Windows 7 can not run programs -- critical error and will restart in 1 min

Solved
By iH8scams
Oct 8, 2012
  1. Not sure if I received a virus or not but all of a sudden my computer started to shut down. After restart I could not run any normal programs. I am able to open notepad and paint but not regular programs.

    I can not access Internet either. I have a laptop with access and a removable flash drive that I can use.

    Any help would be appreciated.
  2. iH8scams

    iH8scams Newcomer, in training Topic Starter Posts: 38

    Update: through searching I have found that at 5:08 pm (around when I started having problems) there is an application: 224kkk290347 in my AppData ->local->temp folder. Searched and found this is VirTool.Win32.VBInject.AMN
  3. Broni

    Broni Malware Annihilator Posts: 45,168   +242

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===================================

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

    Next...

    Re-run FRST again.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes in your reply.

    I'll expect two logs:
    - FRST.txt
    - Search.txt
  4. iH8scams

    iH8scams Newcomer, in training Topic Starter Posts: 38

    Followed instructions.

    In dos prompt when trying to execute: h:\frst I get response: the subsystem needed to support the image is not present
  5. iH8scams

    iH8scams Newcomer, in training Topic Starter Posts: 38

    Ok... I exited the recovery tool because I was unable to run the frst program. When windows loaded it said my computer was recovered and wanted to know if I wanted to import files. I noticed that a bunch of my startup programs started loading. I was able to open programs now.

    I was able to run the frst program butnot in the recovery mode. I have geneated the logs, I hope this works for you.

    Attached Files:

  6. iH8scams

    iH8scams Newcomer, in training Topic Starter Posts: 38

    Update: I had to leave the office for a few hours and in the meantime my store manager ran Ad-Aware and it removed 5 viruses and 1000 other smal items. I know you don't want any scans or removals done during this process. would you like me to rescan the system with the frst tool?

    note: everything seems to be functioning normal right now. except catalyst failure after windows loads and 2 .dll failure to loads.

    thanks and sorry for the changes
  7. Broni

    Broni Malware Annihilator Posts: 45,168   +242

    Please observe forum rules.
    All logs have to be pasted not attached.
  8. iH8scams

    iH8scams Newcomer, in training Topic Starter Posts: 38

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-10-2012
    Ran by Meineke at 09-10-2012 09:03:20
    Running from G:\
    (X64) OS Language: English(US)
    Attention: Could not load system hive.The operation completed successfully.
    ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.

    ==================== One Month Created Files and Folders ========
    2012-10-09 09:03 - 2012-10-09 09:03 - 00000000 ____D C:\FRST
    2012-10-08 22:31 - 2012-10-09 12:56 - 00000000 ____D C:\Users\All Users\Recovery
    2012-10-08 18:44 - 2012-10-08 18:44 - 00000000 ____D C:\Windows\pss
    2012-10-08 17:12 - 2009-07-13 21:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
    2012-10-08 15:55 - 2012-10-08 16:14 - 1061001897 ____A C:\Users\Meineke\Desktop\10-8-2012_2_Neat.nbak
    2012-10-08 13:36 - 2012-10-08 14:29 - 00000000 ____D C:\Users\Meineke\Documents\Neat Data
    2012-10-08 12:43 - 2012-10-08 12:43 - 00000000 ____D C:\Users\Meineke\Documents\Neat Dataold
    2012-10-08 11:41 - 2012-10-08 12:02 - 1061001984 ____A C:\Users\Meineke\Desktop\10-8-2012_Neat.nbak
    2012-10-08 07:52 - 2012-10-08 07:52 - 00000000 ____D C:\Program Files\Send To Neat
    2012-10-08 07:52 - 2012-09-06 08:41 - 00148480 ____A (Two Pilots) C:\Windows\VPDAgent_x64.exe
    2012-10-06 16:58 - 2012-10-06 16:59 - 00000000 ____D C:\Users\Meineke\Desktop\PDF FILES
    2012-10-05 14:58 - 2012-10-05 14:58 - 00183808 ____A (Ray Hinchliffe) C:\Users\Meineke\AppData\Roaming\aorcs.dll
    2012-09-21 09:14 - 2012-09-21 09:14 - 00000000 ____D C:\Users\Meineke\AppData\Roaming\PDF Writer
    2012-09-21 09:14 - 2012-09-21 09:14 - 00000000 ____D C:\Users\All Users\PDF Writer
    2012-09-21 09:14 - 2012-09-21 09:14 - 00000000 ____D C:\Program Files\Common Files\Bullzip
    2012-09-21 09:14 - 2010-09-27 16:04 - 00135168 ____A (Bullzip) C:\Windows\SysWOW64\bzpdfc.dll
    2012-09-21 09:14 - 2010-09-27 16:04 - 00135168 ____A (Bullzip) C:\Windows\System32\bzpdfc.dll
    2012-09-21 09:14 - 2008-10-30 16:04 - 00227840 ____A (Bullzip) C:\Windows\SysWOW64\bzFlRdr.dll
    2012-09-21 09:14 - 2008-10-30 16:04 - 00227840 ____A (Bullzip) C:\Windows\System32\bzFlRdr.dll
    2012-09-21 09:14 - 2008-07-09 16:04 - 00103424 ____A (Bullzip) C:\Windows\SysWOW64\bzDCT.dll
    2012-09-21 09:14 - 2008-07-09 16:04 - 00103424 ____A (Bullzip) C:\Windows\System32\bzDCT.dll
    2012-09-21 09:13 - 2012-09-21 09:13 - 00000000 ____D C:\Program Files\Bullzip
    2012-09-19 10:56 - 2012-10-09 08:58 - 00006530 ____A C:\Users\Meineke\AppData\Local\chromeupdate.crx
    2012-09-19 10:56 - 2012-09-19 10:56 - 00427008 ____A (Windows (R) Server 2003 DDK provider) C:\Users\Meineke\AppData\Roaming\wascf.dll
    2012-09-19 10:55 - 2012-09-19 10:55 - 00160256 ____A C:\Users\Meineke\AppData\Roaming\utaps.dll
    2012-09-10 12:53 - 2012-09-10 12:54 - 12308775 ____A C:\Users\Meineke\Desktop\crash 09102012.wmv
    2012-09-10 12:52 - 2012-09-10 12:53 - 00000000 ____D C:\Users\Meineke\AppData\Local\{19013CF2-2FF4-40F8-BB79-A095A2AEB18C}
    ==================== 3 Months Modified Files ==================
    2012-10-09 09:03 - 2011-05-19 12:00 - 00000064 ____A C:\Windows\SysWOW64\rp_stats.dat
    2012-10-09 09:03 - 2011-05-19 12:00 - 00000064 ____A C:\Windows\System32\rp_stats.dat
    2012-10-09 09:03 - 2011-05-19 12:00 - 00000044 ____A C:\Windows\SysWOW64\rp_rules.dat
    2012-10-09 09:03 - 2011-05-19 12:00 - 00000044 ____A C:\Windows\System32\rp_rules.dat
    2012-10-09 09:02 - 2011-01-18 12:02 - 00002737 ____A C:\Jumi.Log.Run
    2012-10-09 09:00 - 2011-01-18 12:02 - 00002935 ____N C:\Jumi.Log
    2012-10-09 08:58 - 2012-09-19 10:56 - 00006530 ____A C:\Users\Meineke\AppData\Local\chromeupdate.crx
    2012-10-09 08:58 - 2011-01-12 09:40 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-10-09 08:56 - 2011-05-31 08:17 - 00017020 ____A C:\aaw7boot.log
    2012-10-09 08:56 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-10-09 08:56 - 2009-07-14 00:51 - 00016530 ____A C:\Windows\setupact.log
    2012-10-09 08:03 - 2011-08-03 08:03 - 00002589 ____A C:\Users\Public\Desktop\MKey.lnk
    2012-10-09 07:38 - 2011-01-12 09:40 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-10-08 19:26 - 2010-09-20 13:41 - 01401858 ____A C:\Windows\WindowsUpdate.log
    2012-10-08 17:11 - 2010-09-20 16:05 - 00225526 ____A C:\Windows\PFRO.log
    2012-10-08 16:42 - 2012-08-06 08:27 - 00042047 ____A C:\SwatchIT.txt
    2012-10-08 16:14 - 2012-10-08 15:55 - 1061001897 ____A C:\Users\Meineke\Desktop\10-8-2012_2_Neat.nbak
    2012-10-08 14:55 - 2012-08-06 08:45 - 00001649 ____A C:\PartOrderResp.xml
    2012-10-08 14:55 - 2012-08-06 08:45 - 00001521 ____A C:\PartOrderReq.xml
    2012-10-08 14:55 - 2012-08-06 08:45 - 00001456 ____A C:\PartInqResp.xml
    2012-10-08 14:55 - 2012-08-06 08:45 - 00001365 ____A C:\PartInqReq.xml
    2012-10-08 12:02 - 2012-10-08 11:41 - 1061001984 ____A C:\Users\Meineke\Desktop\10-8-2012_Neat.nbak
    2012-10-05 14:58 - 2012-10-05 14:58 - 00183808 ____A (Ray Hinchliffe) C:\Users\Meineke\AppData\Roaming\aorcs.dll
    2012-10-03 19:24 - 2011-01-27 08:59 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
    2012-10-03 19:24 - 2011-01-27 08:59 - 00000052 ____A C:\Windows\System32\DOErrors.log
    2012-10-03 19:23 - 2011-05-19 11:14 - 00001854 ____A C:\Users\Meineke\AppData\Roaming\GhostObjGAFix.xml
    2012-10-03 13:35 - 2011-01-10 16:53 - 00000219 ____A C:\Users\All Users\RmUserCfg.ini
    2012-10-03 13:35 - 2011-01-10 16:53 - 00000061 ____A C:\Users\All Users\IpAndPort.fig
    2012-09-27 07:52 - 2012-04-26 07:40 - 00000340 ____A C:\Windows\Tasks\HPCeeScheduleForMeineke.job
    2012-09-19 10:56 - 2012-09-19 10:56 - 00427008 ____A (Windows (R) Server 2003 DDK provider) C:\Users\Meineke\AppData\Roaming\wascf.dll
    2012-09-19 10:55 - 2012-09-19 10:55 - 00160256 ____A C:\Users\Meineke\AppData\Roaming\utaps.dll
    2012-09-10 12:54 - 2012-09-10 12:53 - 12308775 ____A C:\Users\Meineke\Desktop\crash 09102012.wmv
    2012-09-06 08:41 - 2012-10-08 07:52 - 00148480 ____A (Two Pilots) C:\Windows\VPDAgent_x64.exe
    2012-08-27 18:06 - 2011-01-04 07:34 - 00010645 ____A C:\Users\Meineke\Desktop\DAILY TOTALS.xlsx
    2012-08-18 14:02 - 2011-01-04 09:57 - 00028160 ____A C:\Users\Meineke\Desktop\WEEKLY TOTALS.xls
    2012-08-18 09:34 - 2012-08-18 09:34 - 06856738 ____A C:\Users\Meineke\Desktop\thor.wmv
    2012-07-31 14:29 - 2011-01-04 07:59 - 00000426 ____A C:\Windows\BRWMARK.INI
    2012-07-30 16:27 - 2012-07-30 16:27 - 00000562 ____A C:\Users\Meineke\Desktop\STEVES COMPUTER.vnc
    2012-07-23 07:40 - 2012-07-23 07:40 - 00001021 ____A C:\Users\ACX\Desktop\NetViewer.lnk
    2012-07-23 07:38 - 2012-07-23 07:38 - 00001057 ____A C:\Users\ACX\Desktop\AVIGenerator.lnk
    ZeroAccess:
    C:\Windows\Installer\{babeb83d-cb3f-7df7-b90e-f5ed8b6f3e53}
    C:\Windows\Installer\{babeb83d-cb3f-7df7-b90e-f5ed8b6f3e53}\@
    C:\Windows\Installer\{babeb83d-cb3f-7df7-b90e-f5ed8b6f3e53}\L
    C:\Windows\Installer\{babeb83d-cb3f-7df7-b90e-f5ed8b6f3e53}\n
    C:\Windows\Installer\{babeb83d-cb3f-7df7-b90e-f5ed8b6f3e53}\U
    C:\Windows\Installer\{babeb83d-cb3f-7df7-b90e-f5ed8b6f3e53}\U\00000001.@
    C:\Windows\Installer\{babeb83d-cb3f-7df7-b90e-f5ed8b6f3e53}\U\80000000.@
    C:\Windows\Installer\{babeb83d-cb3f-7df7-b90e-f5ed8b6f3e53}\U\800000cb.@
    ZeroAccess:
    C:\Users\Meineke\AppData\Local\{babeb83d-cb3f-7df7-b90e-f5ed8b6f3e53}
    C:\Users\Meineke\AppData\Local\{babeb83d-cb3f-7df7-b90e-f5ed8b6f3e53}\@
    C:\Users\Meineke\AppData\Local\{babeb83d-cb3f-7df7-b90e-f5ed8b6f3e53}\L
    C:\Users\Meineke\AppData\Local\{babeb83d-cb3f-7df7-b90e-f5ed8b6f3e53}\n
    C:\Users\Meineke\AppData\Local\{babeb83d-cb3f-7df7-b90e-f5ed8b6f3e53}\U
    C:\Users\Meineke\AppData\Local\{babeb83d-cb3f-7df7-b90e-f5ed8b6f3e53}\U\00000001.@
    C:\Users\Meineke\AppData\Local\{babeb83d-cb3f-7df7-b90e-f5ed8b6f3e53}\U\80000000.@
    C:\Users\Meineke\AppData\Local\{babeb83d-cb3f-7df7-b90e-f5ed8b6f3e53}\U\800000cb.@
    ATTENTION: ========> Check for possible partition/boot infection:
    C:\Windows\svchost.exe
    ==================== Bamital & volsnap Check =================
    C:\Windows\explorer.exe
    [2011-04-27 09:07] - [2011-02-26 02:23] - 2870272 ____A (Microsoft Corporation) 0862495E0C825893DB75EF44FAEA8E93
    C:\Windows\System32\winlogon.exe IS MISSING <==== ATTENTION!.
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe IS MISSING <==== ATTENTION!.
    C:\Windows\System32\User32.dll
    [2009-07-13 19:24] - [2009-07-13 21:11] - 0833024 ____A (Microsoft Corporation) E8B0FFC209E504CB7E79FC24E6C085F0
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys IS MISSING <==== ATTENTION!.
    ==================== Memory info ===========================
    Percentage of memory in use: 52%
    Total physical RAM: 2815.29 MB
    Available physical RAM: 1337.51 MB
    Total Pagefile: 5628.71 MB
    Available Pagefile: 3830.14 MB
    Total Virtual: 4095.88 MB
    Available Virtual: 3983.47 MB
    ==================== Partitions =============================
    1 Drive c: (OS) (Fixed) (Total:584.01 GB) (Free:313.04 GB) NTFS
    2 Drive d: (HP_RECOVERY) (Fixed) (Total:12.06 GB) (Free:1.48 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    5 Drive g: () (Removable) (Total:14.9 GB) (Free:6.82 GB) FAT32
    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 596 GB 0 B
    Disk 1 Online 14 GB 0 B
    Disk 2 No Media 0 B 0 B
    Partitions of Disk 0:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 100 MB 1024 KB
    Partition 2 Primary 584 GB 101 MB
    Partition 3 Primary 12 GB 584 GB
    =========================================================
    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 SYSTEM NTFS Partition 100 MB Healthy System (partition with boot components)
    =========================================================
    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C OS NTFS Partition 584 GB Healthy Boot
    =========================================================
    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 D HP_RECOVERY NTFS Partition 12 GB Healthy
    =========================================================
    Partitions of Disk 1:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 14 GB 16 KB
    =========================================================
    Disk: 1
    Partition 1
    Type : 0C
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 G FAT32 Removable 14 GB Healthy
    =========================================================
    ==================== End Of Log ============================



    Farbar Recovery Scan Tool (x86) Version: 07-10-2012
    Ran by Meineke at 2012-10-09 09:04:56
    Running from G:\
    ================== Search: "services.exe" ===================
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 19:19] - [2009-07-13 21:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
    === End Of Search ===
  9. Broni

    Broni Malware Annihilator Posts: 45,168   +242

    You ran it from within Windows.
    Please re-read my instructions and redo.
  10. iH8scams

    iH8scams Newcomer, in training Topic Starter Posts: 38

    I followed the instructions again and I get the same result inside of dos:

    "the subsystem needed to support the image type is not present"
  11. Broni

    Broni Malware Annihilator Posts: 45,168   +242

    Press Enter and see what happens.
  12. iH8scams

    iH8scams Newcomer, in training Topic Starter Posts: 38

    Same thing.

    At this point I have it up and running and have multiple clean scans with ad-aware.

    Do you think we should close this thread?

    I really appreciate your time and I noticed how many other people you have helped.
  13. Broni

    Broni Malware Annihilator Posts: 45,168   +242

    You have very serious infection including ZeroAccess rootkit.
    Some other scans may not show it but it's there.

    What did you use to enter Recovery Options?
    F8 key?
     
  14. iH8scams

    iH8scams Newcomer, in training Topic Starter Posts: 38

    I agree and I would love to make sure I am clean.

    I pressed f8 key and was able to go through the recovery menu like you describe.

    I can open notepad and find my drive. I can access the dos prompt and I can even search the directory of the flash drive using the cd/f: command and dir command and I can see the file. but I get that message when I try and run the file
  15. Broni

    Broni Malware Annihilator Posts: 45,168   +242

    It looks like your system is 64-bit and you downloaded 32-bit version of FRST.
  16. iH8scams

    iH8scams Newcomer, in training Topic Starter Posts: 38

    Ok. so weird thing just started happening. When I try to paste the log into this reply my computer locks up. the loading icon spins and you can not click on anything, even task manager. I had to cntl+alt+del to reboot several times and it would lock up everytime I would paste into thread. I have went home and got my laptop to paste the log.

    also the servicers.exe search does not seem to finish, it just says searching. I tried to run it a couple times and one time let it go for about 30 min.



    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-10-2012
    Ran by SYSTEM at 12-10-2012 09:58:12
    Running from G:\
    Windows 7 Ultimate (X64) OS Language: English(US)
    The current controlset is ControlSet001
    ==================== Registry (Whitelisted) ===================
    HKLM\...\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
    HKLM\...\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background [568888 2010-01-18] ()
    HKLM\...\Run: [wascf] "C:\Windows\System32\rundll32.exe" "C:\Users\Meineke\AppData\Roaming\wascf.dll",CopyData [x]
    HKLM\...\Run: [aorcs] rundll32.exe "C:\Users\Meineke\AppData\Roaming\aorcs.dll",AGetReport [x]
    HKLM-x32\...\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe [563736 2009-10-14] (PDF Complete Inc)
    HKLM-x32\...\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [102400 2010-05-11] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
    HKLM-x32\...\Run: [] [x]
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [tvncontrol] "C:\Program Files (x86)\TightVNC\tvnserver.exe" -controlservice -slave [828944 2011-08-03] (GlavSoft LLC.)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [x]
    HKLM-x32\...\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" [540056 2012-08-08] (Lavasoft)
    HKLM-x32\...\Run: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run [x]
    HKU\ACX\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1715768 2010-09-28] (Hewlett-Packard)
    HKU\Default\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1715768 2010-09-28] (Hewlett-Packard)
    HKU\Default User\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1715768 2010-09-28] (Hewlett-Packard)
    HKU\Meineke\...\Run: [JumiController] C:\Program Files (x86)\Jumi\jumi.exe [3635712 2012-10-09] (Jumi Technologies)
    HKU\Meineke\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1715768 2010-09-28] (Hewlett-Packard)
    HKU\Meineke\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited)
    HKU\Meineke\...\RunOnce: [109_95847513117] "C:\Users\Meineke\AppData\Local\LogMeIn Rescue Applet\LMIR0003.tmp_r.bat" [x]
    Tcpip\Parameters: [DhcpNameServer] 209.26.88.31 204.215.43.3
    Tcpip\..\Interfaces\{43F88FA6-A4CD-4941-A3AF-892DDADBB228}: [NameServer]216.146.35.35,216.146.36.36,209.26.88.31,204.215.43.3
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Dyn Updater Tray Icon.lnk
    ShortcutTarget: Dyn Updater Tray Icon.lnk -> C:\Program Files (x86)\Dyn Updater\DynTray.exe (Dyn, Inc.)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Snapfish PictureMover.lnk
    ShortcutTarget: Snapfish PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
    ==================== Services (Whitelisted) ===================
    2 AConneX Part Fulfillment Svc 1; C:\acs\rt\win\APFSvc.exe [86016 2009-10-16] (Activant Solutions Inc.)
    2 Ad-Aware Service; "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe" [1236368 2012-09-20] (Lavasoft Limited)
    2 Agent; C:\Windows\VPDAgent_x64.exe [148480 2012-09-06] (Two Pilots)
    2 Dyn Updater; C:\Program Files (x86)\Dyn Updater\DynUpSvc.exe [95608 2011-11-15] (Dyn, Inc.)
    2 Handler; "C:\Program Files (x86)\Meineke\Mkey Handler\Mkey Handler.exe" [105984 2011-07-20] ()
    2 MSSQL$MPACTSQL; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMPACTSQL [29293408 2010-12-10] (Microsoft Corporation)
    2 SBAMSvc; "C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe" [3289032 2011-12-19] (GFI Software)
    2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
    2 tvnserver; "C:\Program Files (x86)\TightVNC\tvnserver.exe" -service [828944 2011-08-03] (GlavSoft LLC.)
    ==================== Drivers (Whitelisted) =====================
    3 jumi; C:\Windows\System32\Drivers\jumi.sys [15160 2010-06-03] (Windows (R) Codename Longhorn DDK provider)
    3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [17152 2011-05-28] ()
    1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [57976 2011-10-26] (GFI Software)
    ==================== NetSvcs (Whitelisted) ====================

    ==================== One Month Created Files and Folders ========
    2012-10-09 11:58 - 2012-10-09 11:58 - 00000017 ____A C:\Windows\SysWOW64\shortcut_ex.dat
    2012-10-09 08:34 - 2012-10-09 08:59 - 1061002036 ____A C:\Users\Meineke\Desktop\10-9-2012_Neat.nbak
    2012-10-09 06:15 - 2012-10-09 11:18 - 00000000 ____D C:\Users\Meineke\Documents\Neat Data
    2012-10-09 05:34 - 2011-12-19 08:44 - 00256632 ____A (GFI Software) C:\Windows\System32\Drivers\SbFw.sys
    2012-10-09 05:34 - 2011-09-29 08:16 - 00119416 ____A (GFI Software) C:\Windows\System32\Drivers\SbFwIm.sys
    2012-10-09 05:33 - 2012-10-09 05:33 - 00000000 ____D C:\Users\All Users\Ad-Aware Antivirus
    2012-10-09 05:27 - 2012-10-09 05:27 - 00000000 ____D C:\Users\Meineke\AppData\Roaming\LavasoftStatistics
    2012-10-09 05:22 - 2012-10-09 12:09 - 00001870 ____A C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
    2012-10-09 05:22 - 2012-10-09 05:34 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
    2012-10-09 05:22 - 2012-10-09 05:22 - 00000000 ____D C:\Users\Meineke\AppData\Local\Downloaded Installations
    2012-10-09 05:22 - 2011-12-19 09:21 - 00045936 ____A (GFI Software) C:\Windows\System32\sbbd.exe
    2012-10-09 05:22 - 2011-12-19 08:44 - 00060536 ____A (GFI Software) C:\Windows\System32\Drivers\sbhips.sys
    2012-10-09 05:21 - 2012-10-09 12:09 - 00000000 ____D C:\Users\All Users\Ad-Aware Browsing Protection
    2012-10-09 05:21 - 2012-10-09 05:34 - 00000000 ____D C:\Users\Meineke\AppData\Roaming\Ad-Aware Antivirus
    2012-10-09 05:21 - 2012-10-09 05:23 - 00000000 ____D C:\Users\Meineke\AppData\Local\adawarebp
    2012-10-09 05:21 - 2012-10-09 05:21 - 00000000 ____D C:\Users\All Users\blekko toolbars
    2012-10-09 05:21 - 2012-10-09 05:21 - 00000000 ____D C:\Program Files (x86)\Toolbar Cleaner
    2012-10-09 05:21 - 2012-10-09 05:21 - 00000000 ____D C:\Program Files (x86)\adawaretb
    2012-10-09 05:03 - 2012-10-09 05:03 - 00000000 ____D C:\FRST
    2012-10-08 18:31 - 2012-10-09 08:56 - 00000000 ____D C:\Users\All Users\Recovery
    2012-10-08 14:44 - 2012-10-08 14:44 - 00000000 ____D C:\Windows\pss
    2012-10-08 13:12 - 2009-07-13 17:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
    2012-10-08 08:43 - 2012-10-08 08:43 - 00000000 ____D C:\Users\Meineke\Documents\Neat Dataold
    2012-10-08 03:52 - 2012-10-08 03:52 - 00000000 ____D C:\Program Files\Send To Neat
    2012-10-08 03:52 - 2012-09-06 04:41 - 00148480 ____A (Two Pilots) C:\Windows\VPDAgent_x64.exe
    2012-10-08 03:52 - 2012-09-06 04:41 - 00054784 ____A C:\Windows\System32\sdtnpm.dll
    2012-10-06 12:58 - 2012-10-06 12:59 - 00000000 ____D C:\Users\Meineke\Desktop\PDF FILES
    2012-09-21 05:14 - 2012-09-21 05:14 - 00000000 ____D C:\Users\Meineke\AppData\Roaming\PDF Writer
    2012-09-21 05:14 - 2012-09-21 05:14 - 00000000 ____D C:\Users\All Users\PDF Writer
    2012-09-21 05:14 - 2012-09-21 05:14 - 00000000 ____D C:\Program Files\Common Files\Bullzip
    2012-09-21 05:14 - 2010-09-27 12:04 - 00135168 ____A (Bullzip) C:\Windows\SysWOW64\bzpdfc.dll
    2012-09-21 05:14 - 2008-10-30 12:04 - 00227840 ____A (Bullzip) C:\Windows\SysWOW64\bzFlRdr.dll
    2012-09-21 05:14 - 2008-07-09 12:04 - 00103424 ____A (Bullzip) C:\Windows\SysWOW64\bzDCT.dll
    2012-09-21 05:13 - 2012-09-21 05:13 - 00000000 ____D C:\Program Files\Bullzip
    2012-09-21 05:13 - 2012-03-27 12:04 - 00216064 ____A (Bullzip) C:\Windows\System32\bzpdf.dll
    2012-09-19 06:56 - 2012-10-09 05:13 - 00006530 ____A C:\Users\Meineke\AppData\Local\chromeupdate.crx
    ==================== 3 Months Modified Files ==================
    2012-10-12 05:55 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-10-12 05:55 - 2009-07-13 20:51 - 00017146 ____A C:\Windows\setupact.log
    2012-10-12 05:50 - 2011-01-18 08:02 - 00363375 ____A C:\Jumi.Log.Run
    2012-10-12 05:38 - 2011-01-12 05:40 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-10-12 05:17 - 2012-08-06 04:27 - 00044577 ____A C:\SwatchIT.txt
    2012-10-12 03:38 - 2011-01-12 05:40 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-10-11 14:20 - 2009-07-13 20:45 - 00020928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-10-11 14:20 - 2009-07-13 20:45 - 00020928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-10-10 22:30 - 2011-01-18 08:02 - 00312595 ____N C:\Jumi.Log
    2012-10-10 15:33 - 2011-01-27 04:59 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
    2012-10-10 15:32 - 2011-05-19 07:14 - 00001854 ____A C:\Users\Meineke\AppData\Roaming\GhostObjGAFix.xml
    2012-10-10 08:59 - 2012-08-06 04:45 - 00001667 ____A C:\PartOrderResp.xml
    2012-10-10 08:59 - 2012-08-06 04:45 - 00001549 ____A C:\PartOrderReq.xml
    2012-10-10 08:59 - 2012-08-06 04:45 - 00001474 ____A C:\PartInqResp.xml
    2012-10-10 08:59 - 2012-08-06 04:45 - 00001395 ____A C:\PartInqReq.xml
    2012-10-09 12:09 - 2012-10-09 05:22 - 00001870 ____A C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
    2012-10-09 11:58 - 2012-10-09 11:58 - 00000017 ____A C:\Windows\SysWOW64\shortcut_ex.dat
    2012-10-09 11:30 - 2010-09-20 12:05 - 00227194 ____A C:\Windows\PFRO.log
    2012-10-09 08:59 - 2012-10-09 08:34 - 1061002036 ____A C:\Users\Meineke\Desktop\10-9-2012_Neat.nbak
    2012-10-09 05:21 - 2010-09-20 09:41 - 01402434 ____A C:\Windows\WindowsUpdate.log
    2012-10-09 05:17 - 2011-05-31 04:17 - 00017658 ____A C:\aaw7boot.log
    2012-10-09 05:13 - 2012-09-19 06:56 - 00006530 ____A C:\Users\Meineke\AppData\Local\chromeupdate.crx
    2012-10-09 05:03 - 2011-05-19 08:00 - 00000064 ____A C:\Windows\SysWOW64\rp_stats.dat
    2012-10-09 05:03 - 2011-05-19 08:00 - 00000044 ____A C:\Windows\SysWOW64\rp_rules.dat
    2012-10-09 04:03 - 2011-08-03 04:03 - 00002589 ____A C:\Users\Public\Desktop\MKey.lnk
    2012-10-03 09:35 - 2011-01-10 12:53 - 00000219 ____A C:\Users\All Users\RmUserCfg.ini
    2012-10-03 09:35 - 2011-01-10 12:53 - 00000061 ____A C:\Users\All Users\IpAndPort.fig
    2012-09-27 03:52 - 2012-04-26 03:40 - 00000340 ____A C:\Windows\Tasks\HPCeeScheduleForMeineke.job
    2012-09-17 03:34 - 2009-07-13 21:13 - 00786092 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-09-10 08:54 - 2012-09-10 08:53 - 12308775 ____A C:\Users\Meineke\Desktop\crash 09102012.wmv
    2012-09-06 04:41 - 2012-10-08 03:52 - 00148480 ____A (Two Pilots) C:\Windows\VPDAgent_x64.exe
    2012-09-06 04:41 - 2012-10-08 03:52 - 00054784 ____A C:\Windows\System32\sdtnpm.dll
    2012-08-27 14:06 - 2011-01-04 03:34 - 00010645 ____A C:\Users\Meineke\Desktop\DAILY TOTALS.xlsx
    2012-08-18 10:02 - 2011-01-04 05:57 - 00028160 ____A C:\Users\Meineke\Desktop\WEEKLY TOTALS.xls
    2012-08-18 05:34 - 2012-08-18 05:34 - 06856738 ____A C:\Users\Meineke\Desktop\thor.wmv
    2012-07-31 10:29 - 2011-01-04 03:59 - 00000426 ____A C:\Windows\BRWMARK.INI
    2012-07-30 12:27 - 2012-07-30 12:27 - 00000562 ____A C:\Users\Meineke\Desktop\STEVES COMPUTER.vnc
    2012-07-23 03:40 - 2012-07-23 03:40 - 00001021 ____A C:\Users\ACX\Desktop\NetViewer.lnk
    2012-07-23 03:38 - 2012-07-23 03:38 - 00001057 ____A C:\Users\ACX\Desktop\AVIGenerator.lnk
    ZeroAccess:
    C:\Windows\Installer\{babeb83d-cb3f-7df7-b90e-f5ed8b6f3e53}
    C:\Windows\Installer\{babeb83d-cb3f-7df7-b90e-f5ed8b6f3e53}\@
    C:\Windows\Installer\{babeb83d-cb3f-7df7-b90e-f5ed8b6f3e53}\L
    C:\Windows\Installer\{babeb83d-cb3f-7df7-b90e-f5ed8b6f3e53}\n
    C:\Windows\Installer\{babeb83d-cb3f-7df7-b90e-f5ed8b6f3e53}\U
    C:\Windows\Installer\{babeb83d-cb3f-7df7-b90e-f5ed8b6f3e53}\U\00000001.@
    C:\Windows\Installer\{babeb83d-cb3f-7df7-b90e-f5ed8b6f3e53}\U\80000000.@
    C:\Windows\Installer\{babeb83d-cb3f-7df7-b90e-f5ed8b6f3e53}\U\800000cb.@
    ATTENTION: ========> Check for possible partition/boot infection:
    C:\Windows\svchost.exe
    ==================== Known DLLs (Whitelisted) =================

    ==================== Bamital & volsnap Check =================
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    ==================== EXE ASSOCIATION =====================
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
    ==================== Restore Points =========================

    ==================== Memory info ===========================
    Percentage of memory in use: 28%
    Total physical RAM: 2815.29 MB
    Available physical RAM: 2017.51 MB
    Total Pagefile: 2813.43 MB
    Available Pagefile: 1997.02 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB
    ==================== Partitions =============================
    1 Drive c: (OS) (Fixed) (Total:584.01 GB) (Free:342.8 GB) NTFS
    2 Drive e: (HP_RECOVERY) (Fixed) (Total:12.06 GB) (Free:1.48 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    4 Drive g: () (Removable) (Total:14.9 GB) (Free:6.82 GB) FAT32
    6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    7 Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 596 GB 0 B
    Disk 1 Online 14 GB 0 B
    Disk 2 No Media 0 B 0 B
    Partitions of Disk 0:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 100 MB 1024 KB
    Partition 2 Primary 584 GB 101 MB
    Partition 3 Primary 12 GB 584 GB
    ==================================================================================
    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y SYSTEM NTFS Partition 100 MB Healthy
    =========================================================
    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C OS NTFS Partition 584 GB Healthy
    =========================================================
    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 E HP_RECOVERY NTFS Partition 12 GB Healthy
    =========================================================
    Partitions of Disk 1:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 14 GB 16 KB
    ==================================================================================
    Disk: 1
    Partition 1
    Type : 0C
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 G FAT32 Removable 14 GB Healthy
    =========================================================
    Last Boot: 2012-10-09 15:55
    ==================== End Of Log =============================
  17. Broni

    Broni Malware Annihilator Posts: 45,168   +242

    Your services.exe file is actually fine so I won't need that search results.

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next....

    Restart normally.

    =====================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

    ====================================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    =====================================

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    Alternate download: http://www.filehippo.com/download_malwarebytes_anti_malware/
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer IF MBAM asks you to do so.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    ======================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    Attached Files:

  18. iH8scams

    iH8scams Newcomer, in training Topic Starter Posts: 38

    Ok.

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-10-2012
    Ran by SYSTEM at 2012-10-15 08:07:25 Run:1
    Running from G:\
    ==============================================
    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
    C:\Windows\System32\consrv.dll not found.
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\wascf Value deleted successfully.
    C:\Users\Meineke\AppData\Roaming\wascf.dll not found.
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\aorcs Value deleted successfully.
    C:\Users\Meineke\AppData\Roaming\aorcs.dll not found.
    HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
    C:\Windows\Installer\{babeb83d-cb3f-7df7-b90e-f5ed8b6f3e53} moved successfully.
    C:\Windows\svchost.exe moved successfully.
    ==== End of Fixlog ====
  19. iH8scams

    iH8scams Newcomer, in training Topic Starter Posts: 38

  20. iH8scams

    iH8scams Newcomer, in training Topic Starter Posts: 38

    09:10:52.0765 3276 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
    09:10:53.0149 3276 ============================================================
    09:10:53.0149 3276 Current date / time: 2012/10/15 09:10:53.0149
    09:10:53.0149 3276 SystemInfo:
    09:10:53.0150 3276
    09:10:53.0150 3276 OS Version: 6.1.7600 ServicePack: 0.0
    09:10:53.0150 3276 Product type: Workstation
    09:10:53.0150 3276 ComputerName: MEINEKE-HP
    09:10:53.0150 3276 UserName: Meineke
    09:10:53.0150 3276 Windows directory: C:\Windows
    09:10:53.0150 3276 System windows directory: C:\Windows
    09:10:53.0150 3276 Running under WOW64
    09:10:53.0150 3276 Processor architecture: Intel x64
    09:10:53.0151 3276 Number of processors: 2
    09:10:53.0151 3276 Page size: 0x1000
    09:10:53.0151 3276 Boot type: Normal boot
    09:10:53.0151 3276 ============================================================
    09:10:54.0026 3276 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    09:10:54.0042 3276 Drive \Device\Harddisk1\DR1 - Size: 0x3BA300000 (14.91 Gb), SectorSize: 0x200, Cylinders: 0x79A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    09:10:54.0054 3276 ============================================================
    09:10:54.0054 3276 \Device\Harddisk0\DR0:
    09:10:54.0054 3276 MBR partitions:
    09:10:54.0054 3276 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    09:10:54.0054 3276 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x49004000
    09:10:54.0054 3276 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x49036800, BlocksNum 0x1821000
    09:10:54.0054 3276 \Device\Harddisk1\DR1:
    09:10:54.0056 3276 MBR partitions:
    09:10:54.0056 3276 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x20, BlocksNum 0x1DD17E0
    09:10:54.0056 3276 ============================================================
    09:10:54.0084 3276 C: <-> \Device\Harddisk0\DR0\Partition2
    09:10:54.0147 3276 D: <-> \Device\Harddisk0\DR0\Partition3
    09:10:54.0148 3276 ============================================================
    09:10:54.0148 3276 Initialize success
    09:10:54.0148 3276 ============================================================
    09:10:55.0710 4932 ============================================================
    09:10:55.0710 4932 Scan started
    09:10:55.0710 4932 Mode: Manual;
    09:10:55.0710 4932 ============================================================
    09:10:56.0477 4932 ================ Scan system memory ========================
    09:10:56.0477 4932 System memory - ok
    09:10:56.0478 4932 ================ Scan services =============================
    09:10:56.0629 4932 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
    09:10:56.0632 4932 1394ohci - ok
    09:10:56.0738 4932 [ 41FA3CC2A0C9C86AE0182BC8D9A18715 ] AConneX Part Fulfillment Svc 1 c:\acs\rt\win\APFSvc.exe
    09:10:56.0739 4932 AConneX Part Fulfillment Svc 1 - ok
    09:10:56.0757 4932 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
    09:10:56.0762 4932 ACPI - ok
    09:10:56.0768 4932 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
    09:10:56.0770 4932 AcpiPmi - ok
    09:10:56.0882 4932 [ C59992E25F4EBAD9E5C15B0D5D225F99 ] Ad-Aware Service C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
    09:10:56.0888 4932 Ad-Aware Service - ok
    09:10:56.0958 4932 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    09:10:56.0959 4932 AdobeARMservice - ok
    09:10:56.0977 4932 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    09:10:56.0982 4932 adp94xx - ok
    09:10:56.0999 4932 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    09:10:57.0003 4932 adpahci - ok
    09:10:57.0018 4932 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    09:10:57.0021 4932 adpu320 - ok
    09:10:57.0053 4932 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    09:10:57.0054 4932 AeLookupSvc - ok
    09:10:57.0082 4932 [ B9384E03479D2506BC924C16A3DB87BC ] AFD C:\Windows\system32\drivers\afd.sys
    09:10:57.0096 4932 AFD - ok
    09:10:57.0129 4932 [ 8492D198CA7B91202816A23F7230D11B ] Agent C:\Windows\VPDAgent_x64.exe
    09:10:57.0130 4932 Agent - ok
    09:10:57.0146 4932 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
    09:10:57.0147 4932 agp440 - ok
    09:10:57.0163 4932 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    09:10:57.0165 4932 ALG - ok
    09:10:57.0180 4932 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
    09:10:57.0181 4932 aliide - ok
    09:10:57.0204 4932 [ CA0D6C1390F4B3BAF2A0A69D1A7F8332 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
    09:10:57.0207 4932 AMD External Events Utility - ok
    09:10:57.0211 4932 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
    09:10:57.0212 4932 amdide - ok
    09:10:57.0218 4932 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    09:10:57.0220 4932 AmdK8 - ok
    09:10:57.0349 4932 [ 75E4BACA583AE02C11E9AC8747E2ABE0 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
    09:10:57.0457 4932 amdkmdag - ok
    09:10:57.0477 4932 [ B765CF4B32F347BE747B21AE22641025 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
    09:10:57.0479 4932 amdkmdap - ok
    09:10:57.0506 4932 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    09:10:57.0507 4932 AmdPPM - ok
    09:10:57.0533 4932 [ F747497A0EE5498F79B207F215B3D2D8 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
    09:10:57.0533 4932 amdsata - ok
    09:10:57.0555 4932 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    09:10:57.0558 4932 amdsbs - ok
    09:10:57.0582 4932 [ 2946D695E158615BAAA16248E63C7ADB ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
    09:10:57.0583 4932 amdxata - ok
    09:10:57.0592 4932 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
    09:10:57.0593 4932 AppID - ok
    09:10:57.0615 4932 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    09:10:57.0616 4932 AppIDSvc - ok
    09:10:57.0624 4932 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
    09:10:57.0626 4932 Appinfo - ok
    09:10:57.0667 4932 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
    09:10:57.0670 4932 AppMgmt - ok
    09:10:57.0675 4932 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
    09:10:57.0676 4932 arc - ok
    09:10:57.0682 4932 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    09:10:57.0683 4932 arcsas - ok
    09:10:57.0709 4932 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    09:10:57.0709 4932 AsyncMac - ok
    09:10:57.0724 4932 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
    09:10:57.0725 4932 atapi - ok
    09:10:57.0752 4932 [ E82E61F46D1336447F4DEFF8C074F13E ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie64.sys
    09:10:57.0753 4932 AtiPcie - ok
    09:10:57.0777 4932 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    09:10:57.0791 4932 AudioEndpointBuilder - ok
    09:10:57.0800 4932 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
    09:10:57.0804 4932 AudioSrv - ok
    09:10:57.0819 4932 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
    09:10:57.0821 4932 AxInstSV - ok
    09:10:57.0840 4932 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
    09:10:57.0845 4932 b06bdrv - ok
    09:10:57.0860 4932 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    09:10:57.0863 4932 b57nd60a - ok
    09:10:57.0908 4932 [ 825F81A6F7DD073509DB101F0BA6DC59 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
    09:10:57.0910 4932 BBSvc - ok
    09:10:57.0923 4932 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    09:10:57.0925 4932 BDESVC - ok
    09:10:57.0938 4932 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    09:10:57.0939 4932 Beep - ok
    09:10:57.0953 4932 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    09:10:57.0954 4932 blbdrive - ok
    09:10:57.0989 4932 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    09:10:57.0991 4932 bowser - ok
    09:10:57.0995 4932 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
    09:10:57.0996 4932 BrFiltLo - ok
    09:10:58.0012 4932 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
    09:10:58.0013 4932 BrFiltUp - ok
    09:10:58.0032 4932 [ 94FBC06F294D58D02361918418F996E3 ] Browser C:\Windows\System32\browser.dll
    09:10:58.0034 4932 Browser - ok
    09:10:58.0053 4932 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    09:10:58.0056 4932 Brserid - ok
    09:10:58.0061 4932 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    09:10:58.0062 4932 BrSerWdm - ok
    09:10:58.0067 4932 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    09:10:58.0067 4932 BrUsbMdm - ok
    09:10:58.0073 4932 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    09:10:58.0074 4932 BrUsbSer - ok
    09:10:58.0080 4932 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
    09:10:58.0081 4932 BTHMODEM - ok
    09:10:58.0097 4932 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    09:10:58.0099 4932 bthserv - ok
    09:10:58.0107 4932 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    09:10:58.0108 4932 cdfs - ok
    09:10:58.0116 4932 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    09:10:58.0118 4932 cdrom - ok
    09:10:58.0142 4932 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
    09:10:58.0143 4932 CertPropSvc - ok
    09:10:58.0189 4932 [ EA3333DB9AB03106EEC0D6D9D487ED01 ] CinemaNow Service C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
    09:10:58.0191 4932 CinemaNow Service - ok
    09:10:58.0210 4932 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    09:10:58.0211 4932 circlass - ok
    09:10:58.0227 4932 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    09:10:58.0231 4932 CLFS - ok
    09:10:58.0291 4932 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    09:10:58.0294 4932 clr_optimization_v2.0.50727_32 - ok
    09:10:58.0337 4932 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    09:10:58.0338 4932 clr_optimization_v2.0.50727_64 - ok
    09:10:58.0406 4932 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    09:10:58.0407 4932 clr_optimization_v4.0.30319_32 - ok
    09:10:58.0459 4932 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    09:10:58.0461 4932 clr_optimization_v4.0.30319_64 - ok
    09:10:58.0472 4932 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    09:10:58.0473 4932 CmBatt - ok
    09:10:58.0478 4932 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
    09:10:58.0479 4932 cmdide - ok
    09:10:58.0500 4932 [ F95FD4CB7DA00BA2A63CE9F6B5C053E1 ] CNG C:\Windows\system32\Drivers\cng.sys
    09:10:58.0505 4932 CNG - ok
    09:10:58.0520 4932 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    09:10:58.0521 4932 Compbatt - ok
    09:10:58.0545 4932 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
    09:10:58.0546 4932 CompositeBus - ok
    09:10:58.0555 4932 COMSysApp - ok
    09:10:58.0563 4932 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
    09:10:58.0564 4932 crcdisk - ok
    09:10:58.0594 4932 [ 8C57411B66282C01533CB776F98AD384 ] CryptSvc C:\Windows\system32\cryptsvc.dll
    09:10:58.0596 4932 CryptSvc - ok
    09:10:58.0634 4932 [ 4A6173C2279B498CD8F57CAE504564CB ] CSC C:\Windows\system32\drivers\csc.sys
    09:10:58.0647 4932 CSC - ok
    09:10:58.0675 4932 [ 873FBF927C06E5CEE04DEC617502F8FD ] CscService C:\Windows\System32\cscsvc.dll
    09:10:58.0689 4932 CscService - ok
    09:10:58.0788 4932 [ 61A86809B62769643892BC0812B204AA ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    09:10:58.0800 4932 cvhsvc - ok
    09:10:58.0841 4932 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
    09:10:58.0858 4932 DcomLaunch - ok
    09:10:58.0882 4932 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    09:10:58.0886 4932 defragsvc - ok
    09:10:58.0905 4932 [ 3F1DC527070ACB87E40AFE46EF6DA749 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    09:10:58.0907 4932 DfsC - ok
    09:10:58.0933 4932 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
    09:10:58.0938 4932 Dhcp - ok
    09:10:58.0965 4932 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    09:10:58.0966 4932 discache - ok
    09:10:58.0994 4932 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
    09:10:58.0996 4932 Disk - ok
    09:10:59.0026 4932 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
    09:10:59.0029 4932 Dnscache - ok
    09:10:59.0050 4932 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
    09:10:59.0054 4932 dot3svc - ok
    09:10:59.0068 4932 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
    09:10:59.0071 4932 DPS - ok
    09:10:59.0095 4932 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    09:10:59.0096 4932 drmkaud - ok
    09:10:59.0133 4932 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    09:10:59.0159 4932 DXGKrnl - ok
    09:10:59.0227 4932 [ C3CDC19B715514200F5CEC8BE5B9C9A8 ] Dyn Updater C:\Program Files (x86)\Dyn Updater\DynUpSvc.exe
    09:10:59.0228 4932 Dyn Updater - ok
    09:10:59.0247 4932 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    09:10:59.0250 4932 EapHost - ok
    09:10:59.0462 4932 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
    09:10:59.0504 4932 ebdrv - ok
    09:10:59.0530 4932 [ 0793F40B9B8A1BDD266296409DBD91EA ] EFS C:\Windows\System32\lsass.exe
    09:10:59.0532 4932 EFS - ok
    09:10:59.0592 4932 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    09:10:59.0603 4932 ehRecvr - ok
    09:10:59.0624 4932 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    09:10:59.0625 4932 ehSched - ok
    09:10:59.0664 4932 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    09:10:59.0679 4932 elxstor - ok
    09:10:59.0684 4932 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
    09:10:59.0686 4932 ErrDev - ok
    09:10:59.0709 4932 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    09:10:59.0714 4932 EventSystem - ok
    09:10:59.0726 4932 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    09:10:59.0729 4932 exfat - ok
    09:10:59.0748 4932 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    09:10:59.0751 4932 fastfat - ok
    09:10:59.0775 4932 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
    09:10:59.0792 4932 Fax - ok
    09:10:59.0797 4932 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    09:10:59.0798 4932 fdc - ok
    09:10:59.0804 4932 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    09:10:59.0806 4932 fdPHost - ok
    09:10:59.0812 4932 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    09:10:59.0813 4932 FDResPub - ok
    09:10:59.0828 4932 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    09:10:59.0829 4932 FileInfo - ok
    09:10:59.0840 4932 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    09:10:59.0841 4932 Filetrace - ok
    09:10:59.0859 4932 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    09:10:59.0861 4932 flpydisk - ok
    09:10:59.0876 4932 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    09:10:59.0880 4932 FltMgr - ok
    09:10:59.0922 4932 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll
    09:10:59.0939 4932 FontCache - ok
    09:10:59.0983 4932 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    09:10:59.0983 4932 FontCache3.0.0.0 - ok
    09:10:59.0992 4932 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    09:10:59.0993 4932 FsDepends - ok
    09:11:00.0006 4932 [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    09:11:00.0007 4932 Fs_Rec - ok
    09:11:00.0031 4932 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    09:11:00.0034 4932 fvevol - ok
    09:11:00.0058 4932 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    09:11:00.0059 4932 gagp30kx - ok
    09:11:00.0125 4932 [ CE16683CFD11FE70BDE435DDA5EA1FCA ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
    09:11:00.0130 4932 GameConsoleService - ok
    09:11:00.0167 4932 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
    09:11:00.0185 4932 gpsvc - ok
    09:11:00.0241 4932 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    09:11:00.0243 4932 gupdate - ok
    09:11:00.0274 4932 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    09:11:00.0276 4932 gupdatem - ok
    09:11:00.0348 4932 [ 5CF443EB5DB06782CF4F83B60623F1B5 ] Handler C:\Program Files (x86)\Meineke\Mkey Handler\Mkey Handler.exe
    09:11:00.0349 4932 Handler - ok
    09:11:00.0361 4932 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    09:11:00.0362 4932 hcw85cir - ok
    09:11:00.0379 4932 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    09:11:00.0384 4932 HdAudAddService - ok
    09:11:00.0419 4932 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
    09:11:00.0420 4932 HDAudBus - ok
    09:11:00.0425 4932 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    09:11:00.0426 4932 HidBatt - ok
    09:11:00.0431 4932 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    09:11:00.0433 4932 HidBth - ok
    09:11:00.0448 4932 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    09:11:00.0449 4932 HidIr - ok
    09:11:00.0465 4932 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
    09:11:00.0469 4932 hidserv - ok
    09:11:00.0483 4932 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    09:11:00.0484 4932 HidUsb - ok
    09:11:00.0502 4932 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
    09:11:00.0504 4932 hkmsvc - ok
    09:11:00.0517 4932 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    09:11:00.0521 4932 HomeGroupListener - ok
    09:11:00.0550 4932 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    09:11:00.0553 4932 HomeGroupProvider - ok
    09:11:00.0596 4932 [ BE78357FB49759B79CCC01894BCFDDDB ] HP Health Check Service C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    09:11:00.0597 4932 HP Health Check Service - ok
    09:11:00.0643 4932 [ 2DFB151FD34DF104DAC0ADF070EDA83C ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    09:11:00.0643 4932 HPDrvMntSvc.exe - ok
    09:11:00.0677 4932 [ 184C500CB9F69585F3FE85E1D2667CD8 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    09:11:00.0681 4932 hpqwmiex - ok
    09:11:00.0705 4932 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
    09:11:00.0707 4932 HpSAMD - ok
    09:11:00.0739 4932 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    09:11:00.0756 4932 HTTP - ok
    09:11:00.0765 4932 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    09:11:00.0766 4932 hwpolicy - ok
    09:11:00.0793 4932 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
    09:11:00.0794 4932 i8042prt - ok
    09:11:00.0827 4932 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    09:11:00.0832 4932 iaStorV - ok
    09:11:00.0979 4932 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    09:11:00.0990 4932 idsvc - ok
    09:11:01.0009 4932 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    09:11:01.0010 4932 iirsp - ok
    09:11:01.0060 4932 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
    09:11:01.0078 4932 IKEEXT - ok
    09:11:01.0145 4932 [ 2B888BBDF6962E608A5E1A1D7A626ADF ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
    09:11:01.0189 4932 IntcAzAudAddService - ok
    09:11:01.0194 4932 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
    09:11:01.0196 4932 intelide - ok
    09:11:01.0209 4932 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    09:11:01.0211 4932 intelppm - ok
    09:11:01.0228 4932 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    09:11:01.0230 4932 IPBusEnum - ok
    09:11:01.0245 4932 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    09:11:01.0247 4932 IpFilterDriver - ok
    09:11:01.0252 4932 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
    09:11:01.0253 4932 IPMIDRV - ok
    09:11:01.0258 4932 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    09:11:01.0260 4932 IPNAT - ok
    09:11:01.0279 4932 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    09:11:01.0280 4932 IRENUM - ok
    09:11:01.0285 4932 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
    09:11:01.0286 4932 isapnp - ok
    09:11:01.0301 4932 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
    09:11:01.0303 4932 iScsiPrt - ok
    09:11:01.0332 4932 [ CCB39C7006D436D238AC75D2ABFDE1FE ] jumi C:\Windows\system32\DRIVERS\jumi.sys
    09:11:01.0334 4932 jumi - ok
    09:11:01.0353 4932 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    09:11:01.0354 4932 kbdclass - ok
    09:11:01.0361 4932 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    09:11:01.0362 4932 kbdhid - ok
    09:11:01.0372 4932 [ 0793F40B9B8A1BDD266296409DBD91EA ] KeyIso C:\Windows\system32\lsass.exe
    09:11:01.0373 4932 KeyIso - ok
    09:11:01.0388 4932 [ E8B6FCC9C83535C67F835D407620BD27 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    09:11:01.0389 4932 KSecDD - ok
    09:11:01.0418 4932 [ A8C63880EF6F4D3FEC7B616B9C060215 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    09:11:01.0420 4932 KSecPkg - ok
    09:11:01.0427 4932 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    09:11:01.0428 4932 ksthunk - ok
    09:11:01.0462 4932 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    09:11:01.0467 4932 KtmRm - ok
    09:11:01.0503 4932 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\system32\srvsvc.dll
    09:11:01.0506 4932 LanmanServer - ok
    09:11:01.0534 4932 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    09:11:01.0537 4932 LanmanWorkstation - ok
    09:11:01.0585 4932 [ 9A7FA6371F68335FD3C3D6488BC5A9F8 ] Lavasoft Kernexplorer C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
    09:11:01.0585 4932 Lavasoft Kernexplorer - ok
    09:11:01.0627 4932 [ 7550D101BF49FDB1F92666A233EE36C4 ] LightScribeService c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    09:11:01.0628 4932 LightScribeService - ok
    09:11:01.0654 4932 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    09:11:01.0656 4932 lltdio - ok
    09:11:01.0696 4932 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    09:11:01.0701 4932 lltdsvc - ok
    09:11:01.0720 4932 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    09:11:01.0722 4932 lmhosts - ok
    09:11:01.0746 4932 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    09:11:01.0749 4932 LSI_FC - ok
    09:11:01.0755 4932 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    09:11:01.0761 4932 LSI_SAS - ok
    09:11:01.0767 4932 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    09:11:01.0769 4932 LSI_SAS2 - ok
    09:11:01.0776 4932 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    09:11:01.0778 4932 LSI_SCSI - ok
    09:11:01.0789 4932 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    09:11:01.0791 4932 luafv - ok
    09:11:01.0821 4932 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
    09:11:01.0823 4932 MBAMProtector - ok
    09:11:01.0877 4932 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    09:11:01.0894 4932 MBAMScheduler - ok
    09:11:01.0943 4932 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    09:11:01.0960 4932 MBAMService - ok
    09:11:01.0984 4932 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    09:11:01.0987 4932 Mcx2Svc - ok
    09:11:01.0993 4932 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    09:11:01.0995 4932 megasas - ok
    09:11:02.0010 4932 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    09:11:02.0013 4932 MegaSR - ok
    09:11:02.0039 4932 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    09:11:02.0041 4932 MMCSS - ok
    09:11:02.0045 4932 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    09:11:02.0046 4932 Modem - ok
    09:11:02.0068 4932 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    09:11:02.0069 4932 monitor - ok
    09:11:02.0073 4932 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    09:11:02.0075 4932 mouclass - ok
    09:11:02.0081 4932 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    09:11:02.0082 4932 mouhid - ok
    09:11:02.0091 4932 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    09:11:02.0093 4932 mountmgr - ok
    09:11:02.0108 4932 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
    09:11:02.0111 4932 mpio - ok
    09:11:02.0126 4932 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    09:11:02.0128 4932 mpsdrv - ok
    09:11:02.0133 4932 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    09:11:02.0135 4932 MRxDAV - ok
    09:11:02.0166 4932 [ B7F3D2C40BDF8FFB73EBFB19C77734E2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    09:11:02.0169 4932 mrxsmb - ok
    09:11:02.0185 4932 [ 86C6F88B5168CE21CF8D69D0B3FF5D19 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    09:11:02.0189 4932 mrxsmb10 - ok
    09:11:02.0221 4932 [ B081069251C8E9F42CB8769D07148F9C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    09:11:02.0223 4932 mrxsmb20 - ok
    09:11:02.0234 4932 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
    09:11:02.0235 4932 msahci - ok
    09:11:02.0241 4932 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
    09:11:02.0243 4932 msdsm - ok
    09:11:02.0259 4932 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    09:11:02.0261 4932 MSDTC - ok
    09:11:02.0278 4932 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    09:11:02.0280 4932 Msfs - ok
    09:11:02.0302 4932 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    09:11:02.0304 4932 mshidkmdf - ok
    09:11:02.0309 4932 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
    09:11:02.0310 4932 msisadrv - ok
    09:11:02.0335 4932 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    09:11:02.0338 4932 MSiSCSI - ok
    09:11:02.0341 4932 msiserver - ok
    09:11:02.0367 4932 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    09:11:02.0368 4932 MSKSSRV - ok
    09:11:02.0383 4932 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    09:11:02.0384 4932 MSPCLOCK - ok
    09:11:02.0388 4932 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    09:11:02.0389 4932 MSPQM - ok
    09:11:02.0407 4932 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    09:11:02.0411 4932 MsRPC - ok
    09:11:02.0427 4932 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
    09:11:02.0428 4932 mssmbios - ok
    09:11:02.0476 4932 MSSQL$MPACTSQL - ok
    09:11:02.0500 4932 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
    09:11:02.0501 4932 MSSQLServerADHelper - ok
    09:11:02.0515 4932 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    09:11:02.0516 4932 MSTEE - ok
    09:11:02.0521 4932 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    09:11:02.0522 4932 MTConfig - ok
    09:11:02.0540 4932 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    09:11:02.0542 4932 Mup - ok
    09:11:02.0565 4932 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
    09:11:02.0579 4932 napagent - ok
    09:11:02.0602 4932 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    09:11:02.0606 4932 NativeWifiP - ok
    09:11:02.0639 4932 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
    09:11:02.0657 4932 NDIS - ok
    09:11:02.0675 4932 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    09:11:02.0676 4932 NdisCap - ok
    09:11:02.0702 4932 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    09:11:02.0703 4932 NdisTapi - ok
    09:11:02.0708 4932 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    09:11:02.0709 4932 Ndisuio - ok
    09:11:02.0732 4932 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    09:11:02.0734 4932 NdisWan - ok
    09:11:02.0747 4932 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    09:11:02.0749 4932 NDProxy - ok
    09:11:02.0759 4932 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    09:11:02.0760 4932 NetBIOS - ok
    09:11:02.0775 4932 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    09:11:02.0778 4932 NetBT - ok
    09:11:02.0789 4932 [ 0793F40B9B8A1BDD266296409DBD91EA ] Netlogon C:\Windows\system32\lsass.exe
    09:11:02.0790 4932 Netlogon - ok
    09:11:02.0826 4932 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    09:11:02.0830 4932 Netman - ok
    09:11:02.0871 4932 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    09:11:02.0890 4932 netprofm - ok
    09:11:02.0919 4932 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    09:11:02.0922 4932 NetTcpPortSharing - ok
  21. iH8scams

    iH8scams Newcomer, in training Topic Starter Posts: 38

    CONTINUED.....

    09:11:02.0943 4932 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

    09:11:02.0945 4932 nfrd960 - ok

    09:11:02.0966 4932 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll

    09:11:02.0978 4932 NlaSvc - ok

    09:11:02.0989 4932 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

    09:11:02.0991 4932 Npfs - ok

    09:11:03.0004 4932 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

    09:11:03.0006 4932 nsi - ok

    09:11:03.0014 4932 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

    09:11:03.0015 4932 nsiproxy - ok

    09:11:03.0068 4932 [ 378E0E0DFEA67D98AE6EA53ADBBD76BC ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

    09:11:03.0094 4932 Ntfs - ok

    09:11:03.0107 4932 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

    09:11:03.0108 4932 Null - ok

    09:11:03.0139 4932 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys

    09:11:03.0141 4932 nvraid - ok

    09:11:03.0171 4932 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys

    09:11:03.0173 4932 nvstor - ok

    09:11:03.0199 4932 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys

    09:11:03.0201 4932 nv_agp - ok

    09:11:03.0205 4932 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys

    09:11:03.0207 4932 ohci1394 - ok

    09:11:03.0261 4932 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

    09:11:03.0263 4932 ose - ok

    09:11:03.0433 4932 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

    09:11:03.0516 4932 osppsvc - ok

    09:11:03.0531 4932 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

    09:11:03.0536 4932 p2pimsvc - ok

    09:11:03.0557 4932 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

    09:11:03.0562 4932 p2psvc - ok

    09:11:03.0591 4932 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys

    09:11:03.0592 4932 Parport - ok

    09:11:03.0608 4932 [ 7DAA117143316C4A1537E074A5A9EAF0 ] partmgr C:\Windows\system32\drivers\partmgr.sys

    09:11:03.0610 4932 partmgr - ok

    09:11:03.0621 4932 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

    09:11:03.0625 4932 PcaSvc - ok

    09:11:03.0653 4932 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys

    09:11:03.0655 4932 pci - ok

    09:11:03.0678 4932 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys

    09:11:03.0679 4932 pciide - ok

    09:11:03.0692 4932 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

    09:11:03.0695 4932 pcmcia - ok

    09:11:03.0709 4932 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

    09:11:03.0710 4932 pcw - ok

    09:11:03.0746 4932 pdfcDispatcher - ok

    09:11:03.0767 4932 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

    09:11:03.0780 4932 PEAUTH - ok

    09:11:03.0827 4932 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll

    09:11:03.0853 4932 PeerDistSvc - ok

    09:11:03.0929 4932 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

    09:11:03.0931 4932 PerfHost - ok

    09:11:03.0971 4932 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll

    09:11:03.0997 4932 pla - ok

    09:11:04.0037 4932 [ 23157D583244400E1D7FBAEE2E4B31B7 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

    09:11:04.0051 4932 PlugPlay - ok

    09:11:04.0060 4932 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

    09:11:04.0062 4932 PNRPAutoReg - ok

    09:11:04.0081 4932 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

    09:11:04.0084 4932 PNRPsvc - ok

    09:11:04.0105 4932 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

    09:11:04.0119 4932 PolicyAgent - ok

    09:11:04.0134 4932 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

    09:11:04.0137 4932 Power - ok

    09:11:04.0158 4932 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

    09:11:04.0160 4932 PptpMiniport - ok

    09:11:04.0178 4932 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys

    09:11:04.0179 4932 Processor - ok

    09:11:04.0198 4932 [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc C:\Windows\system32\profsvc.dll

    09:11:04.0202 4932 ProfSvc - ok

    09:11:04.0213 4932 [ 0793F40B9B8A1BDD266296409DBD91EA ] ProtectedStorage C:\Windows\system32\lsass.exe

    09:11:04.0215 4932 ProtectedStorage - ok

    09:11:04.0237 4932 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys

    09:11:04.0240 4932 Psched - ok

    09:11:04.0285 4932 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

    09:11:04.0312 4932 ql2300 - ok

    09:11:04.0317 4932 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

    09:11:04.0319 4932 ql40xx - ok

    09:11:04.0336 4932 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

    09:11:04.0339 4932 QWAVE - ok

    09:11:04.0349 4932 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

    09:11:04.0350 4932 QWAVEdrv - ok

    09:11:04.0354 4932 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

    09:11:04.0355 4932 RasAcd - ok

    09:11:04.0379 4932 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

    09:11:04.0380 4932 RasAgileVpn - ok

    09:11:04.0393 4932 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

    09:11:04.0395 4932 RasAuto - ok

    09:11:04.0409 4932 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

    09:11:04.0450 4932 Rasl2tp - ok

    09:11:04.0480 4932 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll

    09:11:04.0496 4932 RasMan - ok

    09:11:04.0517 4932 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

    09:11:04.0521 4932 RasPppoe - ok

    09:11:04.0532 4932 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

    09:11:04.0534 4932 RasSstp - ok

    09:11:04.0554 4932 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

    09:11:04.0559 4932 rdbss - ok

    09:11:04.0586 4932 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

    09:11:04.0587 4932 rdpbus - ok

    09:11:04.0602 4932 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

    09:11:04.0603 4932 RDPCDD - ok

    09:11:04.0637 4932 [ 9706B84DBABFC4B4CA46C5A82B14DFA3 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys

    09:11:04.0639 4932 RDPDR - ok

    09:11:04.0655 4932 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

    09:11:04.0656 4932 RDPENCDD - ok

    09:11:04.0669 4932 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

    09:11:04.0670 4932 RDPREFMP - ok

    09:11:04.0690 4932 [ 8A3E6BEA1C53EA6177FE2B6EBA2C80D7 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

    09:11:04.0693 4932 RDPWD - ok

    09:11:04.0706 4932 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

    09:11:04.0708 4932 rdyboost - ok

    09:11:04.0743 4932 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

    09:11:04.0746 4932 RemoteAccess - ok

    09:11:04.0755 4932 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

    09:11:04.0758 4932 RemoteRegistry - ok

    09:11:04.0769 4932 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

    09:11:04.0771 4932 RpcEptMapper - ok

    09:11:04.0793 4932 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

    09:11:04.0794 4932 RpcLocator - ok

    09:11:04.0815 4932 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll

    09:11:04.0818 4932 RpcSs - ok

    09:11:04.0835 4932 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

    09:11:04.0837 4932 rspndr - ok

    09:11:04.0885 4932 [ 7EA8D2EB9BBFD2AB8A3117A1E96D3B3A ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys

    09:11:04.0892 4932 RTL8167 - ok

    09:11:04.0914 4932 [ 0793F40B9B8A1BDD266296409DBD91EA ] SamSs C:\Windows\system32\lsass.exe

    09:11:04.0917 4932 SamSs - ok

    09:11:05.0042 4932 [ BCE943896289A91AD75CC5652620B1C6 ] SBAMSvc C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe

    09:11:05.0101 4932 SBAMSvc - ok

    09:11:05.0141 4932 [ 6E342316E72F4B6FA39C99E06373A1A3 ] sbapifs C:\Windows\system32\DRIVERS\sbapifs.sys

    09:11:05.0143 4932 sbapifs - ok

    09:11:05.0180 4932 [ 19954328DDA3D656F8A879B3A46FFED6 ] SbFw C:\Windows\system32\drivers\SbFw.sys

    09:11:05.0183 4932 SbFw - ok

    09:11:05.0224 4932 [ 513B3BFCD3C465B9820C2D05FA94E630 ] SBFWIMCL C:\Windows\system32\DRIVERS\sbfwim.sys

    09:11:05.0226 4932 SBFWIMCL - ok

    09:11:05.0232 4932 [ 513B3BFCD3C465B9820C2D05FA94E630 ] SBFWIMCLMP C:\Windows\system32\DRIVERS\SBFWIM.sys

    09:11:05.0233 4932 SBFWIMCLMP - ok

    09:11:05.0258 4932 [ B671EEF468D13016B9286F5835A06AE1 ] sbhips C:\Windows\system32\drivers\sbhips.sys

    09:11:05.0260 4932 sbhips - ok

    09:11:05.0280 4932 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys

    09:11:05.0282 4932 sbp2port - ok

    09:11:05.0321 4932 [ 9ACEB2A2362FC87A3825963E61BA9076 ] SBRE C:\Windows\system32\drivers\SBREdrv.sys

    09:11:05.0323 4932 SBRE - ok

    09:11:05.0435 4932 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

    09:11:05.0470 4932 SBSDWSCService - ok

    09:11:05.0509 4932 [ EAB54ADCCECA64B2F38CD859FB494895 ] sbwtis C:\Windows\system32\DRIVERS\sbwtis.sys

    09:11:05.0511 4932 sbwtis - ok

    09:11:05.0539 4932 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

    09:11:05.0543 4932 SCardSvr - ok

    09:11:05.0567 4932 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

    09:11:05.0568 4932 scfilter - ok

    09:11:05.0601 4932 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll

    09:11:05.0627 4932 Schedule - ok

    09:11:05.0650 4932 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll

    09:11:05.0651 4932 SCPolicySvc - ok

    09:11:05.0667 4932 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll

    09:11:05.0670 4932 SDRSVC - ok

    09:11:05.0719 4932 [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

    09:11:05.0723 4932 SeaPort - ok

    09:11:05.0735 4932 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

    09:11:05.0736 4932 secdrv - ok

    09:11:05.0749 4932 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll

    09:11:05.0751 4932 seclogon - ok

    09:11:05.0764 4932 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll

    09:11:05.0767 4932 SENS - ok

    09:11:05.0774 4932 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

    09:11:05.0776 4932 SensrSvc - ok

    09:11:05.0792 4932 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

    09:11:05.0794 4932 Serenum - ok

    09:11:05.0799 4932 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys

    09:11:05.0801 4932 Serial - ok

    09:11:05.0805 4932 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

    09:11:05.0807 4932 sermouse - ok

    09:11:05.0825 4932 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll

    09:11:05.0827 4932 SessionEnv - ok

    09:11:05.0855 4932 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys

    09:11:05.0856 4932 sffdisk - ok

    09:11:05.0867 4932 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys

    09:11:05.0868 4932 sffp_mmc - ok

    09:11:05.0872 4932 [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys

    09:11:05.0873 4932 sffp_sd - ok

    09:11:05.0877 4932 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

    09:11:05.0878 4932 sfloppy - ok

    09:11:05.0916 4932 [ 72CD52403EFC137290CB5A328510EBCA ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys

    09:11:05.0930 4932 Sftfs - ok

    09:11:05.0983 4932 [ F821B6C5D3FD23E11CBB613F61C94C98 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

    09:11:05.0988 4932 sftlist - ok

    09:11:06.0019 4932 [ 31A36EF71AF36EABCC4B4F8AB8F76465 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys

    09:11:06.0023 4932 Sftplay - ok

    09:11:06.0040 4932 [ 2D969194FCC8EB41ED1D52863BFE7F52 ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys

    09:11:06.0042 4932 Sftredir - ok

    09:11:06.0052 4932 [ 08B36D2F63AF3CA2248458A4280C0C50 ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys

    09:11:06.0053 4932 Sftvol - ok

    09:11:06.0064 4932 [ DB7213FCB2BC1B4F0C5CC5AF344ABCD0 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

    09:11:06.0067 4932 sftvsa - ok

    09:11:06.0090 4932 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll

    09:11:06.0095 4932 ShellHWDetection - ok

    09:11:06.0107 4932 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

    09:11:06.0109 4932 SiSRaid2 - ok

    09:11:06.0125 4932 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

    09:11:06.0126 4932 SiSRaid4 - ok

    09:11:06.0139 4932 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

    09:11:06.0140 4932 Smb - ok

    09:11:06.0171 4932 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

    09:11:06.0173 4932 SNMPTRAP - ok

    09:11:06.0181 4932 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

    09:11:06.0183 4932 spldr - ok

    09:11:06.0214 4932 [ F8E1FA03CB70D54A9892AC88B91D1E7B ] Spooler C:\Windows\System32\spoolsv.exe

    09:11:06.0230 4932 Spooler - ok

    09:11:06.0291 4932 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe

    09:11:06.0369 4932 sppsvc - ok

    09:11:06.0388 4932 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

    09:11:06.0391 4932 sppuinotify - ok

    09:11:06.0430 4932 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

    09:11:06.0433 4932 SQLBrowser - ok

    09:11:06.0491 4932 [ 3C432A96363097870995E2A3C8B66ABD ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

    09:11:06.0496 4932 SQLWriter - ok

    09:11:06.0535 4932 [ 148D50904D2A0DF29A19778715EB35BB ] srv C:\Windows\system32\DRIVERS\srv.sys

    09:11:06.0549 4932 srv - ok

    09:11:06.0583 4932 [ CE2189FE31D36678AC9EB7DDEE08EC96 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

    09:11:06.0587 4932 srv2 - ok

    09:11:06.0622 4932 [ CB69EDEB069A49577592835659CD0E46 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

    09:11:06.0625 4932 srvnet - ok

    09:11:06.0652 4932 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

    09:11:06.0658 4932 SSDPSRV - ok

    09:11:06.0671 4932 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

    09:11:06.0673 4932 SstpSvc - ok

    09:11:06.0685 4932 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

    09:11:06.0686 4932 stexstor - ok

    09:11:06.0725 4932 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll

    09:11:06.0740 4932 stisvc - ok

    09:11:06.0748 4932 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys

    09:11:06.0750 4932 swenum - ok

    09:11:06.0772 4932 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

    09:11:06.0787 4932 swprv - ok

    09:11:06.0830 4932 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll

    09:11:06.0865 4932 SysMain - ok

    09:11:06.0880 4932 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll

    09:11:06.0882 4932 TabletInputService - ok

    09:11:06.0902 4932 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll

    09:11:06.0907 4932 TapiSrv - ok

    09:11:06.0919 4932 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

    09:11:06.0921 4932 TBS - ok

    09:11:06.0971 4932 [ 90A2D722CF64D911879D6C4A4F802A4D ] Tcpip C:\Windows\system32\drivers\tcpip.sys

    09:11:07.0006 4932 Tcpip - ok

    09:11:07.0052 4932 [ 90A2D722CF64D911879D6C4A4F802A4D ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

    09:11:07.0061 4932 TCPIP6 - ok

    09:11:07.0078 4932 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

    09:11:07.0079 4932 tcpipreg - ok

    09:11:07.0098 4932 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

    09:11:07.0099 4932 TDPIPE - ok

    09:11:07.0103 4932 [ E4245BDA3190A582D55ED09E137401A9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

    09:11:07.0105 4932 TDTCP - ok

    09:11:07.0120 4932 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys

    09:11:07.0122 4932 tdx - ok

    09:11:07.0133 4932 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

    09:11:07.0135 4932 TermDD - ok

    09:11:07.0158 4932 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll

    09:11:07.0175 4932 TermService - ok

    09:11:07.0193 4932 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

    09:11:07.0195 4932 Themes - ok

    09:11:07.0215 4932 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

    09:11:07.0216 4932 THREADORDER - ok

    09:11:07.0232 4932 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

    09:11:07.0235 4932 TrkWks - ok

    09:11:07.0284 4932 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

    09:11:07.0287 4932 TrustedInstaller - ok

    09:11:07.0301 4932 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

    09:11:07.0302 4932 tssecsrv - ok

    09:11:07.0324 4932 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

    09:11:07.0326 4932 tunnel - ok

    09:11:07.0402 4932 [ AAF458CC200326BEF602B5339400BF86 ] tvnserver C:\Program Files (x86)\TightVNC\tvnserver.exe

    09:11:07.0428 4932 tvnserver - ok

    09:11:07.0447 4932 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

    09:11:07.0449 4932 uagp35 - ok

    09:11:07.0462 4932 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys

    09:11:07.0467 4932 udfs - ok

    09:11:07.0488 4932 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

    09:11:07.0490 4932 UI0Detect - ok

    09:11:07.0502 4932 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys

    09:11:07.0503 4932 uliagpkx - ok

    09:11:07.0520 4932 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

    09:11:07.0522 4932 umbus - ok

    09:11:07.0526 4932 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

    09:11:07.0527 4932 UmPass - ok

    09:11:07.0551 4932 [ AF0AC98EE5077EB844413EB54287FDE3 ] UmRdpService C:\Windows\System32\umrdp.dll

    09:11:07.0555 4932 UmRdpService - ok

    09:11:07.0569 4932 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

    09:11:07.0576 4932 upnphost - ok

    09:11:07.0599 4932 [ 7B6A127C93EE590E4D79A5F2A76FE46F ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

    09:11:07.0601 4932 usbccgp - ok

    09:11:07.0617 4932 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys

    09:11:07.0618 4932 usbcir - ok

    09:11:07.0640 4932 [ 92969BA5AC44E229C55A332864F79677 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

    09:11:07.0641 4932 usbehci - ok

    09:11:07.0648 4932 [ 2C780746DC44A28FE67004DC58173F05 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys

    09:11:07.0649 4932 usbfilter - ok

    09:11:07.0663 4932 [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

    09:11:07.0667 4932 usbhub - ok

    09:11:07.0674 4932 [ F1BB1E55F1E7A65C5839CCC7B36D773E ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys

    09:11:07.0675 4932 usbohci - ok

    09:11:07.0697 4932 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

    09:11:07.0698 4932 usbprint - ok

    09:11:07.0737 4932 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

    09:11:07.0738 4932 usbscan - ok

    09:11:07.0764 4932 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

    09:11:07.0766 4932 USBSTOR - ok

    09:11:07.0781 4932 [ BC3070350A491D84B518D7CCA9ABD36F ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

    09:11:07.0782 4932 usbuhci - ok

    09:11:07.0796 4932 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

    09:11:07.0799 4932 UxSms - ok

    09:11:07.0806 4932 [ 0793F40B9B8A1BDD266296409DBD91EA ] VaultSvc C:\Windows\system32\lsass.exe

    09:11:07.0807 4932 VaultSvc - ok

    09:11:07.0815 4932 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys

    09:11:07.0817 4932 vdrvroot - ok

    09:11:07.0841 4932 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe

    09:11:07.0857 4932 vds - ok

    09:11:07.0876 4932 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

    09:11:07.0877 4932 vga - ok

    09:11:07.0889 4932 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

    09:11:07.0890 4932 VgaSave - ok

    09:11:07.0896 4932 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys

    09:11:07.0899 4932 vhdmp - ok

    09:11:07.0903 4932 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys

    09:11:07.0905 4932 viaide - ok

    09:11:07.0924 4932 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys

    09:11:07.0926 4932 volmgr - ok

    09:11:07.0944 4932 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

    09:11:07.0948 4932 volmgrx - ok

    09:11:07.0964 4932 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys

    09:11:07.0967 4932 volsnap - ok

    09:11:07.0991 4932 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

    09:11:07.0993 4932 vsmraid - ok

    09:11:08.0035 4932 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe

    09:11:08.0061 4932 VSS - ok

    09:11:08.0077 4932 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys

    09:11:08.0078 4932 vwifibus - ok

    09:11:08.0090 4932 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

    09:11:08.0104 4932 W32Time - ok

    09:11:08.0113 4932 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

    09:11:08.0114 4932 WacomPen - ok

    09:11:08.0139 4932 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

    09:11:08.0141 4932 WANARP - ok

    09:11:08.0144 4932 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

    09:11:08.0145 4932 Wanarpv6 - ok

    09:11:08.0189 4932 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

    09:11:08.0215 4932 WatAdminSvc - ok

    09:11:08.0246 4932 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe

    09:11:08.0273 4932 wbengine - ok

    09:11:08.0292 4932 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

    09:11:08.0296 4932 WbioSrvc - ok

    09:11:08.0316 4932 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll

    09:11:08.0322 4932 wcncsvc - ok

    09:11:08.0331 4932 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

    09:11:08.0333 4932 WcsPlugInService - ok

    09:11:08.0337 4932 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys

    09:11:08.0339 4932 Wd - ok

    09:11:08.0359 4932 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

    09:11:08.0374 4932 Wdf01000 - ok

    09:11:08.0379 4932 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

    09:11:08.0381 4932 WdiServiceHost - ok

    09:11:08.0385 4932 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

    09:11:08.0387 4932 WdiSystemHost - ok

    09:11:08.0410 4932 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll

    09:11:08.0415 4932 WebClient - ok

    09:11:08.0433 4932 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

    09:11:08.0437 4932 Wecsvc - ok

    09:11:08.0447 4932 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

    09:11:08.0450 4932 wercplsupport - ok

    09:11:08.0456 4932 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

    09:11:08.0459 4932 WerSvc - ok

    09:11:08.0470 4932 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

    09:11:08.0471 4932 WfpLwf - ok

    09:11:08.0484 4932 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

    09:11:08.0486 4932 WIMMount - ok

    09:11:08.0491 4932 WinHttpAutoProxySvc - ok

    09:11:08.0546 4932 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

    09:11:08.0549 4932 Winmgmt - ok

    09:11:08.0601 4932 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll

    09:11:08.0636 4932 WinRM - ok

    09:11:08.0694 4932 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

    09:11:08.0696 4932 WinUsb - ok

    09:11:08.0724 4932 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

    09:11:08.0742 4932 Wlansvc - ok

    09:11:08.0880 4932 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

    09:11:08.0936 4932 wlidsvc - ok

    09:11:08.0975 4932 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys

    09:11:08.0976 4932 WmiAcpi - ok

    09:11:09.0008 4932 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

    09:11:09.0012 4932 wmiApSrv - ok

    09:11:09.0040 4932 WMPNetworkSvc - ok

    09:11:09.0065 4932 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

    09:11:09.0068 4932 WPCSvc - ok

    09:11:09.0077 4932 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

    09:11:09.0080 4932 WPDBusEnum - ok

    09:11:09.0088 4932 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

    09:11:09.0090 4932 ws2ifsl - ok

    09:11:09.0096 4932 WSearch - ok

    09:11:09.0116 4932 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

    09:11:09.0119 4932 WudfPf - ok

    09:11:09.0132 4932 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

    09:11:09.0135 4932 WUDFRd - ok

    09:11:09.0147 4932 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll

    09:11:09.0149 4932 wudfsvc - ok

    09:11:09.0165 4932 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

    09:11:09.0169 4932 WwanSvc - ok

    09:11:09.0174 4932 ================ Scan global ===============================

    09:11:09.0192 4932 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

    09:11:09.0217 4932 [ B200DECA2186858595A97FBE63E896CC ] C:\Windows\system32\winsrv.dll

    09:11:09.0234 4932 [ B200DECA2186858595A97FBE63E896CC ] C:\Windows\system32\winsrv.dll

    09:11:09.0254 4932 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

    09:11:09.0283 4932 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

    09:11:09.0288 4932 [Global] - ok

    09:11:09.0288 4932 ================ Scan MBR ==================================

    09:11:09.0301 4932 [ 65BF848E44E105340CCD97E0E434410B ] \Device\Harddisk0\DR0

    09:11:09.0605 4932 \Device\Harddisk0\DR0 - ok

    09:11:09.0615 4932 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1

    09:11:09.0624 4932 \Device\Harddisk1\DR1 - ok

    09:11:09.0628 4932 ================ Scan VBR ==================================

    09:11:09.0631 4932 [ 4D4CC60CBD2D57E8B05A0F9BF5AC7F59 ] \Device\Harddisk0\DR0\Partition1

    09:11:09.0633 4932 \Device\Harddisk0\DR0\Partition1 - ok

    09:11:09.0639 4932 [ E4F9E7ECBD250BB026619BEC206C386A ] \Device\Harddisk0\DR0\Partition2

    09:11:09.0640 4932 \Device\Harddisk0\DR0\Partition2 - ok

    09:11:09.0678 4932 [ 7C376171D16FE2675DE8A1B5543A991C ] \Device\Harddisk0\DR0\Partition3

    09:11:09.0679 4932 \Device\Harddisk0\DR0\Partition3 - ok

    09:11:09.0684 4932 [ DF5169C1AD30269BA7CD56810DD992D5 ] \Device\Harddisk1\DR1\Partition1

    09:11:09.0685 4932 \Device\Harddisk1\DR1\Partition1 - ok

    09:11:09.0686 4932 ============================================================

    09:11:09.0686 4932 Scan finished

    09:11:09.0686 4932 ============================================================

    09:11:09.0701 0368 Detected object count: 0

    09:11:09.0701 0368 Actual detected object count: 0
  22. iH8scams

    iH8scams Newcomer, in training Topic Starter Posts: 38

    RogueKiller V8.1.1 [10/03/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com
    Operating
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 23 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\RunOnce : 109_95847513117 ("C:\Users\Meineke\AppData\Local\LogMeIn Rescue Applet\LMIR0003.tmp_r.bat") -> FOUND
    [RUN][SUSP PATH] HKUS\S-1-5-21-1723799115-427907230-1844215600-1000[...]\RunOnce : 109_95847513117 ("C:\Users\Meineke\AppData\Local\LogMeIn Rescue Applet\LMIR0003.tmp_r.bat") -> FOUND
    [TASK][BLACKLIST] {01737E60-5262-4105-BB88-FE5A39255548} : C:\Program Files (x86)\Meineke\Mkey3\MKey.exe -> FOUND
    [TASK][BLACKLIST] {1578090A-EE37-4D7F-9770-B9752FB8E325} : C:\Program Files (x86)\Meineke\Mkey3\MKey.exe -> FOUND
    [TASK][BLACKLIST] {1DE90D9B-5559-4FC6-B1B7-0C8FAE8B85E2} : C:\Program Files (x86)\Meineke\Mkey3\MKey.exe -> FOUND
    [TASK][BLACKLIST] {5D5E8FD9-1876-4247-A429-0E14C149C163} : C:\Program Files (x86)\Meineke\Mkey3\MKey.exe -> FOUND
    [TASK][BLACKLIST] {7D24B056-E7E1-41CA-9278-4B5273DFC620} : C:\Program Files (x86)\Meineke\Mkey3\MKey.exe -> FOUND
    [TASK][BLACKLIST] {7E37A33E-B776-43AA-A029-0AE5F2194C94} : C:\Program Files (x86)\Meineke\Mkey3\MKey.exe -> FOUND
    [TASK][BLACKLIST] {993C45FA-9EC8-4388-B31A-5D342BEBE463} : C:\Program Files (x86)\Meineke\Mkey3\MKey.exe -> FOUND
    [TASK][BLACKLIST] {9A41EBB0-8302-4512-AC2B-5012B42A50A8} : C:\Program Files (x86)\Meineke\Mkey3\MKey.exe -> FOUND
    [TASK][BLACKLIST] {BC5B9171-CE4F-48E9-82D5-5501FADB8BC8} : C:\Program Files (x86)\Meineke\Mkey3\MKey.exe -> FOUND
    [TASK][BLACKLIST] {CAF12BD9-8F94-48DF-8EEA-A20B32B639C7} : C:\Program Files (x86)\Meineke\Mkey3\MKey.exe -> FOUND
    [TASK][BLACKLIST] {DA888EF6-23D7-40AF-B57D-9F1A89DEFAF9} : C:\Program Files (x86)\Meineke\Mkey3\MKey.exe -> FOUND
    [TASK][BLACKLIST] {F4E6E210-47F0-4DE7-B64B-A3A0829FE5C8} : C:\Program Files (x86)\Meineke\Mkey3\MKey.exe -> FOUND
    [DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{43F88FA6-A4CD-4941-A3AF-892DDADBB228} : NameServer (216.146.35.35,216.146.36.36,209.26.88.31,204.215.43.3) -> FOUND
    [DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{43F88FA6-A4CD-4941-A3AF-892DDADBB228} : NameServer (216.146.35.35,216.146.36.36,209.26.88.31,204.215.43.3) -> FOUND
    [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
    [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
    [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
    [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Meineke\AppData\Local\{babeb83d-cb3f-7df7-b90e-f5ed8b6f3e53}\n.) -> FOUND
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver : [NOT LOADED] ¤¤¤
    ¤¤¤ Infection : ZeroAccess|Root.MBR ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: WDC WD64 00AAKS-65Z7B0 SATA Disk Device +++++
    --- User ---
    [MBR] f20b8895274faa97fc10ad77d41a65d5
    [BSP] 013490bbf7b0cdca1e05843829568fda : Windows Vista/7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 598024 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1224960000 | Size: 12354 Mo
    User = LL1 ... OK!
    User != LL2 ... KO!
    --- LL2 ---
    [MBR] f865fd65e9c3c863a930c5dd4a862f34
    [BSP] 289999ed92a6a1d82d22dd89dfce7063 : Windows 7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 264071168 | Size: 300 Mo
    +++++ PhysicalDrive1: SanDisk Cruzer USB Device +++++
    --- User ---
    [MBR] a124dc1f32b91ceacb765c7a5ad6ec2e
    [BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
    Partition table:
    0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 32 | Size: 15266 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!
    Finished : << RKreport[1].txt >>
    RKreport[1].txt
  23. iH8scams

    iH8scams Newcomer, in training Topic Starter Posts: 38

    RogueKiller V8.1.1 [10/03/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com
    Operating
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 20 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\RunOnce : 109_95847513117 ("C:\Users\Meineke\AppData\Local\LogMeIn Rescue Applet\LMIR0003.tmp_r.bat") -> DELETED
    [TASK][BLACKLIST] {01737E60-5262-4105-BB88-FE5A39255548} : C:\Program Files (x86)\Meineke\Mkey3\MKey.exe -> DELETED
    [TASK][BLACKLIST] {1578090A-EE37-4D7F-9770-B9752FB8E325} : C:\Program Files (x86)\Meineke\Mkey3\MKey.exe -> DELETED
    [TASK][BLACKLIST] {1DE90D9B-5559-4FC6-B1B7-0C8FAE8B85E2} : C:\Program Files (x86)\Meineke\Mkey3\MKey.exe -> DELETED
    [TASK][BLACKLIST] {5D5E8FD9-1876-4247-A429-0E14C149C163} : C:\Program Files (x86)\Meineke\Mkey3\MKey.exe -> DELETED
    [TASK][BLACKLIST] {7D24B056-E7E1-41CA-9278-4B5273DFC620} : C:\Program Files (x86)\Meineke\Mkey3\MKey.exe -> DELETED
    [TASK][BLACKLIST] {7E37A33E-B776-43AA-A029-0AE5F2194C94} : C:\Program Files (x86)\Meineke\Mkey3\MKey.exe -> DELETED
    [TASK][BLACKLIST] {993C45FA-9EC8-4388-B31A-5D342BEBE463} : C:\Program Files (x86)\Meineke\Mkey3\MKey.exe -> DELETED
    [TASK][BLACKLIST] {9A41EBB0-8302-4512-AC2B-5012B42A50A8} : C:\Program Files (x86)\Meineke\Mkey3\MKey.exe -> DELETED
    [TASK][BLACKLIST] {BC5B9171-CE4F-48E9-82D5-5501FADB8BC8} : C:\Program Files (x86)\Meineke\Mkey3\MKey.exe -> DELETED
    [TASK][BLACKLIST] {CAF12BD9-8F94-48DF-8EEA-A20B32B639C7} : C:\Program Files (x86)\Meineke\Mkey3\MKey.exe -> DELETED
    [TASK][BLACKLIST] {DA888EF6-23D7-40AF-B57D-9F1A89DEFAF9} : C:\Program Files (x86)\Meineke\Mkey3\MKey.exe -> DELETED
    [TASK][BLACKLIST] {F4E6E210-47F0-4DE7-B64B-A3A0829FE5C8} : C:\Program Files (x86)\Meineke\Mkey3\MKey.exe -> DELETED
    [DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{43F88FA6-A4CD-4941-A3AF-892DDADBB228} : NameServer (216.146.35.35,216.146.36.36,209.26.88.31,204.215.43.3) -> NOT REMOVED, USE DNSFIX
    [DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{43F88FA6-A4CD-4941-A3AF-892DDADBB228} : NameServer (216.146.35.35,216.146.36.36,209.26.88.31,204.215.43.3) -> NOT REMOVED, USE DNSFIX
    [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
    [HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Meineke\AppData\Local\{babeb83d-cb3f-7df7-b90e-f5ed8b6f3e53}\n.) -> REPLACED (C:\Windows\system32\shell32.dll)
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver : [NOT LOADED] ¤¤¤
    ¤¤¤ Infection : ZeroAccess|Root.MBR ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: WDC WD64 00AAKS-65Z7B0 SATA Disk Device +++++
    --- User ---
    [MBR] f20b8895274faa97fc10ad77d41a65d5
    [BSP] 013490bbf7b0cdca1e05843829568fda : Windows Vista/7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 598024 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1224960000 | Size: 12354 Mo
    User = LL1 ... OK!
    User != LL2 ... KO!
    --- LL2 ---
    [MBR] f865fd65e9c3c863a930c5dd4a862f34
    [BSP] 289999ed92a6a1d82d22dd89dfce7063 : Windows 7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 264071168 | Size: 300 Mo
    +++++ PhysicalDrive1: SanDisk Cruzer USB Device +++++
    --- User ---
    [MBR] a124dc1f32b91ceacb765c7a5ad6ec2e
    [BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
    Partition table:
    0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 32 | Size: 15266 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!
    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt
  24. iH8scams

    iH8scams Newcomer, in training Topic Starter Posts: 38

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-10-15 08:51:26
    -----------------------------
    08:51:26.592 OS Version: Windows x64 6.1.7600
    08:51:26.592 Number of processors: 2 586 0x603
    08:51:26.593 ComputerName: MEINEKE-HP UserName: Meineke
    08:51:29.237 Initialize success
    08:54:11.238 AVAST engine defs: 12101500
    08:54:29.451 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000056
    08:54:29.453 Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 11
    08:54:29.479 Disk 0 MBR read successfully
    08:54:29.483 Disk 0 MBR scan
    08:54:29.489 Disk 0 unknown MBR code
    08:54:29.496 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    08:54:29.509 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 598024 MB offset 206848
    08:54:29.548 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12354 MB offset 1224960000
    08:54:29.606 Disk 0 scanning C:\Windows\system32\drivers
    08:54:37.712 Service scanning
    08:54:55.222 Modules scanning
    08:54:55.241 Disk 0 trace - called modules:
    08:54:55.261 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys hal.dll amdsata.sys
    08:54:55.608 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80031dc060]
    08:54:55.621 3 CLASSPNP.SYS[fffff880018c243f] -> nt!IofCallDriver -> [0xfffffa800317fb80]
    08:54:55.634 5 amdxata.sys[fffff88000fcf7a8] -> nt!IofCallDriver -> \Device\00000056[0xfffffa8003178060]
    08:54:57.714 AVAST engine scan C:\Windows
    08:55:01.773 AVAST engine scan C:\Windows\system32
    08:59:43.448 AVAST engine scan C:\Windows\system32\drivers
    08:59:52.523 AVAST engine scan C:\Users\Meineke
    09:01:04.395 Disk 0 MBR has been saved successfully to "C:\Users\Meineke\Desktop\MBR.dat"
    09:01:04.402 The log file has been saved successfully to "C:\Users\Meineke\Desktop\aswMBR.txt"
  25. iH8scams

    iH8scams Newcomer, in training Topic Starter Posts: 38

    Malwarebytes Anti-Malware (Trial) 1.65.0.1400
    www.malwarebytes.org
    Database
    Windows 7 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Meineke :: MEINEKE-HP [administrator]
    Protection: Enabled
    10/15/2012 8:26:07 AM
    mbam-log-2012-10-15 (08-26-07).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 239239
    Time elapsed: 20 minute(s), 2 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.