Inactive [A] Windows has encountered a critical problem and will restart automatically in one minute

[LoganFL]

I am running Windows 7 and have not had any problems with it at all until now. The Kids were on the PC and now I get the following message.

Windows has encountered a critical problem and will restart automatically in one minute. Please save your work now.

I looked at the pinned directions, but I'm not able to start anything or scan anything because my laptop just automatically restarts before I can do anything.

I've tried hitting F8 and chose "Disable automatic restart" but I still got the error. Then I hit F8 and chose safe mode but still got the message.

Not sure what to do because I cannot run a scan or keep it from restarting.

I read the post at:

https://www.techspot.com/community/...tomatically-in-one-minute-please-save.183711/

...and downloaded Far Bar Recovery Tool

See FarBar Recovery Scans

Help is much appreaciated.

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=====================================

Please observe forum rules.
All logs have to be pasted not attached.

 

[LoganFL]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-09-2012
Ran by SYSTEM at 26-09-2012 18:40:19
Running from M:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet003
==================== Registry (Whitelisted) ===================
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10060320 2010-02-09] (Realtek Semiconductor)
HKLM\...\Run: [OOTag] C:\Program Files (x86)\Gateway\OOBEOffer\ootag.exe [13856 2010-02-22] (Microsoft)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [OOTag] C:\Program Files (x86)\Gateway\OOBEOffer\OOTag.exe [13856 2010-02-22] (Microsoft)
HKLM-x32\...\Run: [Hotkey Utility] C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe [563744 2010-03-25] ()
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-02-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe -A [124416 2009-07-20] (IOI)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot [273544 2011-05-11] (RealNetworks, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-10-09] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKU\Default\...\RunOnce: [ScrSav] C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe /default [162336 2009-07-21] ()
HKU\Default User\...\RunOnce: [ScrSav] C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe /default [162336 2009-07-21] ()
HKU\Kramer\...\Winlogon: [Shell] explorer.exe
Tcpip\Parameters: [DhcpNameServer] 172.16.2.9 172.16.2.14
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Wireless Connection Manager.lnk
ShortcutTarget: Wireless Connection Manager.lnk -> C:\Program Files (x86)\D-Link\DWA-131 revA\wirelesscm.exe (D-Link Corp.)
==================== Services (Whitelisted) ===================
2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-07] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-07] (Malwarebytes Corporation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 WlanWpsSvc; C:\Program Files (x86)\D-Link\DWA-131 revA\WlanWpsSvc.exe [167936 2008-06-26] ()
==================== Drivers (Whitelisted) =====================
3 MBAMProtector; \??\C:\windows\system32\drivers\mbam.sys [25928 2012-09-07] (Malwarebytes Corporation)
1 abkwauex; \??\C:\windows\system32\drivers\abkwauex.sys [x]
1 aceqwbxo; \??\C:\windows\system32\drivers\aceqwbxo.sys [x]
1 advktutr; \??\C:\windows\system32\drivers\advktutr.sys [x]
1 axupfqfh; \??\C:\windows\system32\drivers\axupfqfh.sys [x]
1 ayliigwa; \??\C:\windows\system32\drivers\ayliigwa.sys [x]
1 bnponjco; \??\C:\windows\system32\drivers\bnponjco.sys [x]
1 bptpdmhg; \??\C:\windows\system32\drivers\bptpdmhg.sys [x]
1 bujjhpdo; \??\C:\windows\system32\drivers\bujjhpdo.sys [x]
1 bwkzulcu; \??\C:\windows\system32\drivers\bwkzulcu.sys [x]
1 cwtiojrz; \??\C:\windows\system32\drivers\cwtiojrz.sys [x]
1 dmyzfeij; \??\C:\windows\system32\drivers\dmyzfeij.sys [x]
1 dqlbkdds; \??\C:\windows\system32\drivers\dqlbkdds.sys [x]
1 eniimnkt; \??\C:\windows\system32\drivers\eniimnkt.sys [x]
1 enzhlkhn; \??\C:\windows\system32\drivers\enzhlkhn.sys [x]
1 eovjusja; \??\C:\windows\system32\drivers\eovjusja.sys [x]
1 fxujspjl; \??\C:\windows\system32\drivers\fxujspjl.sys [x]
1 gdabixdi; \??\C:\windows\system32\drivers\gdabixdi.sys [x]
1 ghikqusz; \??\C:\windows\system32\drivers\ghikqusz.sys [x]
1 gtgbsirt; \??\C:\windows\system32\drivers\gtgbsirt.sys [x]
1 hhtphoej; \??\C:\windows\system32\drivers\hhtphoej.sys [x]
1 hhzptcge; \??\C:\windows\system32\drivers\hhzptcge.sys [x]
1 hlfemnbb; \??\C:\windows\system32\drivers\hlfemnbb.sys [x]
1 hoxeizna; \??\C:\windows\system32\drivers\hoxeizna.sys [x]
1 ifeqtbgm; \??\C:\windows\system32\drivers\ifeqtbgm.sys [x]
1 ittsnoqk; \??\C:\windows\system32\drivers\ittsnoqk.sys [x]
1 iuximbmd; \??\C:\windows\system32\drivers\iuximbmd.sys [x]
1 javtltjs; \??\C:\windows\system32\drivers\javtltjs.sys [x]
1 jhxzxvrz; \??\C:\windows\system32\drivers\jhxzxvrz.sys [x]
1 jkbbvxuq; \??\C:\windows\system32\drivers\jkbbvxuq.sys [x]
1 jlewehws; \??\C:\windows\system32\drivers\jlewehws.sys [x]
1 judrddme; \??\C:\windows\system32\drivers\judrddme.sys [x]
1 jxgmiwwg; \??\C:\windows\system32\drivers\jxgmiwwg.sys [x]
1 kkeusoiq; \??\C:\windows\system32\drivers\kkeusoiq.sys [x]
1 laqahmlw; \??\C:\windows\system32\drivers\laqahmlw.sys [x]
1 lhewdhgq; \??\C:\windows\system32\drivers\lhewdhgq.sys [x]
1 ltanygsl; \??\C:\windows\system32\drivers\ltanygsl.sys [x]
1 lzpiuzyn; \??\C:\windows\system32\drivers\lzpiuzyn.sys [x]
1 mnuvxmbo; \??\C:\windows\system32\drivers\mnuvxmbo.sys [x]
1 MpKsl8a5e1c4d; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EB46E32C-BFF0-4944-9AB1-4F56D02CB41A}\MpKsl8a5e1c4d.sys [x]
1 msirjabi; \??\C:\windows\system32\drivers\msirjabi.sys [x]
1 nmpklwil; \??\C:\windows\system32\drivers\nmpklwil.sys [x]
1 nopljnoe; \??\C:\windows\system32\drivers\nopljnoe.sys [x]
1 nzwlqkqp; \??\C:\windows\system32\drivers\nzwlqkqp.sys [x]
1 obzlorrs; \??\C:\windows\system32\drivers\obzlorrs.sys [x]
1 oetgmrfm; \??\C:\windows\system32\drivers\oetgmrfm.sys [x]
1 olgbjcji; \??\C:\windows\system32\drivers\olgbjcji.sys [x]
1 ousjkfuk; \??\C:\windows\system32\drivers\ousjkfuk.sys [x]
1 oyxhvvwb; \??\C:\windows\system32\drivers\oyxhvvwb.sys [x]
1 peweenfk; \??\C:\windows\system32\drivers\peweenfk.sys [x]
1 pjnflcii; \??\C:\windows\system32\drivers\pjnflcii.sys [x]
1 pnoknfey; \??\C:\windows\system32\drivers\pnoknfey.sys [x]
1 pqhxxuyb; \??\C:\windows\system32\drivers\pqhxxuyb.sys [x]
1 qafrozlo; \??\C:\windows\system32\drivers\qafrozlo.sys [x]
1 qjpzapdu; \??\C:\windows\system32\drivers\qjpzapdu.sys [x]
1 qpeifyjb; \??\C:\windows\system32\drivers\qpeifyjb.sys [x]
1 rgigtrkx; \??\C:\windows\system32\drivers\rgigtrkx.sys [x]
1 rjhczumt; \??\C:\windows\system32\drivers\rjhczumt.sys [x]
1 rlyudeos; \??\C:\windows\system32\drivers\rlyudeos.sys [x]
1 rncuhlea; \??\C:\windows\system32\drivers\rncuhlea.sys [x]
1 rqnrfczg; \??\C:\windows\system32\drivers\rqnrfczg.sys [x]
1 rsyfbltc; \??\C:\windows\system32\drivers\rsyfbltc.sys [x]
1 rwmstdus; \??\C:\windows\system32\drivers\rwmstdus.sys [x]
1 seblolei; \??\C:\windows\system32\drivers\seblolei.sys [x]
1 sflicxpi; \??\C:\windows\system32\drivers\sflicxpi.sys [x]
1 sosptvwk; \??\C:\windows\system32\drivers\sosptvwk.sys [x]
1 tgvlhgkv; \??\C:\windows\system32\drivers\tgvlhgkv.sys [x]
1 tslnmgeu; \??\C:\windows\system32\drivers\tslnmgeu.sys [x]
1 tuywnzgr; \??\C:\windows\system32\drivers\tuywnzgr.sys [x]
1 ulqgnxyt; \??\C:\windows\system32\drivers\ulqgnxyt.sys [x]
1 vaxyojla; \??\C:\windows\system32\drivers\vaxyojla.sys [x]
1 vfdtbtrw; \??\C:\windows\system32\drivers\vfdtbtrw.sys [x]
1 vjhtqvrk; \??\C:\windows\system32\drivers\vjhtqvrk.sys [x]
1 vkkkdtka; \??\C:\windows\system32\drivers\vkkkdtka.sys [x]
1 vodfchao; \??\C:\windows\system32\drivers\vodfchao.sys [x]
1 vrmkigxf; \??\C:\windows\system32\drivers\vrmkigxf.sys [x]
1 vwrnatzu; \??\C:\windows\system32\drivers\vwrnatzu.sys [x]
1 vxubfnbb; \??\C:\windows\system32\drivers\vxubfnbb.sys [x]
1 wnlxbedh; \??\C:\windows\system32\drivers\wnlxbedh.sys [x]
1 xbgnicsz; \??\C:\windows\system32\drivers\xbgnicsz.sys [x]
1 xddcxets; \??\C:\windows\system32\drivers\xddcxets.sys [x]
1 xvkwxxuz; \??\C:\windows\system32\drivers\xvkwxxuz.sys [x]
1 xvsgnwxf; \??\C:\windows\system32\drivers\xvsgnwxf.sys [x]
1 ybjfoucg; \??\C:\windows\system32\drivers\ybjfoucg.sys [x]
1 yrrotsvw; \??\C:\windows\system32\drivers\yrrotsvw.sys [x]
1 ywrqxmbq; \??\C:\windows\system32\drivers\ywrqxmbq.sys [x]
==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========
2012-09-26 18:40 - 2012-09-26 18:40 - 00000000 ____D C:\FRST
2012-09-26 14:16 - 2012-09-26 14:16 - 00001277 ____A C:\Users\Kramer\Desktop\shutdown.lnk
2012-09-24 09:39 - 2012-09-24 09:39 - 00275120 ____A C:\Windows\Minidump\092412-48407-01.dmp
2012-09-24 09:31 - 2012-09-24 09:31 - 00275120 ____A C:\Windows\Minidump\092412-49639-01.dmp
2012-09-20 16:32 - 2012-09-20 16:32 - 00049872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dfacpdzs.sys
2012-09-20 09:56 - 2012-09-20 09:56 - 00275120 ____A C:\Windows\Minidump\092012-26925-01.dmp
2012-09-18 13:14 - 2012-09-24 11:02 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-09-18 13:14 - 2012-09-24 11:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-09-18 12:58 - 2009-07-13 17:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
2012-09-18 12:33 - 2012-09-18 12:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.97A159B8F515634C
2012-09-18 12:29 - 2012-09-18 12:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AB8A428CBE19027D
2012-09-18 12:24 - 2012-09-18 12:24 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AFE5D28568E95ECF
2012-09-18 12:15 - 2012-09-18 12:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1F1E41CB40AD8806
2012-09-18 12:11 - 2012-09-18 12:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BBFD8F9DE5FBE9A9
2012-09-18 12:07 - 2012-09-18 12:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9A77785F21F9E872
2012-09-18 12:03 - 2012-09-18 12:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A893898FF3A24B95
2012-09-18 11:59 - 2012-09-18 11:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.12E177F94D508123
2012-09-18 11:45 - 2012-09-18 11:45 - 12621696 ____A (Microsoft Corporation) C:\Users\Kramer\Downloads\mseinstall (9).exe
2012-09-16 16:27 - 2012-09-16 16:29 - 00000000 ____D C:\Users\Kramer\Documents\Daulton writing
2012-09-14 04:31 - 2012-09-14 04:31 - 00000000 ____D C:\Users\Default\AppData\Roaming\Apple Computer
2012-09-14 04:31 - 2012-09-14 04:31 - 00000000 ____D C:\Users\Default\AppData\Local\Apple Computer
2012-09-14 04:31 - 2012-09-14 04:31 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Apple Computer
2012-09-14 04:31 - 2012-09-14 04:31 - 00000000 ____D C:\Users\Default User\AppData\Local\Apple Computer
2012-09-06 08:55 - 2012-09-06 09:37 - 00000000 ____D C:\Users\Kramer\Desktop\invoices
2012-09-04 10:23 - 2012-09-04 10:23 - 13243592 ____A C:\Users\Kramer\Downloads\mp3rocket (9).exe
2012-09-03 15:03 - 2012-09-03 15:03 - 00245394 ____A C:\Users\Kramer\Downloads\Wiz Khalifa-Don't Lie.m4r
2012-09-03 14:24 - 2012-09-03 14:24 - 13243592 ____A C:\Users\Kramer\Downloads\mp3rocket (8).exe
2012-08-29 16:10 - 2012-09-26 14:32 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-29 16:10 - 2012-09-24 14:29 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-29 16:10 - 2012-09-04 10:21 - 00002311 ____A C:\Users\Public\Desktop\Google Chrome.lnk
==================== 3 Months Modified Files ==================
2012-09-26 14:32 - 2012-08-29 16:10 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-09-26 14:30 - 2012-08-04 21:12 - 00042268 ____A C:\Windows\setupact.log
2012-09-26 14:30 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-26 14:16 - 2012-09-26 14:16 - 00001277 ____A C:\Users\Kramer\Desktop\shutdown.lnk
2012-09-24 15:30 - 2012-08-01 15:45 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-09-24 14:29 - 2012-08-29 16:10 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-09-24 13:51 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-24 13:51 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-24 13:49 - 2010-08-11 14:45 - 01996994 ____A C:\Windows\WindowsUpdate.log
2012-09-24 09:39 - 2012-09-24 09:39 - 00275120 ____A C:\Windows\Minidump\092412-48407-01.dmp
2012-09-24 09:38 - 2012-08-20 13:33 - 438373618 ____A C:\Windows\MEMORY.DMP
2012-09-24 09:38 - 2012-08-15 23:20 - 00025174 ____A C:\Windows\PFRO.log
2012-09-24 09:31 - 2012-09-24 09:31 - 00275120 ____A C:\Windows\Minidump\092412-49639-01.dmp
2012-09-20 16:32 - 2012-09-20 16:32 - 00049872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dfacpdzs.sys
2012-09-20 13:39 - 2009-07-13 21:08 - 00032622 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-09-20 09:56 - 2012-09-20 09:56 - 00275120 ____A C:\Windows\Minidump\092012-26925-01.dmp
2012-09-18 13:40 - 2011-11-21 04:18 - 00002243 ____A C:\Windows\epplauncher.mif
2012-09-18 13:14 - 2011-11-21 04:17 - 00743364 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-09-18 12:38 - 2012-08-26 13:42 - 00001080 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-18 12:33 - 2012-09-18 12:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.97A159B8F515634C
2012-09-18 12:29 - 2012-09-18 12:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AB8A428CBE19027D
2012-09-18 12:24 - 2012-09-18 12:24 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AFE5D28568E95ECF
2012-09-18 12:15 - 2012-09-18 12:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1F1E41CB40AD8806
2012-09-18 12:11 - 2012-09-18 12:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BBFD8F9DE5FBE9A9
2012-09-18 12:07 - 2012-09-18 12:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9A77785F21F9E872
2012-09-18 12:03 - 2012-09-18 12:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A893898FF3A24B95
2012-09-18 11:59 - 2012-09-18 11:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.12E177F94D508123
2012-09-18 11:45 - 2012-09-18 11:45 - 12621696 ____A (Microsoft Corporation) C:\Users\Kramer\Downloads\mseinstall (9).exe
2012-09-07 13:04 - 2012-08-26 13:42 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-06 09:47 - 2009-07-13 21:13 - 00726270 ____A C:\Windows\System32\PerfStringBackup.INI
2012-09-04 10:23 - 2012-09-04 10:23 - 13243592 ____A C:\Users\Kramer\Downloads\mp3rocket (9).exe
2012-09-04 10:21 - 2012-08-29 16:10 - 00002311 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-09-03 15:03 - 2012-09-03 15:03 - 00245394 ____A C:\Users\Kramer\Downloads\Wiz Khalifa-Don't Lie.m4r
2012-09-03 14:24 - 2012-09-03 14:24 - 13243592 ____A C:\Users\Kramer\Downloads\mp3rocket (8).exe
2012-08-29 16:09 - 2012-08-01 15:45 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-29 16:09 - 2011-08-17 06:08 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-26 14:34 - 2012-08-26 14:34 - 00275120 ____A C:\Windows\Minidump\082612-31824-01.dmp
2012-08-26 14:10 - 2012-08-26 14:10 - 00000170 ____A C:\Windows\wininit.ini
2012-08-26 14:08 - 2012-02-01 12:01 - 00000866 ____A C:\Windows\SysWOW64\InstallUtil.InstallLog
2012-08-25 06:50 - 2012-08-25 06:49 - 00275120 ____A C:\Windows\Minidump\082512-29437-01.dmp
2012-08-23 15:06 - 2012-08-23 15:06 - 02439968 ____A (iMesh Inc. ) C:\Users\Kramer\Downloads\iMeshV11.exe
2012-08-22 10:59 - 2009-07-13 15:19 - 00329216 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-08-22 10:55 - 2012-08-22 10:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3504A6188679E8EB
2012-08-22 10:53 - 2012-08-22 10:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.357E7070B02E7D84
2012-08-22 10:51 - 2012-08-22 10:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6182092A370D0080
2012-08-22 10:48 - 2012-08-22 10:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B31EBFC6DBD10F11
2012-08-22 10:46 - 2012-08-22 10:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D5623C352D85D184
2012-08-22 10:38 - 2012-08-22 10:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.438CFEE915C79A29
2012-08-22 10:34 - 2012-08-22 10:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.09EC11E4F52ED389
2012-08-22 10:31 - 2012-08-22 10:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F0DFBEA0141AF6A5
2012-08-22 10:28 - 2012-08-22 10:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2900F90E4787AC29
2012-08-22 10:25 - 2012-08-22 10:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.96EFFC286428E922
2012-08-22 10:21 - 2012-08-22 10:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A827D935C7296678
2012-08-22 10:18 - 2012-08-22 10:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F7F45EFDEFDED93F
2012-08-22 10:15 - 2012-08-22 10:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6AC01C21931FF517
2012-08-22 10:11 - 2012-08-22 10:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.434511BB4816BF31
2012-08-22 10:08 - 2012-08-22 10:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.911351A1E57716E6
2012-08-22 10:00 - 2012-08-22 10:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.92CE15AA066CD124
2012-08-22 09:45 - 2012-08-22 09:45 - 12621696 ____A (Microsoft Corporation) C:\Users\Kramer\Downloads\mseinstall (8).exe
2012-08-20 15:21 - 2012-08-20 15:21 - 12621696 ____A (Microsoft Corporation) C:\Users\Kramer\Downloads\mseinstall (7).exe
2012-08-20 15:20 - 2012-08-20 15:20 - 12621696 ____A (Microsoft Corporation) C:\Users\Kramer\Downloads\mseinstall (6).exe
2012-08-20 15:20 - 2012-08-20 15:20 - 12621696 ____A (Microsoft Corporation) C:\Users\Kramer\Downloads\mseinstall (5).exe
2012-08-20 13:37 - 2012-08-20 13:37 - 00275120 ____A C:\Windows\Minidump\082012-22573-01.dmp
2012-08-20 13:33 - 2012-08-20 13:33 - 00275120 ____A C:\Windows\Minidump\082012-27144-01.dmp
2012-08-20 07:41 - 2012-08-20 07:41 - 10288512 ____A (Microsoft Corporation) C:\Users\Kramer\Downloads\mseinstall (4).exe
2012-08-20 07:41 - 2012-08-20 07:41 - 10288512 ____A (Microsoft Corporation) C:\Users\Kramer\Downloads\mseinstall (3).exe
2012-08-20 07:40 - 2012-08-20 07:40 - 12621696 ____A (Microsoft Corporation) C:\Users\Kramer\Downloads\mseinstall (2).exe
2012-08-20 07:40 - 2012-08-20 07:40 - 12621696 ____A (Microsoft Corporation) C:\Users\Kramer\Downloads\mseinstall (1).exe
2012-08-19 16:54 - 2012-08-19 16:54 - 13243592 ____A C:\Users\Kramer\Downloads\mp3rocket (7).exe
2012-08-18 08:55 - 2012-08-18 08:55 - 00079152 ____A C:\Users\caitlyn\AppData\Local\GDIPFONTCACHEV1.DAT
2012-08-18 08:55 - 2012-08-18 08:55 - 00000020 ___SH C:\Users\caitlyn\ntuser.ini
2012-08-15 23:20 - 2009-07-13 20:45 - 00343552 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-15 23:00 - 2011-03-17 14:41 - 62134624 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-08-14 11:18 - 2012-08-14 11:18 - 13243592 ____A C:\Users\Kramer\Downloads\mp3rocket (6).exe
2012-08-04 21:12 - 2012-08-04 21:12 - 00000000 ____A C:\Windows\setuperr.log
2012-08-01 08:13 - 2012-08-01 08:13 - 13243592 ____A C:\Users\Kramer\Downloads\mp3rocket (5).exe
2012-07-28 19:00 - 2012-07-28 19:00 - 03846702 ____A C:\Users\Kramer\Downloads\Zelda_4.zip
2012-07-28 15:19 - 2012-07-28 15:19 - 00278561 ____A C:\Users\Kramer\Downloads\Minecraft.exe
2012-07-26 11:20 - 2012-07-26 11:19 - 13243592 ____A C:\Users\Kramer\Downloads\mp3rocket (4).exe
2012-07-18 10:15 - 2012-08-15 01:00 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-11 06:49 - 2012-07-11 06:49 - 13249904 ____A C:\Users\Kramer\Downloads\mp3rocket (3).exe
2012-07-04 14:16 - 2012-08-15 01:00 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-07-04 14:13 - 2012-08-15 01:00 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-07-04 14:13 - 2012-08-15 01:00 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-07-04 13:16 - 2012-08-15 01:00 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-07-04 13:14 - 2012-08-15 01:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-06-29 07:44 - 2012-06-29 07:44 - 13249904 ____A C:\Users\Kramer\Downloads\mp3rocket (2).exe

ZeroAccess:
C:\Windows\Installer\{4279323e-47e4-8d45-e525-949b714e56d5}
C:\Windows\Installer\{4279323e-47e4-8d45-e525-949b714e56d5}\@
C:\Windows\Installer\{4279323e-47e4-8d45-e525-949b714e56d5}\L
C:\Windows\Installer\{4279323e-47e4-8d45-e525-949b714e56d5}\U
C:\Windows\Installer\{4279323e-47e4-8d45-e525-949b714e56d5}\L\00000004.@
C:\Windows\Installer\{4279323e-47e4-8d45-e525-949b714e56d5}\L\201d3dde
C:\Windows\Installer\{4279323e-47e4-8d45-e525-949b714e56d5}\U\00000004.@
ZeroAccess:
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{4279323e-47e4-8d45-e525-949b714e56d5}
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{4279323e-47e4-8d45-e525-949b714e56d5}\@
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{4279323e-47e4-8d45-e525-949b714e56d5}\L
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{4279323e-47e4-8d45-e525-949b714e56d5}\U
ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini
ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini
ATTENTION: ========> Check for possible partition/boot infection:
C:\Windows\svchost.exe
==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2012-08-15 08:38:59
Restore point made on: 2012-08-15 23:00:15
Restore point made on: 2012-08-26 13:35:11
Restore point made on: 2012-08-26 13:37:15
Restore point made on: 2012-08-26 13:37:53
Restore point made on: 2012-08-26 13:41:58
Restore point made on: 2012-08-26 14:06:18
Restore point made on: 2012-08-26 14:25:56
Restore point made on: 2012-08-26 14:26:16
Restore point made on: 2012-09-10 09:04:52
Restore point made on: 2012-09-10 09:07:57
Restore point made on: 2012-09-24 13:37:07
==================== Memory info ===========================
Percentage of memory in use: 14%
Total physical RAM: 5871.76 MB
Available physical RAM: 5033.07 MB
Total Pagefile: 5869.91 MB
Available Pagefile: 5021.96 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
==================== Partitions =============================
1 Drive c: (Gateway) (Fixed) (Total:581.01 GB) (Free:473.38 GB) NTFS
3 Drive f: (PQSERVICE) (Fixed) (Total:15 GB) (Free:4.3 GB) NTFS
10 Drive m: (KINGSTON) (Removable) (Total:3.65 GB) (Free:1.79 GB) FAT32
11 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
12 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 596 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B
Disk 6 Online 3745 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 0 B 8 KB
Partition 2 Recovery 15 GB 1024 KB
Partition 3 Primary 100 MB 15 GB
Partition 4 Primary 581 GB 15 GB
==================================================================================
Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E RAW Partition 0 B Healthy Hidden
=========================================================
Disk: 0
Partition 2
Type : 27
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F PQSERVICE NTFS Partition 15 GB Healthy Hidden
=========================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM RESE NTFS Partition 100 MB Healthy
=========================================================
Disk: 0
Partition 4
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C Gateway NTFS Partition 581 GB Healthy
=========================================================
Partitions of Disk 6:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3741 MB 4032 KB
==================================================================================
Disk: 6
Partition 1
Type : 0C
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 10 M KINGSTON FAT32 Removable 3741 MB Healthy
=========================================================
Last Boot: 2011-11-30 21:47
==================== End Of Log =============================

 

[LoganFL]

Farbar Recovery Scan Tool (x64) Version: 25-09-2012
Ran by SYSTEM at 2012-09-26 18:43:33
Running from M:\
================== Search: "services.exe" ===================
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2012-08-22 10:59] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC
====== End Of Search ======

 

[Broni]

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next...

Restart normally.

====================================

Download TDSSKiller and save it to your desktop.

• Extract (unzip) its contents to your desktop.
• Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

==================================

• Download RogueKiller on the desktop
• Close all the running programs
• Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

=================================

Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
Alternate download: http://www.filehippo.com/download_malwarebytes_anti_malware/
NOTE. If you already have MBAM installed, update it before running the scan.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer IF MBAM asks you to do so.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

==================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

 

[LoganFL]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-09-2012
Ran by SYSTEM at 2012-09-27 06:46:03 Run:1
Running from M:\
==============================================
HKEY_LOCAL_MACHINE\System\ControlSet003\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
C:\Windows\System32\consrv.dll not found.
abkwauex service deleted successfully.
aceqwbxo service deleted successfully.
advktutr service deleted successfully.
axupfqfh service deleted successfully.
ayliigwa service deleted successfully.
bnponjco service deleted successfully.
bptpdmhg service deleted successfully.
bujjhpdo service deleted successfully.
bwkzulcu service deleted successfully.
cwtiojrz service deleted successfully.
dmyzfeij service deleted successfully.
dqlbkdds service deleted successfully.
eniimnkt service deleted successfully.
enzhlkhn service deleted successfully.
eovjusja service deleted successfully.
fxujspjl service deleted successfully.
gdabixdi service deleted successfully.
ghikqusz service deleted successfully.
gtgbsirt service deleted successfully.
hhtphoej service deleted successfully.
hhzptcge service deleted successfully.
hlfemnbb service deleted successfully.
hoxeizna service deleted successfully.
ifeqtbgm service deleted successfully.
ittsnoqk service deleted successfully.
iuximbmd service deleted successfully.
javtltjs service deleted successfully.
jhxzxvrz service deleted successfully.
jkbbvxuq service deleted successfully.
jlewehws service deleted successfully.
judrddme service deleted successfully.
jxgmiwwg service deleted successfully.
kkeusoiq service deleted successfully.
laqahmlw service deleted successfully.
lhewdhgq service deleted successfully.
ltanygsl service deleted successfully.
lzpiuzyn service deleted successfully.
mnuvxmbo service deleted successfully.
msirjabi service deleted successfully.
nmpklwil service deleted successfully.
nopljnoe service deleted successfully.
nzwlqkqp service deleted successfully.
obzlorrs service deleted successfully.
oetgmrfm service deleted successfully.
olgbjcji service deleted successfully.
ousjkfuk service deleted successfully.
oyxhvvwb service deleted successfully.
peweenfk service deleted successfully.
pjnflcii service deleted successfully.
pnoknfey service deleted successfully.
pqhxxuyb service deleted successfully.
qafrozlo service deleted successfully.
qjpzapdu service deleted successfully.
qpeifyjb service deleted successfully.
rgigtrkx service deleted successfully.
rjhczumt service deleted successfully.
rlyudeos service deleted successfully.
rncuhlea service deleted successfully.
rqnrfczg service deleted successfully.
rsyfbltc service deleted successfully.
rwmstdus service deleted successfully.
seblolei service deleted successfully.
sflicxpi service deleted successfully.
sosptvwk service deleted successfully.
tgvlhgkv service deleted successfully.
tslnmgeu service deleted successfully.
tuywnzgr service deleted successfully.
ulqgnxyt service deleted successfully.
vaxyojla service deleted successfully.
vfdtbtrw service deleted successfully.
vjhtqvrk service deleted successfully.
vkkkdtka service deleted successfully.
vodfchao service deleted successfully.
vrmkigxf service deleted successfully.
vwrnatzu service deleted successfully.
vxubfnbb service deleted successfully.
wnlxbedh service deleted successfully.
xbgnicsz service deleted successfully.
xddcxets service deleted successfully.
xvkwxxuz service deleted successfully.
xvsgnwxf service deleted successfully.
ybjfoucg service deleted successfully.
yrrotsvw service deleted successfully.
ywrqxmbq service deleted successfully.
C:\Windows\System32\Drivers\dfacpdzs.sys moved successfully.
C:\Windows\System32\services.exe.97A159B8F515634C moved successfully.
C:\Windows\System32\services.exe.AB8A428CBE19027D moved successfully.
C:\Windows\System32\services.exe.AFE5D28568E95ECF moved successfully.
C:\Windows\System32\services.exe.1F1E41CB40AD8806 moved successfully.
C:\Windows\System32\services.exe.BBFD8F9DE5FBE9A9 moved successfully.
C:\Windows\System32\services.exe.9A77785F21F9E872 moved successfully.
C:\Windows\System32\services.exe.A893898FF3A24B95 moved successfully.
C:\Windows\System32\services.exe.12E177F94D508123 moved successfully.
C:\Windows\System32\services.exe.3504A6188679E8EB moved successfully.
C:\Windows\System32\services.exe.357E7070B02E7D84 moved successfully.
C:\Windows\System32\services.exe.6182092A370D0080 moved successfully.
C:\Windows\System32\services.exe.B31EBFC6DBD10F11 moved successfully.
C:\Windows\System32\services.exe.D5623C352D85D184 moved successfully.
C:\Windows\System32\services.exe.438CFEE915C79A29 moved successfully.
C:\Windows\System32\services.exe.09EC11E4F52ED389 moved successfully.
C:\Windows\System32\services.exe.F0DFBEA0141AF6A5 moved successfully.
C:\Windows\System32\services.exe.2900F90E4787AC29 moved successfully.
C:\Windows\System32\services.exe.96EFFC286428E922 moved successfully.
C:\Windows\System32\services.exe.A827D935C7296678 moved successfully.
C:\Windows\System32\services.exe.F7F45EFDEFDED93F moved successfully.
C:\Windows\System32\services.exe.6AC01C21931FF517 moved successfully.
C:\Windows\System32\services.exe.434511BB4816BF31 moved successfully.
C:\Windows\System32\services.exe.911351A1E57716E6 moved successfully.
C:\Windows\System32\services.exe.92CE15AA066CD124 moved successfully.
C:\Windows\Installer\{4279323e-47e4-8d45-e525-949b714e56d5} moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{4279323e-47e4-8d45-e525-949b714e56d5} moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
C:\Windows\svchost.exe moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe
==== End of Fixlog ====

 

[LoganFL]

On first normal reboot I get a Windows Blue Screen after about 1 minute.

Rebooted normally again and ran TDSSKiller, ran successfully, found one threat and cured it, asked to reboot and before I could hit reboot it blue screened again. I will try to get the Log.txt and post.

 

[LoganFL]

07:18:41.0573 0120 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
07:18:41.0998 0120 ============================================================
07:18:41.0998 0120 Current date / time: 2012/09/27 07:18:41.0998
07:18:41.0998 0120 SystemInfo:
07:18:41.0998 0120
07:18:41.0998 0120 OS Version: 6.1.7601 ServicePack: 1.0
07:18:41.0998 0120 Product type: Workstation
07:18:41.0998 0120 ComputerName: KRAMERMN
07:18:41.0998 0120 UserName: Kramer
07:18:41.0998 0120 Windows directory: C:\windows
07:18:41.0998 0120 System windows directory: C:\windows
07:18:41.0998 0120 Running under WOW64
07:18:41.0998 0120 Processor architecture: Intel x64
07:18:41.0998 0120 Number of processors: 4
07:18:41.0999 0120 Page size: 0x1000
07:18:41.0999 0120 Boot type: Normal boot
07:18:41.0999 0120 ============================================================
07:18:42.0339 0120 BG loaded
07:18:42.0585 0120 Drive \Device\Harddisk0\DR0 - Size: 0x9507050000 (596.11 Gb), SectorSize: 0x200, Cylinders: 0x12FF9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
07:18:42.0649 0120 Drive \Device\Harddisk6\DR6 - Size: 0xEA108000 (3.66 Gb), SectorSize: 0x200, Cylinders: 0x1DD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
07:18:42.0651 0120 ============================================================
07:18:42.0651 0120 \Device\Harddisk0\DR0:
07:18:42.0651 0120 MBR partitions:
07:18:42.0651 0120 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
07:18:42.0651 0120 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x48A05000
07:18:42.0651 0120 \Device\Harddisk6\DR6:
07:18:42.0652 0120 MBR partitions:
07:18:42.0652 0120 \Device\Harddisk6\DR6\Partition1: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0x74E8C0
07:18:42.0652 0120 ============================================================
07:18:42.0718 0120 C: <-> \Device\Harddisk0\DR0\Partition2
07:18:42.0718 0120 ============================================================
07:18:42.0718 0120 Initialize success
07:18:42.0718 0120 ============================================================
07:18:43.0669 1924 ============================================================
07:18:43.0669 1924 Scan started
07:18:43.0669 1924 Mode: Manual;
07:18:43.0669 1924 ============================================================
07:18:43.0832 1924 ================ Scan system memory ========================
07:18:43.0832 1924 System memory - ok
07:18:43.0833 1924 ================ Scan services =============================
07:18:43.0962 1924 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
07:18:43.0967 1924 1394ohci - ok
07:18:44.0062 1924 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
07:18:44.0068 1924 ACPI - ok
07:18:44.0101 1924 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
07:18:44.0102 1924 AcpiPmi - ok
07:18:44.0178 1924 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
07:18:44.0180 1924 AdobeARMservice - ok
07:18:44.0277 1924 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
07:18:44.0281 1924 AdobeFlashPlayerUpdateSvc - ok
07:18:44.0329 1924 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
07:18:44.0337 1924 adp94xx - ok
07:18:44.0362 1924 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
07:18:44.0367 1924 adpahci - ok
07:18:44.0378 1924 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
07:18:44.0380 1924 adpu320 - ok
07:18:44.0421 1924 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
07:18:44.0422 1924 AeLookupSvc - ok
07:18:44.0472 1924 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
07:18:44.0480 1924 AFD - ok
07:18:44.0523 1924 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
07:18:44.0524 1924 agp440 - ok
07:18:44.0545 1924 [ 367BB1682A128DDF23182B370769771E ] ahcix64s C:\windows\system32\DRIVERS\ahcix64s.sys
07:18:44.0547 1924 ahcix64s - ok
07:18:44.0562 1924 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
07:18:44.0563 1924 ALG - ok
07:18:44.0586 1924 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
07:18:44.0586 1924 aliide - ok
07:18:44.0606 1924 [ E0FD88EAD5D8B1FAE64A500D1D825C6D ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
07:18:44.0608 1924 AMD External Events Utility - ok
07:18:44.0622 1924 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
07:18:44.0622 1924 amdide - ok
07:18:44.0647 1924 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
07:18:44.0648 1924 AmdK8 - ok
07:18:44.0809 1924 [ 9337B5FABC03CA44CD355F700DA9B25B ] amdkmdag C:\windows\system32\DRIVERS\atipmdag.sys
07:18:44.0843 1924 amdkmdag - ok
07:18:44.0872 1924 [ 560688A447E7A87F43774A2FF23A3E52 ] amdkmdap C:\windows\system32\DRIVERS\atikmpag.sys
07:18:44.0873 1924 amdkmdap - ok
07:18:44.0893 1924 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
07:18:44.0893 1924 AmdPPM - ok
07:18:44.0916 1924 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
07:18:44.0918 1924 amdsata - ok
07:18:44.0947 1924 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
07:18:44.0949 1924 amdsbs - ok
07:18:44.0961 1924 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
07:18:44.0962 1924 amdxata - ok
07:18:44.0982 1924 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
07:18:44.0983 1924 AppID - ok
07:18:44.0995 1924 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
07:18:44.0996 1924 AppIDSvc - ok
07:18:45.0016 1924 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
07:18:45.0017 1924 Appinfo - ok
07:18:45.0074 1924 [ D8E18021F91AD79CA8491CB5A5DA22D4 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
07:18:45.0076 1924 Apple Mobile Device - ok
07:18:45.0091 1924 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\DRIVERS\arc.sys
07:18:45.0093 1924 arc - ok
07:18:45.0102 1924 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
07:18:45.0103 1924 arcsas - ok
07:18:45.0124 1924 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
07:18:45.0125 1924 AsyncMac - ok
07:18:45.0143 1924 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
07:18:45.0144 1924 atapi - ok
07:18:45.0175 1924 [ 77C149E6D702737B2E372DEE166FAEF8 ] AtiHdmiService C:\windows\system32\drivers\AtiHdmi.sys
07:18:45.0176 1924 AtiHdmiService - ok
07:18:45.0193 1924 [ C07A040D6B5A42DD41EE386CF90974C8 ] AtiPcie C:\windows\system32\DRIVERS\AtiPcie.sys
07:18:45.0193 1924 AtiPcie - ok
07:18:45.0227 1924 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
07:18:45.0233 1924 AudioEndpointBuilder - ok
07:18:45.0269 1924 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
07:18:45.0274 1924 AudioSrv - ok
07:18:45.0294 1924 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
07:18:45.0296 1924 AxInstSV - ok
07:18:45.0320 1924 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys
07:18:45.0324 1924 b06bdrv - ok
07:18:45.0358 1924 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
07:18:45.0361 1924 b57nd60a - ok
07:18:45.0397 1924 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
07:18:45.0398 1924 BDESVC - ok
07:18:45.0425 1924 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
07:18:45.0426 1924 Beep - ok
07:18:45.0472 1924 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
07:18:45.0473 1924 blbdrive - ok
07:18:45.0517 1924 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
07:18:45.0525 1924 Bonjour Service - ok
07:18:45.0558 1924 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
07:18:45.0560 1924 bowser - ok
07:18:45.0569 1924 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
07:18:45.0570 1924 BrFiltLo - ok
07:18:45.0580 1924 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
07:18:45.0581 1924 BrFiltUp - ok
07:18:45.0614 1924 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
07:18:45.0617 1924 Browser - ok
07:18:45.0652 1924 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
07:18:45.0657 1924 Brserid - ok
07:18:45.0666 1924 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
07:18:45.0668 1924 BrSerWdm - ok
07:18:45.0678 1924 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
07:18:45.0679 1924 BrUsbMdm - ok
07:18:45.0689 1924 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
07:18:45.0689 1924 BrUsbSer - ok
07:18:45.0699 1924 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
07:18:45.0700 1924 BTHMODEM - ok
07:18:45.0724 1924 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
07:18:45.0725 1924 bthserv - ok
07:18:45.0746 1924 [ 9887CA12F407D7FBC7F48F3678F5F0B6 ] BVRPMPR5a64 C:\windows\system32\drivers\BVRPMPR5a64.SYS
07:18:45.0746 1924 BVRPMPR5a64 - ok
07:18:45.0768 1924 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
07:18:45.0768 1924 cdfs - ok
07:18:45.0794 1924 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
07:18:45.0797 1924 cdrom - ok
07:18:45.0832 1924 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
07:18:45.0834 1924 CertPropSvc - ok
07:18:45.0905 1924 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\DRIVERS\circlass.sys
07:18:45.0906 1924 circlass - ok
07:18:45.0930 1924 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
07:18:45.0933 1924 CLFS - ok
07:18:45.0975 1924 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:18:45.0976 1924 clr_optimization_v2.0.50727_32 - ok
07:18:46.0004 1924 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
07:18:46.0006 1924 clr_optimization_v2.0.50727_64 - ok
07:18:46.0058 1924 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:18:46.0059 1924 clr_optimization_v4.0.30319_32 - ok
07:18:46.0079 1924 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
07:18:46.0081 1924 clr_optimization_v4.0.30319_64 - ok
07:18:46.0086 1924 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
07:18:46.0086 1924 CmBatt - ok
07:18:46.0129 1924 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
07:18:46.0129 1924 cmdide - ok
07:18:46.0163 1924 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
07:18:46.0167 1924 CNG - ok
07:18:46.0190 1924 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
07:18:46.0190 1924 Compbatt - ok
07:18:46.0210 1924 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
07:18:46.0211 1924 CompositeBus - ok
07:18:46.0215 1924 COMSysApp - ok
07:18:46.0222 1924 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
07:18:46.0222 1924 crcdisk - ok
07:18:46.0249 1924 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\windows\system32\cryptsvc.dll
07:18:46.0251 1924 CryptSvc - ok
07:18:46.0305 1924 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
07:18:46.0315 1924 DcomLaunch - ok
07:18:46.0347 1924 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
07:18:46.0350 1924 defragsvc - ok
07:18:46.0403 1924 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
07:18:46.0404 1924 DfsC - ok
07:18:46.0452 1924 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
07:18:46.0457 1924 Dhcp - ok
07:18:46.0497 1924 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
07:18:46.0498 1924 discache - ok
07:18:46.0508 1924 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\DRIVERS\disk.sys
07:18:46.0508 1924 Disk - ok
07:18:46.0550 1924 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
07:18:46.0551 1924 Dnscache - ok
07:18:46.0586 1924 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
07:18:46.0588 1924 dot3svc - ok
07:18:46.0624 1924 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
07:18:46.0626 1924 DPS - ok
07:18:46.0638 1924 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
07:18:46.0639 1924 drmkaud - ok
07:18:46.0763 1924 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
07:18:46.0768 1924 DXGKrnl - ok
07:18:46.0797 1924 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
07:18:46.0798 1924 EapHost - ok
07:18:46.0902 1924 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\DRIVERS\evbda.sys
07:18:46.0922 1924 ebdrv - ok
07:18:46.0974 1924 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
07:18:46.0976 1924 EFS - ok
07:18:47.0025 1924 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
07:18:47.0036 1924 ehRecvr - ok
07:18:47.0065 1924 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
07:18:47.0066 1924 ehSched - ok
07:18:47.0118 1924 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
07:18:47.0122 1924 elxstor - ok
07:18:47.0154 1924 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
07:18:47.0155 1924 ErrDev - ok
07:18:47.0193 1924 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
07:18:47.0197 1924 EventSystem - ok
07:18:47.0204 1924 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
07:18:47.0205 1924 exfat - ok
07:18:47.0245 1924 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
07:18:47.0247 1924 fastfat - ok
07:18:47.0280 1924 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
07:18:47.0286 1924 Fax - ok
07:18:47.0322 1924 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\DRIVERS\fdc.sys
07:18:47.0323 1924 fdc - ok
07:18:47.0342 1924 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
07:18:47.0343 1924 fdPHost - ok
07:18:47.0350 1924 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
07:18:47.0351 1924 FDResPub - ok
07:18:47.0377 1924 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
07:18:47.0378 1924 FileInfo - ok
07:18:47.0390 1924 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
07:18:47.0391 1924 Filetrace - ok
07:18:47.0421 1924 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
07:18:47.0421 1924 flpydisk - ok
07:18:47.0493 1924 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
07:18:47.0497 1924 FltMgr - ok
07:18:47.0670 1924 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
07:18:47.0682 1924 FontCache - ok
07:18:47.0771 1924 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
07:18:47.0772 1924 FontCache3.0.0.0 - ok
07:18:47.0824 1924 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
07:18:47.0825 1924 FsDepends - ok
07:18:47.0868 1924 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:\windows\system32\DRIVERS\fssfltr.sys
07:18:47.0870 1924 fssfltr - ok
07:18:48.0225 1924 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
07:18:48.0246 1924 fsssvc - ok
07:18:48.0286 1924 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
07:18:48.0287 1924 Fs_Rec - ok
07:18:48.0314 1924 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
07:18:48.0315 1924 fvevol - ok
07:18:48.0344 1924 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
07:18:48.0345 1924 gagp30kx - ok
07:18:48.0433 1924 [ 6858C318E8DAA40E747E6FB9B214E104 ] GameConsoleService C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe
07:18:48.0435 1924 GameConsoleService - ok
07:18:48.0467 1924 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
07:18:48.0468 1924 GEARAspiWDM - ok
07:18:48.0520 1924 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
07:18:48.0530 1924 gpsvc - ok
07:18:48.0588 1924 [ 816FD5A6F3C2F3D600900096632FC60E ] Greg_Service C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
07:18:48.0593 1924 Greg_Service - ok
07:18:48.0649 1924 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
07:18:48.0650 1924 gupdate - ok
07:18:48.0654 1924 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
07:18:48.0655 1924 gupdatem - ok
07:18:48.0682 1924 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
07:18:48.0683 1924 hcw85cir - ok
07:18:48.0704 1924 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
07:18:48.0705 1924 HdAudAddService - ok
07:18:48.0732 1924 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
07:18:48.0733 1924 HDAudBus - ok
07:18:48.0749 1924 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
07:18:48.0749 1924 HidBatt - ok
07:18:48.0758 1924 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
07:18:48.0759 1924 HidBth - ok
07:18:48.0768 1924 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\DRIVERS\hidir.sys
07:18:48.0768 1924 HidIr - ok
07:18:48.0784 1924 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll
07:18:48.0785 1924 hidserv - ok
07:18:48.0794 1924 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
07:18:48.0795 1924 HidUsb - ok
07:18:48.0815 1924 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
07:18:48.0816 1924 hkmsvc - ok
07:18:48.0858 1924 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
07:18:48.0860 1924 HomeGroupListener - ok
07:18:48.0889 1924 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
07:18:48.0894 1924 HomeGroupProvider - ok
07:18:48.0942 1924 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
07:18:48.0944 1924 HpSAMD - ok
07:18:49.0039 1924 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
07:18:49.0050 1924 HTTP - ok
07:18:49.0088 1924 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
07:18:49.0089 1924 hwpolicy - ok
07:18:49.0126 1924 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\drivers\i8042prt.sys
07:18:49.0128 1924 i8042prt - ok
07:18:49.0218 1924 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
07:18:49.0224 1924 iaStorV - ok
07:18:49.0329 1924 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
07:18:49.0342 1924 idsvc - ok
07:18:49.0387 1924 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
07:18:49.0388 1924 iirsp - ok
07:18:49.0415 1924 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
07:18:49.0422 1924 IKEEXT - ok
07:18:49.0525 1924 [ 2E3B99E8C23BE2BF32EBE1DB5261F275 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
07:18:49.0545 1924 IntcAzAudAddService - ok
07:18:49.0584 1924 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
07:18:49.0585 1924 intelide - ok
07:18:49.0589 1924 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
07:18:49.0590 1924 intelppm - ok
07:18:49.0634 1924 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
07:18:49.0648 1924 IPBusEnum - ok
07:18:49.0709 1924 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
07:18:49.0710 1924 IpFilterDriver - ok
07:18:49.0772 1924 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
07:18:49.0774 1924 IPMIDRV - ok
07:18:49.0808 1924 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
07:18:49.0809 1924 IPNAT - ok
07:18:49.0845 1924 [ 3C0D4B3E80FC4854CA325DD123CC4DED ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
07:18:49.0852 1924 iPod Service - ok
07:18:49.0865 1924 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
07:18:49.0866 1924 IRENUM - ok
07:18:49.0886 1924 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
07:18:49.0887 1924 isapnp - ok
07:18:49.0942 1924 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
07:18:49.0947 1924 iScsiPrt - ok
07:18:50.0000 1924 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
07:18:50.0001 1924 kbdclass - ok
07:18:50.0036 1924 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
07:18:50.0036 1924 kbdhid - ok
07:18:50.0057 1924 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
07:18:50.0059 1924 KeyIso - ok
07:18:50.0107 1924 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
07:18:50.0109 1924 KSecDD - ok
07:18:50.0151 1924 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
07:18:50.0154 1924 KSecPkg - ok
07:18:50.0168 1924 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
07:18:50.0169 1924 ksthunk - ok
07:18:50.0243 1924 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
07:18:50.0250 1924 KtmRm - ok
07:18:50.0300 1924 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll
07:18:50.0313 1924 LanmanServer - ok
07:18:50.0354 1924 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
07:18:50.0359 1924 LanmanWorkstation - ok
07:18:50.0413 1924 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
07:18:50.0414 1924 lltdio - ok
07:18:50.0437 1924 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
07:18:50.0441 1924 lltdsvc - ok
07:18:50.0488 1924 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
07:18:50.0489 1924 lmhosts - ok
07:18:50.0514 1924 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
07:18:50.0515 1924 LSI_FC - ok
07:18:50.0521 1924 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
07:18:50.0522 1924 LSI_SAS - ok
07:18:50.0527 1924 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
07:18:50.0528 1924 LSI_SAS2 - ok
07:18:50.0560 1924 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
07:18:50.0561 1924 LSI_SCSI - ok
07:18:50.0576 1924 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
07:18:50.0577 1924 luafv - ok
07:18:50.0597 1924 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
07:18:50.0599 1924 Mcx2Svc - ok
07:18:50.0603 1924 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\DRIVERS\megasas.sys
07:18:50.0603 1924 megasas - ok
07:18:50.0635 1924 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
07:18:50.0637 1924 MegaSR - ok
07:18:50.0662 1924 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
07:18:50.0663 1924 MMCSS - ok
07:18:50.0669 1924 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
07:18:50.0669 1924 Modem - ok
07:18:50.0696 1924 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
07:18:50.0697 1924 monitor - ok
07:18:50.0724 1924 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
07:18:50.0724 1924 mouclass - ok
07:18:50.0728 1924 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
07:18:50.0728 1924 mouhid - ok
07:18:50.0753 1924 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
07:18:50.0753 1924 mountmgr - ok
07:18:50.0801 1924 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\windows\system32\DRIVERS\MpFilter.sys
07:18:50.0802 1924 MpFilter - ok
07:18:50.0832 1924 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
07:18:50.0833 1924 mpio - ok
07:18:50.0906 1924 MpKsl8a5e1c4d - ok
07:18:50.0935 1924 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
07:18:50.0937 1924 mpsdrv - ok
07:18:50.0987 1924 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
07:18:50.0990 1924 MRxDAV - ok
07:18:51.0047 1924 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
07:18:51.0050 1924 mrxsmb - ok
07:18:51.0119 1924 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
07:18:51.0123 1924 mrxsmb10 - ok
07:18:51.0155 1924 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
07:18:51.0158 1924 mrxsmb20 - ok
07:18:51.0201 1924 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
07:18:51.0203 1924 msahci - ok
07:18:51.0246 1924 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
07:18:51.0248 1924 msdsm - ok
07:18:51.0278 1924 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
07:18:51.0286 1924 MSDTC - ok
07:18:51.0348 1924 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
07:18:51.0349 1924 Msfs - ok
07:18:51.0371 1924 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
07:18:51.0372 1924 mshidkmdf - ok
07:18:51.0401 1924 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
07:18:51.0402 1924 msisadrv - ok
07:18:51.0434 1924 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
07:18:51.0438 1924 MSiSCSI - ok
07:18:51.0446 1924 msiserver - ok
07:18:51.0474 1924 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
07:18:51.0474 1924 MSKSSRV - ok
07:18:51.0566 1924 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe

 

[LoganFL]

07:18:51.0567 1924 MsMpSvc - ok
07:18:51.0575 1924 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
07:18:51.0576 1924 MSPCLOCK - ok
07:18:51.0596 1924 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
07:18:51.0597 1924 MSPQM - ok
07:18:51.0635 1924 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
07:18:51.0638 1924 MsRPC - ok
07:18:51.0661 1924 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
07:18:51.0662 1924 mssmbios - ok
07:18:51.0673 1924 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
07:18:51.0673 1924 MSTEE - ok
07:18:51.0677 1924 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
07:18:51.0677 1924 MTConfig - ok
07:18:51.0685 1924 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
07:18:51.0686 1924 Mup - ok
07:18:51.0718 1924 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
07:18:51.0721 1924 napagent - ok
07:18:51.0756 1924 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
07:18:51.0759 1924 NativeWifiP - ok
07:18:51.0813 1924 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\windows\system32\drivers\ndis.sys
07:18:51.0820 1924 NDIS - ok
07:18:51.0853 1924 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
07:18:51.0854 1924 NdisCap - ok
07:18:51.0868 1924 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
07:18:51.0869 1924 NdisTapi - ok
07:18:51.0897 1924 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
07:18:51.0898 1924 Ndisuio - ok
07:18:51.0923 1924 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
07:18:51.0925 1924 NdisWan - ok
07:18:51.0982 1924 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
07:18:51.0984 1924 NDProxy - ok
07:18:52.0058 1924 [ 7D2633295EB6FF2B938185874884059D ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
07:18:52.0073 1924 Nero BackItUp Scheduler 4.0 - ok
07:18:52.0115 1924 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
07:18:52.0116 1924 NetBIOS - ok
07:18:52.0186 1924 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
07:18:52.0191 1924 NetBT - ok
07:18:52.0233 1924 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
07:18:52.0234 1924 Netlogon - ok
07:18:52.0293 1924 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
07:18:52.0301 1924 Netman - ok
07:18:52.0357 1924 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
07:18:52.0366 1924 netprofm - ok
07:18:52.0420 1924 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
07:18:52.0422 1924 NetTcpPortSharing - ok
07:18:52.0464 1924 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
07:18:52.0465 1924 nfrd960 - ok
07:18:52.0514 1924 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\windows\system32\DRIVERS\NisDrvWFP.sys
07:18:52.0523 1924 NisDrv - ok
07:18:52.0559 1924 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
07:18:52.0567 1924 NisSrv - ok
07:18:52.0626 1924 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\windows\System32\nlasvc.dll
07:18:52.0633 1924 NlaSvc - ok
07:18:52.0690 1924 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
07:18:52.0692 1924 Npfs - ok
07:18:52.0746 1924 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
07:18:52.0748 1924 nsi - ok
07:18:52.0802 1924 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
07:18:52.0803 1924 nsiproxy - ok
07:18:52.0901 1924 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
07:18:52.0925 1924 Ntfs - ok
07:18:52.0964 1924 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
07:18:52.0964 1924 Null - ok
07:18:53.0005 1924 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
07:18:53.0008 1924 nvraid - ok
07:18:53.0062 1924 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
07:18:53.0065 1924 nvstor - ok
07:18:53.0108 1924 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
07:18:53.0111 1924 nv_agp - ok
07:18:53.0250 1924 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
07:18:53.0256 1924 odserv - ok
07:18:53.0307 1924 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
07:18:53.0309 1924 ohci1394 - ok
07:18:53.0382 1924 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:18:53.0385 1924 ose - ok
07:18:53.0449 1924 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
07:18:53.0456 1924 p2pimsvc - ok
07:18:53.0518 1924 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
07:18:53.0527 1924 p2psvc - ok
07:18:53.0558 1924 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\DRIVERS\parport.sys
07:18:53.0560 1924 Parport - ok
07:18:53.0603 1924 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
07:18:53.0605 1924 partmgr - ok
07:18:53.0670 1924 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
07:18:53.0675 1924 PcaSvc - ok
07:18:53.0749 1924 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
07:18:53.0753 1924 pci - ok
07:18:53.0798 1924 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
07:18:53.0799 1924 pciide - ok
07:18:53.0866 1924 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
07:18:53.0870 1924 pcmcia - ok
07:18:53.0925 1924 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
07:18:53.0926 1924 pcw - ok
07:18:53.0974 1924 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
07:18:53.0984 1924 PEAUTH - ok
07:18:54.0212 1924 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
07:18:54.0215 1924 PerfHost - ok
07:18:54.0284 1924 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
07:18:54.0293 1924 pla - ok
07:18:54.0369 1924 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
07:18:54.0379 1924 PlugPlay - ok
07:18:54.0409 1924 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
07:18:54.0410 1924 PNRPAutoReg - ok
07:18:54.0428 1924 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
07:18:54.0431 1924 PNRPsvc - ok
07:18:54.0451 1924 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
07:18:54.0454 1924 PolicyAgent - ok
07:18:54.0492 1924 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
07:18:54.0494 1924 Power - ok
07:18:54.0506 1924 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
07:18:54.0507 1924 PptpMiniport - ok
07:18:54.0526 1924 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\DRIVERS\processr.sys
07:18:54.0527 1924 Processor - ok
07:18:54.0550 1924 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
07:18:54.0553 1924 ProfSvc - ok
07:18:54.0566 1924 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
07:18:54.0567 1924 ProtectedStorage - ok
07:18:54.0597 1924 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
07:18:54.0599 1924 Psched - ok
07:18:54.0650 1924 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
07:18:54.0669 1924 ql2300 - ok
07:18:54.0675 1924 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
07:18:54.0676 1924 ql40xx - ok
07:18:54.0730 1924 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
07:18:54.0736 1924 QWAVE - ok
07:18:54.0776 1924 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
07:18:54.0778 1924 QWAVEdrv - ok
07:18:54.0802 1924 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
07:18:54.0803 1924 RasAcd - ok
07:18:54.0838 1924 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
07:18:54.0839 1924 RasAgileVpn - ok
07:18:54.0858 1924 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
07:18:54.0862 1924 RasAuto - ok
07:18:54.0893 1924 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
07:18:54.0894 1924 Rasl2tp - ok
07:18:54.0930 1924 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
07:18:54.0934 1924 RasMan - ok
07:18:54.0940 1924 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
07:18:54.0941 1924 RasPppoe - ok
07:18:54.0949 1924 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
07:18:54.0950 1924 RasSstp - ok
07:18:54.0987 1924 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
07:18:54.0988 1924 rdbss - ok
07:18:54.0999 1924 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
07:18:55.0000 1924 rdpbus - ok
07:18:55.0008 1924 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
07:18:55.0009 1924 RDPCDD - ok
07:18:55.0032 1924 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
07:18:55.0032 1924 RDPENCDD - ok
07:18:55.0044 1924 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
07:18:55.0044 1924 RDPREFMP - ok
07:18:55.0069 1924 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
07:18:55.0070 1924 RDPWD - ok
07:18:55.0109 1924 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
07:18:55.0113 1924 rdyboost - ok
07:18:55.0152 1924 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
07:18:55.0156 1924 RemoteAccess - ok
07:18:55.0166 1924 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
07:18:55.0171 1924 RemoteRegistry - ok
07:18:55.0187 1924 [ 7B04C9843921AB1F695FB395422C5360 ] RimUsb C:\windows\system32\Drivers\RimUsb_AMD64.sys
07:18:55.0188 1924 RimUsb - ok
07:18:55.0202 1924 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
07:18:55.0204 1924 RpcEptMapper - ok
07:18:55.0218 1924 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
07:18:55.0219 1924 RpcLocator - ok
07:18:55.0300 1924 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
07:18:55.0310 1924 RpcSs - ok
07:18:55.0337 1924 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
07:18:55.0338 1924 rspndr - ok
07:18:55.0358 1924 [ 7EA8D2EB9BBFD2AB8A3117A1E96D3B3A ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
07:18:55.0361 1924 RTL8167 - ok
07:18:55.0389 1924 [ 3C85058541D55BFCEFD9177A68A507C6 ] RTL8192su C:\windows\system32\DRIVERS\RTL8192su.sys
07:18:55.0395 1924 RTL8192su - ok
07:18:55.0432 1924 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
07:18:55.0434 1924 SamSs - ok
07:18:55.0458 1924 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
07:18:55.0460 1924 sbp2port - ok
07:18:55.0476 1924 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
07:18:55.0479 1924 SCardSvr - ok
07:18:55.0498 1924 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
07:18:55.0499 1924 scfilter - ok
07:18:55.0534 1924 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
07:18:55.0544 1924 Schedule - ok
07:18:55.0590 1924 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
07:18:55.0591 1924 SCPolicySvc - ok
07:18:55.0614 1924 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
07:18:55.0620 1924 SDRSVC - ok
07:18:55.0660 1924 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
07:18:55.0661 1924 secdrv - ok
07:18:55.0686 1924 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
07:18:55.0690 1924 seclogon - ok
07:18:55.0704 1924 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll
07:18:55.0708 1924 SENS - ok
07:18:55.0727 1924 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
07:18:55.0728 1924 SensrSvc - ok
07:18:55.0745 1924 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\DRIVERS\serenum.sys
07:18:55.0746 1924 Serenum - ok
07:18:55.0764 1924 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\DRIVERS\serial.sys
07:18:55.0765 1924 Serial - ok
07:18:55.0797 1924 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
07:18:55.0798 1924 sermouse - ok
07:18:55.0853 1924 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
07:18:55.0855 1924 SessionEnv - ok
07:18:55.0882 1924 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
07:18:55.0882 1924 sffdisk - ok
07:18:55.0914 1924 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
07:18:55.0914 1924 sffp_mmc - ok
07:18:55.0930 1924 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
07:18:55.0931 1924 sffp_sd - ok
07:18:55.0948 1924 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
07:18:55.0949 1924 sfloppy - ok
07:18:55.0982 1924 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
07:18:55.0987 1924 ShellHWDetection - ok
07:18:56.0000 1924 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
07:18:56.0001 1924 SiSRaid2 - ok
07:18:56.0007 1924 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
07:18:56.0008 1924 SiSRaid4 - ok
07:18:56.0013 1924 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
07:18:56.0014 1924 Smb - ok
07:18:56.0022 1924 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
07:18:56.0023 1924 SNMPTRAP - ok
07:18:56.0060 1924 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
07:18:56.0061 1924 spldr - ok
07:18:56.0099 1924 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
07:18:56.0110 1924 Spooler - ok
07:18:56.0288 1924 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
07:18:56.0310 1924 sppsvc - ok
07:18:56.0330 1924 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
07:18:56.0331 1924 sppuinotify - ok
07:18:56.0382 1924 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
07:18:56.0384 1924 srv - ok
07:18:56.0420 1924 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
07:18:56.0422 1924 srv2 - ok
07:18:56.0454 1924 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
07:18:56.0455 1924 srvnet - ok
07:18:56.0478 1924 [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus C:\windows\system32\DRIVERS\ssadbus.sys
07:18:56.0479 1924 ssadbus - ok
07:18:56.0491 1924 [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl C:\windows\system32\DRIVERS\ssadmdfl.sys
07:18:56.0491 1924 ssadmdfl - ok
07:18:56.0507 1924 [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm C:\windows\system32\DRIVERS\ssadmdm.sys
07:18:56.0508 1924 ssadmdm - ok
07:18:56.0533 1924 [ D33D1BD3EC0E766211A234F56A12726D ] ssadserd C:\windows\system32\DRIVERS\ssadserd.sys
07:18:56.0534 1924 ssadserd - ok
07:18:56.0560 1924 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
07:18:56.0562 1924 SSDPSRV - ok
07:18:56.0566 1924 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
07:18:56.0567 1924 SstpSvc - ok
07:18:56.0593 1924 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
07:18:56.0593 1924 stexstor - ok
07:18:56.0630 1924 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
07:18:56.0634 1924 stisvc - ok
07:18:56.0665 1924 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\drivers\swenum.sys
07:18:56.0666 1924 swenum - ok
07:18:56.0679 1924 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
07:18:56.0682 1924 swprv - ok
07:18:56.0893 1924 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
07:18:56.0919 1924 SysMain - ok
07:18:56.0948 1924 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
07:18:56.0950 1924 TabletInputService - ok
07:18:57.0013 1924 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
07:18:57.0020 1924 TapiSrv - ok
07:18:57.0068 1924 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
07:18:57.0072 1924 TBS - ok
07:18:57.0172 1924 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\windows\system32\drivers\tcpip.sys
07:18:57.0192 1924 Tcpip - ok
07:18:57.0417 1924 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
07:18:57.0434 1924 TCPIP6 - ok
07:18:57.0497 1924 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
07:18:57.0499 1924 tcpipreg - ok
07:18:57.0577 1924 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
07:18:57.0579 1924 TDPIPE - ok
07:18:57.0625 1924 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
07:18:57.0626 1924 TDTCP - ok
07:18:57.0657 1924 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
07:18:57.0660 1924 tdx - ok
07:18:57.0717 1924 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\drivers\termdd.sys
07:18:57.0719 1924 TermDD - ok
07:18:57.0845 1924 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
07:18:57.0858 1924 TermService - ok
07:18:57.0900 1924 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
07:18:57.0904 1924 Themes - ok
07:18:57.0939 1924 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
07:18:57.0942 1924 THREADORDER - ok
07:18:57.0989 1924 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
07:18:57.0994 1924 TrkWks - ok
07:18:58.0075 1924 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
07:18:58.0078 1924 TrustedInstaller - ok
07:18:58.0111 1924 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
07:18:58.0113 1924 tssecsrv - ok
07:18:58.0150 1924 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
07:18:58.0152 1924 TsUsbFlt - ok
07:18:58.0187 1924 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
07:18:58.0189 1924 tunnel - ok
07:18:58.0234 1924 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
07:18:58.0235 1924 uagp35 - ok
07:18:58.0305 1924 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
07:18:58.0311 1924 udfs - ok
07:18:58.0376 1924 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
07:18:58.0381 1924 UI0Detect - ok
07:18:58.0429 1924 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
07:18:58.0430 1924 uliagpkx - ok
07:18:58.0484 1924 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\drivers\umbus.sys
07:18:58.0485 1924 umbus - ok
07:18:58.0525 1924 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\DRIVERS\umpass.sys
07:18:58.0526 1924 UmPass - ok
07:18:58.0616 1924 [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
07:18:58.0620 1924 Updater Service - ok
07:18:58.0694 1924 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
07:18:58.0702 1924 upnphost - ok
07:18:58.0737 1924 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys
07:18:58.0738 1924 USBAAPL64 - ok
07:18:58.0781 1924 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
07:18:58.0784 1924 usbccgp - ok
07:18:58.0842 1924 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
07:18:58.0845 1924 usbcir - ok
07:18:58.0884 1924 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
07:18:58.0886 1924 usbehci - ok
07:18:58.0947 1924 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
07:18:58.0952 1924 usbhub - ok
07:18:58.0994 1924 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\DRIVERS\usbohci.sys
07:18:58.0995 1924 usbohci - ok
07:18:59.0043 1924 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
07:18:59.0045 1924 usbprint - ok
07:18:59.0073 1924 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
07:18:59.0075 1924 usbscan - ok
07:18:59.0122 1924 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
07:18:59.0124 1924 USBSTOR - ok
07:18:59.0174 1924 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
07:18:59.0176 1924 usbuhci - ok
07:18:59.0223 1924 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
07:18:59.0227 1924 UxSms - ok
07:18:59.0249 1924 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
07:18:59.0252 1924 VaultSvc - ok
07:18:59.0296 1924 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
07:18:59.0298 1924 vdrvroot - ok
07:18:59.0342 1924 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
07:18:59.0353 1924 vds - ok
07:18:59.0375 1924 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
07:18:59.0377 1924 vga - ok
07:18:59.0429 1924 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
07:18:59.0430 1924 VgaSave - ok
07:18:59.0492 1924 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
07:18:59.0496 1924 vhdmp - ok
07:18:59.0532 1924 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
07:18:59.0533 1924 viaide - ok
07:18:59.0580 1924 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
07:18:59.0582 1924 volmgr - ok
07:18:59.0627 1924 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
07:18:59.0633 1924 volmgrx - ok
07:18:59.0687 1924 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
07:18:59.0691 1924 volsnap - ok
07:18:59.0754 1924 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
07:18:59.0757 1924 vsmraid - ok
07:19:00.0007 1924 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
07:19:00.0021 1924 VSS - ok
07:19:00.0038 1924 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\System32\drivers\vwifibus.sys
07:19:00.0039 1924 vwifibus - ok
07:19:00.0068 1924 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
07:19:00.0070 1924 vwififlt - ok
07:19:00.0105 1924 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
07:19:00.0106 1924 vwifimp - ok
07:19:00.0135 1924 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
07:19:00.0140 1924 W32Time - ok
07:19:00.0191 1924 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
07:19:00.0193 1924 WacomPen - ok
07:19:00.0238 1924 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
07:19:00.0240 1924 WANARP - ok
07:19:00.0248 1924 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
07:19:00.0250 1924 Wanarpv6 - ok
07:19:00.0338 1924 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
07:19:00.0348 1924 WatAdminSvc - ok
07:19:00.0413 1924 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
07:19:00.0431 1924 wbengine - ok
07:19:00.0475 1924 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
07:19:00.0477 1924 WbioSrvc - ok
07:19:00.0535 1924 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
07:19:00.0551 1924 wcncsvc - ok
07:19:00.0578 1924 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
07:19:00.0582 1924 WcsPlugInService - ok
07:19:00.0617 1924 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\DRIVERS\wd.sys
07:19:00.0618 1924 Wd - ok
07:19:00.0683 1924 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
07:19:00.0693 1924 Wdf01000 - ok
07:19:00.0711 1924 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
07:19:00.0714 1924 WdiServiceHost - ok
07:19:00.0733 1924 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
07:19:00.0735 1924 WdiSystemHost - ok
07:19:00.0754 1924 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
07:19:00.0757 1924 WebClient - ok
07:19:00.0770 1924 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
07:19:00.0774 1924 Wecsvc - ok
07:19:00.0797 1924 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
07:19:00.0800 1924 wercplsupport - ok
07:19:00.0831 1924 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
07:19:00.0834 1924 WerSvc - ok
07:19:00.0847 1924 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
07:19:00.0848 1924 WfpLwf - ok
07:19:00.0872 1924 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
07:19:00.0873 1924 WIMMount - ok
07:19:00.0878 1924 WinHttpAutoProxySvc - ok
07:19:00.0920 1924 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
07:19:00.0922 1924 Winmgmt - ok
07:19:01.0138 1924 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
07:19:01.0156 1924 WinRM - ok
07:19:01.0192 1924 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
07:19:01.0193 1924 WinUsb - ok
07:19:01.0215 1924 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
07:19:01.0222 1924 Wlansvc - ok
07:19:01.0250 1924 [ C71EE856C4F5B52E2D094F494CEE4936 ] WlanWpsSvc C:\Program Files (x86)\D-Link\DWA-131 revA\WlanWpsSvc.exe
07:19:01.0251 1924 WlanWpsSvc - ok
07:19:01.0295 1924 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
07:19:01.0295 1924 wlcrasvc - ok
07:19:01.0393 1924 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
07:19:01.0421 1924 wlidsvc - ok
07:19:01.0439 1924 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
07:19:01.0440 1924 WmiAcpi - ok
07:19:01.0460 1924 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
07:19:01.0461 1924 wmiApSrv - ok
07:19:01.0476 1924 WMPNetworkSvc - ok
07:19:01.0501 1924 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
07:19:01.0503 1924 WPCSvc - ok
07:19:01.0546 1924 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
07:19:01.0552 1924 WPDBusEnum - ok
07:19:01.0599 1924 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
07:19:01.0600 1924 ws2ifsl - ok
07:19:01.0607 1924 WSearch - ok
07:19:01.0649 1924 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\windows\system32\drivers\WudfPf.sys
07:19:01.0650 1924 WudfPf - ok
07:19:01.0676 1924 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
07:19:01.0678 1924 WUDFRd - ok
07:19:01.0712 1924 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll
07:19:01.0714 1924 wudfsvc - ok
07:19:01.0754 1924 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
07:19:01.0760 1924 WwanSvc - ok
07:19:01.0843 1924 ================ Scan global ===============================
07:19:01.0887 1924 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
07:19:01.0924 1924 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
07:19:01.0965 1924 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
07:19:02.0005 1924 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
07:19:02.0121 1924 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
07:19:02.0129 1924 [Global] - ok
07:19:02.0130 1924 ================ Scan MBR ==================================
07:19:02.0143 1924 [ 8C9F9E03865C35F0F3829A23CDA42F5D ] \Device\Harddisk0\DR0
07:19:04.0220 1924 \Device\Harddisk0\DR0 - ok
07:19:04.0226 1924 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk6\DR6
07:19:06.0341 1924 \Device\Harddisk6\DR6 - ok
07:19:06.0341 1924 ================ Scan VBR ==================================
07:19:06.0354 1924 [ AA8C01BD9B0B505A4BF1640208DD9D44 ] \Device\Harddisk0\DR0\Partition1
07:19:06.0403 1924 \Device\Harddisk0\DR0\Partition1 - ok
07:19:06.0424 1924 [ 60A555D5601B48E7BCF79A9FF98DBF99 ] \Device\Harddisk0\DR0\Partition2
07:19:06.0448 1924 \Device\Harddisk0\DR0\Partition2 - ok
07:19:06.0456 1924 [ 290ABEFE0E0301A3AFE395F4E1066F3A ] \Device\Harddisk6\DR6\Partition1
07:19:06.0459 1924 \Device\Harddisk6\DR6\Partition1 - ok
07:19:06.0461 1924 ============================================================
07:19:06.0461 1924 Scan finished
07:19:06.0461 1924 ============================================================
07:19:06.0487 3644 Detected object count: 0
07:19:06.0487 3644 Actual detected object count: 0

 

[LoganFL]

RogueKiller will not run, says its not a Valid System32 file.

I have right clicked and tried to run as administrator.

 

[LoganFL]

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-27 07:27:32
-----------------------------
07:27:32.421 OS Version: Windows x64 6.1.7601 Service Pack 1
07:27:32.421 Number of processors: 4 586 0x402
07:27:32.421 ComputerName: KRAMERMN UserName: Kramer
07:27:34.807 Initialize success
07:29:26.660 AVAST engine defs: 12092700
07:29:37.564 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005f
07:29:37.580 Disk 0 Vendor: WDC_____ 01.0 Size: 610416MB BusType: 8
07:29:37.580 Disk 0 MBR read successfully
07:29:37.580 Disk 0 MBR scan
07:29:37.595 Disk 0 unknown MBR code
07:29:37.611 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15360 MB offset 2048
07:29:37.626 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 31459328
07:29:37.642 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 594954 MB offset 31664128
07:29:37.673 Disk 0 scanning C:\windows\system32\drivers
07:29:50.278 Service scanning
07:30:13.023 Modules scanning
07:30:13.038 Disk 0 trace - called modules:
07:30:13.054 ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll ahcix64s.sys
07:30:13.054 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80067a8060]
07:30:13.070 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> \Device\0000005f[0xfffffa8005a1d9c0]
07:30:15.987 AVAST engine scan C:\windows
07:30:22.227 AVAST engine scan C:\windows\system32
07:35:06.151 AVAST engine scan C:\windows\system32\drivers
07:35:20.394 AVAST engine scan C:\Users\Kramer
07:44:52.756 AVAST engine scan C:\ProgramData
07:50:28.801 File: C:\ProgramData\Microsoft\Windows\DRM\E689.tmp.dat **INFECTED** Win32:Alureon-AVP [Trj]
07:50:31.250 File: C:\ProgramData\Microsoft\Windows\DRM\E6BA.tmp **INFECTED** Win32:Alureon-AVP [Trj]
07:52:03.087 Scan finished successfully
07:53:52.537 Disk 0 MBR has been saved successfully to "C:\Users\Kramer\Desktop\MBR.dat"
07:53:52.599 The log file has been saved successfully to "C:\Users\Kramer\Desktop\aswMBR.txt"

 

[LoganFL]

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org
Database version: v2012.09.27.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Kramer :: KRAMERMN [administrator]
9/27/2012 7:56:46 AM
mbam-log-2012-09-27 (07-56-46).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 233188
Time elapsed: 5 minute(s), 39 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
(end)

 

[LoganFL]

Correction of above post:

RogueKiller will not run, says its not a Valid Win32 file.

I have right clicked and tried to run as administrator.

 

[Broni]

Please re-run MBAM one more time.

 

[LoganFL]

Went out of town for the weekend, will get back on this Tuesday night.

 

[Broni]

OK.

 

[LoganFL]

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org
Database version: v2012.10.02.11
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Kramer :: KRAMERMN [administrator]
10/2/2012 8:44:30 PM
mbam-log-2012-10-02 (20-44-30).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 232775
Time elapsed: 4 minute(s), 50 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

 

[Broni]

Good

• Download RogueKiller on the desktop
• Close all the running programs
• Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

=============================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

 

[Broni]

This topic is marked as abandoned and closed due to inactivity.
This member will NOT be eligible to receive any more help in malware removal forum.