cylinders: 0x1DD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    07:18:42.0651 0120 ============================================================
    07:18:42.0651 0120 \Device\Harddisk0\DR0:
    07:18:42.0651 0120 MBR partitions:
    07:18:42.0651 0120 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
    07:18:42.0651 0120 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x48A05000
    07:18:42.0651 0120 \Device\Harddisk6\DR6:
    07:18:42.0652 0120 MBR partitions:
    07:18:42.0652 0120 \Device\Harddisk6\DR6\Partition1: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0x74E8C0
    07:18:42.0652 0120 ============================================================
    07:18:42.0718 0120 C: <-> \Device\Harddisk0\DR0\Partition2
    07:18:42.0718 0120 ============================================================
    07:18:42.0718 0120 Initialize success
    07:18:42.0718 0120 ============================================================
    07:18:43.0669 1924 ============================================================
    07:18:43.0669 1924 Scan started
    07:18:43.0669 1924 Mode: Manual;
    07:18:43.0669 1924 ============================================================
    07:18:43.0832 1924 ================ Scan system memory ========================
    07:18:43.0832 1924 System memory - ok
    07:18:43.0833 1924 ================ Scan services =============================
    07:18:43.0962 1924 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
    07:18:43.0967 1924 1394ohci - ok
    07:18:44.0062 1924 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
    07:18:44.0068 1924 ACPI - ok
    07:18:44.0101 1924 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
    07:18:44.0102 1924 AcpiPmi - ok
    07:18:44.0178 1924 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    07:18:44.0180 1924 AdobeARMservice - ok
    07:18:44.0277 1924 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    07:18:44.0281 1924 AdobeFlashPlayerUpdateSvc - ok
    07:18:44.0329 1924 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
    07:18:44.0337 1924 adp94xx - ok
    07:18:44.0362 1924 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
    07:18:44.0367 1924 adpahci - ok
    07:18:44.0378 1924 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
    07:18:44.0380 1924 adpu320 - ok
    07:18:44.0421 1924 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
    07:18:44.0422 1924 AeLookupSvc - ok
    07:18:44.0472 1924 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
    07:18:44.0480 1924 AFD - ok
    07:18:44.0523 1924 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
    07:18:44.0524 1924 agp440 - ok
    07:18:44.0545 1924 [ 367BB1682A128DDF23182B370769771E ] ahcix64s C:\windows\system32\DRIVERS\ahcix64s.sys
    07:18:44.0547 1924 ahcix64s - ok
    07:18:44.0562 1924 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
    07:18:44.0563 1924 ALG - ok
    07:18:44.0586 1924 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
    07:18:44.0586 1924 aliide - ok
    07:18:44.0606 1924 [ E0FD88EAD5D8B1FAE64A500D1D825C6D ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
    07:18:44.0608 1924 AMD External Events Utility - ok
    07:18:44.0622 1924 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
    07:18:44.0622 1924 amdide - ok
    07:18:44.0647 1924 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
    07:18:44.0648 1924 AmdK8 - ok
    07:18:44.0809 1924 [ 9337B5FABC03CA44CD355F700DA9B25B ] amdkmdag C:\windows\system32\DRIVERS\atipmdag.sys
    07:18:44.0843 1924 amdkmdag - ok
    07:18:44.0872 1924 [ 560688A447E7A87F43774A2FF23A3E52 ] amdkmdap C:\windows\system32\DRIVERS\atikmpag.sys
    07:18:44.0873 1924 amdkmdap - ok
    07:18:44.0893 1924 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
    07:18:44.0893 1924 AmdPPM - ok
    07:18:44.0916 1924 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
    07:18:44.0918 1924 amdsata - ok
    07:18:44.0947 1924 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
    07:18:44.0949 1924 amdsbs - ok
    07:18:44.0961 1924 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
    07:18:44.0962 1924 amdxata - ok
    07:18:44.0982 1924 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
    07:18:44.0983 1924 AppID - ok
    07:18:44.0995 1924 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
    07:18:44.0996 1924 AppIDSvc - ok
    07:18:45.0016 1924 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
    07:18:45.0017 1924 Appinfo - ok
    07:18:45.0074 1924 [ D8E18021F91AD79CA8491CB5A5DA22D4 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    07:18:45.0076 1924 Apple Mobile Device - ok
    07:18:45.0091 1924 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\DRIVERS\arc.sys
    07:18:45.0093 1924 arc - ok
    07:18:45.0102 1924 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
    07:18:45.0103 1924 arcsas - ok
    07:18:45.0124 1924 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
    07:18:45.0125 1924 AsyncMac - ok
    07:18:45.0143 1924 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
    07:18:45.0144 1924 atapi - ok
    07:18:45.0175 1924 [ 77C149E6D702737B2E372DEE166FAEF8 ] AtiHdmiService C:\windows\system32\drivers\AtiHdmi.sys
    07:18:45.0176 1924 AtiHdmiService - ok
    07:18:45.0193 1924 [ C07A040D6B5A42DD41EE386CF90974C8 ] AtiPcie C:\windows\system32\DRIVERS\AtiPcie.sys
    07:18:45.0193 1924 AtiPcie - ok
    07:18:45.0227 1924 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
    07:18:45.0233 1924 AudioEndpointBuilder - ok
    07:18:45.0269 1924 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
    07:18:45.0274 1924 AudioSrv - ok
    07:18:45.0294 1924 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
    07:18:45.0296 1924 AxInstSV - ok
    07:18:45.0320 1924 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys
    07:18:45.0324 1924 b06bdrv - ok
    07:18:45.0358 1924 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
    07:18:45.0361 1924 b57nd60a - ok
    07:18:45.0397 1924 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
    07:18:45.0398 1924 BDESVC - ok
    07:18:45.0425 1924 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
    07:18:45.0426 1924 Beep - ok
    07:18:45.0472 1924 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
    07:18:45.0473 1924 blbdrive - ok
    07:18:45.0517 1924 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    07:18:45.0525 1924 Bonjour Service - ok
    07:18:45.0558 1924 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
    07:18:45.0560 1924 bowser - ok
    07:18:45.0569 1924 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
    07:18:45.0570 1924 BrFiltLo - ok
    07:18:45.0580 1924 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
    07:18:45.0581 1924 BrFiltUp - ok
    07:18:45.0614 1924 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
    07:18:45.0617 1924 Browser - ok
    07:18:45.0652 1924 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
    07:18:45.0657 1924 Brserid - ok
    07:18:45.0666 1924 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
    07:18:45.0668 1924 BrSerWdm - ok
    07:18:45.0678 1924 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
    07:18:45.0679 1924 BrUsbMdm - ok
    07:18:45.0689 1924 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
    07:18:45.0689 1924 BrUsbSer - ok
    07:18:45.0699 1924 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
    07:18:45.0700 1924 BTHMODEM - ok
    07:18:45.0724 1924 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
    07:18:45.0725 1924 bthserv - ok
    07:18:45.0746 1924 [ 9887CA12F407D7FBC7F48F3678F5F0B6 ] BVRPMPR5a64 C:\windows\system32\drivers\BVRPMPR5a64.SYS
    07:18:45.0746 1924 BVRPMPR5a64 - ok
    07:18:45.0768 1924 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
    07:18:45.0768 1924 cdfs - ok
    07:18:45.0794 1924 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
    07:18:45.0797 1924 cdrom - ok
    07:18:45.0832 1924 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
    07:18:45.0834 1924 CertPropSvc - ok
    07:18:45.0905 1924 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\DRIVERS\circlass.sys
    07:18:45.0906 1924 circlass - ok
    07:18:45.0930 1924 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
    07:18:45.0933 1924 CLFS - ok
    07:18:45.0975 1924 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    07:18:45.0976 1924 clr_optimization_v2.0.50727_32 - ok
    07:18:46.0004 1924 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    07:18:46.0006 1924 clr_optimization_v2.0.50727_64 - ok
    07:18:46.0058 1924 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    07:18:46.0059 1924 clr_optimization_v4.0.30319_32 - ok
    07:18:46.0079 1924 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    07:18:46.0081 1924 clr_optimization_v4.0.30319_64 - ok
    07:18:46.0086 1924 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
    07:18:46.0086 1924 CmBatt - ok
    07:18:46.0129 1924 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
    07:18:46.0129 1924 cmdide - ok
    07:18:46.0163 1924 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
    07:18:46.0167 1924 CNG - ok
    07:18:46.0190 1924 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
    07:18:46.0190 1924 Compbatt - ok
    07:18:46.0210 1924 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
    07:18:46.0211 1924 CompositeBus - ok
    07:18:46.0215 1924 COMSysApp - ok
    07:18:46.0222 1924 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
    07:18:46.0222 1924 crcdisk - ok
    07:18:46.0249 1924 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\windows\system32\cryptsvc.dll
    07:18:46.0251 1924 CryptSvc - ok
    07:18:46.0305 1924 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
    07:18:46.0315 1924 DcomLaunch - ok
    07:18:46.0347 1924 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
    07:18:46.0350 1924 defragsvc - ok
    07:18:46.0403 1924 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
    07:18:46.0404 1924 DfsC - ok
    07:18:46.0452 1924 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
    07:18:46.0457 1924 Dhcp - ok
    07:18:46.0497 1924 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
    07:18:46.0498 1924 discache - ok
    07:18:46.0508 1924 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\DRIVERS\disk.sys
    07:18:46.0508 1924 Disk - ok
    07:18:46.0550 1924 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
    07:18:46.0551 1924 Dnscache - ok
    07:18:46.0586 1924 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
    07:18:46.0588 1924 dot3svc - ok
    07:18:46.0624 1924 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
    07:18:46.0626 1924 DPS - ok
    07:18:46.0638 1924 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
    07:18:46.0639 1924 drmkaud - ok
    07:18:46.0763 1924 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
    07:18:46.0768 1924 DXGKrnl - ok
    07:18:46.0797 1924 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
    07:18:46.0798 1924 EapHost - ok
    07:18:46.0902 1924 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\DRIVERS\evbda.sys
    07:18:46.0922 1924 ebdrv - ok
    07:18:46.0974 1924 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
    07:18:46.0976 1924 EFS - ok
    07:18:47.0025 1924 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
    07:18:47.0036 1924 ehRecvr - ok
    07:18:47.0065 1924 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
    07:18:47.0066 1924 ehSched - ok
    07:18:47.0118 1924 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
    07:18:47.0122 1924 elxstor - ok
    07:18:47.0154 1924 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
    07:18:47.0155 1924 ErrDev - ok
    07:18:47.0193 1924 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
    07:18:47.0197 1924 EventSystem - ok
    07:18:47.0204 1924 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
    07:18:47.0205 1924 exfat - ok
    07:18:47.0245 1924 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
    07:18:47.0247 1924 fastfat - ok
    07:18:47.0280 1924 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
    07:18:47.0286 1924 Fax - ok
    07:18:47.0322 1924 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\DRIVERS\fdc.sys
    07:18:47.0323 1924 fdc - ok
    07:18:47.0342 1924 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
    07:18:47.0343 1924 fdPHost - ok
    07:18:47.0350 1924 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
    07:18:47.0351 1924 FDResPub - ok
    07:18:47.0377 1924 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
    07:18:47.0378 1924 FileInfo - ok
    07:18:47.0390 1924 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
    07:18:47.0391 1924 Filetrace - ok
    07:18:47.0421 1924 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
    07:18:47.0421 1924 flpydisk - ok
    07:18:47.0493 1924 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
    07:18:47.0497 1924 FltMgr - ok
    07:18:47.0670 1924 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
    07:18:47.0682 1924 FontCache - ok
    07:18:47.0771 1924 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    07:18:47.0772 1924 FontCache3.0.0.0 - ok
    07:18:47.0824 1924 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
    07:18:47.0825 1924 FsDepends - ok
    07:18:47.0868 1924 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:\windows\system32\DRIVERS\fssfltr.sys
    07:18:47.0870 1924 fssfltr - ok
    07:18:48.0225 1924 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
    07:18:48.0246 1924 fsssvc - ok
    07:18:48.0286 1924 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
    07:18:48.0287 1924 Fs_Rec - ok
    07:18:48.0314 1924 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
    07:18:48.0315 1924 fvevol - ok
    07:18:48.0344 1924 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
    07:18:48.0345 1924 gagp30kx - ok
    07:18:48.0433 1924 [ 6858C318E8DAA40E747E6FB9B214E104 ] GameConsoleService C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe
    07:18:48.0435 1924 GameConsoleService - ok
    07:18:48.0467 1924 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
    07:18:48.0468 1924 GEARAspiWDM - ok
    07:18:48.0520 1924 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
    07:18:48.0530 1924 gpsvc - ok
    07:18:48.0588 1924 [ 816FD5A6F3C2F3D600900096632FC60E ] Greg_Service C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
    07:18:48.0593 1924 Greg_Service - ok
    07:18:48.0649 1924 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    07:18:48.0650 1924 gupdate - ok
    07:18:48.0654 1924 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    07:18:48.0655 1924 gupdatem - ok
    07:18:48.0682 1924 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
    07:18:48.0683 1924 hcw85cir - ok
    07:18:48.0704 1924 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
    07:18:48.0705 1924 HdAudAddService - ok
    07:18:48.0732 1924 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
    07:18:48.0733 1924 HDAudBus - ok
    07:18:48.0749 1924 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
    07:18:48.0749 1924 HidBatt - ok
    07:18:48.0758 1924 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
    07:18:48.0759 1924 HidBth - ok
    07:18:48.0768 1924 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\DRIVERS\hidir.sys
    07:18:48.0768 1924 HidIr - ok
    07:18:48.0784 1924 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll
    07:18:48.0785 1924 hidserv - ok
    07:18:48.0794 1924 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
    07:18:48.0795 1924 HidUsb - ok
    07:18:48.0815 1924 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
    07:18:48.0816 1924 hkmsvc - ok
    07:18:48.0858 1924 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
    07:18:48.0860 1924 HomeGroupListener - ok
    07:18:48.0889 1924 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
    07:18:48.0894 1924 HomeGroupProvider - ok
    07:18:48.0942 1924 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
    07:18:48.0944 1924 HpSAMD - ok
    07:18:49.0039 1924 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
    07:18:49.0050 1924 HTTP - ok
    07:18:49.0088 1924 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
    07:18:49.0089 1924 hwpolicy - ok
    07:18:49.0126 1924 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\drivers\i8042prt.sys
    07:18:49.0128 1924 i8042prt - ok
    07:18:49.0218 1924 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
    07:18:49.0224 1924 iaStorV - ok
    07:18:49.0329 1924 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    07:18:49.0342 1924 idsvc - ok
    07:18:49.0387 1924 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
    07:18:49.0388 1924 iirsp - ok
    07:18:49.0415 1924 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
    07:18:49.0422 1924 IKEEXT - ok
    07:18:49.0525 1924 [ 2E3B99E8C23BE2BF32EBE1DB5261F275 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
    07:18:49.0545 1924 IntcAzAudAddService - ok
    07:18:49.0584 1924 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
    07:18:49.0585 1924 intelide - ok
    07:18:49.0589 1924 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
    07:18:49.0590 1924 intelppm - ok
    07:18:49.0634 1924 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
    07:18:49.0648 1924 IPBusEnum - ok
    07:18:49.0709 1924 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
    07:18:49.0710 1924 IpFilterDriver - ok
    07:18:49.0772 1924 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
    07:18:49.0774 1924 IPMIDRV - ok
    07:18:49.0808 1924 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
    07:18:49.0809 1924 IPNAT - ok
    07:18:49.0845 1924 [ 3C0D4B3E80FC4854CA325DD123CC4DED ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    07:18:49.0852 1924 iPod Service - ok
    07:18:49.0865 1924 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
    07:18:49.0866 1924 IRENUM - ok
    07:18:49.0886 1924 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
    07:18:49.0887 1924 isapnp - ok
    07:18:49.0942 1924 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
    07:18:49.0947 1924 iScsiPrt - ok
    07:18:50.0000 1924 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
    07:18:50.0001 1924 kbdclass - ok
    07:18:50.0036 1924 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
    07:18:50.0036 1924 kbdhid - ok
    07:18:50.0057 1924 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
    07:18:50.0059 1924 KeyIso - ok
    07:18:50.0107 1924 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
    07:18:50.0109 1924 KSecDD - ok
    07:18:50.0151 1924 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
    07:18:50.0154 1924 KSecPkg - ok
    07:18:50.0168 1924 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
    07:18:50.0169 1924 ksthunk - ok
    07:18:50.0243 1924 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
    07:18:50.0250 1924 KtmRm - ok
    07:18:50.0300 1924 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll
    07:18:50.0313 1924 LanmanServer - ok
    07:18:50.0354 1924 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
    07:18:50.0359 1924 LanmanWorkstation - ok
    07:18:50.0413 1924 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
    07:18:50.0414 1924 lltdio - ok
    07:18:50.0437 1924 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
    07:18:50.0441 1924 lltdsvc - ok
    07:18:50.0488 1924 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
    07:18:50.0489 1924 lmhosts - ok
    07:18:50.0514 1924 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
    07:18:50.0515 1924 LSI_FC - ok
    07:18:50.0521 1924 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
    07:18:50.0522 1924 LSI_SAS - ok
    07:18:50.0527 1924 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
    07:18:50.0528 1924 LSI_SAS2 - ok
    07:18:50.0560 1924 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
    07:18:50.0561 1924 LSI_SCSI - ok
    07:18:50.0576 1924 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
    07:18:50.0577 1924 luafv - ok
    07:18:50.0597 1924 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
    07:18:50.0599 1924 Mcx2Svc - ok
    07:18:50.0603 1924 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\DRIVERS\megasas.sys
    07:18:50.0603 1924 megasas - ok
    07:18:50.0635 1924 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
    07:18:50.0637 1924 MegaSR - ok
    07:18:50.0662 1924 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
    07:18:50.0663 1924 MMCSS - ok
    07:18:50.0669 1924 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
    07:18:50.0669 1924 Modem - ok
    07:18:50.0696 1924 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
    07:18:50.0697 1924 monitor - ok
    07:18:50.0724 1924 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
    07:18:50.0724 1924 mouclass - ok
    07:18:50.0728 1924 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
    07:18:50.0728 1924 mouhid - ok
    07:18:50.0753 1924 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
    07:18:50.0753 1924 mountmgr - ok
    07:18:50.0801 1924 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\windows\system32\DRIVERS\MpFilter.sys
    07:18:50.0802 1924 MpFilter - ok
    07:18:50.0832 1924 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
    07:18:50.0833 1924 mpio - ok
    07:18:50.0906 1924 MpKsl8a5e1c4d - ok
    07:18:50.0935 1924 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
    07:18:50.0937 1924 mpsdrv - ok
    07:18:50.0987 1924 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
    07:18:50.0990 1924 MRxDAV - ok
    07:18:51.0047 1924 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
    07:18:51.0050 1924 mrxsmb - ok
    07:18:51.0119 1924 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
    07:18:51.0123 1924 mrxsmb10 - ok
    07:18:51.0155 1924 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
    07:18:51.0158 1924 mrxsmb20 - ok
    07:18:51.0201 1924 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
    07:18:51.0203 1924 msahci - ok
    07:18:51.0246 1924 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
    07:18:51.0248 1924 msdsm - ok
    07:18:51.0278 1924 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
    07:18:51.0286 1924 MSDTC - ok
    07:18:51.0348 1924 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
    07:18:51.0349 1924 Msfs - ok
    07:18:51.0371 1924 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
    07:18:51.0372 1924 mshidkmdf - ok
    07:18:51.0401 1924 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
    07:18:51.0402 1924 msisadrv - ok
    07:18:51.0434 1924 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
    07:18:51.0438 1924 MSiSCSI - ok
    07:18:51.0446 1924 msiserver - ok
    07:18:51.0474 1924 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
    07:18:51.0474 1924 MSKSSRV - ok
    07:18:51.0566 1924 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
  9. LoganFL

    LoganFL Newcomer, in training Topic Starter

    07:18:51.0567 1924 MsMpSvc - ok
    07:18:51.0575 1924 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
    07:18:51.0576 1924 MSPCLOCK - ok
    07:18:51.0596 1924 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
    07:18:51.0597 1924 MSPQM - ok
    07:18:51.0635 1924 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
    07:18:51.0638 1924 MsRPC - ok
    07:18:51.0661 1924 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
    07:18:51.0662 1924 mssmbios - ok
    07:18:51.0673 1924 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
    07:18:51.0673 1924 MSTEE - ok
    07:18:51.0677 1924 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
    07:18:51.0677 1924 MTConfig - ok
    07:18:51.0685 1924 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
    07:18:51.0686 1924 Mup - ok
    07:18:51.0718 1924 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
    07:18:51.0721 1924 napagent - ok
    07:18:51.0756 1924 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
    07:18:51.0759 1924 NativeWifiP - ok
    07:18:51.0813 1924 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\windows\system32\drivers\ndis.sys
    07:18:51.0820 1924 NDIS - ok
    07:18:51.0853 1924 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
    07:18:51.0854 1924 NdisCap - ok
    07:18:51.0868 1924 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
    07:18:51.0869 1924 NdisTapi - ok
    07:18:51.0897 1924 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
    07:18:51.0898 1924 Ndisuio - ok
    07:18:51.0923 1924 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
    07:18:51.0925 1924 NdisWan - ok
    07:18:51.0982 1924 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
    07:18:51.0984 1924 NDProxy - ok
    07:18:52.0058 1924 [ 7D2633295EB6FF2B938185874884059D ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    07:18:52.0073 1924 Nero BackItUp Scheduler 4.0 - ok
    07:18:52.0115 1924 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
    07:18:52.0116 1924 NetBIOS - ok
    07:18:52.0186 1924 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
    07:18:52.0191 1924 NetBT - ok
    07:18:52.0233 1924 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
    07:18:52.0234 1924 Netlogon - ok
    07:18:52.0293 1924 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
    07:18:52.0301 1924 Netman - ok
    07:18:52.0357 1924 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
    07:18:52.0366 1924 netprofm - ok
    07:18:52.0420 1924 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    07:18:52.0422 1924 NetTcpPortSharing - ok
    07:18:52.0464 1924 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
    07:18:52.0465 1924 nfrd960 - ok
    07:18:52.0514 1924 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\windows\system32\DRIVERS\NisDrvWFP.sys
    07:18:52.0523 1924 NisDrv - ok
    07:18:52.0559 1924 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
    07:18:52.0567 1924 NisSrv - ok
    07:18:52.0626 1924 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\windows\System32\nlasvc.dll
    07:18:52.0633 1924 NlaSvc - ok
    07:18:52.0690 1924 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
    07:18:52.0692 1924 Npfs - ok
    07:18:52.0746 1924 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
    07:18:52.0748 1924 nsi - ok
    07:18:52.0802 1924 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
    07:18:52.0803 1924 nsiproxy - ok
    07:18:52.0901 1924 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
    07:18:52.0925 1924 Ntfs - ok
    07:18:52.0964 1924 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
    07:18:52.0964 1924 Null - ok
    07:18:53.0005 1924 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
    07:18:53.0008 1924 nvraid - ok
    07:18:53.0062 1924 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
    07:18:53.0065 1924 nvstor - ok
    07:18:53.0108 1924 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
    07:18:53.0111 1924 nv_agp - ok
    07:18:53.0250 1924 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    07:18:53.0256 1924 odserv - ok
    07:18:53.0307 1924 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
    07:18:53.0309 1924 ohci1394 - ok
    07:18:53.0382 1924 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    07:18:53.0385 1924 ose - ok
    07:18:53.0449 1924 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
    07:18:53.0456 1924 p2pimsvc - ok
    07:18:53.0518 1924 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
    07:18:53.0527 1924 p2psvc - ok
    07:18:53.0558 1924 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\DRIVERS\parport.sys
    07:18:53.0560 1924 Parport - ok
    07:18:53.0603 1924 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
    07:18:53.0605 1924 partmgr - ok
    07:18:53.0670 1924 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
    07:18:53.0675 1924 PcaSvc - ok
    07:18:53.0749 1924 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
    07:18:53.0753 1924 pci - ok
    07:18:53.0798 1924 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
    07:18:53.0799 1924 pciide - ok
    07:18:53.0866 1924 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
    07:18:53.0870 1924 pcmcia - ok
    07:18:53.0925 1924 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
    07:18:53.0926 1924 pcw - ok
    07:18:53.0974 1924 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
    07:18:53.0984 1924 PEAUTH - ok
    07:18:54.0212 1924 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
    07:18:54.0215 1924 PerfHost - ok
    07:18:54.0284 1924 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
    07:18:54.0293 1924 pla - ok
    07:18:54.0369 1924 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
    07:18:54.0379 1924 PlugPlay - ok
    07:18:54.0409 1924 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
    07:18:54.0410 1924 PNRPAutoReg - ok
    07:18:54.0428 1924 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
    07:18:54.0431 1924 PNRPsvc - ok
    07:18:54.0451 1924 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
    07:18:54.0454 1924 PolicyAgent - ok
    07:18:54.0492 1924 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
    07:18:54.0494 1924 Power - ok
    07:18:54.0506 1924 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
    07:18:54.0507 1924 PptpMiniport - ok
    07:18:54.0526 1924 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\DRIVERS\processr.sys
    07:18:54.0527 1924 Processor - ok
    07:18:54.0550 1924 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
    07:18:54.0553 1924 ProfSvc - ok
    07:18:54.0566 1924 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
    07:18:54.0567 1924 ProtectedStorage - ok
    07:18:54.0597 1924 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
    07:18:54.0599 1924 Psched - ok
    07:18:54.0650 1924 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
    07:18:54.0669 1924 ql2300 - ok
    07:18:54.0675 1924 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
    07:18:54.0676 1924 ql40xx - ok
    07:18:54.0730 1924 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
    07:18:54.0736 1924 QWAVE - ok
    07:18:54.0776 1924 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
    07:18:54.0778 1924 QWAVEdrv - ok
    07:18:54.0802 1924 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
    07:18:54.0803 1924 RasAcd - ok
    07:18:54.0838 1924 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
    07:18:54.0839 1924 RasAgileVpn - ok
    07:18:54.0858 1924 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
    07:18:54.0862 1924 RasAuto - ok
    07:18:54.0893 1924 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
    07:18:54.0894 1924 Rasl2tp - ok
    07:18:54.0930 1924 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
    07:18:54.0934 1924 RasMan - ok
    07:18:54.0940 1924 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
    07:18:54.0941 1924 RasPppoe - ok
    07:18:54.0949 1924 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
    07:18:54.0950 1924 RasSstp - ok
    07:18:54.0987 1924 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
    07:18:54.0988 1924 rdbss - ok
    07:18:54.0999 1924 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
    07:18:55.0000 1924 rdpbus - ok
    07:18:55.0008 1924 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
    07:18:55.0009 1924 RDPCDD - ok
    07:18:55.0032 1924 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
    07:18:55.0032 1924 RDPENCDD - ok
    07:18:55.0044 1924 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
    07:18:55.0044 1924 RDPREFMP - ok
    07:18:55.0069 1924 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
    07:18:55.0070 1924 RDPWD - ok
    07:18:55.0109 1924 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
    07:18:55.0113 1924 rdyboost - ok
    07:18:55.0152 1924 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
    07:18:55.0156 1924 RemoteAccess - ok
    07:18:55.0166 1924 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
    07:18:55.0171 1924 RemoteRegistry - ok
    07:18:55.0187 1924 [ 7B04C9843921AB1F695FB395422C5360 ] RimUsb C:\windows\system32\Drivers\RimUsb_AMD64.sys
    07:18:55.0188 1924 RimUsb - ok
    07:18:55.0202 1924 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
    07:18:55.0204 1924 RpcEptMapper - ok
    07:18:55.0218 1924 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
    07:18:55.0219 1924 RpcLocator - ok
    07:18:55.0300 1924 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
    07:18:55.0310 1924 RpcSs - ok
    07:18:55.0337 1924 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
    07:18:55.0338 1924 rspndr - ok
    07:18:55.0358 1924 [ 7EA8D2EB9BBFD2AB8A3117A1E96D3B3A ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
    07:18:55.0361 1924 RTL8167 - ok
    07:18:55.0389 1924 [ 3C85058541D55BFCEFD9177A68A507C6 ] RTL8192su C:\windows\system32\DRIVERS\RTL8192su.sys
    07:18:55.0395 1924 RTL8192su - ok
    07:18:55.0432 1924 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
    07:18:55.0434 1924 SamSs - ok
    07:18:55.0458 1924 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
    07:18:55.0460 1924 sbp2port - ok
    07:18:55.0476 1924 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
    07:18:55.0479 1924 SCardSvr - ok
    07:18:55.0498 1924 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
    07:18:55.0499 1924 scfilter - ok
    07:18:55.0534 1924 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
    07:18:55.0544 1924 Schedule - ok
    07:18:55.0590 1924 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
    07:18:55.0591 1924 SCPolicySvc - ok
    07:18:55.0614 1924 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
    07:18:55.0620 1924 SDRSVC - ok
    07:18:55.0660 1924 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
    07:18:55.0661 1924 secdrv - ok
    07:18:55.0686 1924 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
    07:18:55.0690 1924 seclogon - ok
    07:18:55.0704 1924 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll
    07:18:55.0708 1924 SENS - ok
    07:18:55.0727 1924 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
    07:18:55.0728 1924 SensrSvc - ok
    07:18:55.0745 1924 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\DRIVERS\serenum.sys
    07:18:55.0746 1924 Serenum - ok
    07:18:55.0764 1924 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\DRIVERS\serial.sys
    07:18:55.0765 1924 Serial - ok
    07:18:55.0797 1924 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
    07:18:55.0798 1924 sermouse - ok
    07:18:55.0853 1924 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
    07:18:55.0855 1924 SessionEnv - ok
    07:18:55.0882 1924 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
    07:18:55.0882 1924 sffdisk - ok
    07:18:55.0914 1924 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
    07:18:55.0914 1924 sffp_mmc - ok
    07:18:55.0930 1924 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
    07:18:55.0931 1924 sffp_sd - ok
    07:18:55.0948 1924 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
    07:18:55.0949 1924 sfloppy - ok
    07:18:55.0982 1924 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
    07:18:55.0987 1924 ShellHWDetection - ok
    07:18:56.0000 1924 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
    07:18:56.0001 1924 SiSRaid2 - ok
    07:18:56.0007 1924 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
    07:18:56.0008 1924 SiSRaid4 - ok
    07:18:56.0013 1924 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
    07:18:56.0014 1924 Smb - ok
    07:18:56.0022 1924 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
    07:18:56.0023 1924 SNMPTRAP - ok
    07:18:56.0060 1924 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
    07:18:56.0061 1924 spldr - ok
    07:18:56.0099 1924 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
    07:18:56.0110 1924 Spooler - ok
    07:18:56.0288 1924 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
    07:18:56.0310 1924 sppsvc - ok
    07:18:56.0330 1924 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
    07:18:56.0331 1924 sppuinotify - ok
    07:18:56.0382 1924 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
    07:18:56.0384 1924 srv - ok
    07:18:56.0420 1924 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
    07:18:56.0422 1924 srv2 - ok
    07:18:56.0454 1924 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
    07:18:56.0455 1924 srvnet - ok
    07:18:56.0478 1924 [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus C:\windows\system32\DRIVERS\ssadbus.sys
    07:18:56.0479 1924 ssadbus - ok
    07:18:56.0491 1924 [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl C:\windows\system32\DRIVERS\ssadmdfl.sys
    07:18:56.0491 1924 ssadmdfl - ok
    07:18:56.0507 1924 [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm C:\windows\system32\DRIVERS\ssadmdm.sys
    07:18:56.0508 1924 ssadmdm - ok
    07:18:56.0533 1924 [ D33D1BD3EC0E766211A234F56A12726D ] ssadserd C:\windows\system32\DRIVERS\ssadserd.sys
    07:18:56.0534 1924 ssadserd - ok
    07:18:56.0560 1924 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
    07:18:56.0562 1924 SSDPSRV - ok
    07:18:56.0566 1924 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
    07:18:56.0567 1924 SstpSvc - ok
    07:18:56.0593 1924 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
    07:18:56.0593 1924 stexstor - ok
    07:18:56.0630 1924 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
    07:18:56.0634 1924 stisvc - ok
    07:18:56.0665 1924 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\drivers\swenum.sys
    07:18:56.0666 1924 swenum - ok
    07:18:56.0679 1924 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
    07:18:56.0682 1924 swprv - ok
    07:18:56.0893 1924 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
    07:18:56.0919 1924 SysMain - ok
    07:18:56.0948 1924 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
    07:18:56.0950 1924 TabletInputService - ok
    07:18:57.0013 1924 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
    07:18:57.0020 1924 TapiSrv - ok
    07:18:57.0068 1924 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
    07:18:57.0072 1924 TBS - ok
    07:18:57.0172 1924 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\windows\system32\drivers\tcpip.sys
    07:18:57.0192 1924 Tcpip - ok
    07:18:57.0417 1924 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
    07:18:57.0434 1924 TCPIP6 - ok
    07:18:57.0497 1924 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
    07:18:57.0499 1924 tcpipreg - ok
    07:18:57.0577 1924 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
    07:18:57.0579 1924 TDPIPE - ok
    07:18:57.0625 1924 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
    07:18:57.0626 1924 TDTCP - ok
    07:18:57.0657 1924 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
    07:18:57.0660 1924 tdx - ok
    07:18:57.0717 1924 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\drivers\termdd.sys
    07:18:57.0719 1924 TermDD - ok
    07:18:57.0845 1924 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
    07:18:57.0858 1924 TermService - ok
    07:18:57.0900 1924 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
    07:18:57.0904 1924 Themes - ok
    07:18:57.0939 1924 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
    07:18:57.0942 1924 THREADORDER - ok
    07:18:57.0989 1924 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
    07:18:57.0994 1924 TrkWks - ok
    07:18:58.0075 1924 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
    07:18:58.0078 1924 TrustedInstaller - ok
    07:18:58.0111 1924 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
    07:18:58.0113 1924 tssecsrv - ok
    07:18:58.0150 1924 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
    07:18:58.0152 1924 TsUsbFlt - ok
    07:18:58.0187 1924 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
    07:18:58.0189 1924 tunnel - ok
    07:18:58.0234 1924 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
    07:18:58.0235 1924 uagp35 - ok
    07:18:58.0305 1924 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
    07:18:58.0311 1924 udfs - ok
    07:18:58.0376 1924 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
    07:18:58.0381 1924 UI0Detect - ok
    07:18:58.0429 1924 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
    07:18:58.0430 1924 uliagpkx - ok
    07:18:58.0484 1924 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\drivers\umbus.sys
    07:18:58.0485 1924 umbus - ok
    07:18:58.0525 1924 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\DRIVERS\umpass.sys
    07:18:58.0526 1924 UmPass - ok
    07:18:58.0616 1924 [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
    07:18:58.0620 1924 Updater Service - ok
    07:18:58.0694 1924 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
    07:18:58.0702 1924 upnphost - ok
    07:18:58.0737 1924 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys
    07:18:58.0738 1924 USBAAPL64 - ok
    07:18:58.0781 1924 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
    07:18:58.0784 1924 usbccgp - ok
    07:18:58.0842 1924 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
    07:18:58.0845 1924 usbcir - ok
    07:18:58.0884 1924 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
    07:18:58.0886 1924 usbehci - ok
    07:18:58.0947 1924 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
    07:18:58.0952 1924 usbhub - ok
    07:18:58.0994 1924 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\DRIVERS\usbohci.sys
    07:18:58.0995 1924 usbohci - ok
    07:18:59.0043 1924 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
    07:18:59.0045 1924 usbprint - ok
    07:18:59.0073 1924 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
    07:18:59.0075 1924 usbscan - ok
    07:18:59.0122 1924 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
    07:18:59.0124 1924 USBSTOR - ok
    07:18:59.0174 1924 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
    07:18:59.0176 1924 usbuhci - ok
    07:18:59.0223 1924 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
    07:18:59.0227 1924 UxSms - ok
    07:18:59.0249 1924 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
    07:18:59.0252 1924 VaultSvc - ok
    07:18:59.0296 1924 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
    07:18:59.0298 1924 vdrvroot - ok
    07:18:59.0342 1924 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
    07:18:59.0353 1924 vds - ok
    07:18:59.0375 1924 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
    07:18:59.0377 1924 vga - ok
    07:18:59.0429 1924 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
    07:18:59.0430 1924 VgaSave - ok
    07:18:59.0492 1924 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
    07:18:59.0496 1924 vhdmp - ok
    07:18:59.0532 1924 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
    07:18:59.0533 1924 viaide - ok
    07:18:59.0580 1924 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
    07:18:59.0582 1924 volmgr - ok
    07:18:59.0627 1924 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
    07:18:59.0633 1924 volmgrx - ok
    07:18:59.0687 1924 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
    07:18:59.0691 1924 volsnap - ok
    07:18:59.0754 1924 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
    07:18:59.0757 1924 vsmraid - ok
    07:19:00.0007 1924 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
    07:19:00.0021 1924 VSS - ok
    07:19:00.0038 1924 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\System32\drivers\vwifibus.sys
    07:19:00.0039 1924 vwifibus - ok
    07:19:00.0068 1924 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
    07:19:00.0070 1924 vwififlt - ok
    07:19:00.0105 1924 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
    07:19:00.0106 1924 vwifimp - ok
    07:19:00.0135 1924 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
    07:19:00.0140 1924 W32Time - ok
    07:19:00.0191 1924 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
    07:19:00.0193 1924 WacomPen - ok
    07:19:00.0238 1924 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
    07:19:00.0240 1924 WANARP - ok
    07:19:00.0248 1924 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
    07:19:00.0250 1924 Wanarpv6 - ok
    07:19:00.0338 1924 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
    07:19:00.0348 1924 WatAdminSvc - ok
    07:19:00.0413 1924 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
    07:19:00.0431 1924 wbengine - ok
    07:19:00.0475 1924 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
    07:19:00.0477 1924 WbioSrvc - ok
    07:19:00.0535 1924 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
    07:19:00.0551 1924 wcncsvc - ok
    07:19:00.0578 1924 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
    07:19:00.0582 1924 WcsPlugInService - ok
    07:19:00.0617 1924 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\DRIVERS\wd.sys
    07:19:00.0618 1924 Wd - ok
    07:19:00.0683 1924 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
    07:19:00.0693 1924 Wdf01000 - ok
    07:19:00.0711 1924 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
    07:19:00.0714 1924 WdiServiceHost - ok
    07:19:00.0733 1924 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
    07:19:00.0735 1924 WdiSystemHost - ok
    07:19:00.0754 1924 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
    07:19:00.0757 1924 WebClient - ok
    07:19:00.0770 1924 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
    07:19:00.0774 1924 Wecsvc - ok
    07:19:00.0797 1924 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
    07:19:00.0800 1924 wercplsupport - ok
    07:19:00.0831 1924 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
    07:19:00.0834 1924 WerSvc - ok
    07:19:00.0847 1924 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
    07:19:00.0848 1924 WfpLwf - ok
    07:19:00.0872 1924 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
    07:19:00.0873 1924 WIMMount - ok
    07:19:00.0878 1924 WinHttpAutoProxySvc - ok
    07:19:00.0920 1924 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
    07:19:00.0922 1924 Winmgmt - ok
    07:19:01.0138 1924 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
    07:19:01.0156 1924 WinRM - ok
    07:19:01.0192 1924 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
    07:19:01.0193 1924 WinUsb - ok
    07:19:01.0215 1924 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
    07:19:01.0222 1924 Wlansvc - ok
    07:19:01.0250 1924 [ C71EE856C4F5B52E2D094F494CEE4936 ] WlanWpsSvc C:\Program Files (x86)\D-Link\DWA-131 revA\WlanWpsSvc.exe
    07:19:01.0251 1924 WlanWpsSvc - ok
    07:19:01.0295 1924 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    07:19:01.0295 1924 wlcrasvc - ok
    07:19:01.0393 1924 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    07:19:01.0421 1924 wlidsvc - ok
    07:19:01.0439 1924 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
    07:19:01.0440 1924 WmiAcpi - ok
    07:19:01.0460 1924 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
    07:19:01.0461 1924 wmiApSrv - ok
    07:19:01.0476 1924 WMPNetworkSvc - ok
    07:19:01.0501 1924 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
    07:19:01.0503 1924 WPCSvc - ok
    07:19:01.0546 1924 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
    07:19:01.0552 1924 WPDBusEnum - ok
    07:19:01.0599 1924 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
    07:19:01.0600 1924 ws2ifsl - ok
    07:19:01.0607 1924 WSearch - ok
    07:19:01.0649 1924 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\windows\system32\drivers\WudfPf.sys
    07:19:01.0650 1924 WudfPf - ok
    07:19:01.0676 1924 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
    07:19:01.0678 1924 WUDFRd - ok
    07:19:01.0712 1924 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll
    07:19:01.0714 1924 wudfsvc - ok
    07:19:01.0754 1924 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
    07:19:01.0760 1924 WwanSvc - ok
    07:19:01.0843 1924 ================ Scan global ===============================
    07:19:01.0887 1924 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
    07:19:01.0924 1924 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
    07:19:01.0965 1924 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
    07:19:02.0005 1924 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
    07:19:02.0121 1924 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
    07:19:02.0129 1924 [Global] - ok
    07:19:02.0130 1924 ================ Scan MBR ==================================
    07:19:02.0143 1924 [ 8C9F9E03865C35F0F3829A23CDA42F5D ] \Device\Harddisk0\DR0
    07:19:04.0220 1924 \Device\Harddisk0\DR0 - ok
    07:19:04.0226 1924 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk6\DR6
    07:19:06.0341 1924 \Device\Harddisk6\DR6 - ok
    07:19:06.0341 1924 ================ Scan VBR ==================================
    07:19:06.0354 1924 [ AA8C01BD9B0B505A4BF1640208DD9D44 ] \Device\Harddisk0\DR0\Partition1
    07:19:06.0403 1924 \Device\Harddisk0\DR0\Partition1 - ok
    07:19:06.0424 1924 [ 60A555D5601B48E7BCF79A9FF98DBF99 ] \Device\Harddisk0\DR0\Partition2
    07:19:06.0448 1924 \Device\Harddisk0\DR0\Partition2 - ok
    07:19:06.0456 1924 [ 290ABEFE0E0301A3AFE395F4E1066F3A ] \Device\Harddisk6\DR6\Partition1
    07:19:06.0459 1924 \Device\Harddisk6\DR6\Partition1 - ok
    07:19:06.0461 1924 ============================================================
    07:19:06.0461 1924 Scan finished
    07:19:06.0461 1924 ============================================================
    07:19:06.0487 3644 Detected object count: 0
    07:19:06.0487 3644 Actual detected object count: 0
  10. LoganFL

    LoganFL Newcomer, in training Topic Starter

    RogueKiller will not run, says its not a Valid System32 file.

    I have right clicked and tried to run as administrator.
  11. LoganFL

    LoganFL Newcomer, in training Topic Starter

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-09-27 07:27:32
    -----------------------------
    07:27:32.421 OS Version: Windows x64 6.1.7601 Service Pack 1
    07:27:32.421 Number of processors: 4 586 0x402
    07:27:32.421 ComputerName: KRAMERMN UserName: Kramer
    07:27:34.807 Initialize success
    07:29:26.660 AVAST engine defs: 12092700
    07:29:37.564 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005f
    07:29:37.580 Disk 0 Vendor: WDC_____ 01.0 Size: 610416MB BusType: 8
    07:29:37.580 Disk 0 MBR read successfully
    07:29:37.580 Disk 0 MBR scan
    07:29:37.595 Disk 0 unknown MBR code
    07:29:37.611 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15360 MB offset 2048
    07:29:37.626 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 31459328
    07:29:37.642 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 594954 MB offset 31664128
    07:29:37.673 Disk 0 scanning C:\windows\system32\drivers
    07:29:50.278 Service scanning
    07:30:13.023 Modules scanning
    07:30:13.038 Disk 0 trace - called modules:
    07:30:13.054 ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll ahcix64s.sys
    07:30:13.054 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80067a8060]
    07:30:13.070 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> \Device\0000005f[0xfffffa8005a1d9c0]
    07:30:15.987 AVAST engine scan C:\windows
    07:30:22.227 AVAST engine scan C:\windows\system32
    07:35:06.151 AVAST engine scan C:\windows\system32\drivers
    07:35:20.394 AVAST engine scan C:\Users\Kramer
    07:44:52.756 AVAST engine scan C:\ProgramData
    07:50:28.801 File: C:\ProgramData\Microsoft\Windows\DRM\E689.tmp.dat **INFECTED** Win32:Alureon-AVP [Trj]
    07:50:31.250 File: C:\ProgramData\Microsoft\Windows\DRM\E6BA.tmp **INFECTED** Win32:Alureon-AVP [Trj]
    07:52:03.087 Scan finished successfully
    07:53:52.537 Disk 0 MBR has been saved successfully to "C:\Users\Kramer\Desktop\MBR.dat"
    07:53:52.599 The log file has been saved successfully to "C:\Users\Kramer\Desktop\aswMBR.txt"
     
  12. LoganFL

    LoganFL Newcomer, in training Topic Starter

    Malwarebytes Anti-Malware 1.65.0.1400
    www.malwarebytes.org
    Database version: v2012.09.27.06
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Kramer :: KRAMERMN [administrator]
    9/27/2012 7:56:46 AM
    mbam-log-2012-09-27 (07-56-46).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 233188
    Time elapsed: 5 minute(s), 39 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    (end)
  13. LoganFL

    LoganFL Newcomer, in training Topic Starter

    Correction of above post:

    RogueKiller will not run, says its not a Valid Win32 file.

    I have right clicked and tried to run as administrator.
  14. Broni

    Broni Malware Annihilator Posts: 46,433   +252

    Please re-run MBAM one more time.
  15. LoganFL

    LoganFL Newcomer, in training Topic Starter

    Went out of town for the weekend, will get back on this Tuesday night.
  16. Broni

    Broni Malware Annihilator Posts: 46,433   +252

  17. LoganFL

    LoganFL Newcomer, in training Topic Starter

    Malwarebytes Anti-Malware 1.65.0.1400
    www.malwarebytes.org
    Database version: v2012.10.02.11
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Kramer :: KRAMERMN [administrator]
    10/2/2012 8:44:30 PM
    mbam-log-2012-10-02 (20-44-30).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 232775
    Time elapsed: 4 minute(s), 50 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)
  18. Broni

    Broni Malware Annihilator Posts: 46,433   +252

    Good :)

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    =============================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
  19. Broni

    Broni Malware Annihilator Posts: 46,433   +252

    This topic is marked as abandoned and closed due to inactivity.
    This member will NOT be eligible to receive any more help in malware removal forum.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.